The American Civil Liberties Union (ACLU) called out a renewed effort by the Department of Homeland Security (DHS) to obtain license plate reader (LPR) data for its failure to “remedy the fundamental civil liberties problems” of its earlier plan, which was canceled last year.
In March, Immigration and Customs Enforcement (ICE) revealed its intentions in a Privacy Impact Assessment (PIA) released Monday, to “procure of the services of a commercial vendor of LPR information,” which ACLU Speech, Privacy, and Technology Project's Bennett Stein and Policy Advisor Jay Stanley said in a blog post is ultimately “incentivizing the growth of an industry whose business model is monitoring the location and movements of Americans en masse and selling it to the government.”
The PIA noted that ICE would gain multiple benefits from LPR data— which provides among other things, location and movement—including resolving cases “that might otherwise be closed for lack of viable leads” and offering an additional measure of protection for both officers and the public “by enabling enforcement actions to occur in locations that minimize the inherent dangers associated with these encounters.”
And the PIA also pointed out that “a number of commercial enterprises” collect that data from both public and private sources, store it and “make it available on a fee-for-service basis.”
While the ACLU privacy advocates called using license plate scanners “appropriate” when checking for wanted vehicles, it warned that “the technology should never be used to store up databases of the movements of vehicles that are not on any hot lists.” However, the ICE proposal “relies upon and encourages” just that type of “mass surveillance of movement” as well as “violates the longstanding tenet that the government not monitor citizens unless it has individualized suspicion of involvement in wrongdoing.”
For the plan to move forward with privacy and data use protections a private company paid by the DHS for data collection “should be bound by the same policies, principles and law that the government would have to follow, if it were to do the work itself.” But Monday's PIA clearly shows “that this is not the case,” Stein and Stanley wrote.
He noted in the blog post that the PIA “does not address the many important decisions that the company makes about collection, accountability, retention, or others,” noting that while DHS may have policies against racial profiling or around “sensitive locations like schools,” the PIA doesn't make a provision for applying the same to a contracted LPR data provider. And, in fact, Stein and Stanley explained “DHS still has no policy on the use of license plate reader systems that it owns and operates itself.”