Police Surveillance Takes a Bite Out of Privacy, Part 1
ormer government contractor Edward Snowden’s release of National Security Agency (NSA) documents over the past nine months has revealed wide-ranging programs of mass spying by the U.S. government. As more details of federal surveillance come to light, revelations of the domestic use of similar tools and systems of surveillance by police are surfacing as well. Law enforcement agencies across the country have been quietly receiving government grants from the Department of Homeland Security (DHS), the Department of Justice (DOJ), and other agencies to purchase a variety of surveillance equipment and services, including Stingrays—a briefcase-sized device that simulates a cellphone tower, collecting data on cellphone users within a certain range—and other technologies like GPS tracking devices, facial recognition, “persistent surveillance” cameras, “predictive policing,” and drones.
One surveillance technology that’s perhaps spread the most widely to large and small U.S. law enforcement agencies are Automatic License Plate Readers (ALPRs). Quite often these cameras have been installed without community awareness and ALPRs quickly become something of a “gateway technology” to more invasive surveillance devices as police integrate new technologies with expanding systems of data storage and analysis.
A Weekly article (“License Plate Recognition Logs Our Lives Long Before We Sin,” 1/29/14) reported that the Los Angeles Police Department (LAPD) has collected more than 160 million datapoints in the greater LA area; “a massive database of the movement of millions of drivers in Southern California.” Civil rights and privacy advocates are warning that ALPRs pose a great risk to privacy and democratic dissent, particularly when combined with additional surveillance.
American Civil Liberties Union (ACLU) attorneys Jennifer Lynch and Peter Bibring write that location data is, “the ultimate biometric identifier” (“Automated License Plate Readers Threaten Our Privacy,” May 6, 2013) and cite research from Nature.com that, “it’s possible to identify 95% of individuals with as few as four randomly selected geospatial datapoints (location + time).”
Clint Richmond lives in Brookline, Massachusetts, where license scanners were recently installed by police: “When you have the capabilities of an ALPR—it’s on the order of 100,000 plates per hour that can be read—it’s automatically creating a comprehensive database and giving people so much power that it will inevitably lead to abuse. ALPRs are being introduced widely and quickly without much public discussion.”
Daniel Ellsberg, who leaked the Pentagon Papers to journalists in 1971 told me, “While mass surveillance affects everyone, those engaged in social change are often special targets for police and intelligence agencies. As the latest surveillance technologies are combined and refined, this may become even more common and damaging.”<I>
A recent article in the Washington Post (February 5, 2014) focusing on new developments with surveillance drones points out, “In a world of increasingly pervasive surveillance, location and identity are becoming all but inextricable. One quickly leads to the other for those with the right tools.”
We’re Being Tracked
Also called license scanners, ALPRs are cameras that photograph all automobile license plates within range. ALPRs also record time, date and GPS location and have a second camera that photographs the whole car, sometimes including the surrounding area and people inside or near the car. Accessed days or years later, the data can create a map of where you’ve been and whom you’ve been with. ALPRs are mounted on police vehicles (“mobile”) or on bridges, streetlights, or practically anywhere (“fixed locations”).
While some law enforcement agencies erase ALPR data daily, others keep millions of pieces of data indefinitely. Police in Milpitas, California, collect about 1,000, 000 photos a year of their 68,000 residents and keep the data for 2 years. When a license plate is scanned and it matches a police “hot list,” an alert goes off and police contact the driver. But the technology isn’t designed to identify hit-list cars. The scanner photographs all cars multiple times and police often accumulate millions of images and location/time data points. Often police share the data with other agencies, too, making it possible for authorities to go back and review a kind of time-travel map of anyone. Moreover, many police departments in the U.S. decide—without community input—to use ALPRs and how long to store the massive trove of data.
“You Are Being Tracked: How License Plate Readers Are Being Used to Track Americans’ Movements” is a 34-page report from the ACLU revealing that, “License plate readers can be used for tracking people’s movements for months or years on end, chilling the exercise of our cherished rights to free speech and association.” According to the report, police in Tiburon, California retain data 30 days and Jersey City, New Jersey for 5 years.
