On April 2, the Department of Homeland Security (DHS) released a Privacy Impact Assessment (PIA) that describes how the DHS Immigration and Customs Enforcement (ICE) – including ICE’s primary investigative offices, Enforcement and Removal Operations and Homeland Security Investigations – will find the present and past location of drivers by accessing a massive private database of vehicle location information. The program raises serious privacy concerns, with the specter of individuals’ location data being collected on a mass scale, stored for a prolonged period, and used without effective restrictions.

According to the PIA, both fixed and mobile license plate readers record license plate number, a digital image of the license plate, the vehicle’s make, model, and state of registration, GPS location, a time stamp, and sometimes “the environment surrounding a vehicle, which may include drivers and passengers.” A private company – probably Vigilant Solutions, which has amassed of database of 2.5 billion license plate location records, will hold the data. ICE can then use license plate numbers to query a database, and provide a “hot list” of license plate numbers under surveillance to the private company so that when there is a hit on one of those numbers, ICE will receive immediate notice of the location of the license plate. Queries can uncover all recorded sightings of a license plate for the previous five years, or as far back as the statute of limitations for the crime being investigated.

The program will be used to find fugitive undocumented immigrants in investigations of drug smuggling, financial crimes, gun running, export violations and other crimes. Persons whose location information will be sought include fugitive aliens, people suspected of criminal conduct and people associated with both. Thus, it is not a limited effort to track a small set of known fugitives – it is a broad authority that can be used in a range of investigations without independent oversight.

The program raises alarming privacy concerns. For years, CDT, other civil society groups, and a broad range of companies in the private sector have worked in the Digital Due Process coalition to establish a warrant requirement for location information generated by cell phone use. As CDT noted last November in its brief to the 11th Circuit arguing that the government must obtain a warrant to gain access to cell-site location information, location data can be highly revealing of sensitive, personal information. Location data can be used to determine one’s political and religious affiliation, medical conditions, work activities, and romantic interactions, as well as map a pattern of one’s movements and associations.

The program also appears to circumvent an important developing legal norm regarding location privacy. As a result of court rulings and legislative action, 12 states now require a warrant for police to demand location data generated in connection with use of a wireless communication device. This rapid trend as well as the Supreme Court’s landmark ruling in U.S. v. Jones indicates the entire country may soon follow this rule. The government’s response to such an expansion of Fourth Amendment rights cannot be to evade the requirement of independent review by mining license plate location information maintained by a third party; it should have to obtain a warrant or other judicial authorization in order to do so.

This lack of judicial authorization raises not only due process concerns, but also the risk of abuse. The program includes requirements for “internal policies and training emphasizing the requirement to query and use LPR data only when in support of a criminal investigation or to locate a priority alien,” as well as auditing requirements. These requirements deserve some credit. However, although administrative protocols are implemented by the agency seeking the location data at issue, the degree to which they alleviate concerns is effectively summarized by Chief Justice Roberts in last year’s Supreme Court decision in Riley v. California: “Probably a good idea, but the Founders did not fight a revolution to gain the right to government agency protocols.”

Internal policies raise too many questions and leave too many problems unaddressed. What level of suspicion must be met before a person’s license plate number is run against the database? Who establishes the standard, and does it adequately preserve privacy rights? How easily can the standard be changed? How does DHS ensure that personnel effectively meet the standard when conducting a query? What – if anything – will be the penalty for improper action? All these concerns demonstrate the necessity of judicial authorization for access to data as sensitive as location information, particularly when it covers a long period of time.

The announcement and program do contain some positive features. First, DHS has acknowledged privacy concerns and opened a public dialogue through the PIA. This is a welcome change to the lack of clarity that has accompanied DHS’ use of this technology in the past. Even as substantive concerns remain, DHS can support privacy interests by providing continued transparency regarding the manner in which license plate readers are used and additional details on restrictions and privacy protections. Further, although no substitute for a independent review, the training and auditing requirements should help combat abuse, as will the requirement that the program interface “capture information about the query of a license plate number and link it to a specific ICE enforcement matter.” Finally, the importance of data security is acknowledged, with commercial vendors supplying databases required to employ data security technologies as strong as those ICE itself is required to maintain.

Overall, the license plate reader program described in the PIA lacks adequate privacy safeguards and there is a risk that it will become a model for other such programs at other agencies as well as for state and local law enforcement. As identification technologies such as license plate reader, RFID chips, and facial recognition become more effective, more affordable, and more common throughout society, government will become increasingly powerful in its ability to watch our every move. Government should recognize that although a person’s location in public may be apparent at one moment, when location is tracked over time – as can be done with a database of billions of location records – it is sensitive information and should be subject to limitations on invasive surveillance.