Aletho News

ΑΛΗΘΩΣ

Automated License Plate Readers Threaten Our Privacy

By Jennifer Lynch and Peter Bibring | EFF | May 6, 2013

ALPR Camera on Top of Police CarLaw enforcement agencies are increasingly using sophisticated cameras, called “automated license plate readers” or ALPR, to scan and record the license plates of millions of cars across the country. These cameras, mounted on top of patrol cars and on city streets, can scan up to 1,800 license plate per minute, day or night, allowing one squad car to record more than 14,000 plates during the course of a single shift.

Photographing a single license plate one time on a public city street may not seem problematic, but when that data is put into a database, combined with other scans of that same plate on other city streets, and stored forever, it can become very revealing. Information about your location over time can show not only where you live and work, but your political and religious beliefs, your social and sexual habits, your visits to the doctor, and your associations with others. And, according to recent research reported in Nature, it’s possible to identify 95% of individuals with as few as four randomly selected geospatial datapoints (location + time), making location data the ultimate biometric identifier.

To better gauge the real threat to privacy posed by ALPR, EFF and the ACLU of Southern California asked LAPD and LASD for information on their systems, including their policies on retaining and sharing information and all the license plate data each department collected over the course of a single week in 2012. After both agencies refused to release most of the records we asked for, we sued. We hope to get access to this data, both to show just how much data the agencies are collecting and how revealing it can be.

ALPRs are often touted as an easy way to find stolen cars — the system checks a scanned plate against a database of stolen or wanted cars and can instantly identify a hit, allowing officers to set up a sting to recover the car and catch the thief.  But even when there’s no match in the database and no reason to think a car is stolen or involved in a crime, police keep the data. According to the LA Weekly, LAPD and LASD together already have collected more than 160 million “data points” (license plates plus time, date, and exact location) in the greater LA area—that’s more than 20 hits for each of the more than 7 million vehicles registered in L.A. County. That’s a ton of data, but it’s not all  — law enforcement officers also have access to private databases containing hundreds of millions of plates and their coordinates collected by “repo” men.

Law enforcement agencies claim that ALPR systems are no different from an officer recording license plate, time and location information by hand. They also argue the data doesn’t warrant any privacy protections because we drive our cars around in public. However, as five justices of the Supreme Court recognized last year in US v. Jones, a case involving GPS tracking, the ease of data collection and the low cost of data storage make technological surveillance solutions such as GPS or ALPR very different from techniques used in the past.

Police are open about their desire to record the movements of every car in case it might one day prove valuable.  In 2008, LAPD Police Chief Charlie Beck (then the agency’s chief of detectives) told GovTech Magazine that ALPRs have “unlimited potential” as an investigative tool.  “It’s always going to be great for the black-and-white to be driving down the street and find stolen cars rolling around . . . . But the real value comes from the long-term investigative uses of being able to track vehicles—where they’ve been and what they’ve been doing—and tie that to crimes that have occurred or that will occur.”  But amassing data on the movements of law-abiding residents poses a real threat to privacy, while the benefit to public safety is speculative, at best.

In light of privacy concerns, states including Maine, New Jersey, and Virginia have limited the use of ALPRs, and New Hampshire has banned them outright.  Even the International Association of Chiefs of Police has issued a report recognizing that “recording driving habits” could raise First Amendment concerns because cameras could record “vehicles parked at addiction-counseling meetings, doctors’ offices, health clinics, or even staging areas for political protests.”

But even if ALPRs are permitted, there are still common-sense limits that can allow the public safety benefits of ALPRs while preventing the wholesale tracking of every resident’s movements.  Police can and should treat location information from ALPRs like other sensitive information — they should retain it no longer than necessary to determine if it might be relevant to a crime, and should get a warrant to keep it any longer.  They should limit who can access it and who they can share it with.  And they should put oversight in place to ensure these limits are followed.

Unfortunately, efforts to impose reasonable limits on ALPR tracking in California have failed so far. Last year, legislation that would have limited private and law enforcement retention of ALPR data to 60 days—a limit currently in effect for the California Highway Patrol — and restricted sharing between law enforcement and private companies failed after vigorous opposition from law enforcement. In California, law enforcement agencies remain free to set their own policies on the use and retention of ALPR data, or to have no policy at all.