Catherine Crump, the primary author of the ACLU report and staff attorney with the ACLU’s Speech, Privacy and Technology Project said, “If we were only talking about one photograph of a license plate in a public place, no one would be raising a fuss. But the technology is designed to create a massive database that tracks people’s movements. Cities are being blanketed with denser and denser license plate readers and law enforcement agencies are sharing the data in broader and broader geographical pools of information. Some of these data collection centers of license plate readers have literally over a billion hits in them.”
Crump offers, “The paradigm is backwards. The question we need to be asking is not, ‘What do you have to hide?’ The question, what business is it of the government to be taking photographs of totally innocent people’s cars? That is what distinguishes mass surveillance from other forms of surveillance. When police are collecting data on people who are innocent there is a problem.”
Dave Maass, spokesperson for non-profit digital privacy advocates Electronic Frontier Foundation (EFF) told me, “When license readers record information about every license plate over a period of days, weeks, or longer, it starts to make it possible for the government to put together a very detailed picture of what everybody who owns a car is doing on a day-to-day basis. It only takes a few individual data points to start to reveal very personal information about a person.” A Brookings Institute Center for Technology Innovation report, “Recording Everything: Digital Storage as an Enabler of Authoritarian Governments” by John Villasenor points out, “Cities around the world are increasingly deploying extensive camera systems to capture vehicle license plate numbers. As of early 2011, there were over 4,000 such cameras in England and Wales providing continuous license plate data for traffic for cities including London, Birmingham, and Manchester. Washington DC has a network of 73 license plate cameras. New York uses a combination of over 100 cameras mounted at fixed roadside locations and an additional 130 cameras affixed to police cars.”
The report also points out that current debates about ALPRs have focused on how long data should be stored rather than if the cameras are legal, ethical, or even useful in crime reduction: “Privacy concerns have led to limitations on the length of time that plate data is retained—72 hours, for example, in the case of Toronto. In authoritarian countries, however, there is essentially no open privacy debate.” The Brookings report also emphasized that the reduction in digital storage costs is fueling mass surveillance: “Over the course of a full year, a system of 1,000 roadside license plate reading cameras each producing 1 megabit per second would generate image data that could be held in storage costing about $200,000.”
In her new book Dragnet Nation, journalist Julia Angwin writes that after 9/11 DHS gave out more than $7 billion in grants to “high-threat, high-density urban areas” for counter terrorism and, “More than $50 million of DHS’s grants were doled out to state law enforcement agencies to purchase automated license plate readers that allow them to keep tabs on citizens’ movements in ways never before possible.”
Santa Cruz Asleep At the Wheel
Santa Cruz, California is nestled between the Pacific Ocean and a majestic redwood forest and is home to about 60,000 people. Like many other communities, there was no public discussion about bringing ALPRs into the community until after the devices were approved. Santa Cruz City Council members voted unanimously to approve the devices without knowing much, if anything, about ALPRs and the potential risks to privacy that the devices pose. Maass intuited, “If Santa Cruz is like other areas it’s possible the government didn’t think too hard about the privacy implications before giving the approval.”
“It’s a lot harder to take away a law enforcement tool then to give a law enforcement tool,” explains Maass. “It’s a purchase first, ask questions later sort of mentality.” Particularly, he said, when the money come from federal grants.
When $30,000 in “free money” from a Department of Justice (DOJ) grant was offered to the Santa Cruz Police Department (SCPD) to purchase ALPR surveillance cameras, City Council members had little motivation to examine the economics or ethics of buying the devices. Also, the Council heard only one point of view on ALPRs before voting. “If you’re pointing out that City Council discourse is weighted towards the staff (i.e. the police) over the general populace, then I agree,” reflects Councilmember Micah Posner. “I was asleep at the wheel. I heard from the police that it would be helpful in catching car thieves and other criminals… If I’d been better informed about (the ALPRs) I may have voted against the purchase.” Santa Cruz is also one of the first cities in the country to experiment with “predictive policing.”
After an investigative report on ALPRs in Santa Cruz by this writer, the local ACLU chapter convened a community meeting about domestic surveillance. Council member Posner recently said, “We need to take a much closer look at the implications of the devices to personal civil liberty and see if there is a way that these concerns can be met. If not, we should give back the money.”
