Automated License Plate Readers & Law Enforcement
By Ayyan Zubair, Civil Rights Intern
Automated License Plate Readers (ALPRs) are high speed cameras mounted to street lights and patrol cars that track the license plates of every car that passes its line of vision. Often, these cameras also capture photographs of the vehicle and its passengers. ALPRs notify operators when they capture a plate on an agency’s watch list, prompting an almost-immediate — and error prone — law enforcement response. Police departments and private companies store and share this data — timestamped driving records of millions of people — for months and even years.
ALPR’s Disproportionate Impact
When ALPRs get it wrong, communities of color, immigrants, and other minority groups pay the price. In Oakland, drivers in a predominately African-American or Latinx area are more likely to be tracked by an ALPR than those in a high-density white neighborhood. In New York City, the NYPD routinely outfitted unmarked police cars with ALPRs to record the plates of everyone parked near a mosque. And newly-released documents reveal that ICE creates watch lists using ALRP data to track undocumented immigrants.
Disturbingly, ALPRs have at least a 10% error rate. These errors enable law enforcement profiling and, in some cases, even result in individuals being stopped at
ALPR’s Security Issues
This technology has been a prime target for hacking in the past. ALPRs store data on millions of cars, and a breach could potentially compromise millions of drivers’ histories — where they prayed, where they shopped, and where they slept. In June 2019, CBP revealed that a cyberattack on a government contractor compromised almost 100,000 license plate photos taken at the U.S. border. Disturbingly, CBP’s contractor, Perceptics, purportedly photographs over 200 million vehicles annually. In 2015, Boston’s entire ALPR system laid exposed on the Internet, and many ALPR cameras continue to remain vulnerable to hackers.
ALPRs & NYPD
In 2015, the NYPD signed a multi-year contract with Vigilant Solutions to access the company’s nationwide database of over 2 billion license plates. Vigilant’s technology added one million data points per day to the NYPD’s vast Domain Awareness System . Vigilant’s “stakeout” feature allows the NYPD to virtually surveille everything from political rallies, to abortion clinics, to Sunday church services. Its artificial intelligence tool purportedly enables the NYPD to “learn” a person’s daily routine with eerily precise accuracy. Disturbingly, the NYPD relies on Vigilante’s “associate analysis” to determine “possible associates” of criminal activity based on the company’s Orwellian surveillance algorithms. Considering the NYPD’s past history of discrimination against New Yorkers of color and immigrants, it is virtually certain that these communities will continue to bear the brunt of this dystopian technology.
In New York City, Council Member Vanessa L. Gibson introduced “The Public Oversight of Surveillance Technology” (POST) Act in 2018, requiring the NYPD to create a privacy and use policy for surveillance tools. The Act would not prohibit ALPRS, but it would require the NYPD to establish basic safeguards for ALPRs and other surveillance systems.
In June 2019, New York State Senator Andrew Gounardes introduced S6428, creating a statewide task force on the role of artificial intelligence in New York State Government. If enacted, S6428’s 15-member task force would review how state agencies use artificial intelligence tools, such as ALPRs, to make decisions about policing, education, state hiring, and other areas of government operations.
Left unregulated, ALPRs hold the power to drastically curtail our right to privacy. This Orwellian technology lets the government know what you did last summer — where you went, who you were with, even what you were wearing. As government agencies repeatedly fail to keep such sensitive information safe, these troves of data will be constantly at-risk of third-party intrusion. As such, federal, state, and local legislatures must consider policies to prevent privacy rights from becoming nothing more than a legal fiction.
 A recent Electronic Frontier Foundation study found that government agencies used ALPRs to scan over 2.5 billion license plates between 2016 and 2017. 99.5% of these plates were not under criminal suspicion at the time they were scanned. See dave mass & beryl lipton, EFF and MuckRock Release Records and Data from 200 Law Enforcement Agencies’ Automated License Plate Reader Programs, eff, Nov. 15, 2018, https://www.eff.org/deeplinks/2018/11/eff-and-muckrock-release-records-and-data-200-law-enforcement-agencies-automated.
 American Civil Liberties Union, You are Being Tracked: How License Plate Readers are Being Used to Track Americans’ Movements, 2013, https://www.aclu.org/files/assets/071613-aclu-alprreport-opt-v05.pdf at 4–6.
 See id.
 See id.
 See dave maass & Jeremy Gillula, What You Can Learn from Oakland’s Raw ALPR Data, eff, Jan. 21, 2015, https://www.eff.org/deeplinks/2015/01/what-we-learned-oakland-raw-alpr-data.
 See adam goldman & matt apuzzo, NYPD Defends Tactics Over Mosque Spying; Records Reveal New Details On Muslim Surveillance, huffpost, Apr. 25, 2012, https://www.huffpost.com/entry/nypd-defends-tactics-over_n_1298997.
 See zach whittaker, ICE Has a Huge License Plate Database Targetting Immigrants, Documents Reveal, tech crunch, March 13, 2019, https://techcrunch.com/2019/03/13/ice-license-plates-immigrants/.
 See Lisa Fernandez & Brooks Jarosz, Privacy advocate sues CoCo sheriff’s deputies after license plate readers target his car stolen, ktvu, Feb. 15, 2019, http://www.ktvu.com/news/2-investigates/privacy-advocate-detained-at-gunpoint-when-licence-plate-readers-mistakenly-marked-his-car-stolen.
 See charlie warzel, When License-Plate Surveillance Goes Horribly Wrong, n.y. times, April 23, 2019, https://www.nytimes.com/2019/04/23/opinion/when-license-plate-surveillance-goes-horribly-wrong.html.
 See KTVU, supra note 5.
 See Colleen Long, Customs Says Hack Exposed Traveler, License Plate Images, Associated Press, June 10, 2019, https://www.nytimes.com/aponline/2019/06/10/us/politics/ap-us-customs-traveler-data-breach.html.
 See Zach Whittaker, Police License Plate Readers Are Still Exposed On The Internet, Tech Crunch, Jan. 22, 2019, https://techcrunch.com/2019/01/22/police-alpr-license-plate-readers-accessible-internet/.
 See rocco parascondola, Exclusive: NYPD will be able to track fugitives who drive past license plate readers across the U.S., n.y. daily news, Mar. 02, 2015, https://www.nydailynews.com/new-york/nypd-track-fugitives-drive-license-plate-readers-article-1.2133879.
 See id.
 The Domain Awareness System collects the license plate data scanned by the approximately 500 license plate readers operated by the NYPD and combines it with footage from cameras and other surveillance devices around the city. The NYPD holds on to the license plate data for at least five years regardless of whether a car triggers any suspicion. See mariko hirose, Documents Uncover NYPD’s Vast License Plate Reader Database, aclu, Jan. 25, 2016, https://www.aclu.org/blog/privacy-technology/location-tracking/documents-uncover-nypds-vast-license-plate-reader-database?redirect=blog/speak-freely/documents-uncover-nypds-vast-license-plate-reader-database.
 See id.
 See id.
 See id.
 See California State Senate, SB34, https://leginfo.legislature.ca.gov/faces/billNavClient.xhtml?bill_id=201520160SB34.
 See id.
 See id.
 See New York City Council, Int. №487, https://legistar.council.nyc.gov/LegislationDetail.aspx?ID=3343878&GUID=996ABB2A-9F4C-4A32-B081-D6F24AB954A0&Options=ID%7cText%7c&Search=The+Public+Oversight+of+Surveillance+Technology.
 See New York State Senate, S6428, https://www.nysenate.gov/legislation/bills/2019/s6428.