The Drug Enforcement Administration (DEA) has initiated a massive national license plate reader program with major civil liberties concerns but disclosed very few details, according to new DEA documents obtained by the ACLU through the Freedom of Information Act.
The DEA has gathered as many as 343 million records in the National License Plate Recognition program, which connects DEA license plate readers with those of other law enforcement agencies around the country.
“With its jurisdiction and its finances, the federal government is uniquely positioned to create a centralized repository of all drivers’ movements across the country — and the DEA seems to be moving toward doing just that.”
A Washington Post headline proclaimed in February 2014 that the Department of Homeland Security had cancelled its “national license-plate tracking plan,” but all that was ended was one Immigrations and Customs Enforcement solicitation for proposals. In fact, a government-run national license plate tracking program already exists, housed within the DEA. (That’s in addition to the corporate license plate tracking database run by Vigilant Solutions, holding billions of records about our movements.) Since its inception in 2008, the DEA has provided limited information to the public on the program’s goals, capabilities and policies. Information has trickled out over the years, in testimony here or there. But far too little is still known about this program.
In 2012, the ACLU filed public records requests in 38 states and Washington, D.C. seeking information about the use of automatic license plate readers. Our July 2013 report, You Are Being Tracked, summarized our findings with regard to state and local law enforcement agencies, finding that the technology was being rapidly adopted, all too often with little attention paid to the privacy risks of this powerful technology. But in addition to filing public records requests with state agencies, the ACLU also filed FOIA requests with federal agencies, including the DEA.
The new DEA records that we received are heavily redacted and incomplete, but they provide the most complete documentation of the DEA’s database to date. For example, the DEA has previously testified that its license plate reader program began at the southwest border crossings, and that the agency planned to gradually increase its reach; we now know more about to where it has grown. The DEA had previously suggested that “other sources” would be able to feed data into the database; we now know about some of the types of agencies collaborating with the DEA.
The documents uncovered by our FOIA request provide additional details, but their usefulness is limited by the DEA’s decision to provide only documents that are undated or years old. If the DEA’s collection of location information is as extensive as the agency has suggested in its limited comments to legislatures, the public deserves a more complete and comprehensive explanation than the smattering of records we have obtained can provide.
These records do, however, offer documentation that this program is a major DEA initiative that has the potential to track our movements around the country. With its jurisdiction and its finances, the federal government is uniquely positioned to create a centralized repository of all drivers’ movements across the country — and the DEA seems to be moving toward doing just that. If license plate readers continue to proliferate without restriction and the DEA holds license plate reader data for extended periods of time, the agency will soon possess a detailed and invasive depiction of our lives (particularly if combined with other data about individuals collected by the government, such as the DEA’s recently revealed bulk phone records program, or cell phone information gleaned from U.S. Marshals Service’s cell site simulator-equipped aircraft ). Data-mining the information, an unproven law enforcement technique that the DEA has begun to use here, only exacerbates these concerns, potentially tagging people as criminals without due process.
Some major findings from the documents
The National License Plate Recognition Initiative includes a massive database containing data from both DEA-owned automatic license plate readers and other readers. Among the findings from the FOIA documents:
- At the time of an undated slideshow, the DEA had deployed at least 100 license plate readers across the United States (eight states are identified: California, Arizona, New Mexico, Texas, Florida, Georgia, and New Jersey). A 2010 document also explains that the DEA had by then set up 41 plate reader monitoring stations throughout Texas, New Mexico, and California.
- The DEA is also inviting federal, state, and local law enforcement agencies around the country to contribute location information to the database. For example, the documents show that local and regional law enforcement systems in Southern California’s San Diego and Imperial Counties and New Jersey all provide data to the DEA. The program was “officially opened” to these partners in May 2009. Other agencies are surely partnering with the DEA to share information, but these agreements are still secret, leaving the public unable to know who has their location information and how it is being used.
- Customs and Border Patrol (CBP) is one of the federal agencies that has shared information with the DEA. An undated Memorandum of Understanding explains that the agencies will, “at regular intervals,” provide each other license plate reader data. It also authorizes the two agencies to further share each other’s data with other federal, state, and local law enforcement and prosecutors as well as to “intelligence, operations, and fusion centers.” This is a lot of location points. CBP collects “nearly 100 percent of land border traffic,” which amounts to over 793.5 million license plates between May 2009 and May 2013, according to CBP’s response to our FOIA request.
