Boston police are spying on Americans, and storing thousands of license plates for "intelligence" purposes.
By Kate Crawford:
This summer ACLU affiliates all around the country filed open-records requests seeking information about how government agencies are using automated license plate readers. One set of records, released this week to the ACLU of Massachusetts by the police department here in Boston, provides a snapshot of the data-collection practices that are taking place around the nation.
The records reveal that the Boston police collect an average of 3,630 license plate reads per day and store the information for 90 days, unless officers decide they want to hold onto it forever, “for investigatory or intelligence purposes and for discovery/exculpatory evidence.”
Collected license plate data is stored in a private database called “CopLink,” and is available to any police officer with CopLink access. The Boston police department’s surveillance center, the Boston Regional Intelligence Center (BRIC), stores the data locally. The police department allows its officers to use license plate recognition technology for “proactive” surveillance purposes. That raises significant privacy alarms. But those practices are allowed under BPD license plate reader policy.
You want to bet they're not sharing it? Have you ever heard of the RISS program? The Regional Information Sharing Systems® (RISS) Program is a nationwide information sharing and investigative support program that serves thousands of local, state, federal, and tribal law enforcement and public safety agencies in all 50 states, the District of Columbia, U.S. territories, Australia, Canada, England, and New Zealand. Officers, analysts, and other criminal justice partners rely on RISS for its proven and secure information sharing capabilities, as well as its professional, innovative, and critical investigative support services. RISS serves as a force multiplier, effectively and efficiently aiding agencies in tackling crime problems in their areas. RISS consists of six regional centers as well as a technology support center. The six RISS Centers are:
Middle Atlantic-Great Lakes Organized Crime Law Enforcement Network® (MAGLOCLEN)
Mid-States Organized Crime Information Center® (MOCIC)
New England State Police Information Network® (NESPIN)
Rocky Mountain Information Network® (RMIN)
Regional Organized Crime Information Center® (ROCIC)
Western States Information Network® (WSIN)
RISS developed and continues to maintain the RISS Secure Intranet (RISSNET™). RISSNET is a secure Sensitive But Unclassified (SBU) law enforcement sharing cloud provider. RISSNET houses and provides access to millions of pieces of data, offers bidirectional sharing of information, connects disparate systems, and acts as the communications infrastructure for a number of critical resources and investigative tools. More than 85 systems are connected or pending connection to RISSNET and more than 400 resources are available to authorized users. RISS has developed a number of information sharing resources available via RISSNET, including the RISS Criminal Intelligence Databases (RISSIntel™), the RISS Officer Safety Event Deconfliction System (RISSafe™), the RISS Officer Safety Website, the RISS National Gang Program (RISSGang™), and the RISS Automated Trusted Information Exchange (ATIX™).
Despite the ACLU's open-records request, there is still much we don’t know:
Though we asked for them, the department did not provide us with records showing how many LPR units it owns, or any information showing how many “hits” the BPD currently stores in its system.We don’t know what kinds of LPR systems the Boston police use, either, because the department couldn’t find any procurement records, such as contracts or manufacturer marketing documents.We did not receive any training materials other than one special order that serves as the department’s LPR policy—even though the special order states that all department employees who use LPR data or systems “shall participate in a training program regarding implementation of and adherence to this LPR policy.”We also don’t know specifically which hotlists BPD uses in concert with LPR, though a disclosed policy governing its use says the lists are “either developed by the Department, or provided to the Department from another law enforcement entity,” and may include registered sex offenders.The limited information we received in response to our request comes mostly from a special order, which serves as the department’s license plate reader policy. That document says LPR hotlists are updated once a week, providing plenty of room for error. However, the department requires that officers double-check the accuracy of all hits before taking “any police action that restricts the freedom of any individual,” which should mitigate problems resulting from obsolete hotlist data.
Perhaps the most troubling aspect of the policy is that the Boston police department authorizes license plate reader deployment for “proactive” data collection:
As directed by the Superintendent in Chief, a Superintendent or Deputy Superintendant, District or Unit Commander, Investigatory Supervisor or an Intelligence Supervisor, LPR may be deployed to a defined geographical area for purposes of an ongoing investigation or an intelligence gathering operation. [emphasis added]
In other words, if the Boston police wanted to know who attended an anti-war meeting or went to Friday services at the mosque, they could park a cruiser with LPR technology in a strategic location and without lifting a finger collect a membership or attendance list of motoring activists or worshippers. The department does not require that police document any legitimate law enforcement purpose or in any other way justify the deployment of LPR for “an intelligence gathering operation,” opening the door for serious abuse. Yet more troubling, the police could store this information indefinitely.
Perhaps the most significant gap in our knowledge about how BPD uses license plate readers is how the technology’s significant powers are harnessed for surveillance purposes. Does the agency’s sharing of our location information with the private CopLink database mean that police nationwide can peer into our private lives on a whim, for no good reason? Is the data added to the CopLink system ever deleted?
We don’t know. But we do know that the department’s policy allows it to retain indefinitely and data-mine information about ordinary people accused of no crime.
