CBP Updates Privacy Impact Assessment On License Plate Readers; Says Opting Out Involves Not Driving

from the just-five-years-of-surveillance-at-CBP-fingertips dept

The last time the CBP delivered a Privacy Impact Assessment of its automated license plate readers, it informed Americans as far as 100 miles inland that there's really no privacy being impacted by the deployment of tech capable of capturing millions of plate images every year. If you don't want to be on the CBP ALPR radar (which is shared with the DEA and other law enforcement agencies), don't drive around in a properly licensed vehicle.

This impact assessment was not updated when the CBP's ALPR vendor was hacked and thousands of plate photos -- some of which contained photos of drivers and passengers -- were taken from the vendor's servers. The vendor was never supposed to be storing these locally, but it decided to do so and the end result was a lot of leakage the CBP assured everyone contained "no personal information" about the thousands of people and vehicles contained in the photos.

The CBP's latest Privacy Impact Assessment [PDF] has been turned in and it's more of the same thing. Want to dodge the feds' plate readers, stay off the road. (via Zack Whittaker/TechCrunch)

Privacy Risk: There is a risk that individuals who are not under suspicion or subjects of investigation may be unaware of or able to consent to CBP access to their license plate information through a commercial database.

Mitigation: This risk cannot be fully mitigated. CBP cannot provide timely notice of license plate reads obtained from various sources outside of its control. Many areas of both public and private property have signage that alerts individuals that the area is under surveillance; however, this signage does not consistently include a description of how and with whom such data may be shared. Moreover, the only way to opt out of such surveillance is to avoid the impacted area, which may pose significant hardships and be generally unrealistic.

Keep in mind that "impacted areas" aren't just the places you expect Customs and Border Protection to be. You know… like at the border. It's also up to 100 miles inland from every border. And "border" is also defined as any entry point, which includes international airports. So, that's a lot of "impacted area." There's really no realistic way to dodge everywhere the CBP operates. And one would think actively dodging CBP-patrolled areas would be treated as suspicious behavior by CBP officers, which could result in far more than license plate records being abused.

The CBP says it will keep privacy violations to a minimum, though. It will only access its database if it has "circumstantial evidence." So… feel good about that, I guess.

The CBP also says that it probably isn't actually allowed to perform this collection but it will try its very best not to abuse its ALPR privileges.

There is a risk that CBP does not have the appropriate authority to collect commercially available LPR information from vehicles operating away from the border and outside of CBP’s area of responsibility.

No big deal, says the CBP. It will only retain information about vehicles crossing the border. Or connected to a "person of law enforcement interest." Or connected to potentially illicit activity. Or for "identifying individuals of concern." Just those things. And the data not connected to anything in particular will be held onto for a limited time.

Here's the definition of "limited:"

CBP may access LPR data over an extended period of time in order to establish patterns related to criminal activity; however, CBP has limited its access to LPR data to a five-year period in an effort to minimize this risk.

Really the only thing limited about this is that it isn't forever. The CBP's vendor can hold onto this data forever, but CBP agents will only be able to search the last five years of records. Cached searches will be retained for up to 30 days if they're of interest to the CBP or other law enforcement agencies with access to the database. Uninteresting searches will be dumped within 24 hours.

Five years is a lot of data. That's not really a mitigation of privacy concerns. The CBP's Impact Assessment pretty much says the agency plans to use this to reconstruct people's lives. Its definition of "limited" -- the one that means five years of searchable records -- is its response to the privacy risk posed by the aggregate collection of travel records over a long period of time. Apparently, the CBP feels five years is long enough for it to do its job. But not long enough that the general public should be worried about it.

Filed Under: alpr, cbp, driving, license plate reader, lpr, privacy impact assessment

ICE Finally Gets The Nationwide License Plate Database It's Spent Years Asking For

from the papers-please,-says-ICE-to-all-vehicles-in-the-nation dept

ICE is finally getting that nationwide license plate reader database it's been lusting after for several years. The DHS announced plans for a nationwide database in 2014, but decided to rein that idea in after a bit of backlash. The post-Snowden political climate made many domestic mass surveillance plans untenable, if not completely unpalatable.