- Additionally, any federal, state, or local law enforcement agent vetted by the DEA’s El Paso Intelligence Center can conduct queries of the database, located in Merrifield, Va.
- The same undated slideshow suggests that there were over 343 million records in the database at the date of the slide’s publication (due to redactions, it is impossible to confirm that date from this document).
- The unredacted parts of the documents and news reports suggest that the DEA recently changed its retention policy to six months for non-hit data. While this is an improvement from previous statements of DEA retention policy, it is still far too long. The government should not collect or retain information revealing the movements of millions of people accused of no crime. But even that long retention period is only meaningful if it comes with strict rules limiting data use, sharing, and access. Like its retention policy, the DEA should make these policies public.
- The DEA says that the National License Plate Recognition Initiative targets roadways that the agency believes are commonly used for contraband transport. But it’s not clear what this means or what it is based on. Every highway in the United States must be regularly used for contraband transport. Is the DEA using this undefined mandate to target people of color? Without more information from the DEA, we have no idea.
- One DEA document references steps needed to ensure the program meets its goals, "of which asset forfeiture is primary." Asset forfeiture has been in the news a lot lately, criticized as a widely abused law enforcement tactic that doesn’t advance public safety but simply enriches police and federal agencies.
- The program also apparently data mines license plate reader data "to identify travel patterns." The extent of this data mining is unknown. Is the DEA running all of our license plate reads through a program to predict our likelihood of committing a crime? Are we all suspects if we drive on a certain road? What else does the DEA think it knows about us just from the collection and analysis of our locations via license plate reader data?
“Technology now allows us to be followed or seen or photographed or videoed and have information stored every time we leave our homes,” Professor Clifford Fishman adds. “The Supreme Court’s standard of Americans having a reasonable expectation of privacy ... doesn’t work anymore, so we need a new way to define when privacy needs to be protected from digital surveillance and retention of data.”
“I think of this almost as a process issue more than a substance or constitutionality issue,” says Fred Cate, a senior fellow at Indiana University’s Center for Applied Cybersecurity Research in Bloomington. “The thing that feels particularly jarring is that nobody is forthright about what they’re doing.
DEA is spying on our phone calls:
DHS run Justice Department revealed the existence of yet another database of American telephone records, adding new details to the disclosures in recent years about mass government surveillance.
This database was maintained by the Drug Enforcement Administration and contained the records of calls made between phone numbers in the United States and overseas. The phone records were retained even if there was no evidence the callers were involved in criminal activity.
The government stored the numbers, the time and date of the call and the length. But, the database did not include names or other personal identifying information or the content of the conversation. It contained records of calls between Americans and people in countries that had connections to international drug trafficking and related criminal activities.
An agent with the Department of Homeland Security (DHS) received an unsolicited email from a source who claimed that an Iranian emailed him seeking to procure electronic parts for a project in Iran. The email to the source contained the Iranian’s phone number and business address in Tehran. The DHS agent took that phone number and queried it in a law enforcement database, seeking to find US based phone numbers that had communicated with the Iranian. The results turned up one number that corresponded to a Google voice phone number. Via a subpoena to Google, the government was able to identify the number as Hassanshahi’s. After additional investigation, including a search of the TECS database, the government indicted Hassanshahi. Assuming the database was the NSA’s controversial phone records database, Hassanshahi’s lawyers moved to suppress the information learned from the search of the database. The government responded that it wasn’t the NSA database and refused to give the court or the defendant any more information about the database—but asked the court to assume the information had been obtained unconstitutionally.
That’s right—the government stated that the database it used was unconstitutional. Unsurprisingly, such an admission got a few raised eyebrows, including the judge overseeing the case, who noted that the government left him in a “difficult, and frustrating, situation.” The judge ordered the government to submit an ex parte declaration “summarizing the contours of the mysterious law enforcement database.”
The existence of another database of phone records collected in bulk for domestic law enforcement purposes raises serious questions, WHO ISN'T SPYING ON US?