This is all exactly backwards. We should know how more about the police are using this and other powerful surveillance tools—both in Boston and around the country—and the police shouldn’t know much at all about how we live our day-to-day lives unless they suspect we are engaged in criminal activity. After all, we are innocent until proven guilty. Or is that maxim of American jurisprudence now reversed?
http://www.aclu.org/blog/technology-and-liberty/boston-license-plate-data-goes-may-never-come-out
ArsTechnica has created a list of which police departments are using or plan on using license plate scanners:
In the course of this story, Ars e-mailed the state law enforcement agencies of all 50 states to learn more about how LPRs are used; we received replies from just a handful. We followed up with FOIA and public information requests asking for LPR purchase orders, privacy guidelines, and other documents from ten state, ten local, and three federal agencies, including the FBI, the DEA, and Customs and Border Protection.
We learned, for example, that the Bismarck, North Dakota Police Department and the Hawaii State Police both deny using LPRs at all. The Delaware State Police, meanwhile, says it owns three readers. After a month, we've had relatively few responses, though many of the requests are still pending.
We've created two spreadsheets outlining what we've found so far, and we have uploaded the most extensive documents (from Ohio) to Scribd. Ars readers can help us continue the investigation by querying their own local, county, and state authorities; just click here to generate a public records request letter to your local law enforcement agency. (Thanks to MuckRock for providing a nice template.) Send it in—and when you get results, feel free to share them with us for followup reporting.
http://arstechnica.com/tech-policy/2012/09/your-car-tracked-the-rapid-rise-of-license-plate-readers/
New tracking frontier: Your license plates.
The rise of license-plate tracking is a case study in how storing and studying people's everyday activities, even the seemingly mundane, has become the default rather than the exception. Cellphone-location data, online searches, credit-card purchases, social-network comments and more are gathered, mixed-and-matched, and stored in vast databases.
Data about a typical American is collected in more than 20 different ways during everyday activities, according to a Wall Street Journal analysis. Fifteen years ago, more than half of these types of surveillance tools were unavailable or not in widespread use, says Col. Lisa Shay, a professor of electrical engineering at the U.S. Military Academy at West Point who studies tracking.
"What would the 1950s Soviet Union have done with the technology we have now?" says Col. Shay. "We don't have a police state in this country, but we have the technology."
Law-enforcement agents say they are using this information only to catch bad guys.
During the past five years, the U.S. Department of Homeland Security has distributed more than $50 million in federal grants to law-enforcement agencies—ranging from sprawling Los Angeles to little Crisp County, Ga., pop. 23,000—for automated license-plate recognition systems. A 2010 study estimates that more than a third of large U.S. police agencies use automated plate-reading systems.
The information captured is considerable. Through a public-records act request, The Journal obtained two years' worth of plate information from the Riverside County Sheriff's Department in California. From Sept. 10, 2010, to Aug. 27, 2012, the sheriff's cameras captured about 6 million license-plate scans.
The sheriff's 49 camera-equipped vehicles scanned about 2 million unique plates. The average plate in the database was scanned three times over the two-year period. Less than 1% of plates were tracked extensively—hundreds of times, and occasionally thousands.
These private databases, each containing hundreds of millions of plates, could become the largest collection of people's movements within the U.S., says Mary Ellen Callahan, former chief privacy officer for the Department of Homeland Security. "You could have a nationwide vision of where I was at a given time," says Ms. Callahan, who now runs the privacy practice at law firm Jenner & Block.
Law-enforcement officers say they use the technology to track down stolen cars, collect unpaid tickets and identify the vehicles of suspected criminals.
The two private plate-tracking companies identified by the Journal both say they act responsibly and are within their rights to collect the data. Scott A. Jackson, founder of MVConnect LLC, the parent company of one of the two firms, says he won't sell the data to the public or to marketers.
http://online.wsj.com/article/SB10000872396390443995604578004723603576296.html
Three Years of WSJ Privacy Insights
![[image]](https://substackcdn.com/image/fetch/$s_!2Bh8!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fbucketeer-e05bbc84-baa3-437e-9518-adb32be77984.s3.amazonaws.com%2Fpublic%2Fimages%2Ffb7d2e76-60a8-4aa2-8040-a1721945e0ba_76x76.jpeg "[image]")
The Wall Street Journal is conducting a long-running investigation into the transformation of personal privacy in America.
Selected findings:
Google bypassed the privacy settings on millions of Web browsers on Apple iPhones and computers— tracking the online activities of people who intended that kind of monitoring to be blocked. (2/17/12)
The government follows the movements of thousands of Americans a year by secretly monitoring their cellphone records . (9/9/11)
iPhone and Android apps secretly shared data about their users, a Journal investigation found. (12/10/10)
Top apps on Facebook transmit personal identifying details to tracking companies, a Journal investigation found. (10/18/10)
One of the fastest growing online businesses is that of spying on Americans as they browse the Web. (6/30/10)
Plus, the global surveillance bazaar , a secretive phone-tracking "stingray" and RapLeaf's clever way of figuring out Web surfers' real names .
The Wall Street Journal has cataloged more than 20 different ways information about people can be recorded during everyday activities. Click the link below to find out which ones apply to you:
http://online.wsj.com/article/SB10000872396390443995604578004723603576296.html#project%3DSURVEIL120928%26articleTabs%3Dinteractive