San Francisco—Electronic Frontier Foundation (EFF) and the American Civil Liberties Union Foundation of Southern California (ACLU SoCal) have reached an agreement with Los Angeles law enforcement agencies under which the police and sheriff’s departments will turn over license plate data they indiscriminately collected on millions of law-abiding drivers in Southern California.
"Because the camera is photographing license plates in public locations visible for all to see, there is no expectation of privacy in the data we collect," the contract and various pieces of DRN marketing material read.
Yet while photos of faces and license plates of some 100,000 U.S. drivers are now freely available online, the CEO of Perceptics, John Dalton, claimed in an email a few years ago that “CBP has none of the privacy concerns at the border that all agencies have inland.”.
According to an internal presentation released by the Perceptics hacker and reviewed by The Intercept, the company pitched New York’s Metropolitan Transportation Authority, or MTA, in February of this year on how Perceptics’ car-scanning camera arrays, already deployed and honed in areas like the Mexican border and an assortment of U.S. military installations, could help the MTA track down drivers.
“This breach comes just as CBP seeks to expand its massive face recognition apparatus and collection of sensitive information from travelers, including license plate information and social media identifiers,” Neema Singh Guliani, American Civil Liberties Union senior legislative counsel, said in a statement.
On Thursday this week, however, an individual using the pseudonym "Boris Bullet-Dodger" contacted The Register , alerting us to the hack, and provided a list of files exfiltrated from Perceptics' corporate network as proof.
A state judge in Virginia ruled earlier this month that license plate tracking data collected by automatic license plate reader (ALPR) systems are personally identifiable information, outlawing their storage when law enforcement has no good reason to collect and retain them.
The city initially won but the U.S. Sixth Circuit Appeals Court reversed the decision, said that chalking is a form of trespass that requires a warrant, similar to attaching a tracker to a car to monitor its real-time location, according to the court’s ruling.
Smith is a victory for privacy rights advocates who argued that the police could track a person’s movements by compiling the times and exact locations of a car anytime its plate was captured by a license plate reader,” writes Tom Jackman in the Washington Post.
In its reversal, the Virginia Supreme Court found that the photographic and location data stored in the department’s database did meet the Data Act’s definition of ‘personal information,’ but sent the case back to the Circuit Court to determine whether the database met the Act’s definition of an “information system.” Judge Smith’s ruling affirms EFF’s view that the ALPR system does indeed provide a means through which a link to the identity of a vehicle's owner can be readily made.
For more than three years, the Massachusetts State Police have been using cameras to record the license plate number of every vehicle that enters and leaves Cape Cod, building a vast and growing database that now counts more than 100 million trips.
EFF is proud to announce its newest investigative team: the Threat Lab. Using a combination of research skills, the Threat Lab will take a deep dive into how surveillance technologies are used to target communities, activists, or individuals.
Last April, Voice of San Diego revealed that the department was sharing data it collected through a network of cameras that scan license plates and record the date, time and GPS location of the cars that pass them.
The Electronic Frontier Foundation, a San Francisco-based digital privacy nonprofit, has described the technology as “a form of mass surveillance .” Now, a new generation of tech firms has made it possible for private citizens to use the devices, known as automatic license plate readers, or ALPRs—without the strict oversight that governs this type of data collection by law enforcement.
“What we tend to find is that law enforcement will get sold this technology and see it as a one-time investment, but don’t invest in cybersecurity to protect the information or the devices themselves.” Darius Freamon, a security researcher, was one of the first to find police ALPR cameras in 2014 on Shodan, a search engine for exposed databases and devices.
EFF and MuckRock are releasing ALPR records obtained from 200 law enforcement agencies, accounting for more than 2.5 -billion license plate scans in 2016 and 2017 Today we are releasing records obtained from 200 agencies, accounting for more than 2.5 -billion license plate scans in 2016 and 2017.
With Openshaw noting that in the US, drivers’ licenses are essentially “the de facto national ID”, the two IDEMIA execs explained that IDEMIA is currently working with 38 state governments on their drivers’ license programs, and that a significant part of these efforts entails the Mobile Driver License, or MDL, concept.
According to recently released US federal contracting data, the Drug Enforcement Administration will be expanding the footprint of its nationwide surveillance network with the purchase of “multiple” trailer-mounted speed displays “to be retrofitted as mobile LPR [License Plate Reader] platforms.” The DEA is buying them from RU2 Systems Inc., a private Mesa, Arizona company.