Times have changed. The new team in the White House doesn't care how much domestic surveillance it engages in as long as it might aid in rooting out foreign immigrants. The first move was the DHS's updated Privacy Impact Assessment on license plate readers -- delivered late last year -- which came to the conclusion that any privacy violations were minimal compared to the national security net benefits.

The last step has been finalized, as Russell Brandom reports for The Verge.

The Immigration and Customs Enforcement (ICE) agency has officially gained agency-wide access to a nationwide license plate recognition database, according to a contract finalized earlier this month. The system gives the agency access to billions of license plate records and new powers of real-time location tracking, raising significant concerns from civil libertarians.

For those counting tax beans, the good news is this database won't cost much. Billions of license plate records have already been collected (and continue to be collected). All the winning contractor has to do is hook ICE up to the firehose.

The source of the data is not named in the contract, but an ICE representative said the data came from Vigilant Solutions, the leading network for license plate recognition data. “Like most other law enforcement agencies, ICE uses information obtained from license plate readers as one tool in support of its investigations,” spokesperson Dani Bennett said in a statement. “ICE is not seeking to build a license plate reader database, and will not collect nor contribute any data to a national public or private database through this contract.”

Nice use of wiggle words to minimize ICE's new surveillance power. ICE won't "build" a database. Great, but it doesn't need to. Vigilant has been collecting records for years via private companies and partnerships with law enforcement agencies. Around two billion plate/location records are already stored by Vigilant, presumably indefinitely. According to the Verge report, ICE will have access to at least five years of records for historical searches.

But ICE won't be just be diving into Vigilant's plate record archives. ICE will also be able to hand Vigilant "hot lists" for automatic notification any time the nation's many ALPR cameras capture a shot of targeted license plates.

ICE agents can also receive instantaneous email alerts whenever a new record of a particular plate is found — a system known internally as a “hot list.” (The same alerts can also be funneled to the Vigilant’s iOS app.) According to the privacy assessment, as many as 2,500 license plates could be uploaded to the hot list in a single batch, although the assessment does not detail how often new batches can be added.

According to the report, ICE first tried out Vigilant's system in 2012. It hoped to go live in 2014, but the Snowden documents chilled enthusiasm for mass surveillance temporarily. Now, the system is ready to roll, pre-stocked with a couple billion plate records for ICE to peruse as it expands its enforcement activities past the deportation of foreign criminals.

There are few nods to privacy, but they're mostly useless. ICE owns it own ALPR cameras but those won't feed into this database, which means other law enforcement agencies won't have access to ICE-generated plate records. Hot lists aren't forever. They'll expire after a year. And there will be audit trails for ICE agents who use the system, although it remains to be seen how serious ICE is about punishing misuse of this authority.

There's not much that citizens can do to keep their inland plates from becoming part of ICE's border enforcement activity. Most states require visible, legible license plates at all times, even when parked at homes or private businesses. One state, however, is doing something about that. California legislators recently offered up a bill that would provide a little pocket of privacy for citizens and their vehicles.

S.B. 712 would allow drivers to apply a removable cover to their license plates when they are lawfully parked, similar to how drivers are currently allowed to cover their entire vehicles with a tarp to protect their paint jobs from elements. While this would not prevent ALPRs from collecting data from moving vehicles, it would offer privacy for those who want to protect the confidentiality of their destinations.

Unfortunately, this legislation has struggled to find enough support to get it to the governor's desk. As the EFF reports, state senators who have stated support for pushing back against the White House's anti-immigrant policies failed to show support for a bill that would have slowed ICE's acquisition of plate records from their state. The initial vote, however, took place before the Verge broke the story of ICE's partnership with Vigilant Systems. Things could change on January 31's vote, now that new information has come to light.

