CBP Has Access To Billions Of License Plate Images Collected By Private Companies

from the too-much-is-never-enough dept

The Customs and Border Patrol (CBP) has a thirst for license plate images. It wants as many as it can get. And as far inland as it can get without straying from the areas it's really supposed to be keeping its eyes on: the nation's borders. Two consecutive Privacy Impact Assessments of the agency's automatic license plate reader program came to the same conclusion: if you don't want to get your plate read, don't drive anywhere. Sure, it may seem easy to avoid the border, but the agency is allowed to do its border protecting stuff up to 100 miles from any border, which includes coastlines and international airports.

But it's not enough that the CBP has an unknown number of plate readers in operation. The information captured by its camera network apparently isn't comprehensive enough. So it's been buying access to other license plate image databases. As Joseph Cox reports for Motherboard, the CBP is making use of plate images gathered by private companies to round out its surveillance of Americans.

The PIA [Privacy Impact Assessment] did not name the specific commercial database. But a source in the private investigator industry, which makes use of commercial license plate databases, suggests the supplier is likely Vigilant Solutions and its sister company DRN which collects the license plate data in the first place.

"DRN is the only one I know that collects the data. The other companies that advertise this service as a search buy from DRN," Igor Ostrovskiy, principal at private investigator firm Ostro Intelligence, who has used the DRN system, told Motherboard. With the consent of the target, a source previously tracked a target for Motherboard using DRN's vast license plate reader system.

Vigilant is home to what is likely the largest database of plate images in the business. The company sells access to an unknown number of law enforcement agencies. Some agencies get free access in exchange for a cut of any fines and fees collected by law enforcement as the result of plate reader hits. As of a half-decade ago, Vigilant was home to two billion license plate photos, with 100 million more being added daily by its network of cameras.

But Vigilant's network isn't just its hundreds of law enforcement owned plate readers. It's also the hundreds run by private companies that allow Vigilant to sell access to the plate images they've collected. As Cox reports, this has turned two billion images (as of 2015) to nine billion images -- much of this "crowd-sourced" from hundreds of repo men using Vigilant equipment.

So, the CBP's Privacy Impact Assessment isn't accurate. It may be accurate as far as suggesting not driving is the only way to prevent your license plate from ending up in the CBP's database. But to suggest staying out of areas "impacted" by CBP activity might allow you to elude this collection is patently false. If the CBP has access to this database, plate/location info from drivers nowhere near the CBP's enforcement areas is still making its way to the CBP via Vigilant's numerous private company contributors.

And this collection isn't subject to the CBP's rules, which limit searches to five years of plate/location data and removes cached, non-hit searches within 24 hours. The CBP may not have control of this collection -- it remains solely in the hands of Vigilant -- but claiming (as the CBP does in Cox's article) that query-only access is somehow a completely different thing is disingenuous. While it may make exploitation of the database more difficult for the CBP, it's still access to billions of plate records the CBP hasn't shown it should legally or logically have access to. The CBP can dip into it whenever it wants and operate outside of its own ALPR guidelines while doing it. There are no downsides. The CBP gets access to billions more plate images without having to deal with the infrastructure side of it. More plates, lower costs, fewer headaches. Win win win.

Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: 3rd party doctrine, 4th amendment, cbp, license plate images, privacy
Companies: drn, vigilant solutions


Reader Comments

Subscribe: RSS

View by: Time | Thread


  1. icon
    ECA (profile), 24 Jul 2020 @ 1:29pm

    Re: This is why privacy laws are needed

    Jamie..

    WE DO have privacy laws, and the problem is they are NOT enforced.
    AND our policing agencies have found a back door..Even tho they are not supposed to do it, doesn't mean a Corp CANT.

    If you really want to track people, without their knowledge, start with getting rid of Money, and everyone use a CARD. Interesting isnt it? All you need is the CARD company to give you access. WHICH is supposed to be private also.

    Then there is the Credit card industry, and that is supposed to be PRIVATE, and NOT USE our social sec. Numbers....but they do, and they do SELL ACCESS.. And none of it has Ever been enforced.

    Then there is a new one, that Everyone, no matter age, must show ID to buy a pack of Cigs. Which is entered into the computer/register. And any corp that gets the idea, can SELL that info..

    Its a strange world in the USA. As what the Gov. cant do, is allowed by the corps. For some strange reasoning.

    Then we get to the idea of reverse warrants, And police looking up Cellphones in an area with crime.

    AND in the end we end up showing the rest of the world HOW TO DO THE SAME...


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Special Affiliate Offer

Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.