CBP Updates Privacy Impact Assessment On License Plate Readers; Says Opting Out Involves Not Driving
from the just-five-years-of-surveillance-at-CBP-fingertips dept
The last time the CBP delivered a Privacy Impact Assessment of its automated license plate readers, it informed Americans as far as 100 miles inland that there’s really no privacy being impacted by the deployment of tech capable of capturing millions of plate images every year. If you don’t want to be on the CBP ALPR radar (which is shared with the DEA and other law enforcement agencies), don’t drive around in a properly licensed vehicle.
This impact assessment was not updated when the CBP’s ALPR vendor was hacked and thousands of plate photos — some of which contained photos of drivers and passengers — were taken from the vendor’s servers. The vendor was never supposed to be storing these locally, but it decided to do so and the end result was a lot of leakage the CBP assured everyone contained “no personal information” about the thousands of people and vehicles contained in the photos.
The CBP’s latest Privacy Impact Assessment [PDF] has been turned in and it’s more of the same thing. Want to dodge the feds’ plate readers, stay off the road. (via Zack Whittaker/TechCrunch)
Privacy Risk: There is a risk that individuals who are not under suspicion or subjects of investigation may be unaware of or able to consent to CBP access to their license plate information through a commercial database.
Mitigation: This risk cannot be fully mitigated. CBP cannot provide timely notice of license plate reads obtained from various sources outside of its control. Many areas of both public and private property have signage that alerts individuals that the area is under surveillance; however, this signage does not consistently include a description of how and with whom such data may be shared. Moreover, the only way to opt out of such surveillance is to avoid the impacted area, which may pose significant hardships and be generally unrealistic.
Keep in mind that “impacted areas” aren’t just the places you expect Customs and Border Protection to be. You know… like at the border. It’s also up to 100 miles inland from every border. And “border” is also defined as any entry point, which includes international airports. So, that’s a lot of “impacted area.” There’s really no realistic way to dodge everywhere the CBP operates. And one would think actively dodging CBP-patrolled areas would be treated as suspicious behavior by CBP officers, which could result in far more than license plate records being abused.
The CBP says it will keep privacy violations to a minimum, though. It will only access its database if it has “circumstantial evidence.” So… feel good about that, I guess.
The CBP also says that it probably isn’t actually allowed to perform this collection but it will try its very best not to abuse its ALPR privileges.
There is a risk that CBP does not have the appropriate authority to collect commercially available LPR information from vehicles operating away from the border and outside of CBP’s area of responsibility.
No big deal, says the CBP. It will only retain information about vehicles crossing the border. Or connected to a “person of law enforcement interest.” Or connected to potentially illicit activity. Or for “identifying individuals of concern.” Just those things. And the data not connected to anything in particular will be held onto for a limited time.
Here’s the definition of “limited:”
CBP may access LPR data over an extended period of time in order to establish patterns related to criminal activity; however, CBP has limited its access to LPR data to a five-year period in an effort to minimize this risk.
Really the only thing limited about this is that it isn’t forever. The CBP’s vendor can hold onto this data forever, but CBP agents will only be able to search the last five years of records. Cached searches will be retained for up to 30 days if they’re of interest to the CBP or other law enforcement agencies with access to the database. Uninteresting searches will be dumped within 24 hours.
Five years is a lot of data. That’s not really a mitigation of privacy concerns. The CBP’s Impact Assessment pretty much says the agency plans to use this to reconstruct people’s lives. Its definition of “limited” — the one that means five years of searchable records — is its response to the privacy risk posed by the aggregate collection of travel records over a long period of time. Apparently, the CBP feels five years is long enough for it to do its job. But not long enough that the general public should be worried about it.
Filed Under: alpr, cbp, driving, license plate reader, lpr, privacy impact assessment
Comments on “CBP Updates Privacy Impact Assessment On License Plate Readers; Says Opting Out Involves Not Driving”
This comment has been flagged by the community. Click here to show it.
ABOUT-Article BT Mail - BT.com BT Internet Sign In|BT Mail Login
Hi , Just wanted to say thanks for this fantastic article.
Website: http://btmaills.com
Re: ABOUT-Article BT Mail - BT.com BT Internet Sign In|BT Mail L
Normal spam?!?!
The US is implementing levels of surveillance that make the STASI look like ineffective amateurs.
This comment has been flagged by the community. Click here to show it.
update
I hope the new update is good and will benefit everyone thanks for sharing it was a well-detailed article.check out the link if you like leather jackets
https://shoqz-fashionz.com/ww2-german-leather-luftwaffe-flight-flying-jacket
'Unless of course we really want to, then it's fine.'
Really the only thing limited about this is that it isn’t forever. The CBP’s vendor can hold onto this data forever, but CBP agents will only be able to search the last five years of records. Cached searches will be retained for up to 30 days if they’re of interest to the CBP or other law enforcement agencies with access to the database. Uninteresting searches will be dumped within 24 hours.
I certainly hope everyone is practicing their ‘surprised’ faces for when(not if) they violate that already ludicrous ‘limit’.
On a more general note to call this argument ‘absurd’ is to do a gross disservice to the word. ‘We promise to respect your privacy, if by that you mean have cameras track your every move on the road that we can access for years after the fact’ is the sort of thing that belongs in dystopian novels and films, not an official government agency.