San Leandro: Photos Taken
In San Leandro, California, the use of license scanners was a well-kept secret from 2008 to 2010, until Mike Katz-Lacabe asked for the photos that had been taken of him. Katz-Lacabe, a school board member in San Leandro since 2006 and a computer security specialist, was shocked when he saw the images that had been taken of him and his family with police ALPRs. “It included about 112 images of my two cars taken over the 2-year period,” he explained. He said that many ALPR devices have two cameras. “An infrared camera to capture the license plate number and another one to capture a picture of the vehicle and the surrounding area,” says Katz-Lacabe.
“One of the pictures I received is timed perfectly as me and my daughters were getting out of the car in our driveway. You can clearly see my two young daughters getting out of the car and me getting out the front door. That was an eye-opening picture of me in my driveway.” He added, “At that point our police department was retaining that information indefinitely.”
In 2012, San Leandro changed their data storage policies. “The Police Chief announced the retention policy had been reduced from indefinitely to one year,” explains Katz-Lacabe. “The change didn’t come about due to any awareness of our City Council. It came about largely because of the decision to start sharing data with the Northern California Regional Intelligence Center (NCRIC).” NCRIC is one of 78 Governor-designated and Department of Homeland Security (DHS) fusion centers in the U.S. for storing and sharing data.
Mike Sena, the director of NCRIC comments, “We have about 10 million license plates in the system from 200 law enforcement agencies.” Sena said that the data is stored at the San Francisco Federal Building for one year unless it’s linked to an ongoing investigation.
Katz-Lacabe said, “Brian Rodriguez, from the Northern California Regional Intelligence Center came to a City Council meeting and said, ‘We’re gathering information about people who haven’t been charged with a crime yet.’ Yet. It speaks of a surveillance system where all this information is being gathered and as soon you’re suspected of a crime, they basically have a time machine to go back and determine where you were at any particular time.”
Katz-Lacabe continued: “NCRIC has been pursuing a one-year retention policy for a while to stave off legislative action that would demand shorter data retention periods. As far as I can tell, there is no empirical basis for that at all.”
“It hasn’t been determined yet the length of time that is useful to hold onto ALPR data. I’d like to see a higher-education institution do a study, looking at what cases were solved—and what cases would not have been solved—if it were not for use of the license plate reader technology,” Sena added.
But Katz-Lacabe is skeptical that police and fusion centers would voluntarily limit data retention policies even if independent studies recommended doing so: “If empirical data showed that it wasn’t useful to hold onto ALPR data for more than two weeks, I don’t think NCRIC would say, ‘Okay, we’ll change our retention policy to two weeks’.”
Though photographing all cars may help police solve “crimes,” the ACLU, EFF and others are concerned that new surveillance technologies embody a dystopian potential for “pervasive and permanent monitoring.” Though license scanners can help identify cars with unpaid tickets and stolen cars, an ACLU study shows that the ratio of data collected to hits is low; 0.01 percent for Rhinebeck, NY and 0.2 percent for Maryland, where 29 million license plate reads occurred in 2012 with only 1 in 500 being hits. In other words, for every one million plates read in Maryland, only 47 were associated with “serious crimes.”
San Diego: Under Investigation
Michael Robertson lives in San Diego, but when he asked for license scanner photos that police had taken of his car, they refused. “They quoted a portion of California law that says that they don’t have to turn over records that are part of an on-going investigation. In their view we are all under investigation at all times.” He added, “I’m hoping to force them to make this data public. We’ll hopefully shut down this program.”
The Mayor of Minneapolis, R.T. Rybak, also recently became interested in license scanners. An August 12, 2013 article in the Minneapolis Star Tribune titled “Surveillance of License Plates by MPD” included a map of 41 locations the Mayor’s city-owned vehicle had been scanned at during one year. After the map was published Rybak expressed “concerns around the length of time it is stored and how it can be used.”
