CBP Has Access To Billions Of License Plate Images Collected By Private Companies
from the too-much-is-never-enough dept
The Customs and Border Patrol (CBP) has a thirst for license plate images. It wants as many as it can get. And as far inland as it can get without straying from the areas it's really supposed to be keeping its eyes on: the nation's borders. Two consecutive Privacy Impact Assessments of the agency's automatic license plate reader program came to the same conclusion: if you don't want to get your plate read, don't drive anywhere. Sure, it may seem easy to avoid the border, but the agency is allowed to do its border protecting stuff up to 100 miles from any border, which includes coastlines and international airports.
But it's not enough that the CBP has an unknown number of plate readers in operation. The information captured by its camera network apparently isn't comprehensive enough. So it's been buying access to other license plate image databases. As Joseph Cox reports for Motherboard, the CBP is making use of plate images gathered by private companies to round out its surveillance of Americans.
The PIA [Privacy Impact Assessment] did not name the specific commercial database. But a source in the private investigator industry, which makes use of commercial license plate databases, suggests the supplier is likely Vigilant Solutions and its sister company DRN which collects the license plate data in the first place.
"DRN is the only one I know that collects the data. The other companies that advertise this service as a search buy from DRN," Igor Ostrovskiy, principal at private investigator firm Ostro Intelligence, who has used the DRN system, told Motherboard. With the consent of the target, a source previously tracked a target for Motherboard using DRN's vast license plate reader system.
Vigilant is home to what is likely the largest database of plate images in the business. The company sells access to an unknown number of law enforcement agencies. Some agencies get free access in exchange for a cut of any fines and fees collected by law enforcement as the result of plate reader hits. As of a half-decade ago, Vigilant was home to two billion license plate photos, with 100 million more being added daily by its network of cameras.
But Vigilant's network isn't just its hundreds of law enforcement owned plate readers. It's also the hundreds run by private companies that allow Vigilant to sell access to the plate images they've collected. As Cox reports, this has turned two billion images (as of 2015) to nine billion images -- much of this "crowd-sourced" from hundreds of repo men using Vigilant equipment.
So, the CBP's Privacy Impact Assessment isn't accurate. It may be accurate as far as suggesting not driving is the only way to prevent your license plate from ending up in the CBP's database. But to suggest staying out of areas "impacted" by CBP activity might allow you to elude this collection is patently false. If the CBP has access to this database, plate/location info from drivers nowhere near the CBP's enforcement areas is still making its way to the CBP via Vigilant's numerous private company contributors.
And this collection isn't subject to the CBP's rules, which limit searches to five years of plate/location data and removes cached, non-hit searches within 24 hours. The CBP may not have control of this collection -- it remains solely in the hands of Vigilant -- but claiming (as the CBP does in Cox's article) that query-only access is somehow a completely different thing is disingenuous. While it may make exploitation of the database more difficult for the CBP, it's still access to billions of plate records the CBP hasn't shown it should legally or logically have access to. The CBP can dip into it whenever it wants and operate outside of its own ALPR guidelines while doing it. There are no downsides. The CBP gets access to billions more plate images without having to deal with the infrastructure side of it. More plates, lower costs, fewer headaches. Win win win.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: 3rd party doctrine, 4th amendment, cbp, license plate images, privacy
Companies: drn, vigilant solutions
Reader Comments
Subscribe: RSS
View by: Time | Thread
This is why privacy laws are needed
As broken and annoying as the GDPR is, the fact that it prevents this sort of indiscriminate data collection is a good thing. It would be extremely difficult for any company in the EU to build up a ALPR data set like this.
The US really needs to step up and put in place some privacy laws to protect the general populace. However, such a move would get widespread pushback from businesses whose business models rely on playing fast and loose with data, and we all know that the rights of corporate entities are more important to the US government than the rights of real people.
[ link to this | view in chronology ]
Re: More privacy laws needed?
No, step back and observe the bigger picture of this problem.
Why do we absolutely and eternally need large illuminated government License Plates on every vehicle, with unique ID numbers publicly displayed at all times?
The main purpose of License Plates has always been to help the government monitor the general public.
License Plates were inherently designed for mass surveillance.
Now try hard to imagine a fairly simple solution to this government-tracks-us-all-by-LicensePlates problem.
[ link to this | view in chronology ]
Re: Re: More privacy laws needed?
"License Plates were inherently designed for mass surveillance."
Of course. Here I was thinking they were to ensure that cars are correctly registered and legal to use on public roads, and help differentiate between identical cars in the case of criminal activity or accidents. I didn't think they had been put in for the express purposes of mass surveillance decades before that was possible. Silly me.
"Now try hard to imagine a fairly simple solution to this government-tracks-us-all-by-LicensePlates problem."
Use another form of transport? It seems very silly to choose to use a form of transport that involves having to pass a government driving test, then buy a car that you register in your own name so that you can pay the taxes and undergo inspection required for the car to be used legally, then complain that the ID that goes with that is easy to see.
[ link to this | view in chronology ]
Re: Re: Re: More privacy laws needed?
vehicle registration is merely a routine administrative function, not requiring a 24/7 public broadcast of your identity -- do you have your Social Security # prominently displayed on your home's front door ... so any government officials can easily check that you paid your taxes and are legally residing in U.S. ??
