California audit finds automated license plate reader programs exploit driver privacy

The audit criticizes the use of ALPR programs by the Los Angeles and Fresno police departments plus the sheriff offices for Marin and Sacramento counties.

License plates from all over the country

In a blistering audit, California State Senator Scott Weiner lambasted the use of automated license plate readers, more conventionally known as ALPRs, deployed by four law enforcement departments and agencies in Los Angeles, Fresno, Sacramento, and Marin.

The purported point of this controversial technology is to maintain a database of vehicular registration plates along with other corresponding information for law enforcement agencies to use. But questions about data retention and monitoring have long unsettled activists as they believe the sustained collection of such information severely hurts people's right to privacy.

To address some of those concerns, at least 16 states in the country have statutes in place for the use of this data but, according to Weiner, the handling of ALPRs in the state of California is creating a nightmarish situation for anyone invested in protecting their identity.

The findings — The audit states that the LAPD's use of ALPRs fell remarkably short of protecting driver privacy as far as who gets to access and view this information. It also found:

  • 99.9 Percent of the whopping 320 million ALPR photos did not belong to vehicles on the LAPD's hot list (which is the department's list of persons of interest).
  • Three agencies under review were unable to clearly explain who exactly could access ALPR photos, who was responsible for the database, or even how to erase ALPR imagery. The fourth agency had no specific policy in place to address these questions either.
  • In spite of three agencies storing ALPR images with cloud storage vendors, none of them could explain if there were any contracts in place that legally required the vendors to secure the information.
  • The audit warned that agencies may be retaining the information longer than necessary.
  • None of these agencies have implemented privacy policies, which have been legally mandated since 2016.

In Weiner's words — The Californian legislator stated, "The audit findings are deeply disturbing and confirm our worst fears about the misuse of this data.

"ALPR data should be used only in narrow circumstances," Wiener added. "What we’ve learned today is that many law enforcement agencies are violating state law, are retaining personal data for lengthy periods of time, and are disseminating this personal data broadly."

Weiner says this is "totally unacceptable," and that he's drafting legislation to put an end to the questionable practices.