ELSAG is one company that manufactures license scanners. Based in North Carolina, the company is owned by Finmeccanica, the eighth largest military contractor on the planet with earnings of $14.4 billion in 2010 according to the Washington Post. According to Finmeccanica’s website, the “Mobile Plate Hunter-900R” captures up to 3,600 license plates per minute and comes with “geofence software” that “creates an invisible, virtual barrier around sensitive areas.” Finmeccanica’s website says that their products include, “…the C-27J Joint Cargo Aircraft…to the U.S. Army and the U.S. Air Force; the G-222 aircraft to the Afghanistan National Army Air Corps, and the license plate reader to the U.S. Department of Homeland Security.”
Information about new surveillance systems is sometimes difficult to discover, as police are often “less than forthcoming” when asked for details, according to ACLU attorney Linda Lye. At least one private corporation—Harris—have police and sheriffs sign a non-disclosure agreement when buying their Stingray devices, which simulate a cellphone tower to collect phone and location data without a warrant. The secret agreement bars the law enforcement agency from revealing anything about the device, including whether or not they have one.
New surveillance technologies are giving law enforcement and corporations the ability to use mass data collection to review the past as well as predict where people will go and what they’ll do. Predictive policing, a computer algorithm technique used in two cities in California—Los Angeles and Santa Cruz—has links to the U.S. military according to an LA Weekly Report (“Forget The NSA, the LAPD Spies on Millions of Innocent Folks,” 2/27/14). The report emphasizes that predictive policing, “is actually a sophisticated system developed not by cops but by the U.S. military, based on ‘insurgent’ activity in Iraq and civilian casualty patterns in Afghanistan.”
The website for PredPol, a company that offers predictive policing says they, “Predict crime in real time.” Harsh Patel, a member of the board of advisors for PredPol, is former Managing Director of In-Q-Tel, the venture capital arm of the CIA. Time Magazine named predictive policing one of the top 50 innovations of 2011.
Fusion Centers, 9/11 And The CIA
Since the violent plane crashes of 9/11, the attacks have been used to philosophically promote and practically support funding of numerous federal, state, and local security and surveillance programs. That includes ALPR use as well as the building of Domain Awareness Centers and 78 governor-managed Fusion Intelligence Centers across the U.S. where ALPR and other law enforcement data is consolidated, with funding and support from DHS, FBI, and other agencies.
Lye told me, “At present there are about twelve agencies that have memoranda of understanding with the Northern California Regional Intelligence Center (NCRIC) to share their ALPR data. At least thirty have accessed the data in recent months based on records I’ve obtained from NCRIC. I’ve seen indications that DHS and ICE—Immigration and Customs Enforcement— have also accessed that ALPR database.
“One of the concerns post-9/11 was that the incident happened because information had not been shared across agencies and that if we’d shared information we may have been able to stop it.” Sena reported that his work in intelligence began on September 11, 2001.
A 2007 ACLU report titled “What’s Wrong With Fusion Centers” describes them as, “originally created to improve the sharing of anti-terrorism intelligence among different state, local and federal law enforcement agencies…the scope of their mission has quickly expanded—with the support and encouragement of the federal government—to cover ‘all crimes and all hazards’.” James Risen reported in the New York Times (October 2, 2012) that a Congressional committee found fusion centers, “forwarded intelligence of uneven quality—oftentimes shoddy, rarely timely, sometimes endangering citizens’ civil liberties…and more often than not unrelated to terrorism.” Risen also wrote that top officials at DHS had known about the flaws for years, “but hid an internal department report on the program’s flaws from Congress while continuing to tell lawmakers and the public that the fusion centers were highly valuable….” At that time there were 72 fusion centers; now there’s 78.
Sena said he disagreed with the Congressional findings: “The reports that were reviewed in the 2012 study were written by folks sent out into the field by DHS and not based on fusion center data, but on information they were coming in contact with by whatever means, through the fusion centers or other agencies.”
Currently, NCRIC is getting help from a Silicon Valley company that received funding from the CIA. Katz-Lacabe visited Palantir’s office in Palo Alto: “They’re a big data analysis company that works with the LA Police Department, for example, chugging through their data to either predict or solve crime” said Katz- Lacabe. “Palantir received some initial funding from a company called In-Q-Tel, the venture capital arm of the CIA that tries to fund new technologies that may be useful to the intelligence community.”
