CBP Has Access To Billions Of License Plate Images Collected By Private Companies

from the too-much-is-never-enough dept

The Customs and Border Patrol (CBP) has a thirst for license plate images. It wants as many as it can get. And as far inland as it can get without straying from the areas it's really supposed to be keeping its eyes on: the nation's borders. Two consecutive Privacy Impact Assessments of the agency's automatic license plate reader program came to the same conclusion: if you don't want to get your plate read, don't drive anywhere. Sure, it may seem easy to avoid the border, but the agency is allowed to do its border protecting stuff up to 100 miles from any border, which includes coastlines and international airports.

But it's not enough that the CBP has an unknown number of plate readers in operation. The information captured by its camera network apparently isn't comprehensive enough. So it's been buying access to other license plate image databases. As Joseph Cox reports for Motherboard, the CBP is making use of plate images gathered by private companies to round out its surveillance of Americans.

The PIA [Privacy Impact Assessment] did not name the specific commercial database. But a source in the private investigator industry, which makes use of commercial license plate databases, suggests the supplier is likely Vigilant Solutions and its sister company DRN which collects the license plate data in the first place.

"DRN is the only one I know that collects the data. The other companies that advertise this service as a search buy from DRN," Igor Ostrovskiy, principal at private investigator firm Ostro Intelligence, who has used the DRN system, told Motherboard. With the consent of the target, a source previously tracked a target for Motherboard using DRN's vast license plate reader system.

Vigilant is home to what is likely the largest database of plate images in the business. The company sells access to an unknown number of law enforcement agencies. Some agencies get free access in exchange for a cut of any fines and fees collected by law enforcement as the result of plate reader hits. As of a half-decade ago, Vigilant was home to two billion license plate photos, with 100 million more being added daily by its network of cameras.

But Vigilant's network isn't just its hundreds of law enforcement owned plate readers. It's also the hundreds run by private companies that allow Vigilant to sell access to the plate images they've collected. As Cox reports, this has turned two billion images (as of 2015) to nine billion images -- much of this "crowd-sourced" from hundreds of repo men using Vigilant equipment.

So, the CBP's Privacy Impact Assessment isn't accurate. It may be accurate as far as suggesting not driving is the only way to prevent your license plate from ending up in the CBP's database. But to suggest staying out of areas "impacted" by CBP activity might allow you to elude this collection is patently false. If the CBP has access to this database, plate/location info from drivers nowhere near the CBP's enforcement areas is still making its way to the CBP via Vigilant's numerous private company contributors.

And this collection isn't subject to the CBP's rules, which limit searches to five years of plate/location data and removes cached, non-hit searches within 24 hours. The CBP may not have control of this collection -- it remains solely in the hands of Vigilant -- but claiming (as the CBP does in Cox's article) that query-only access is somehow a completely different thing is disingenuous. While it may make exploitation of the database more difficult for the CBP, it's still access to billions of plate records the CBP hasn't shown it should legally or logically have access to. The CBP can dip into it whenever it wants and operate outside of its own ALPR guidelines while doing it. There are no downsides. The CBP gets access to billions more plate images without having to deal with the infrastructure side of it. More plates, lower costs, fewer headaches. Win win win.

Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: 3rd party doctrine, 4th amendment, cbp, license plate images, privacy
Companies: drn, vigilant solutions

Reader Comments

Subscribe: RSS

View by: Time | Thread

  1. identicon
    Jamie, 24 Jul 2020 @ 4:26am

    This is why privacy laws are needed

    As broken and annoying as the GDPR is, the fact that it prevents this sort of indiscriminate data collection is a good thing. It would be extremely difficult for any company in the EU to build up a ALPR data set like this.

    The US really needs to step up and put in place some privacy laws to protect the general populace. However, such a move would get widespread pushback from businesses whose business models rely on playing fast and loose with data, and we all know that the rights of corporate entities are more important to the US government than the rights of real people.

Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here

Subscribe to the Techdirt Daily newsletter

Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Special Affiliate Offer

Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Report this ad  |  Hide Techdirt ads
Recent Stories
Report this ad  |  Hide Techdirt ads

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it

Email This

This feature is only available to registered users. Register or sign in to use it.