California law enforcement agencies violate state law regarding ALPR mass surveillance technology usage, inadequately protecting privacy and leading to potentially serious privacy violations

February 14, 2020 - Sacramento - On Thursday, in response to a request from Senator Scott Wiener (D-San Francisco) to audit law enforcement usage of Automated License Plate Readers (ALPR), the California State Auditor released a report which found that law enforcement using this mass surveillance technology in cities across the state lacked necessary safeguards against privacy violations and are noncompliant with state law. Senator Wiener requested the audit due to privacy concerns, understanding this technology could be easily over- and misused without regulation and guidelines. Senator Wiener specifically worried that ALPR technology might be helping Immigration and Customs Enforcement (ICE) detain and deport undocumented immigrants, thus violating California’s sanctuary state status.

The audit was clear: there is significant cause for alarm. Under state law enacted in 2016, law enforcement is required to implement comprehensive usage and privacy policies regarding ALPR technology. The report found that various law enforcement agencies across the state were violating state law by not implementing these policies. The audit also found that law enforcement agencies are misusing this sensitive data by retaining it for long periods of time and disseminating it.

Specifically, the audit found:

• None of the agencies have an ALPR usage and privacy policy that implements all the legally mandated—since 2016—requirements.
• Three agencies did not completely or clearly specify who has system access, who has system oversight, or how to destroy ALPR data, and the remaining agency has not developed a policy at all.
• Two of the agencies add and store names, addresses, dates of birth, and criminal charges to their systems—some of these data may be categorized as criminal justice information and may originate from a system maintained and protected by the Department of Justice.
• Three agencies use a cloud storage vendor to hold their many images and associated data, yet the agencies lack contract guarantees that the cloud vendor will appropriately protect the data.
• Three agencies share their images with hundreds of entities across the U.S. but could not provide evidence that they had determined whether those entities have a right or a need to access the images.

“The audit findings are deeply disturbing and confirm our worst fears about the misuse of this data,” said Senator Wiener. “ALPR data should be used only in narrow circumstances. What we’ve learned today is that many law enforcement agencies are violating state law, are retaining personal data for lengthy periods of time, and are disseminating this personal data broadly. This state of affairs is totally unacceptable, and I’m drafting legislation to protect people’s privacy and to put an end to these privacy violations.” 

A summary of the audit report can be found here.
Source: Senator Scott Wiener