"Five Important Questions About DEA’s Vehicle Surveillance Program" by Rachel Levinson Waldman, originally published on JustSecurity.org on January 30, 2015.

With each week, we seem to learn about a new government location tracking program. This time, it’s the expanded use of license plate readers. According to The Wall Street Journal, relying on interviews with officials and documents obtained by the ACLU through a FOIA request, the Drug Enforcement Administration has been collecting hundreds of millions of records about cars traveling on U.S. roads. The uses for the data sound compelling: combating drug and weapons trafficking and finding suspects in serious crimes. But as usual, the devil is in the details, and plenty of important questions remain about those details.

First, who approved the program, and under what circumstances? We don’t know. The DEA is an arm of the Department of Justice, so presumably the Attorney General’s office has been involved, but details aren’t yet available. Also unknown is whether there has been any judicial oversight.

Second, are there any limitations on how the data can be used? This is also unknown. The emails obtained by the ACLU indicate that the main purpose of the program was to assist in seizures of cars, money, and other assets, often from people not charged with any crime, a program that has come under withering criticism. But the history of data collection programs is that information collected for one purpose quickly becomes attractive for other purposes. And the more information available (even for proper purposes), the more is available for misuse as well. Indeed, license plate information has been abused in the past, with peaceful protestors’ data shared with the FBI.

Third, how long can it be kept? The article reports that the DEA holds the data for three months, a significant drop from its previous two-year retention period. Much of this data is coming from readers set up by state and local law enforcement, though, and the retention periods for those jurisdictions are an inconsistent patchwork, with deletion times ranging from immediate (Ohio state patrol) to 90 days (Boston) to two years (Los Angeles County) to five years (New York City) to never (New York State Police). This is especially alarming given that a vanishingly small percentage of the millions of license plates scanned are actually connected to any crime or wrongdoing. At the same time, data collected by DEA reportedly goes back to state and local jurisdictions as well, setting up an endless loop of information with inadequate oversight.

Fourth, where else does the data go? Some of it is sent to fusion centers, which are state- or regional-based hubs that centralize information for sharing among the federal government, states, and private partners. Originally established in the wake of 9/11, fusion centers have largely abandoned their focus on terrorism for want of credible threats; they have instead transformed into an “all threats” model. In the process, they have been roundly criticized for wasting money, contributing little to counterterrorism efforts, and endangering both civil liberties and Privacy Act protections. Maryland and Vermont are known to feed their plate data to fusion centers, and the numbers are likely higher, given fusion centers’ voracity for data.

Finally, which other federal agencies are using license plate readers? We know that the Department of Homeland Security is using them as part of their border enforcement. As of early 2009, nearly 100% of cars crossing the border were scanned with a license plate reader. And both DEA and DHS license plate readers can be coupled with cameras that provide pictures of the occupants of vehicles being scanned.

Of course, the DEA database is only the latest in a string of disclosures that, taken together, reveal a web of powerful surveillance capabilities. Late last year, The Wall Street Journal revealed that the U.S. Marshals Service is using a secretive technology that sweeps up information about thousands of innocent Americans’ cell phones in the process of searching for suspects. As with the license plate reader scheme, little is known about the specifics of this program.

And just last week, USA Today revealed that at least 50 law enforcement agencies, including the FBI and the U.S. Marshals Service, have obtained radar devices that allow them to detect any human movements inside a house, even motion as minimal as breathing, from more than 50 feet away. In at least one case, the device was used without a warrant to case a home for the presence of a suspected parolee.

Senators Chuck Grassley (R-Iowa) and Patrick Leahy (D-Vt.) have already expressed concern about this technology, and it’s hard to see how its use without a warrant passes constitutional muster. As the Tenth Circuit observed in a recently published case weighing the use of the radar technology, the Supreme Court has already disapproved of the use of a thermal imaging device to capture details of life within a home. Perhaps even more salient, the Court earlier established that tracking technology (known as a beeper) cannot be used without a warrant to confirm a person’s presence inside a private home, if obtaining that information would otherwise require entry into the home. It’s a little mystifying that using a high-powered radar for the same purpose would be kosher.

Taken together, these stories suggest a zone of privacy that is narrowing so much as to be almost imperceptible. Separate from the question of how these technologies are actually being used, the breadth of surveillance capabilities they provide are staggering. You can be tracked on the streets; in your home; on your phone; and almost anywhere else. We seem to forever be caught in a kind of vicious cycle: it’s too early to criticize or critique technologies when they’ve just been introduced and there’s no record of misuse, but once they’ve been in place for even a year or two, they take on an air of inevitability. Indeed, the USA Today article calls the radar technology “hardly new” by virtue of the fact that the Marshals Service had started buying the devices in 2012 – but two plus years is nothing, especially when (as the story’s author notes) the federal government has played hide-the-ball with other surveillance technologies.

There are many layers between us and a police state. But just as Bruce Schneier has written that it is “poor civic hygiene to install [online] technologies that could someday facilitate a police state,” so too is it poor civic hygiene to deploy a suite of physical surveillance technologies that could do the same.

(Photo: AP)