As license plate readers proliferate, law enforcement and private business are pooling surveillance data in light of conflicting guidelines on how long they may retain the data, which often is marketed for profit, according to a report by the American Civil Liberties Union.

The report, You Are Being Tracked: How License Plate Readers Are Being Used to Record Americans' Movements," (.pdf) paints, for the first time, a broad, Orwellian picture of an often overlooked and growing feature of the surveillance — one funded, in part, by $50 million in federal grants to local governments during the past five years.

The autonomous readers — small cameras affixed to police vehicles, light poles, bridges, street signs, buildings, you name it — chronicle a vehicle's whereabouts to the second. Only a fraction of photos provide an immediate "hit" matching the vehicle to a crime. At least one town, the affluent San Francisco suburb of Tiburon, has cameras operating on the only road leading into and out of town. Nationwide, the authorities and even private enterprise maintain a trove of locational data on citizens' movements, according to the report.

Data from these cameras, according to the report, "is being placed into databases, and is sometimes pooled into regional sharing systems. As a result, enormous databases of motorists' location information are being created. All too frequently, these data are retained permanently and shared widely with few or no restrictions on how they can be used."

The standards by which the authorities may access the data varies. In the Northern California town of Pittsburg, for example, local police may analyze the database for "any routine patrol operation or criminal investigation," and "reasonable suspicion or probable cause is not required," according to the report. In Scarsdale, New York, the barrier for access "is only limited by the officer's imagination."

The report also illuminates a network of private companies – many in the repossession business – that scan 50 million license plates a month in major metropolitan areas and sell the data to law enforcement agencies.

"These huge databases of plate information are not subject to any data security or privacy regulations governing license plate reader data," the report said. "These companies decide who can access license plate data and for what purposes."

Source: ACLU

According to the report, the vast collection of data yields little in the way of crime fighting, and authorities are collecting "vast quantities of data on innocent people." Law enforcement agencies throughout Maryland, for example, collected more than 85 million license plate records last year alone and pooled them in a single database — a practice used by other agencies nationwide.

"Maryland's system of license plate readers had over 29 million reads. Only 0.2 percent of those license plates, or about 1 in 500, were hits. That is, only 0.2 percent of reads were associated with any crime, wrongdoing, minor registration problem, or even suspicion of a problem," the report said. "Of the 0.2 percent that were hits, 97 percent were for a suspended or revoked registration or a violation of Maryland’s Vehicle Emissions Inspection Program."

To be sure, many agencies promptly delete so-called "non-hit" data – photos of license plates that did not produce an immediate match. The Ohio State Highway Patrol deletes data immediately, whereas the Minnesota State Patrol keeps the info for 48 hours, while police in Brookline, Massachusetts keep the data for two weeks.

On the other hand, Jersey City in New Jersey retains the data for five years, while authorities in Grapevine, Texas, have no data retention policy, according to the ACLU report.