The California State Auditor recently criticized law enforcement agencies in four of the state’s most populous counties for indiscriminately gathering, storing, and sharing records for millions of drivers.
Automated license plate readers (ALPR) collect information about drivers’ whereabouts and movements daily. The ALPR data is collected for random drivers—anybody on the road may have his or her information thus collected by local law enforcement.
State law requires law enforcement agencies to take measures to ensure ALPR information is not shared indiscriminately. But the auditor said the four departments it examined—the Fresno Police Department, Los Angeles Police Department (LAPD), Marin County Sheriff’s Office, and Sacramento County Sheriff’s Office—were not complying with the law.
“The law enforcement agencies we reviewed must better protect individuals’ privacy,” said Auditor Elaine M. Howle in a Feb. 13 report. She found little to no oversight on the sharing of data. Agencies are sharing “ALPR images widely, without considering whether the entities receiving them have a right to and need for the images,” she wrote.
Dave Maass has been conducting his own audit for years. He’s a senior investigative researcher for the Electronic Frontier Foundation (EFF), a non-profit digital rights group.
“For several years now, we have been looking at license plate readers. We’ve been filing public records requests all over the state and all over the country to understand how law enforcement is using this technology,” he told The Epoch Times. “We started analyzing records and these policies and we realized they were very, very deficient. Agencies weren’t following the law.”
He said the sharing of data is unbridled and should be “severely restricted.”
“Right now, they seem to be sharing [data] very promiscuously with all sorts of agencies around the country who have no reason to access that data. They should only be sharing the data with people on an individualized need-to-know [basis]. They should not just be giving other states open access to their database systems,” he said.
Maass has a reputation for tenacity. According to his page on the EFF website, “his commitment to annoying politicians and filing records requests” has resulted in the San Diego city council declaring Feb. 13 “Dave Maass Day.”
He’s hounded the LAPD, which Howle also singled out as not having any ALPR policy whatsoever.
“I’ve asked them year after year: ‘Where is your policy?’” he said.
“During the hearing for the audit … I was sitting at the same table as the representative from the LAPD who told the committee that they are fully compliant with the law, and right there I called them out and I said, ‘You say you’re compliant with the law, but you still don’t have a policy on your website and that is the foundational requirement of the law.’”
Laws regarding ALPR have been in place in California since 2016. Howle recommended in her report that the California Department of Justice develop a template for law enforcement agencies to follow to help them form their ALPR policies.
She also recommended legislating a time period after which the records should be deleted. Maass has also called for a time limit.
“It would be great if they didn’t store data at all that was not related to a crime, but currently the law doesn’t say anything about how long they should store the data,” he said. “We would like to see that amount of time reduced to the bare minimum that they require to do their jobs.”
About 99.9 percent of the LAPD’s data from ALPR is unrelated to crimes, according to Howle. The LAPD, along with the other three agencies audited, have all responded to the audit.
LAPD spokesperson Josh Rubenstein told The Epoch Times that the details of the department’s forthcoming ALPR policy are not yet public. But he did confirm that “in this new policy, there will be some limitation on how long we keep that data.”
The LAPD has agreed to formulate an ALPR policy and post it on the Department website no later than April 2020. Furthermore, the LAPD will devise a plan for periodic audits by February 2021 and complete its first audit by June 2021.
As noted in Howle’s report, the other agencies expressed commitment to improvement, but some also disagreed with Howle’s characterization of their data sharing.
Marin’s ALPR administrator especially disagreed with some of the limitations on data sharing.
Howle’s report states, “Marin’s ALPR administrator believes that sharing ALPR images widely is important because the more information available to law enforcement, the more successful it can be in its mission.”
“However, sharing decisions should also consider the importance of protecting individuals’ privacy,” Howle said. “Each authorized share exposes the ALPR images to greater risk of misuse; therefore, the agencies should approach each sharing request individually based on the requester’s actual need for the images.”