Are parking garages and toll roads spying on innocent motorists for Federal police?

Reversing a decision made in response to public pressure in 2014, US Customs and “Border” Protection (CBP) plans to pay a commercial aggregator of license-plate reader data to track vehicles that aren’t near any US border or in the “border zone” within 100 miles of coasts and borders where CBP has its own license plate readers, according to a Privacy Impact Assessment (PIA) published this month.

According to the new PIA, the aggregated commercial database that CBP is paying to query includes “nationwide… license plate image information from private businesses (e.g., parking garages), local governments (e.g., toll booth cameras), law enforcement agencies, and financial institutions via their contracted repossession companies.”

The PIA is worded in the future tense (“CBP plans to…”), but the contract is describes may already have gone into effect, or could do so at any time.

Since at least 2012, CBP has operated its own cameras and license-plate readers at border crossings, international ports and airports, and in “border regions”. The 100-mile border zone claimed by CBP allows it to set up permanent cameras to track vehicles traveling along highways that don’t cross any international border. This could include east-west traffic on I-80 and I-90 through or around Chicago or on I-10 through Houston. for example, or north-south traffic up and down the east and west coasts on I-5 and I-95.

Since at least 2009, the DHS has also been sharing license-plate reader data with the Drug Enforcement Agency (DEA) and inter-agency task forces (which typically include Federal, satte, and local law enforcment agencies). In 2017, DHS and DEA began “streaming” license-plate data to each other in real time, so that each has a mirror of the dataset from each others’ cameras and sources.

The DHS first revealed plans to buy nationwide license-plate reader data from commercial aggregators in 2014. But news of the Request for Proposals prompted such an immediate storm of outrage that the proposal was cancelled less than a day later. The DHS even went to far as to claim that the bid solicitation had been issued by a rogue department staff person without the knowledge of department “leadership”.

However, just a year later, in 2015, DHS reversed course and again began pursuing access to nationwide license-plate reader data from commercial aggregators. Those plans have, apparently, now come to fruition.

License plate reader records from commercial aggregators will be pulled into the CBP  Automated Targeting System (ATS) and stored in  CBP’s ATS, TECS, and/or Analytical Framework for Intelligence (AFI) databases. CBP claims that the catch-all mentions of commercial data in the Privacy Act notices for ATS, TECS, and AFI already are broad enough to cover nationwide aggregated commercial license-plate reader data. No updates to the required Privacy Act notices (SORNs) describing the categories of records in these databases have been promulgated.

With the Feds buying access to this data, inquiring drivers should want to know: Are the parking garages or commercial facilities you patronize, or the highways your taxes and tolls support, selling location-identified, timestamped, license plate reader records to commercial aggregators to re-sell to the Feds or other unknown third parties? And if so, why?