A California legislative committee today voted to direct the State Auditor to launch a probe into the use of automated license plate readers (ALPRs) by law enforcement agencies. The audit will include the first comprehensive statewide survey of which agencies use this surveillance technology and what vendors they use. It will also include a deeper audit into four specific jurisdictions across the state.

%3Ciframe%20width%3D%22560%22%20height%3D%22315%22%20src%3D%22https%3A%2F%2Fwww.youtube-nocookie.com%2Fembed%2F3162bEHvos0%3Fautoplay%3D1%26mute%3D1%22%20frameborder%3D%220%22%20allow%3D%22accelerometer%3B%20autoplay%3B%20encrypted-media%3B%20gyroscope%3B%20picture-in-picture%22%20allowfullscreen%3D%22%22%3E%3C%2Fiframe%3E Privacy info.

This embed will serve content from youtube-nocookie.com

ALPRs are camera systems that scan the license plates of vehicles in order to track people in real-time and create search databases of drivers’ historical travel patterns. As a mass surveillance technology, ALPR captures information on every driver, regardless of whether their vehicle is under suspicion.

In 2015, EFF supported legislation—S.B. 34—to require agencies to implement policies that protect civil liberties and privacy, and to maintain a detailed log of every time someone accesses ALPR data. In the years since, EFF has filed hundreds of public records requests and analyzed scores of policies only to discover that many agencies are either ignoring the law altogether or failing to follow some of its provisions. Often EFF’s research faces hurdles because agencies signed non-disclosure agreements with the primary vendor of the technology, Vigilant Solutions.

EFF assisted Sen. Wiener in drafting the audit request in order to obtain an impartial review of the spread of ALPRs and to assess whether agencies are complying with S.B. 34. In addition to circulating a statewide questionnaire, the auditor will conduct investigations into the Fresno Police Department, Sacramento County Sheriff and Department of Human Assistance, the Los Angeles Police Department, and the Marin County Sheriff/San Rafael Police Department (these north Bay Area jurisdictions share an ALPR system).

California State Auditor Elaine Howle testified that the audit would take 2,800 hours of staff time and estimated that it will be completed in 7 months.

Last year, EFF collected records from 60 agencies in California: together they accounted for more than 1.1 billion license plate scans in 2017-2018 alone. Only about 0.1% were flagged as relevant to an investigation at the time they were collected. The ACLU of Northern California filed a lawsuit against ICE to obtain records about ALPR and found that immigration authorities routinely gained access to data collected by agencies in California.

The audit is especially timely in light of news that U.S. Customs and Border Protections’ license plate vendor was breached, resulting in massive amounts of confidential records being leaked onto the Internet. While CBP’s system is outside the scope of the audit, it serves as a warning of how ALPR systems not only threaten privacy, but also create cybersecurity risks.

A previous audit of the state’s gang databases found the systems were rife with errors, which led to the passage of two reform bills. The ALPR audit will take several months to complete, but we anticipate that the State Auditor will also make concrete recommendations for legislative reforms to reel in this controversial form of mass surveillance.

The scope of the ALPR audit is online here (PDF).