Since
Lt. Governor David Dewhurst ordered the Texas Senate State Affairs Committee to research possible privacy-protecting legislation regarding geolocation data, among other electronic privacy topics, I was pleased recently to notice a law review article by Stephen Rushin of the Illinois College of Law titled "
The Legislative Response to Mass Police Surveillance." He proposes model legislation for regulating what he calls "digitally efficient investigative technologies," especially Automatic License Plate Readers (ALPR) and surveillance cameras, the latter particularly when they're connected to facial recognition technology that allows police to individually identify people
en masse.
To me, his paper is most useful for its analysis of license plate reader regulation. While surveillance cameras are used by many departments, very few (and none I know of in Texas) have them connected with facial recognition software, though one supposes that could be coming. According to a Denver Post article he cited, "[t]hirty-seven states currently load driver's license photographs into state databases, which are searchable using facial recognition software." For now, though, Grits thinks fusing the two issues would unnecessarily muddy the waters. As a legislative matter, I'd rather see the topics confronted separately.
The breathtaking efficiency of license plate readers (which can scan and cross-reference up to 1,800 plates per second) means they're already in a position to be abused in ways that aren't yet broadly true of facial-recognition equipped surveillance cameras. ALPR technology is already quite widespread. A 2009 survey conducted by the International Association of Police Chiefs found that 66% of agencies larger than 501 officers and 80% of agencies larger than 1,001 officers utilize ALPR technology, and 85% of chief at all agencies "plan to acquire more ALPR devices or increase use in the future."
Rushin describes in some detail how and why 20th century Fourth Amendment jurisprudence is ill-equipped to address highly efficient surveillance in public, arguments that are especially on point as they relate to present-day use of ALPR. Courts have long assumed citizens have no reasonable expectation of privacy regarding any activity occurring in public, but those norms were influenced in the past by the fact of limited police resources. Yes, police can theoretically tail a suspect anywhere, but limited resources mean they can't do it forever. OTOH, public surveillance based on location data from license plate readers (or as the NSA scandal demonstrated, cell phones) removes resource limits and makes mass surveillance not just possible but relatively inexpensive. Moreover, noted Rushin, "because the digitally efficient investigative state monitors the entire community, it collects information on illegal activity as well as innocuous behavior," meaning "it will invariably gather enormous amounts of data on innocent people."
While about half of departments retain license-plate reader information for six months for less, 28% of agencies either have no retention limits or by policy retain the information indefinitely. Given that it's possible to identify individuals using a
very small number of location data points, this information over time becomes increasingly invasive to everyone's personal privacy. Such expansive powers breed potential for abuse. Wrote Rushin:
Psychological and historical evidence suggests that the availability of pervasive surveillance tools may facilitate law enforcement corruption. With the unregulated ability to monitor an entire community, law enforcement may be incentivized to conduct fishing expeditions that "exacerbate racism, stereotyping, or profiling." This elevates the risk of false positives and harms citizens' perceptions of procedural fairness. Thus, while the digitally efficient investigative state may be an important development for crime prevention, it also raises numerous privacy concerns.
The article outlines model state-level legislation to regulate these technologies and, while I don't agree with all of his choices, Rushin's discussion provides a useful framework for analyzing the decisions that must be made when implementing state-level regulation.
His model statute differentiates between "observational
comparison" and "indiscriminate data collection." The former he defines
as "the retention of locational or identifying information after an
instantaneous cross-reference with a law enforcement database reveals
reasonable suspicion of criminal wrongdoing." The latter involves
retention of such data "without any suspicion of criminal wrongdoing"
and is the type he suggests should be the focus of the bulk of state
regulation.
Among states, Maine, Arkansas, New Hampshire, Vermont, and Utah have regulated ALPR tech through legislative measures. In New Jersey the Attorney General used constitutional authority to hand down directives regulating use of ALPR and limiting data collection, while Virginia has "passed relatively broad laws that regulate the retention of data by the government in all forms." New York has suggested model guidelines on the topic that are not prescriptive. Between them, these states provide examples of the various forms ALPR regulation might take.
All state legislatures regulating this tech put some restriction on data retention. Maine is the most restrictive, limiting retention to 21 days unless it specifically relates to a criminal investigation, while Vermont allows retention up to 18 months. (Rushin's model policy suggests one year, but given that half of departments surveyed have policies maxing out retention at six months or less, to me that seems too long.) New Jersey's Attorney General rules allow for retention for up to five years, which seems flat-out excessive.
Several states, like New Jersey, include limits on disclosure of personally identifying information "unless there is a legitimate and documented law enforcement reason for disclosing" it. In general, the longer states allow such data to be retained, the more important that aspect of regulating ALPR tech becomes. My preference would be to retain "indiscriminate" data for a shorter period, as in Maine, but either way there should be a requirement that the data only be used for legitimate investigative purposes.
Some states restrict sharing of ALPR data, though Rushin's model statute would allow it. He suggests limiting sharing to agencies that comply with minimum standards on retention, access, etc.. To me, at a minimum, states also should forbid sharing the data with
commercial vendors. (For that matter, there's a gaping hole in his model statute in that it doesn't regulate the collection and sale of data by privately owned ALPRs, like those used by towing companies.)
Rushin also suggested rules limiting who may access ALPR data stored by police, requiring prior authorization as well as maintenance of logs documenting every user and every time they access the information. His model policy would require that stored data only be accessed only for legitimate law enforcement purposes, though IMO his limiting language could be stronger. He also suggests mandatory training in proper procedures for handling and accessing data, as well as discipline for police employees "who fail to follow policy parameters." The New York guidelines sensibly suggest "that departments establish a list of designated personnel who are authorized to access ALPR data."
Enforcement may be the most difficult nut to crack. In New Jersey, the AG can revoke an agency's authority to use ALPR if they don't comply with state rules. Arkansas provides for civil remedies if individuals can show harm, while Utah, New Hampshire and Maine criminalize misuse of ALPR data. Rushin's model statute would give the Attorney General of the state authority to file civil suits over misuse, but that structure wouldn't fit well with the historical role of the AG in Texas. I do like his suggestion that the AG perform and publish the results of regular compliance audits of ALPR use.
During the 83rd Texas Legislature, the
Texas Electronic Privacy Coalition, of which your correspondent was a member, proposed two pieces of legislation: Requiring warrants for law enforcement to access cloud-based email and other content, which passed, and requiring warrants for them to access personal location data from cell phones and other electronic devices, which cleared the House by a 126-4 margin but did not make it through the Senate side. There have already been behind-the-scenes discussions among TXEPC members about whether regulating license-plate readers should be the next phase of regulating government tracking of geolocation data. Lt. Gov. Dewhurst's interim charges on electronic privacy gave such suggestions additional, recent momentum.
While I don't agree with every jot and tittle of Rushin's model statute - in particular he'd allow data retention for longer than I'd prefer and his enforcement mechanisms wouldn't be a great fit for Texas - I appreciate the good professor's efforts to think through the fundamental components such legislation might include. His article provides a fine starting point for considering how automatic license plate readers should be regulated at the state level.
See related Grits posts:
.jpg)
