ICE has been wanting full access to the billions of license plate records stored in ALPR databases for years. The DHS first floated the idea more than five years ago. It was reined in briefly in response to public backlash and Congressional criticism, but the idea of a national ALPR database was never truly killed off.

ICE was the agency sending out quote requests for a national database access. A few minimal protections were put in place, but all that was holding ICE back was logistics. The contract was finalized at the beginning of last year, hooking ICE up with ALPR records gathered by the hundreds of plate readers operated by local law enforcement agencies. Now, all that third party work is paying off.

More than 80 law enforcement agencies in the US have agreed to share with US Immigration and Customs Enforcement (Ice) license plate information that supports its arrests and deportation efforts, according to the American Civil Liberties Union (ACLU), which obtained a trove of internal agency records.

The documents acquired by the ACLU show that Ice obtained access to a database with license plate information collected in dozens of counties across the United States – data that helped the agency to track people’s locations in real time. Emails revealed that police have also informally given driver information to immigration officers requesting those details in communications that the ACLU said appeared to violate local laws and Ice’s own privacy rules.

When the agency takes the formal, contracted path to ALPR data, it’s running through two third parties: Vigilant, the leading manufacturer of plate readers, and Thomson Reuters, a multimedia conglomerate that has added data brokering to its portfolio of journalistic endeavors.

The original proposal limited ICE’s access to the 50 biggest metropolitan areas. That’s a lot of ground already, but the agreement allows local law enforcement in other areas to give ICE permission to browse their end of the Vigilant database. Not that it ultimately matters. Vigilant doesn’t seem to worry too much about siloing off data. Most law enforcement agencies are sharing data with lots of other agencies already, so intermingling is an inevitability.

It also appears there’s no expiration data on a lot of the data ICE is accessing. According to the documents, over 9,000 ICE agents have access to years a plate/location data, allowing them to reconstruct people’s movements over a long period of time.

Whatever restrictions exist on ICE’s access to Vigilant databases are easily avoided.

Emails showed that a police detective in Orange county, California, repeatedly conducted database searches in response to requests from an Ice specialist in criminal investigations. The two appear to have worked together frequently over several years, with the Ice employee providing details of the immigration investigations (such as information from a target’s Facebook page) and the local detective responding with license plate information.

“I am here for ya. :),” the detective wrote in one email to Ice, which included a report. In another exchange, after the Ice officer said “hate to ask” for more reports, the detective responded: “Come on, you don’t really hate to ask.. :).”

As the ACLU points out, these informal requests allow ICE to bypass the internal processes that are supposed to ensure access to this wealth of plate/location data is justified. The communications contained in these documents show ICE repeatedly ignoring these requirements.

At this point, everything will have to be fixed in post. Cops have been utilizing plate readers for years and Vigilant has been storing the billions of plate records generated every year for just as long. The DHS never needed to build a national license plate/location database. One was being built while it put on its little charade about respecting rights and citizens’ freedom to move around the country without being surveilled.

The ACLU is demanding legislators enact more privacy protections for this data and engage in some actual oversight, but that ship has been sailing for years. ICE’s access was an inevitability. It enacted privacy protections just so it could ignore them by asking local law enforcement to perform database searches. And it was all sold to the public with assurances ALPR tech would hunt down car thieves, kidnappers, and violent criminals. In reality, it’s being used to track people who’ve overstayed their visas.

Permalink | Comments | Email This Story

Techdirt.