Privacy

How license plate scanners challenge our data privacy

David Strom 25 May 2022

There's a massive amount of data in private hands and without sufficient controls by the government.

As more communities install automated license plate readers (APLRs) to monitor vehicle traffic, there are growing concerns about the privacy and efficacy of these tools. Stories have appeared in local newspapers, such as those in St. Louis, Louisville and Akron that document the rapid rise of Flock license plate camera data and how it can be a central source of vehicle movements. 

These stories highlight some of the privacy implications of APLRs and also recall some of the same issues with the growth of other massive private data collections. But first, let’s describe what's going with these APLR systems, which have been around for nearly a decade.

In the past, license plate readers were expensive and limited to places that had power but no real-time online access. That has changed with the latest companies such as Flock and Motorola Solutions, who recently acquired Vigilant Solutions. These companies have disrupted the APLR market by having less expensive cameras that connect via cellular broadband and use solar cells to recharge their batteries. This means that the cameras can be installed just about anywhere, and the data can be quickly uploaded to a central cloud repository. 

This results in a potent combination, and it's why these new systems have become popular. Flock now captures more than a billion vehicle images a month throughout its network of more than 1,400 communities and 500 police departments across the US.

One community in the St. Louis suburbs is using Flock to monitor major egress points in its subdivision. This is one of the company’s major selling points: preventing crime. However, this claim might not entirely be true. An audit done by two non-profit consultants found that APLR cameras weren’t effective at deterring vehicle theft.  When studying APLR data from 2013 from the nearby city of Piedmont, they found that less than 0.3% of license plate reader “hits” led to any criminal leads. 

With so many plates being scanned, it's crucial to understand how Flock and the other APLR vendors collect and share their data. “Communities who purchased Flock cameras are effectively buying and installing surveillance devices not just for themselves, but for the authorities as well, adding their cameras to a nationwide network searchable by the police,” states a recent ACLU report. The report mentions some other issues:

  • There are no legal checks and balances on the use of this data by Flock or any other private company. The ACLU cites several abuses by employees of Ring sharing images from its front door cameras as one such example of a potential abuse. 

  • The consequences of errors: No optical character recognition system is perfect, and these errors could result in police making traffic stops on innocent people. The Louisville story cited above found several police departments who have been taken to court on various mistakes made when using these systems. 

  • How the data is eventually shared: Several years ago, the ACLU found that more than 80 law enforcement agencies in 12 states were sharing their license plate data with the U.S. Immigration and Customs Enforcement. Flock claims it automatically deletes data that is more than 30 days old, and while that may be true at the moment, there is no guarantee that that pattern will continue in the future. Even so, the ACLU says, “People can engage in a lot of perfectly legal yet private behavior within 30 days — movements that would reveal things about their political, financial, sexual, religious, or medical lives that nobody in the police or in a company like Flock has a right to track.” They recommend much shorter retention periods — such as a few minutes — to better preserve privacy.

Organizations are interested in more than just our license plates

This issue of our personal information being shared has much larger consequences. To take data collection up a notch, let's look at companies collecting our DNA. I'm specifically talking about private DNA databases and genetic testing services that have become popular during recent years. As Garry Kasparov asks in a previous post on this topic, "How much of this field do we want to turn over to public oversight, and how much should remain in the hands of private companies?”

This is exactly the dilemma faced by Flock and the other APLR vendors. But at least with the DNA data, you can opt out of providing private information if you have the presence of mind to do so when you sign up for the service. We mentioned this in our post on data privacy and MyHeritageDNA. That post describes the idea that one's not very well thought out online choices could have unforeseen consequences for future generations.

This point was brought home to me after watching the Netflix documentary Our Father, in which a fertility doctor inseminated his patients without telling them. 100 of his offspring were eventually able to locate each other through genetic testing databases.  

And just like the license plates, our genetic data is valuable to organizations including law enforcement, pharmaceutical labs, and app developers. 

But unlike our DNA, we can’t easily “opt out” of the ALPR systems. Some communities will remove your data upon your request, but most of us probably won’t take the time or even know when our movements have been recorded. And then there is another problem with the license plate data: transparency. Your local police may be completely transparent about how they retain and delete your data, but that may not matter if another police department isn’t transparent or has different policies. 

Some US states have begun to recognize these issues with implementing privacy laws, but this remains an active legal area. As the ACLU report predicts, the rapid uptake of police and community customers of the ALPRs doesn’t bode well for future privacy concerns.