At the beginning of the year, the City of Kyle, Texas, approved a controversial agreement to install automated license plate recognition (ALPR) technology in its police vehicles. The devices would come at no cost to the city’s budget; instead, police would also be outfitted with credit card readers and use ALPR to catch drivers with outstanding court fees, also known as capias warrants.

With each card swipe, an added 25% surcharge would go to Vigilant Solutions, the company providing the system. As an added bonus the company would also get to keep all the data on innocent drivers collected by the license plate readers—indefinitely.

But before the license plate readers could even be installed, the Kyle city council voted 6-1 to rescind the order. The reason: public and media outcry over how the system would turn police into debt collectors and data miners.

“It’s a little Big Brother-ish for me. It’s a little too invasive for me,” Councilmember Daphne Tenorio said at the February 16 hearing. “I’m uncomfortable with it...Because my husband’s in IT, I see what happens and, for me, personally I can’t justify it.”

The February meeting was the city’s mulligan. Councilmembers grilled Vigilant Vice President of Sales Joe Harzewski with hard questions that should’ve been raised the first time around, such as what data is collected, where is the data stored, how long is it stored, how is it shared, and how is it protected.

The answers were unconvincing.

The Deal With Vigilant

ALPR systems are high-speed camera networks that capture license plate images, convert the plate numbers into machine-readable text, geotag and time-stamp the information, and store it all in database systems for later retrieval. ALPR does not distinguish between criminal suspects (or in this case, delinquent fine payers), and instead captures sensitive location data on all drivers. In aggregate, the information can reveal personal information about a driver’s life, such as where they attend church, what doctors they visit, and where they sleep at night. Vigilant even advertises that ALPR can be used to predict a target’s movements and establish their associates.

In late January, EFF published a report about Vigilant’s latest business scheme: licensing ALPR systems to law enforcement agencies for free, in exchange for their participation in what Vigilant calls its “Warrant Redemption Program.” In addition to the City of Kyle, we found records that the City of Orange and Guadalupe County in Texas had also signed similar deals.

Groups like the Texas Civil Rights Project (TCRP) believe these arrangements are unfair, and likely illegal, because they put the cost of the entire mass surveillance system on the backs of people who owe fines—probably because they couldn’t afford the fees to begin with. Under Texas law, any additional fees are supposed to be reasonable and directly connected to the cost of fine collection. As we discovered, the 25% fee doesn’t just pay for the fine collection, but an arsenal of law enforcement tools including unlimited capture and storage of plate scans, data-crunching software, and access to Vigilant’s private database of 4.5 billion plate scans.

As TCRP Legal Director Wayne Krause Yang told the International Business Times:

It really worries me that this corporation is sort of privatizing the police department to become bounty hunters—and pay Vigilant for the privilege. It seems to me that this will put the burden unfairly on those who can least afford it. It would not surprise me that it would result in people being in jail who don't deserve to be there.

Indeed, the program creates a troubling partnership between government and the private surveillance sector. Usually governments purchase products or licenses from vendors out of their budget or grants. But Vigilant’s “budget neutral” agreements have governments at a disadvantage.

Vigilant reserves the authority to cancel the program if it feels a law enforcement agency isn’t making “best efforts” and “expediting and accelerating the normal rate of warrant clearance redemption.” This puts pressure on the officers to prioritize fine collection over other police work if they want to keep their new surveillance equipment. Mary Mergler, director of Texas Appleseed’s Criminal Justice Project, told the Texas Tribune she worries that police will begin constantly searching for drivers with outstanding fines.

One of the most alarming elements of this relationship is that Vigilant also gets to keep the data—every plate collected by the city or county’s ALPR system, regardless of whether the driver has a warrant. Even after an agency cancels the arrangement, Vigilant gets to hold onto that data indefinitely and share it with other law enforcement customers.

It was this point, a clause buried in a memorandum of understanding, that seemed to rankle the City of Kyle. After EFF published its report, Vigilant offered an amended contract promising that all data would be deleted if the city parted ways with the company.

The city council didn’t even vote on the amendment. They just skipped right to telling Vigilant goodbye before it had a chance to collect any data at all.

What Vigilant Told the Kyle City Council

During the hearing, Vigilant revealed information that all policymakers should take notice of before approving or renewing a contract with the company.

One councilmember asked whether the company had ever had a breach. Instead of answering the question, Vigilant VP Harzewski played on semantics, asking the councilmember to define a “data breach.”

The councilmember responded, “Has anybody had unauthorized access to your servers?”

After a pregnant pause, Harzewski admitted that that has happened, but disclaimed Vigilant of any responsibility:

Not that I’m aware of and I say, “not that I am aware of,” because I would consider unauthorized access when someone from the city of Kyle or someone else within the City of Kyle maliciously gave access out to one of their friends. Is that a breach? I don’t know the answer to that. It depends on how you define it. If it’s considered a breach then certainly we’ve had breaches, because we’ve had people hand out access where they shouldn’t have. Not us particularly, but our clients. And that’s something we can’t do anything about, in the sense that we give bulletproof technology to our clients. They’re free to do with it as they see fit. We give them the complete control to ensure that what they decide to do with it is what happens with it.

With that, Vigilant made one of the strongest arguments against ALPR: the data is constantly at risk of being abused by individual users. And somehow Vigilant both knows and doesn’t know when it has happened. In the next breath, Harzewski further lent credibility to the complaints of privacy groups:

So if you’re asking me if we’ve ever had someone hack into our server, the answer is absolutely no, never. Have we had people try to hack into our server? Absolutely, tee-totally, yes. On many, many occasions. It’s never been successful.

Vigilant brags that it has more than 4.5 billion location data points in its commercial server (collected by vehicle repossession contractors), plus millions more in its law enforcement ALPR server. The unverified claim that it has fended off attacks so far is of little comfort. If Sony can be hacked, if the Federal Office of Personnel Management can be hacked, if even the digital intrusion specialists at Hacking Team can be hacked—then it may only be a matter of time before Vigilant’s defenses fail.

Throughout the discussion, the Vigilant VP explained that government agencies are given control over how long data is stored and who it can be shared with through their software inferface. However, also during the hearing, the council learned that the program had been adopted without the police department taking the time to propose any kind of policies for controlling the data.

The Kyle City Council did the right thing by its constituents by ending the program. Now it’s time for other jurisdictions to follow suit and reexamine the deals they’ve signed with ALPR companies to ensure they’re putting privacy over surveillance snake oil.