Law enforcement in four of California’s most populous counties is storing, searching, and sharing detailed records on millions of random drivers, according to a new report from the California State Auditor, a nonpartisan government agency. The audit, released last week, found major deficiencies—and possible lawbreaking—in police use of automated license plate readers (ALPRs) in the California counties of Los Angeles, Fresno, Marin, and Sacramento.
The technology is frighteningly simple: cameras on police cars or roadsides can scan up to 2,000 license plates per minute, storing the plate number, the location, and the time the car was spotted. From there, an officer can easily pull other identifying information, like the driver’s name, address, and criminal history, all without a warrant—or even a supervisor’s sign-off. The result is that drivers are being tracked and recorded by the police, whether or not they’ve done anything wrong. In San Diego, the state audit found that 0.04 percent of scanned plates were actually under suspicion when scanned. A 2016 CityLab report pegged that at 0.02 percent in Marin County. In Los Angeles, the figure was 0.01 percent of 320 million images, all including timestamps and the driver’s exact location. In 2013, Mother Jones reported that, per the American Civil Liberties Union, just 47 of the million license plates scanned in Maryland “were even tentatively associated with actual serious crimes.”
Once a marginal technology, license plate scanners are now widespread, minimally regulated, and employed by everyone from mall cops to landlords, with reams of plate data floating around the web—thanks in part to cop-tech hawkers convincing police that license-plate monitoring has gone “from a nice-to-have luxury to a can’t-operate-without system.” And big corporations have gotten into the game: Vigilant Solutions, a private, for-profit law enforcement contractor that sells both license plate readers and the data they collect, is a wholly owned subsidiary of Motorola Solutions.
Less than a third of states have laws regulating ALPRs, according to the National Conference of State Legislatures. In 2019, California lawmakers set a few restrictions on license plate scanners—but they only apply to the state highway patrol. Well over half of California’s law enforcement agencies use the technology, and auditors found that in Fresno, Marin, and Sacramento, police shared their records with thousands of other public agencies in 44 of 50 states. (All three were sending driver data to cops in Honolulu, one of the toughest cities for a California fugitive to drive to.)
California does require that ALPR users set “a usage and privacy policy” that’s “consistent with respect for individuals’ privacy and civil liberties,” meaning that police who freely share driver data may be violating the law.
Privacy advocates have long raised issues with license plate readers, especially given the long, sketchy history of law enforcement data abuse. A 2016 investigation by the Associated Press found that officers “stalked, harassed, and tampered with criminal cases using details obtained” through motor vehicle databases. It can look innocuous at first: the spread of home DNA tests like 23andMe led to “a law enforcement free-for-all, with police and allies digging into consumer DNA databases with little law or policy to guide them,” according to a 2019 investigation by Mother Jones‘s Madison Pauly. That year, a Slate article on ALPRs found more malfeasance:
A few years ago, the Associated Press reported that NYPD used ALPRs to scan the plates of worshippers at a mosque. Police in Edmonton, Alberta, admitted to using a confidential police database in 2004 to get the plate number of a local columnist who was sharply critical of police conduct and ordering officers to look out for his car, hoping to catch him at a bar and then arrest him for drunk driving.
California law enforcement agencies have said they don’t share data with Immigration and Customs Enforcement, a longstanding concern of organizations like ACLU and the Electronic Frontier Foundation (EFF). But ICE appears to have access to Vigilant’s database of over 2 billion photos, part of what the Verge calls “a massive vehicle-tracking network generating as many as 100 million sightings per month.” Vigilant is the industry-standard ALPR provider, and the most popular in California. A 2019 EFF investigation, written up in Techdirt, found discrepancies between Vigilant’s public statements and internal communications on sharing plate data.
None of the audited law enforcement agencies required police to get any kind of approval before searching license plate records. The Los Angeles Police Department had no policy regulating ALPRs at all. (It now says it’s working on one.)
State Senator Scott Weiner, who commissioned the audit, called the lack of regulation “totally unacceptable,” saying in a public statement that his office was drafting legislation “to put an end to these privacy violations.”
Per the Electronic Frontier Foundation, which has long opposed ALPRs, legislation like Weiner’s could ban license plate data collection by private companies, which would keep firms like Vigilant from gathering and selling massive driver data files. Lawmakers could limit data retention, like they’ve already done for the California Highway Patrol, demand more training, oversight, or audits for departments that use plate scanners, or even place a state-wide moratorium on their use.
California has long been a bellwether for rules on everything from auto emissions to police face recognition. With the nationwide spread of cheap, unregulated license plate scanners, any California restrictions on what cops do with your information could become a model for the rest of the country.