Some have asked why we would seek public disclosure of the actual license plate data collected by the police—location-based data that we think is private.  But we asked specifically for a narrow slice of data — just a week’s worth — to demonstrate how invasive the technology is.  Having the data will allow us to see how frequently some plates have been scanned; where and when, specifically, the cops are scanning plates; and just how many plates can be collected in a large metropolitan area over the course of a single week. Actual data will reveal whether ALPRs are deployed primarily in particular areas of Los Angeles and whether some communities might therefore be much more heavily tracked than others. If this data is too private to give a week’s worth to the public to help inform us how the technology is being used, then isn’t it too private to let the police amass years’ worth of data without a warrant?

After the Boston Marathon bombings, many have argued that the government should take advantage of surveillance technology to collect more data rather than less. But we should not so readily give up the very freedoms that terrorists seek to destroy. We should recognize just how revealing ALPR data is and not be afraid to push our police and legislators for sensible limits to protect our basic right to privacy.

Documents

EFF and ACLU-SC’s legal Complaint

LA Sheriff’s Department ALPR Powerpoint Presentation

LA Sheriff’s Department – Automated License Plate Reader System Information

LAPD – Automated License Plate Reader User Guide

LA Sheriff’s Department – Field Operations Directive

May 8, 2013 Posted by | Civil Liberties, Full Spectrum Dominance | , , , | Leave a comment

FBI’s Facial Recognition is Coming to a State Near You

By Jennifer Lynch | EFF | August 2, 2012

Recently-released documents show that the FBI has been working since late 2011 with four states—Michigan, Hawaii, Maryland, and possibly Oregon—to ramp up the Next Generation Identification (NGI) Facial Recognition Program. When the program is fully deployed in 2014, the FBI expects its facial recognition database will contain at least 12 million “searchable frontal photos.” (p. 6)

The documents, which the National Day Laborer Organizing Network (NDLON) obtained from a recent meeting of the FBI’s Criminal Justice Information Services (CJIS) Advisory Policy Board,1  shed new light on the FBI’s plans for NGI—the Bureau’s massive biometrics database that combines fingerprints, iris scans, palm prints, facial recognition and extensive biographical data collected from over 100 million Americans.

The Advisory Board documents show that FBI’s database of facial images will provide search results automatically (the system won’t need to rely on a human to check the results before forwarding them to the state or local agency) and that the FBI is developing “Universal Face Workstation software” to allow states that don’t have their own “Face/Photo search capabilities”  to search through the FBI’s images.

After we read through the Advisory Board documents, we quickly sent Open Records requests to several of the states involved in the pilot program. The documents we received from Maryland and Hawaii further flesh out the story. For example, the Memorandum of Understanding (MOU) between Hawaii and the FBI shows that the government is building NGI to “permit photo submissions independent of arrests.” This is a problem because, the FBI has stated it wants to use its facial recognition system to “identify[] subjects in public datasets” and “conduct[] automated surveillance at lookout locations” (p.5). This suggests the FBI wants to be able to search and identify people in photos of crowds and in pictures posted on social media sites—even if the people in those photos haven’t been arrested for or even suspected of a crime. The FBI may also want to incorporate those crowd or social media photos into its face recognition database.

And an MOU between Maryland and the FBI will allow Maryland to submit photos in bulk to the database — something that Maryland described in an email as a “photo data dump.” This kind of an agreement could be used in the future to incorporate the same kind of facial identifying information already collected by 32 of 50 state DMVs solely to prevent fraud and identity theft.

The Advisory Board documents contain other concerning information. For example, one document discusses the FBI’s plans to combine civil and criminal biometrics records by giving them a single searchable “master name” or unique identifying number. As we’ve noted, criminal and civil records have always been kept separate in the past. While this may be a function of the differences in how each type of print is collected and stored, it has effectively meant that civil prints—collected for employment verification, for background checks, for federal jobs, and even to become a lawyer in California—have not been automatically searched every time criminal prints are checked against the database. That will all change once FBI implements its unique identity system. Although FBI states that “the criminal and civil files will remain logically separated . . . [to] ensure that retained civil submissions remain untainted by criminal submissions” it’s hard to see how this is functionally true, given that civil files will be searched at the same time as criminal files.

