By Bennett Stein and Jay Stanley
The Drug Enforcement Administration has initiated a massive national license plate reader program with major civil liberties concerns but disclosed very few details, according to new DEA documents obtained by the ACLU through the Freedom of Information Act.
The DEA is currently operating a National License Plate Recognition initiative that connects DEA license plate readers with those of other law enforcement agencies around the country. A Washington Post headline proclaimed in February 2014 that the Department of Homeland Security had cancelled its “national license-plate tracking plan,” but all that was ended was one Immigrations and Customs Enforcement solicitation for proposals. In fact, a government-run national license plate tracking program already exists, housed within the DEA. (That’s in addition to the corporate license plate tracking database run by Vigilant Solutions, holding billions of records about our movements.) Since its inception in 2008, the DEA has provided limited information to the public on the program’s goals, capabilities and policies. Information has trickled out over the years, in testimony here or there. But far too little is still known about this program.
In 2012, the ACLU filed public records requests in 38 states and Washington, D.C. seeking information about the use of automatic license plate readers. Our July 2013 report, You Are Being Tracked, summarized our findings with regard to state and local law enforcement agencies, finding that the technology was being rapidly adopted, all too often with little attention paid to the privacy risks of this powerful technology. But in addition to filing public records requests with state agencies, the ACLU also filed FOIA requests with federal agencies, including the DEA.
The new DEA records that we received are heavily redacted and incomplete, but they provide the most complete documentation of the DEA’s database to date. For example, the DEA has previously testified that its license plate reader program began at the southwest border crossings, and that the agency planned to gradually increase its reach; we now know more about to where it has grown. The DEA had previously suggested that “other sources” would be able to feed data into the database; we now know about some of the types of agencies collaborating with the DEA.
The documents uncovered by our FOIA request provide additional details, but their usefulness is limited by the DEA’s decision to provide only documents that are undated or years old. If the DEA’s collection of location information is as extensive as the agency has suggested in its limited comments to legislatures, the public deserves a more complete and comprehensive explanation than the smattering of records we have obtained can provide.
These records do, however, offer documentation that this program is a major DEA initiative that has the potential to track our movements around the country. With its jurisdiction and its finances, the federal government is uniquely positioned to create a centralized repository of all drivers’ movements across the country — and the DEA seems to be moving toward doing just that. If license plate readers continue to proliferate without restriction and the DEA holds license plate reader data for extended periods of time, the agency will soon possess a detailed and invasive depiction of our lives (particularly if combined with other data about individuals collected by the government, such as the DEA’s recently revealed bulk phone records program, or cell phone information gleaned from U.S. Marshals Service’s cell site simulator-equipped aircraft ). Data-mining the information, an unproven law enforcement technique that the DEA has begun to use here, only exacerbates these concerns, potentially tagging people as criminals without due process.
Some major findings from the documents
The National License Plate Recognition Initiative includes a massive database containing data from both DEA-owned automatic license plate readers and other readers. Among the findings from the FOIA documents:
- At the time of an undated slideshow, the DEA had deployed at least 100 license plate readers across the United States (eight states are identified: California, Arizona, New Mexico, Texas, Florida, Georgia, Nevada, and New Jersey). A 2010 document also explains that the DEA had by then set up 41 plate reader monitoring stations throughout Texas, New Mexico, and California.
- The DEA is also inviting federal, state, and local law enforcement agencies around the country to contribute location information to the database. For example, thedocuments show that local and regional law enforcement systems in Southern California’s San Diego and Imperial Counties and New Jersey all provide data to the DEA. The program was “officially opened” to these partners in May 2009. Other agencies are surely partnering with the DEA to share information, but these agreements are still secret, leaving the public unable to know who has their location information and how it is being used.