In a Forbes (“How a Deviant Philosopher Built Palantir, A CIA-Funded Data-Mining Juggernaut,” 8/14/13), Andy Greenberg writes that Palantir’s business proposal to NCRIC boasted they, “enabled searches of the NYPD’s 500 million plate photos in less than five seconds.”
License data collected by police and privately owned ALPRs is consolidated at 78 state fusion centers, but does the data continue up the pyramid to DHS, NSA, or elsewhere? Sena said, “There isn’t one agency that oversees all of the 78 fusion centers.” But he explained that there is a centralizing mechanism: “The Nationwide Suspicious Activity Reporting Initiative (NSI) is the only centralized location where data from fusion centers all across the country is pushed. That data goes to a server in the Washington DC area that’s managed by the Nationwide SAR Initiative program manager. It was under Department of Justice (DOJ), but towards the end of last year it was transitioned over to Department of Homeland Security (DHS) and is operated jointly with the FBI.” Sena explained that the program manager for the NSI is David Sobczyk, who previously worked for the Chicago Police Department and DHS Office of Intelligence and Analysis.”
Kade Crockford, attorney with the Massachusetts ACLU says, “Having a (license) database like this that gathers information about completely innocent people is in itself a violation. The NSA says they need to have the haystack so they can find the needle. This is the same argument that police make if you ask them why they need all of this information about innocent people, it might become useful.
“Another similarity between NSA and police spying is that although police departments say they’ll make strict rules about who can query the license plate databases, they’re not going to discuss the possibility of getting rid of the database. This is the same with NSA apologists who say, ‘We’re not going to debate whether or not we need the database. We need it. But we will engage in conversations about what the rules should be.’
Some fusion centers have been linked to spying on activists and attempt to disrupt political groups. A New York Times story (June 24, 2013) by Colin Moynihan outlined how a member of the Pierce County Sheriff’s department and a director of the Washington Joint Analytical Center—which became the Washington State Fusion Center (WSFC)—spied on anti-war organizations like Students for a Democratic Society and Port Militarization Resistance: “An investigator working with an intelligence-gathering office in Washington State placed the names and photos of anti-war protestors into a domestic terrorism file….” And an October 18, 2012 press release from the ACLU states, “The Boston Regional Intelligence Center (BRIC) filed ‘intelligence reports’ mischaracterizing peaceful groups such as Veterans for Peace, United for Justice with Peace, and CodePink as ‘extremists,’ and peaceful protests as domestic ‘homeland security’ threats, and civil disturbances.”
Oakland Scales Back the Domain Awareness Center
Domain Awareness Centers aggregate surveillance systems of a given area, unlike Fusion Centers that consolidate data. In Oakland, California activists and privacy rights organizations were recently successful in persuading local and federal government to scale back a planned Domain Awareness Center (DAC).
Lye explains: “The concept for Domain Awareness Centers arose out of situational and maritime awareness security. Oakland is one of the few, if not the only one, that was intended to also have a city-based system.
“The Port of Oakland relies on city police and fire departments to respond to emergencies. The federal grant applications for the DAC gave Oakland’s first responders access to the port’s surveillance and sensor feeds. But as the program morphed, the DAC was expanded to include not just surveillance from the port, but from all across the city of Oakland. In the proposal the DAC would have integrated 700 cameras in Oakland city schools, hundreds of traffic cameras, over 40 automated license plate readers, and city-owned surveillance cameras from all across the city.
“Many proponents said, ‘Why is this a threat to privacy?’ We’re aggregating feeds. We’re not adding any new feeds. Here’s the reason: a mosaic reveals much more detail than a single tile. You can track people as they’re driving across the city, passing various traffic intersections, and automated license plate reader cameras mounted on police vehicles. Our concern was that the DAC had the potential to be used for warrantless mass surveillance of innocent Oakland residents who had engaged in no wrong-doing. New York City a center that might be regarded as similar to the Domain Awareness Center; we’re seeing these crop up across the country.”