(guess you never heard of vehicle registration slips, driver's licenses, car insurance certification slips, and VIN's as commonplace ID methods)
If a mugger hits you with a brick, steals your wallet and flees -- how would the police ever catch him unless everyone was required to have their Social Security # prominently tatooed on their forehead ??
General law enforcement convenience always trumps personal privacy, liberty, and Constitution -- right ?
[ link to this | view in chronology ]
Re: Re: Re: Re: More privacy laws needed?
No, but vehicle registration has been around for way longer than I've been alive and as far as I'm aware the abuses you're scared of have happened en masse.
But what's your alternative? You get pulled over and searched every time a crime is reported involving a similar car because nobody can run your plates? Now that is open to abuse!
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: More privacy laws needed?
... if there is a bank robbery, do the cops then have legal authority to stop and search every person in the town because they don't know exactly who robbed the bank?
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: More privacy laws needed?
Not everyone in town, but everyone who matches the description. Which does tends to cause problems for various reasons unrelated to bank robbery.
But, then, they also have other data such as video surveillance in the bank and the fact that, unlike cars, people born in the same place on the same day don't literally look exactly the same.
I'm not sure why you're dead set on false equivalence to attack a system that's been in for 100 years, but you are missing the point. Also being really stupid. You're living in an age where every new car has some kind of advertised tracking capability, and can easily have it added without your knowledge or permission, where most drivers carry a tracking device with them willingly, where every driver has to register both themselves and their car with the government to legally drive and where cops can pull you over for the flimsiest of reason at any time, and you're worried about licence plates? Your paranoia is very strangely misplaced.
[ link to this | view in chronology ]
Re: stupid
"...but you are missing the point. Also being really stupid... paranoid"
-
ahhh, so now people who firmly but politely disagree with your viewpoint are somehow stupid & paranoid.
There is not the slightest possibility that your viewpoint could be faulty ?
Your resort to personal insults destroys your credibility and violates the blog commenting rules here.
[ link to this | view in chronology ]
Re: Re: More privacy laws needed?
Can you imagine any other way of identifying a vehicle in the cases of hit and run, reporting a vehicle driven in an aggressive or dangerous fashion etc.?
[ link to this | view in chronology ]
And why would CBP care about hit and runs?
It is not the CBPs job to solve crimes or to sanction traffic transgressions. Their job is to protect borders. At the border, and not in the middle of the country. And yes, that should exclude airports. Even if CPB is in charge of checking incoming flight passengers, that does not involve cars - there is simply not enough space in the overhead locker to fit your Tesla.
[ link to this | view in chronology ]
Re: And why would CBP care about hit and runs?
"It is not the CBPs job to solve crimes or to sanction traffic transgressions"
No, but it is the job of many other agencies who use the same licence plate information. The AC being responded to was complaining about the entire concept of licence plates, not just the use by this one agency.
[ link to this | view in chronology ]
Re: This is why privacy laws are needed
Jamie..
WE DO have privacy laws, and the problem is they are NOT enforced.
AND our policing agencies have found a back door..Even tho they are not supposed to do it, doesn't mean a Corp CANT.
If you really want to track people, without their knowledge, start with getting rid of Money, and everyone use a CARD. Interesting isnt it? All you need is the CARD company to give you access. WHICH is supposed to be private also.
Then there is the Credit card industry, and that is supposed to be PRIVATE, and NOT USE our social sec. Numbers....but they do, and they do SELL ACCESS.. And none of it has Ever been enforced.
Then there is a new one, that Everyone, no matter age, must show ID to buy a pack of Cigs. Which is entered into the computer/register. And any corp that gets the idea, can SELL that info..
Its a strange world in the USA. As what the Gov. cant do, is allowed by the corps. For some strange reasoning.
Then we get to the idea of reverse warrants, And police looking up Cellphones in an area with crime.
AND in the end we end up showing the rest of the world HOW TO DO THE SAME...
[ link to this | view in chronology ]
What about "no expectation of privacy in public"?
It has been covered here in the past that there is no expectation of privacy when you are in public. So someone can take a photo you happen to be in and you cannot prevent it. So how would laws preventing photos of license plates be written that won't create an expectation of privacy while in public?
Don't get me wrong, I am not for this practice, but I don't see how it would be prevented.
[ link to this | view in chronology ]
Re: What about "no expectation of privacy in public"?
The problem is not the photographs, but rather the databases they end up in. Being photographed or filmed by lots of cameras where the images and films are kept separate does not a universal tracking system make. Yes such a system allows someone's actions and movement to be traced after some event, if their is a reason to expend the man power needed to obtain and analyse all the photos and videos.
Th real privacy invasion comes when everything is put into a single database, and where automatic means, such as number plate recognition, or facial recognition are used to identify vehicles and people.
The cause of the problem is not the camera, but rather large scales databases.
[ link to this | view in chronology ]
Must. Surveil. All... the things!
[ link to this | view in chronology ]
Just ise an onfra red licemse plate frsme to ptebent alprs from reading your plate
[ link to this | view in chronology ]