Another document discusses the federal government’s extensive biometrics sharing relationships with other countries. It notes that the FBI’s Global Initiatives Unit has already collected over 990,000 records from foreign partners, with over 600,000 of those coming from Afghanistan. The FBI already has information sharing relationships with 77 countries, (p.2), but CJIS is now trying to partner with “Visa Waiver Program countries” like Ireland, Spain and Australia to allow automatic access to each other’s biometric databases on a “hit/no hit basis.” This kind of access has already been set up to connect the German and U.S. biometric databases.2

And finally, as NDLON has discussed in greater detail, the documents show just how far the FBI and DHS partnership has progressed to maximize datasharing as part of the Secure Communities program. For example, NDLON notes that FBI has mobile devices that permit searches of the entire IDENT database in the field. These mobile devices may subject individuals to immigration background checks without ever being arrested or booked.

The FBI has not updated the Privacy Impact Assessment (PIA) for its photo database since 2008—well before signing MOUs with the states to share face recognition data and before the development and deployment of NGI’s facial recognition capabilities. As EFF recently testified during a Senate Subcommittee hearing on facial recognition, Americans should be very concerned about the government’s plans to build up its facial recognition capabilities:

Facial recognition takes the risks inherent in other biometrics to a new level . . . [it] allows for covert, remote, and mass capture and identification of images, and the photos that may end up in a database include not just a person’s face but also what she is wearing, what she might be carrying, and who she is associated with.

Without an updated PIA, it is impossible to tell exactly how the FBI plans to acquire and use facial recognition data now and in the future. However, given the information in these new documents and the FBI’s broad goals for face recognition data, the time is right for laws that limit face recognition data collection.

To see all the documents, go to our landing page for NGI and click on “Documents” in the middle toolbar.

Notes

1. The FBI’s CJIS Division manages the FBI’s biometrics databases, including its legacy fingerprint database (IAFIS) and NGI. CJIS’s Advisory Policy Board is charged with reviewing the “policy, technical, and operational issues related to CJIS Division programs” and makes recommendations to the FBI’s director. The Advisory Board is made up of 34 representatives from state, local, and tribal criminal justice agencies, and includes representatives from national security, and prosecutorial, judicial, and correctional sectors of the criminal justice system. It meets twice a year—generally in open meetings announced in the Federal Register—though it appears the materials from those meetings are generally only distributed to attendees and through an online system “only available to persons duly employed by a law enforcement, criminal justice, or public safety agency/department, and whose position requires secure communication with other agencies.”

2. The documents state the connection won’t be operational until Germany addresses some “remaining internal details.”

Related articles

August 4, 2012 Posted by | Civil Liberties, Full Spectrum Dominance, Timeless or most popular | , , , , , , | 2 Comments

FBI Prepares Billion-Dollar Iris Recognition Database

By Matt Bewig | AllGov | July 08, 2012

With at least 30 million surveillance cameras watching Americans every day, one aspect of the world of George Orwell’s dystopian novel 1984 has already come to pass, and more is on the way. In the next two years, for example, the FBI plans to test a nationwide database for searching iris scans to more quickly identify persons “of interest” to the government. The human iris, which is the doughnut-shaped, colored part of the eye that surrounds the black pupil, exhibits a pattern unique to each individual, just as fingerprints do, and iris recognition has been a staple of science fiction stories and films for years.

Iris scanning is part of the FBI’s Next-Generation Identification system, a multiyear $1 billion program built by Lockheed Martin and already well underway for several years, which will expand the FBI’s server capacity to allow for rapid matching not only of iris scans, but also of additional physical identifiers, such as fingerprints, palm prints and facial images. The FBI intends to test the system in conjunction with prisons, some of which already use iris scans to track prisoners and prevent mistakes of identification. According to the FBI, the time for urgent criminal fingerprint searches will eventually be reduced from 2 hours to 10 minutes, while the use of iris scans and other markers should ensure greater accuracy.

Although privacy advocates have little criticism of the use of iris scanning in correctional settings, the fact that the FBI and state prison officials are using a database owned and maintained by a private corporation, BI2 Technologies, gives many pause. Jennifer Lynch, a staff attorney at the digital rights group Electronic Frontier Foundation, points out that privately-run databases, including well-encrypted ones at banks and other financial businesses, have experienced serious data breaches exposing private customer information, and that leaks of fingerprints or iris scans would be potentially much more serious. “You can change your credit card data. But you can’t change your biometric data.”

And in light of the fact that the New York Police Department, in cahoots with major Wall Street banks and finance firms, used security cameras to identify Occupy Wall Street protesters, suspicions that iris scans might be used to target non-criminals who are disliked by powerful cannot be dismissed out of hand.

Related articles

July 8, 2012 Posted by | Civil Liberties, Full Spectrum Dominance | , , , | Leave a comment