from the too-much-is-never-enough dept
The Customs and Border Patrol (CBP) has a thirst for license plate images. It wants as many as it can get. And as far inland as it can get without straying from the areas it’s really supposed to be keeping its eyes on: the nation’s borders. Two consecutive Privacy Impact Assessments of the agency’s automatic license plate reader program came to the same conclusion: if you don’t want to get your plate read, don’t drive anywhere. Sure, it may seem easy to avoid the border, but the agency is allowed to do its border protecting stuff up to 100 miles from any border, which includes coastlines and international airports.
But it’s not enough that the CBP has an unknown number of plate readers in operation. The information captured by its camera network apparently isn’t comprehensive enough. So it’s been buying access to other license plate image databases. As Joseph Cox reports for Motherboard, the CBP is making use of plate images gathered by private companies to round out its surveillance of Americans.
The PIA [Privacy Impact Assessment] did not name the specific commercial database. But a source in the private investigator industry, which makes use of commercial license plate databases, suggests the supplier is likely Vigilant Solutions and its sister company DRN which collects the license plate data in the first place.
“DRN is the only one I know that collects the data. The other companies that advertise this service as a search buy from DRN,” Igor Ostrovskiy, principal at private investigator firm Ostro Intelligence, who has used the DRN system, told Motherboard. With the consent of the target, a source previously tracked a target for Motherboard using DRN’s vast license plate reader system.
Vigilant is home to what is likely the largest database of plate images in the business. The company sells access to an unknown number of law enforcement agencies. Some agencies get free access in exchange for a cut of any fines and fees collected by law enforcement as the result of plate reader hits. As of a half-decade ago, Vigilant was home to two billion license plate photos, with 100 million more being added daily by its network of cameras.
But Vigilant’s network isn’t just its hundreds of law enforcement owned plate readers. It’s also the hundreds run by private companies that allow Vigilant to sell access to the plate images they’ve collected. As Cox reports, this has turned two billion images (as of 2015) to nine billion images — much of this “crowd-sourced” from hundreds of repo men using Vigilant equipment.
So, the CBP’s Privacy Impact Assessment isn’t accurate. It may be accurate as far as suggesting not driving is the only way to prevent your license plate from ending up in the CBP’s database. But to suggest staying out of areas “impacted” by CBP activity might allow you to elude this collection is patently false. If the CBP has access to this database, plate/location info from drivers nowhere near the CBP’s enforcement areas is still making its way to the CBP via Vigilant’s numerous private company contributors.
And this collection isn’t subject to the CBP’s rules, which limit searches to five years of plate/location data and removes cached, non-hit searches within 24 hours. The CBP may not have control of this collection — it remains solely in the hands of Vigilant — but claiming (as the CBP does in Cox’s article) that query-only access is somehow a completely different thing is disingenuous. While it may make exploitation of the database more difficult for the CBP, it’s still access to billions of plate records the CBP hasn’t shown it should legally or logically have access to. The CBP can dip into it whenever it wants and operate outside of its own ALPR guidelines while doing it. There are no downsides. The CBP gets access to billions more plate images without having to deal with the infrastructure side of it. More plates, lower costs, fewer headaches. Win win win.