Filed Under: 4th amendment, alpr, database, ice, law enforcement, license plate readers, lpr, privacy

DHS Expands License Plate Dragnet, Streams Collections To US Law Enforcement Agencies

from the let-the-government-know-your-travel-plans...-as-you-travel! dept

The DHS has provided the public with a Privacy Impact Assessment (PIA) on its use of license plate readers (LPRs). What the document shows is the DHS's hasty abandonment of plans for a national license plate database had little impact on its ability to create a replacement national license plate database. The document deals with border areas primarily, but that shouldn't lead inland drivers to believe they won't be swept up in the collection.

The DHS has multiple partners in its license plate gathering efforts, with the foremost beneficiary being the DEA, as Papers, Please! Reports:

The latest so-called “Privacy Impact Assessment” (PIA) made public by the US Department of Homeland Security, “CBP License Plate Reader Technology“, provides unsurprising but disturbing details about how the US government’s phobias about foreigners and drugs are driving (pun intended) the convergence of border surveillance and dragnet surveillance of the movements of private vehicles within the USA.

The CBP defines the border as anything within 100 miles of the country's physical borders, which also include international airports. Consequently, more than 2/3rds of the nation's population reside in the CBP's so-called "Constitution-free zone." The plate readers discussed in the PIA aren't just the ones drivers and visitors might expect. While the CBP operates many of these at static locations at entry points, other LPRs are mounted on CBP vehicles or hidden in areas the CBP patrols.

The addition of the DEA adds law enforcement to the mix. This means the DHS is intermingling its collection with existing law enforcement databases, allowing it to build an ad hoc national database without having to inform the public or hire a contractor to build one from the ground up.

[T]he DEA has compiled an aggregated database of geotagged and timestamped license plate records purchased from commercial sources, including records of vehicle locations far from what even the DHS considers the “border zone”.

CBP and DEA are already able to query and retrieve data from each other’s LPR databases. A DEA agent can also set a “TECS alert” flag in the DHS database for a specific license plate number, the same way they can for a specific passport number, so that they will be notified automatically whenever that plate is spotted by a DHS camera.

Vanishing from these multiple databases is any form of targeting. The DHS plans to pipe its LPR collection to DEA and other law enforcement agencies as a live feed, allowing agencies on the receiving end to browse the collection at will and/or add it to databases they control.

“CBP intends to provide DEA access to CBP LPR information… through a real-time streaming service.” Each agency will have a complete copy of the data collected by the other, so that they can merge and mine it and use it for “pre-crime” profiling.

The Impact Assessment notes privacy will, yes, be "impacted," but that's the way it goes. Many, many US citizens who have never crossed the border will have their license plate/location data added to multiple law enforcement databases. But what option does the DHS have? Not policing the "border?" Not helping the DEA out with the Drug War? From the PIA [PDF]:

Privacy Risk: There is a risk to individual participation in that individuals do not have an opportunity to consent to CBP’s retention and use of their license plate data.

Mitigation: This risk is not mitigated given the purpose of the collection. Many areas of both public and private property have signage that alerts individuals that the area is under surveillance; however, this signage does not consistently include a description of how and with whom such data may be shared. Moreover, the only way to opt out of such surveillance is to avoid the impacted area, which may pose significant hardships and be generally unrealistic.

As Papers, Please! notes, this PIA is a nice addition to the DHS's collection, but it's supposed to be released prior to roll out and the public is supposed to be notified via the Federal Register about additional collections of personally-identifiable info by government agencies. None of this has happened in a timely manner, making these collections illegal until the assessments are in place and notices properly published. The DHS -- along with its component agencies -- routinely ignore statutory requirements but, to date, not a single agency official has been punished for disobeying the law.

As for US citizens, they can expect this Kudzu-like growth of surveillance to continue, especially around airports or borders, even as the country remains only minimally threatened by terrorist activity or illegal entry into the country.

Filed Under: alpr, dea, dhs, homeland security, law enforcement, license plates, lpr, privacy, surveillance