MuckRock Release ALPR Dataset Covering 200 Gov't Agencies And 2.5 Billion License Plate Records

from the auto-panopticon dept

MuckRock has concluded its national automatic license plate reader survey. Or, at least, it's as close to completed as humanly possible, what with more than a handful of agencies still refusing to turn over data. But there's a ton of info in the dataset and more than a few concerning aspects about nationwide use of ALPRs.

Let's go ahead and start with the biggest number -- one that shows just how much tracking these devices that aren't technically tracking devices do.

Today we are releasing records obtained from 200 agencies, accounting for more than 2.5 -billion license plate scans in 2016 and 2017. This data is collected regardless of whether the vehicle or its owner or driver are suspected of being involved in a crime. In fact, the information shows that 99.5% of the license plates scanned were not under suspicion at the time the vehicles’ plates were collected.

Billions of plate/location data points, shared by hundreds of law enforcement agencies, creating a massive database of people's lives that agencies can dip into at will. This is already a problem, thanks to lax oversight of ALPR programs, most of which allow for extended retention of plate records. The problem becomes that much worse with sharing, because retention policies at one agency don't apply to others accessing the same data.

[L]egal requirements on the treatment of ALPR data differ state to state, and each agency crafts its own policies for controlling and overseeing that data. It’s unclear which policies and laws govern ALPR data when it crosses state boundaries. For example, a sheriff’s office in California may require officers to attach a case number to every search of ALPR data, whereas a police department in Georgia may not have any similar requirements. Meanwhile, Georgia law requires ALPR data to be destroyed after 30 months, whereas other states may allow agencies to hold onto the data indefinitely.

Agency policies and state-level data privacy protections become background noise when billions of records pour into a central database maintained by ALPR manufacturers. On average, law enforcement agencies are sharing data with 160 agencies. But there are outliers. MuckRock has compiled a list called the "800 Club:" agencies that share their captured plate data with at least 800 other government agencies, most of which are located in California or Texas.

The dataset [available to download here] appears to be as comprehensive as anyone can make it, given the reluctance to release this information and some lack of clarity in law enforcement agency responses. The good news is most law enforcement agencies were cooperative with requesters. The bad news is pretty much everything else. Billions of plate records are collected every year and stored indefinitely by ALPR manufacturer Vigilant. But if there's any inconsistencies or errors in the data received from the agencies polled, one entity in particular could clear up any and all misunderstandings.

To our knowledge, there is only one entity capable of disclosing a comprehensive dataset that would near perfect accuracy: Vigilant Solutions itself. We urge the company to publish this data, which would not only save our time, but also the time of every law enforcement agency staff member who must process our public records request.

Public records requests only go so far. Vigilant could clear this up, but won't, and there's nothing in the law that says a private company has to release this information to the public. But it should. It is definitely of public interest. And, given that its collected from citizens and handled by government agencies, it seems the public has more right to the complete dataset than a single company with a large number of law enforcement customers.

Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: alpr, license plate reader, surveillance
Companies: muckrock


Reader Comments

Subscribe: RSS

View by: Time | Thread


  1. icon
    stderric (profile), 21 Nov 2018 @ 12:01pm

    I've always been curious about how easily LEAs that actually have retention policies can/do work around them. Anyone know if there've been any discussions of this issue (readable by a layman, vs sweeping general policy surveys and analyses)?

    As an example, I read through the GA ALPR collection act (found via Muckrock from one of Tim's links). My pessimistic, perhaps slightly paranoid side worries about passages like

    • All such data collected shall be destroyed no later than 30 months after such data were originally collected unless such data are the subject matter of a toll violation or for a law enforcement purpose.

    • Nothing in this Code section shall be construed to preclude a law enforcement agency from contracting with a person to hold and maintain captured license plate data for such law enforcement agency; provided, however, that such person shall be subject to the policies of the law enforcement agency and paragraph (1) of this subsection.

    Given that the retention limit can be exceeded if data is "for a law enforcement purpose", how easy would it be to use the "all data is potentially evidence" end-run around having to destroy anything at all?

    Is it possible for a LEA to just keep extending the retention period by playing data custody hot-potato with a 3rd-party, tossing it back & forth every 29 months and resetting the clock, so to speak?

    link to this | view in thread ]

  2. identicon
    Anonymous Coward, 21 Nov 2018 @ 2:53pm

    Or "we the people" could crowdsource their own records of government and Vigilant vehicle movements.

    link to this | view in thread ]

  3. identicon
    Anonymous Coward, 22 Nov 2018 @ 5:27am

    both links to the data show missing file errors.

    link to this | view in thread ]

  4. identicon
    Anonymous Coward, 22 Nov 2018 @ 5:47am

    Re:

    If we datamine Muckrock's for areas around government buildings we'd probably figure out who works for the government. Then see where else they go...

    link to this | view in thread ]

  5. identicon
    Anonymous Coward, 25 Nov 2018 @ 5:30am

    It would be best to just link to https://www.eff.org/pages/download-alpr-dataset
    for the datasets, as EFF updates the links when they add a fix to the data, so any file-based link may break in the future.

    link to this | view in thread ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.