This summer ACLU affiliates all around the country filed
open-records requests seeking information about how government agencies are
using automated license plate readers. One set of records, released this
week to the ACLU of Massachusetts by the police department here in Boston,
provides a snapshot of the data-collection practices that are taking place
around the nation.
The records reveal that the Boston police collect an
average of 3,630 license plate reads per day and store the information for 90
days, unless officers decide they want to hold onto it forever, “for
investigatory or intelligence purposes and for discovery/exculpatory evidence.”
Collected license plate data is stored in a private
database called “CopLink,”
and is available to any police officer with CopLink access. The Boston Police
Department’s surveillance center, the Boston Regional Intelligence Center
(BRIC), stores the data locally. The police department allows its officers to
use license plate recognition technology for “proactive” surveillance purposes.
That raises significant privacy alarms.
While the BPD says it “safeguards the legitimate
privacy concerns of law abiding citizens” through its license plate reader
program, the policy details say otherwise. Police should not retain the
location information of thousands of people against whom no crime has been
alleged, and should impose a finite retention period on those pieces of data it
stores for legitimate investigatory purposes. The data should not be held in a
corporate database, where it may be accessible to hundreds of agencies
nationwide. Most importantly, police should not be able to collect and
indefinitely retain revealing personal and location information on people accused
of no crime under the catch-all “intelligence” justification.
But those practices are allowed under BPD license
plate reader policy.
Despite our open-records request, there is still much
we don’t know:
Though we asked for them, the department did not provide
us with records showing how many LPR units it owns, or any information showing
how many “hits” the BPD currently stores in its system.
We don’t know what kinds of LPR systems the Boston
police use, either, because the department couldn’t find any procurement
records, such as contracts or manufacturer marketing documents.
We did not receive any training materials other than
one special order that serves as the department’s LPR policy—even though the
special order states that all department employees who use LPR data or systems
“shall participate in a training program regarding implementation of and
adherence to this LPR policy.”
We also don’t know specifically which hotlists BPD
uses in concert with LPR, though a disclosed policy governing its use says the
lists are “either developed by the Department, or provided to the Department
from another law enforcement entity,” and may include registered sex offenders.
The limited information we received in response to
our request comes mostly from a special
order, which serves as the department’s license plate reader policy. That
document says LPR hotlists are updated once a week, providing plenty of room
for error. However, the department requires that officers double-check the
accuracy of all hits before taking “any police action that restricts the
freedom of any individual,” which should mitigate problems resulting from
obsolete hotlist data.
Perhaps the most troubling aspect of the policy is
that the Boston Police Department authorizes license plate reader deployment
for “proactive” data collection:
As directed by the Superintendent in Chief, a
Superintendent or Deputy Superintendant, District or Unit Commander, Investigatory
Supervisor or an Intelligence Supervisor, LPR may be deployed to a defined
geographical area for purposes of an ongoing investigation or an intelligence
gathering operation. [emphasis added]
In other words, if the Boston police wanted to know
who attended an anti-war meeting or went to Friday services at the mosque,
they could park a cruiser with LPR technology in a strategic location and
without lifting a finger collect a membership or attendance list of motoring
activists or worshippers. The department does not require that police document
any legitimate law enforcement purpose or in any other way justify the
deployment of LPR for “an intelligence gathering operation,” opening the door
for serious abuse. Yet more troubling, the police could store this information
indefinitely.
Perhaps the most significant gap in our knowledge
about how BPD uses license plate readers is how the technology’s significant
powers are harnessed for surveillance purposes. Does the agency’s sharing of
our location information with the private CopLink database mean that police
nationwide can peer into our private lives on a whim, for no good reason? Is
the data added to the CopLink system ever deleted?
We don’t know. But we do know that the department’s
policy allows it to retain indefinitely and data-mine information about
ordinary people accused of no crime.
This is all exactly backwards. We should know how
more about the police are using this and other powerful surveillance tools—both
in Boston and around the country—and the police shouldn’t know much at all
about how we live our day-to-day lives unless they suspect we are engaged in
criminal activity. After all, we are innocent until proven guilty. Or is that
maxim of American jurisprudence now reversed?
No comments:
Post a Comment