Raw data is everywhere to be scooped up, aggregated, run through proprietary algorithms, monetized — and sometimes stolen. And with technology evolving faster than laws, the public has good reason to be wary of law enforcement using powerful surveillance devices like automated license plate readers.
ALPRs are cameras — some of them like the swiveling, high-speed electronic eyes used by Google to map the world — that can capture images of nearly 2,000 license plates per minute (as well as images of vehicles and passengers), but that’s just for starters.
They can also “find” specific license plates in real time or produce a virtual map of a target’s daily movements. That data can be shared with local or federal law enforcement agencies or, in some cases, sold to businesses such as insurance companies.
Most states, South Carolina included, have no laws regulating the use of ALPRs. The lack of legal restrictions on the use of such technology is troubling. Forget about probable cause, warrants — the Fourth Amendment for that matter — because we’re all being watched.
Many ALPRs have been purchased by local law enforcement agencies via federal grants, but there are strings attached. Such agreements typically enable the feds to access the data collected. And in many cases, the feds require local agencies to sign nondisclosure agreements that have prevented some officers from testifying in criminal cases about how evidence was gathered.
It’s hard to know how widespread ALPRs are in South Carolina, but most of the larger police departments have them. Myrtle Beach reportedly has 37, in addition to 899 surveillance cameras.
Rep. Todd Rutherford, D-Columbia, rightly has been trying get a law on the books that would regulate the use of ALPRs, as well as “stingray” cellphone tracking technology. According to Mr. Rutherford, at least 46 S.C. police agencies use ALPRs, all of which feed into a server run by the State Law Enforcement Division.
Records are kept up to three years under SLED rules, but those are just guidelines. It’s also far too long to hold on to such information. There are no laws governing the use or misuse of such records, or how ALPRs might be used in tandem with other surveillance technology, such as facial recognition software. Mr. Rutherford’s bill, which stalled in committee this past session, would limit the retention of ALPR data to a more reasonable 90 days. We would add that there must be oversight of such technology including audits conducted by outside agencies.
Police typically use ALPRs to find suspects by adding a license plate to a “hot list,” or to identify vehicles and people in an area where a crime occurred. Certainly, that can be a useful and powerful tool. But the technology also can be misused or stolen, both of which have been documented.
Just this week, Customs and Border Protection disclosed “a major privacy breach” of a contractor’s ALPR data gathered at a California port of entry. And that appears to be linked to a hacking incident about a week earlier that resulted in a contractor’s internal information and the data it collects being exposed on the dark web.
For years, groups such as the Electronic Frontier Foundation and the American Civil Liberties Union have been fighting for wider public disclosure about the use of ALPRs and urging states to enact laws that limit how the data can be used and how long it can be kept. California, where the technology first proliferated in the Bay Area, and 15 other states have such laws, some of which require public notice about the use of the technology and rules about how the data is secured.
What’s clear is that South Carolina is behind the times in regulating law enforcement technology. State lawmakers should get up to speed quickly when they return to work in January.