With that sort of argument government agencies could demand that telecom companies keep tracking information for every phone in the country for years on end with nothing more than a pinky-promise that they won’t access that data unless they have a really important reason to(as defined by themselves of course). Or worse, the companies could offer that ‘service’ themselves and it would be seen as completely fine because hey, if you don’t want to be tracked just don’t carry a phone.
It would be great if politicians and/or judges started handing out hefty slaps and reminders that no, that’s not what ‘privacy’ means, but between those who’ve bought into the idea that a constantly watched country is a safe country(so long as them and theirs aren’t the ones under the microscope of course) and those too gutless to actually stand up to such activity less they be labeled as ‘pro-criminal’ I sadly don’t see that happening any time soon.
Ignores the constitution altogether
The CBP clearly must be ignoring the actual words of the constitution or they would realize that they have flipped the script and are treating everyone as if they are already in prison and their rights no longer exist. I thought you were considered innocent until proven guilty in a court of law. The only entity clearly guilty here is the CBP who is operating outside of the law.
Sure it can. Stop collecting the data. Seriously.
But even beyond that, it can be mitigated. I work in a field where we have PII streaming in and captured from customers constantly. Anything flagged PII gets stored in a separate bin, with locale-specific limitations (data in one area is siloed from other areas), a fixed and automated expiry time, and temporary, task-based access to the silo (only individuals with demonstrated need to access THAT data have access to it, and only for a limited time).
They’re right that even these controls won’t fully mitigate, but they can sure mitigate a LOT further than the current setup. Their current privacy stance is like saying "Oh, well thieves can break a window to get into my house, so locks, lights and security cameras are useless and we shouldn’t bother with them".
Just get one of these license plate frames with concealed infra red LEDs that can prevent cameras from seeing your your plate numbers
Re: Re:
Unless police in your area have ALPRs in their cars, in which case they’ll probably pull you over every time they see you.
What is NOT above the law.
Import of Cigs from canada?
Alcohol?
https://www.ezbordercrossing.com/the-inspection-experience/clearing-customs/prohibited-items/
USA
Lets see the discrepancies..
Cooked eggs and foods such as breakfast tacos, egg plates and hard boiled eggs are prohibited.
You may not import fresh, dried or canned meats or meat products or foods that have been prepared with meat. Beef products are generally ok if there is no known bovine disease in the country of origin. However, like all other food items the meat must be unopened and commercially labeled indicating the country of origin and meat type. The regulations on importing meat and meat products change frequently because they are based on disease outbreaks in different areas of the world.
Certain fish and wildlife, and products made from them, are subject to import and export restrictions, prohibitions, and permits.
CBP enforces laws relating to the protection of trademarks and copyrights. Counterfeit articles or those that infringe a federally registered trademark or copyright may be seized.
CDN
Most types weapons such as tasers, brass knuckles, and pepper spray.
Certain knives, even those used for hunting or fishing.
Obscene material, hate propaganda and child pornography. They can inspect your laptops, cellphones and other computer equipment to see what you have on them.
General Issues
We have a separate page with information on importing automobiles into both the U.S. and Canada.
If there is no packaging label on food, or the border agent cannot read the label because it is not in English, the item will most likely be confiscated.
“Kosher” products carry no special exception to any these rules.
If you are carrying any of the following items you MUST disclose them to the US border official:
Fruits and vegetables
Plants and cut flowers
Meat and animal products
Live animals
NOW, does anyone see a problem in this?? Alcohol? Tobacco? Hookers?
What is NOT above the law.
Import of Cigs from canada?
Alcohol?
https://www.ezbordercrossing.com/the-inspection-experience/clearing-customs/prohibited-items/
USA
Lets see the discrepancies..
Cooked eggs and foods such as breakfast tacos, egg plates and hard boiled eggs are prohibited.
You may not import fresh, dried or canned meats or meat products or foods that have been prepared with meat. Beef products are generally ok if there is no known bovine disease in the country of origin. However, like all other food items the meat must be unopened and commercially labeled indicating the country of origin and meat type. The regulations on importing meat and meat products change frequently because they are based on disease outbreaks in different areas of the world.
Certain fish and wildlife, and products made from them, are subject to import and export restrictions, prohibitions, and permits.
CBP enforces laws relating to the protection of trademarks and copyrights. Counterfeit articles or those that infringe a federally registered trademark or copyright may be seized.
CDN
Most types weapons such as tasers, brass knuckles, and pepper spray.
Certain knives, even those used for hunting or fishing.
Obscene material, hate propaganda and child pornography. They can inspect your laptops, cellphones and other computer equipment to see what you have on them.
General Issues
We have a separate page with information on importing automobiles into both the U.S. and Canada.
If there is no packaging label on food, or the border agent cannot read the label because it is not in English, the item will most likely be confiscated.
“Kosher” products carry no special exception to any these rules.
If you are carrying any of the following items you MUST disclose them to the US border official:
Fruits and vegetables
Plants and cut flowers
Meat and animal products
Live animals
NOW, does anyone see a problem in this?? Alcohol? Tobacco? Hookers?
Re: What is NOT above the law.
And even real things that don’t infringe on any IP rights can also be seized by CBP and ICE – witness what happened to a shipment of masks printed with messages from police accountability activists.
https://www.businessinsider.com/george-floyd-protesters-face-masks-seized-movement-for-black-lives-2020-6