After DHS canceled a plan for broad law enforcement access to a national license-plate tracking system in February, officials established a policy that required similar plans be vetted by department privacy officers to ensure they do not violate Americans’ civil liberties.
Two months later, however, officials with DHS’s Immigration and Customs Enforcement agency bypassed the privacy office in purchasing a one-year subscription for a commercially run national database for its Newark field office, according to public contract data and department officials. In June, ICE breached the policy again by approving a similar subscription for its Houston field office. The database contains more than 2.5 billion records.
The policy was created after Homeland Security Secretary Jeh Johnson, who oversees ICE, canceled a solicitation that could have given ICE field offices across the country — more than 12,000 personnel — access to a national license-plate database.
That solicitation had prompted a backlash from privacy advocates who have raised concerns that the information can be abused to track the past and current movements of ordinary citizens who are under no criminal suspicion. Advocates said the failure to follow procedures fits a pattern in which concerns over privacy are overlooked as law enforcement officials clamor for subscriptions to massive license-plate tracking databases.
“From what I can tell, this data is collected privately and used by law enforcement without the public’s knowledge,” ICE privacy officer Lyn Rahilly wrote in a January 2011 e-mail to an official in ICE’s Homeland Security Investigations division. “There is no accountability to the public as to how the data is collected, how much is collected, how long it is retained, how it is used or what rights affected users might have.”
Officials at ICE say the field office use is limited, involves ongoing criminal investigations for which they had earlier access to the database, and is not related to civil immigration enforcement. They said the breach of the new policy was inadvertent and a result of a miscategorization of the contracts.
The commercial databases draw information from readers that scan the tags of every vehicle crossing their paths. Records, for instance, can be obtained from repossession companies, whose drivers mount cameras on their cars and capture images of license plates of passing or parked cars, along with the time and location of the photo.
For federal officials, the information has become a critical tool to help the agency locate suspects who could pose a threat to public safety. But they acknowledged that they have not imposed privacy safeguards on use of the database, such as rules limiting how long the data agents look at may be kept.
In a statement, ICE spokeswoman Gillian Christensen said over the past six months, the agency, its privacy office and the DHS Office for Civil Rights and Civil Liberties have been reviewing ICE’s practices and policies governing the use of license-plate-reader databases. Officials said a privacy impact assessment is being prepared.
Christensen added that agency attorneys in 2012 concluded there were no legal obstacles “with respect to privacy and data retention laws” to using the database “particularly given its widespread use by other federal, state and local law enforcement agencies in the furtherance of ongoing criminal investigations and fugitive cases.”