This summer ACLU affiliates all around the country filed open-records requests seeking information about how government agencies are using automated license plate readers. One set of records, released this week to the ACLU of Massachusetts by the police department here in Boston, provides a snapshot of the data-collection practices that are taking place around the nation.

The records reveal that the Boston police collect an average of 3,630 license plate reads per day and store the information for 90 days, unless officers decide they want to hold onto it forever, “for investigatory or intelligence purposes and for discovery/exculpatory evidence.”

Collected license plate data is stored in a private database called “CopLink,” and is available to any police officer with CopLink access. The Boston Police Department’s surveillance center, the Boston Regional Intelligence Center (BRIC), stores the data locally. The police department allows its officers to use license plate recognition technology for “proactive” surveillance purposes. That raises significant privacy alarms.

While the BPD says it “safeguards the legitimate privacy concerns of law abiding citizens” through its license plate reader program, the policy details say otherwise. Police should not retain the location information of thousands of people against whom no crime has been alleged, and should impose a finite retention period on those pieces of data it stores for legitimate investigatory purposes. The data should not be held in a corporate database, where it may be accessible to hundreds of agencies nationwide. Most importantly, police should not be able to collect and indefinitely retain revealing personal and location information on people accused of no crime under the catch-all “intelligence” justification.

But those practices are allowed under BPD license plate reader policy.

Despite our open-records request, there is still much we don’t know:

Though we asked for them, the department did not provide us with records showing how many LPR units it owns, or any information showing how many “hits” the BPD currently stores in its system.

We don’t know what kinds of LPR systems the Boston police use, either, because the department couldn’t find any procurement records, such as contracts or manufacturer marketing documents.

We did not receive any training materials other than one special order that serves as the department’s LPR policy—even though the special order states that all department employees who use LPR data or systems “shall participate in a training program regarding implementation of and adherence to this LPR policy.”

We also don’t know specifically which hotlists BPD uses in concert with LPR, though a disclosed policy governing its use says the lists are “either developed by the Department, or provided to the Department from another law enforcement entity,” and may include registered sex offenders.

The limited information we received in response to our request comes mostly from a special order, which serves as the department’s license plate reader policy. That document says LPR hotlists are updated once a week, providing plenty of room for error. However, the department requires that officers double-check the accuracy of all hits before taking “any police action that restricts the freedom of any individual,” which should mitigate problems resulting from obsolete hotlist data.

Perhaps the most troubling aspect of the policy is that the Boston Police Department authorizes license plate reader deployment for “proactive” data collection:

As directed by the Superintendent in Chief, a Superintendent or Deputy Superintendant, District or Unit Commander, Investigatory Supervisor or an Intelligence Supervisor, LPR may be deployed to a defined geographical area for purposes of an ongoing investigation or an intelligence gathering operation. [emphasis added]

In other words, if the Boston police wanted to know who attended an anti-war meeting or went to Friday services at the mosque, they could park a cruiser with LPR technology in a strategic location and without lifting a finger collect a membership or attendance list of motoring activists or worshippers. The department does not require that police document any legitimate law enforcement purpose or in any other way justify the deployment of LPR for “an intelligence gathering operation,” opening the door for serious abuse. Yet more troubling, the police could store this information indefinitely.

Perhaps the most significant gap in our knowledge about how BPD uses license plate readers is how the technology’s significant powers are harnessed for surveillance purposes. Does the agency’s sharing of our location information with the private CopLink database mean that police nationwide can peer into our private lives on a whim, for no good reason? Is the data added to the CopLink system ever deleted?

We don’t know. But we do know that the department’s policy allows it to retain indefinitely and data-mine information about ordinary people accused of no crime.

This is all exactly backwards. We should know how more about the police are using this and other powerful surveillance tools—both in Boston and around the country—and the police shouldn’t know much at all about how we live our day-to-day lives unless they suspect we are engaged in criminal activity. After all, we are innocent until proven guilty. Or is that maxim of American jurisprudence now reversed?