Our recent report on license plate scanners, You Are Being Tracked, reveals a lot about the privacy problems caused by the proliferation of this technology. But the report also shows that there are simple solutions that would go a long way toward transforming license plate readers from a dangerous invasion of our privacy into a legitimate law enforcement tool. First and foremost is setting limitations on how long law enforcement agencies can keep license plate reader data.
The way things currently stand, license plate readers are collecting vast amounts of location information and keeping it for months, years, or forever. Information like that can reveal facts about our daily routines (where we work, who we spend time with, what religious institutions we attend), as well as any departures from those usual routines (a doctor’s visit, a political event, a night out). And this information is not being collected about suspected criminals only. In fact, the vast majority of the data is about innocent people. In some places, less than 1% of data collected by license plate readers has any connection to wrongdoing. The amount of data linked to serious crimes is even less than that—so miniscule that in comparison to the data collected on innocent people, it seems almost invisible.
For every million license reads in Maryland, only a few were “hits” linked to serious crimes.
In short, the key issue with license plate readers is the length of time that location data about innocent people is retained. Take, for instance, the small city of Grapevine, Texas, which never deletes its license plate reader data. The population is only 47,000, but the number of stored plate reads is 2 million. That’s more than 40 plate reads for every person in the entire city. Clearly, with no limits on how long police can retain data, the information about innocent people’s travels quickly piles up.
By contrast, an agency like the Minnesota State Patrol, which deletes data unrelated to wrongdoing after 48 hours, usually has fewer than 20,000 plate reads stored. They’re using license plate readers as an effective law enforcement tool without creating a database of innocent people’s movements. Records show that between 2009 and 2011, license plate readers helped lead the Patrol to 852 citations and 131 arrests. Problems successfully addressed included lack of insurance, stolen vehicles, driving while under the influence, and drug possession, all with only a few thousand plate reads stored at a time.
But unfortunately, right now the Minnesota State Patrol is almost alone in these privacy protective practices. Almost all agencies that responded to our records requests kept their data for longer than 48 hours, with the length of time ranging anywhere from about a month to a few years or even forever. There’s a total lack of consistency when it comes to these policies, and many agencies are like Grapevine, following no policy at all and keeping their data indefinitely.
It isn’t necessary to choose between protecting our privacy and making use of a helpful new tool like license plate readers. But we do need to make sure that there are rules in place to protect innocent Americans from the abuses that will inevitably result from massive databases documenting our travels. One way this can be done is to make sure that data that isn’t connected to wrongdoing is deleted in a reasonable amount of time. Data retention periods should be measured in days or weeks, not months or years, so that databases of our movements aren’t created in the first place.