The Oakland City Council agreed to scale back the DAC so that it would include only port-based systems. “The Oakland City Council decided to push back against this all-too-common phenomenon known as mission creep where a project is billed for one purpose while data is collected for surreptitious other purposes,” reflects Lye. “I’m sure there will be efforts to re-introduce city-based systems into the DAC. We’ll certainly monitor the situation.”
On February 18, 2014, the Washington Post’s Josh Hicks reported, “The Department of Homeland Security wants a private company to provide a national license-plate tracking system that would give the agency access to vast amounts of information from commercial and law enforcement tag readers, according to a government proposal that does not specify what privacy safeguards would be put in place.”
By the next day the plan was cancelled, “after privacy advocates raised concern about the initiative… The order came just days after ICE solicited proposals from companies to compile a database of license-plate information from commercial and law enforcement tag readers” Washington Post, February 19, 2014).
Crump reflects, “There was activism around stopping the nation-wide database, but the full story is still unclear. Some articles stated incorrectly that ICE was proposing to itself build a national database. But the proposal said they wanted to purchase access to an already existing database. It didn’t specify which company’s database that was, but it seems relatively clear that it was Vigilant. It’s good news that the DHS plan was cancelled, but police are already accessing vast private databases of (license) plate data.”
The National Vehicle Location Service (NLVS) is a database of the Livermore, California-based Vigilant Solutions, founded in 2009, which holds about two billion data records. Law enforcement and vehicle repossession workers use and add to the database and Digital Recognition Network (DRN), a sister company of Vigilant, operates its own ALPR cameras nationally. The Vigilant website includes an image of three children smiling, waving American flags.
Brian Shockly, Vice President of Marketing for Vigilant told me, “Vigilant has an agreement with Digital Recognition Network (DRN) wherein Vigilant is able to offer DRN collected data to law enforcement agencies for their use in seeking out stolen vehicles, felony vehicles, AMBER alerts, and more.
“Vigilant sells cameras and other LPR equipment to law enforcement agencies, who operate the cameras themselves. Vigilant’s NVLS database provides law enforcement with access to around 2 billion detections of vehicles collected by DRN and law enforcement over a 6 year period. The database grows between 60 and 70 million detections on a monthly basis. The National Vehicle Location Service (NVLS) is made up from two primary sources: data shared to NVLS from law enforcement and ‘private’ data collected by Vigilant’s partner DRN.”
When asked about growing resistance to ALPRs, the Vigilant representative responded, “Any reduction in data retention times—some as low as 30 minutes or 2 weeks—hamper the ability for the investigation of crimes that occurred in the past. Many crimes such as sexual assault and rape are not reported until weeks after the fact.
Further, what about cold cases that may have new life once a suspect is identified years later? Either the data should or shouldn’t be gathered. If we all agree the data is important, then retention limits should be a moot argument and the focus should be placed instead upon strict access control. The value that citizens get in exchange for hamstringing police is nonexistent.” In fact, much resistance against ALPRs has focused on limiting data retention time rather than with the more fundamental question raised by the Vigilant representative; should bulk data of innocent people be gathered at all?
“It’s a problem when private companies have this much information about perfectly innocent people,” explained the Crockford. “Law enforcement agencies are accessing that data for free, actually. They sign up to make a certain number of queries and then it’s sort of like a drug dealer; Vigilant gets them hooked and when the few queries a month do not satisfy the police department’s needs anymore, they’re bumped up to tier two, which is a subscription service, where they pay to access the database.”
Crockford comments that, “For people who aren’t so worried about license plate readers in comparison to face recognition or cellphone surveillance; it’s true that where you can’t peel your face off, you definitely can choose to not drive. Although for a lot of people it’s not exactly an option. But the reason we should be concerned is that knowledge is power. If we’re prepared to live in a society in which the government has almost unlimited knowledge about us and we have very limited knowledge about what the government is really doing, I think we’re going to be living in a society that is much closer to a totalitarian society than it is to a democracy.”
Vigilant Solutions also sells facial recognition software that offers, “field validation of identities using mobile device interface,” according to their website. Vigilant says, “FaceSearch is a facial recognition software product. It’s completely different from License Plate Recognition and there is no integration between the two.”
John Malkin is a freelance journalist.