- Customs and Border Patrol (CBP) is one of the federal agencies that has shared information with the DEA. An undated Memorandum of Understanding explains that the agencies will, “at regular intervals,” provide each other license plate reader data. It also authorizes the two agencies to further share each other’s data with other federal, state, and local law enforcement and prosecutors as well as to “intelligence, operations, and fusion centers.” This is a lot of location points. CBP collects “nearly 100 percent of land border traffic,” which amounts to over 793.5 million license plates between May 2009 and May 2013, according to CBP’sresponse to our FOIA request.
- Additionally, any federal, state, or local law enforcement agent vetted by the DEA’s El Paso Intelligence Center can conduct queries of the database, located in Merrifield, Va.
- The same undated slideshow suggests that there were over 343 million records in the database at the date of the slide’s publication (due to redactions, it is impossible to confirm that date from this document).
- The unredacted parts of the documents and news reports suggest that the DEArecently changed its retention policy to six months for non-hit data. While this is an improvement from previous statements of DEA retention policy, it is still far too long. The government should not collect or retain information revealing the movements of millions of people accused of no crime. But even that long retention period is only meaningful if it comes with strict rules limiting data use, sharing, and access. Like its retention policy, the DEA should make these policies public.
- The DEA says that the National License Plate Recognition Initiative targets roadways that the agency believes are commonly used for contraband transport. But it’s not clear what this means or what it is based on. Every highway in the United States must be regularly used for contraband transport. Is the DEA using this undefined mandate to target people of color? Without more information from the DEA, we have no idea.
- One DEA document references steps needed to ensure the program meets its goals, “of which asset forfeiture is primary.” Asset forfeiture has been in the news a lot lately, criticized as a widely abused law enforcement tactic that doesn’t advance public safety but simply enriches police and federal agencies.
- The program also apparently data mines license plate reader data “to identify travel patterns.” The extent of this data mining is unknown. Is the DEA running all of our license plate reads through a program to predict our likelihood of committing a crime? Are we all suspects if we drive on a certain road? What else does the DEA think it knows about us just from the collection and analysis of our locations via license plate reader data?
More answers are needed
The DEA’s license plate reader programs raise serious civil liberties concerns, and the agency should be open about what it is doing so that those activities can be subject to public debate. Among other questions, the agency should answer these:
- How many license plate readers does DEA currently own and operate? In which states? And, how much did it spend on these license plate readers?
- Which policies govern the use of the license plate readers? Which policies govern the use of the license plate reader database? Has the agency done a Privacy Impact Assessment on these programs?
- How many license plate reader hits have resulted in arrest and prosecution of a serious crime? How many license plate reader hits have not correlated to an alert upon further investigation (a “mis-hit”)?
- From which local, state, and tribal law enforcement agencies does the DEA receive license plate reader data?
- Which additional agencies does the DEA partner with? How many people have been approved to conduct queries of the DEA database?
- Has the DEA used or attempted to use Vigilant Solution’s National Vehicle Location Service or a similar privately-run license plate reader database? Does DEA combine information from its own database with records in Vigilant’s, creating a mega-database in a public-private surveillance partnership?
As is the case with most police and federal law enforcement spy technologies, license plate tracking programs have flown under the radar of courts and legislators for far too long, silently collecting records about ordinary Americans in the cover of secrecy. When programs are secret, we have no way of challenging them or ensuring they conform with our values and the law. Before accountability comes transparency. Over the coming weeks, we will continue to release records documenting the federal government’s significant investment in automatic license plate readers and its unregulated and largely unseen location tracking programs.
Here are the documents discussed in this piece (we also link to them above):
2010 DEA Email
October 2011 DEA email
April/May 2010 DEA emails
May 2010 DEA emails
March 2014 DEA Response to ACLU FOIA Request, assorted emails
October 2011 DEA emails
January 2014 CBP Response to ACLU FOIA Request
Bennett Stein is with the ACLU Speech, Privacy, and Technology Project & Jay Stanley is Senior Policy Analyst, ACLU Speech, Privacy & Technology Project.