Police License Plate Readers Spark Privacy Concerns Nationwide

License plate-reading devices fuel privacy debate

Technology helps police respond to crimes, violations, but broad use, lack of regulations raise privacy worries.

Article Courtesy of the Boston Globe

Article Courtesy of:  The Boston Globe

Automated License Plate Recognition Video

CHELSEA — The high-speed cameras mounted on Sergeant Robert Griffin’s cruiser trigger a beeping alarm every time they read another license plate, automatically checking to see if each car is unregistered, uninsured, or stolen. In a single hour of near-constant beeps, Griffin runs 786 plates on parked cars without lifting a finger.

The plate-reading cameras were introduced for police use in Massachusetts in 2008, and quickly proved their worth. The one on Griffin’s Chelsea cruiser repaid its $24,000 price tag in its first 11 days on the road. “We located more uninsured vehicles in our first month . . . using [the camera] in one cruiser than the entire department did the whole year before,” said Griffin.

Now, automated license plate recognition technology’s popularity is exploding — seven Boston-area police departments will add a combined 21 new license readers during the next month alone — and with that expanded use has come debate on whether the privacy of law-abiding citizens is being violated.

These high-tech license readers, now mounted on 87 police cruisers statewide, scan literally millions of license plates in Massachusetts each year, not only checking the car and owner’s legal history, but also creating a precise record of where each vehicle was at a given moment.

The records can be enormously helpful in solving crimes — for example, Fitchburg police used the technology to catch a serial flasher — but they increasingly make privacy advocates uneasy.

Police License Plate Readers

Use of the technology is outstripping creation of rules to prevent abuses such as tracking the movements of private citizens, or monitoring who visits sensitive places such as strip clubs, union halls, or abortion clinics.

A survey of police departments that use automated license readers found that fewer than a third — just 17 out of 53 — have written policies, leaving the rest with no formal standards for who can see the records or how long they will be preserved.

“The worst-case scenario — vast databases with records of movements of massive numbers of people — is already happening,” warns Kade Crockford of the American Civil Liberties Union of Massachusetts, which is pushing for a state law to regulate use of license plate scanners and limit the time departments can routinely keep the electronic records to 48 hours.

But police fear that zeal to protect privacy could stifle the use of a promising law enforcement tool, especially if they are prevented from preserving and pooling license plate scans for use in detective work. Currently, all of the police departments keep their plate scans longer than two days, with data storage ranging from 14 days in Somerville and Brookline to 90 days in Boston and up to a year in Leicester, Malden, Pittsfield, and Worcester.

Sergeant Griffin, whose own department has no written policy, agrees that there should be rules to prevent abuse, but thinks that these should be set by local departments rather than at the State House. He said that rather than restrict use of the scanners, the Legislature should “trust law enforcement to do the right thing.”

The usefulness of the automated license plate reader as an investigative tool springs from the astounding number of license plates the units can scan and record. With an array of high-speed cameras mounted on police cruisers snapping pictures, these systems are designed to capture up to 1,800 plates per minute, even at high speeds and in difficult driving conditions.

“I’ve had my license plate reader correctly scan plates on cars parked bumper-to-bumper when I’m driving full speed,” said Griffin, who caught three scofflaws owing a combined $1,900 in parking tickets from the 786 license plates his reader checked on a recent one-hour patrol. The devices misidentify plates often enough that scans have to be confirmed by an officer on the scene before writing a ticket. In this case, after confirming the parking tickets, and the money owed, police initiated the collection process. Griffin called headquarters to confirm that the vehicles still had unpaid tickets, and then arranged for them to be towed.

Boston’s four scanner-equipped cars do 3,500 scans a day and more than 1 million per year, according to police data. Even smaller departments such as Fitchburg scan 30,000 plates per month with just one license-reading system, easily 10 times more than an officer could manually check.

Most of the departments that deploy license plate readers use them primarily for traffic enforcement. But the scanners — sometimes called by the acronym ALPR — are also used for missing persons, AMBER alerts, active warrants, and open cases.

Automated License Plate Recognition Video

“Every once in a while our detectives will use the ALPR database for retrospective searches,” said Griffin, adding that the technology has proved useful to scan vehicles in neighborhoods surrounding crime scenes.

Griffin’s counterpart in Fitchburg, Officer Paul McNamara, said license scanner data played a crucial role in solving a string of indecent exposure incidents at Fitchburg State University in April 2011. At the request of the university police, McNamara entered the alleged flasher’s plate into his license-scan database. The system indicated that a suspect’s vehicle had passed the scanner just 10 minutes earlier, leading to a suspect’s arrest and later guilty plea to charges of indecent exposure and lewdness.

McNamara said that there is no formal process when another police department requests a license inquiry of this kind into his unit’s database.

“It can’t be a fishing expedition, though,” he said. “We look at it as a form of mutual aid, so it has to be a serious criminal matter for us to share data.”

While law enforcement officials are enthusiastic, critics can point to alleged abuses:

■ In 2004, police tracked Canadian reporter Kerry Diotte via automated license scans after he wrote articles critical of the local traffic division. A senior officer admitted to inappropriately searching for the reporter’s vehicle in a license scan database in an attempt to catch Diotte driving drunk.

■ Plainclothes NYPD officers used readers to scan license plates of worshipers at a mosque in 2006 and 2007, the Associated Press reported, under a program that was partially funded by a federal drug enforcement grant.

■ In December, the Minneapolis Police Department released a USB thumb drive with 2.1 million license plate scans and GPS vehicle location tags in response to a public records request, raising fears that such releases might help stalkers follow their victims. A few days later, the Minneapolis mayor asked the state to classify license scan data as nonpublic.

ACLU attorney Fritz Mulhauser warned last summer that, within a few years, police will be able to use license scan records to determine whether a particular vehicle “has been spotted at a specific church, union hall, bar, political party headquarters, abortion clinic, strip club, or any number of other locations a driver might wish to keep private.”

But many law enforcement officials say they are just starting to tap the potential of license plate scanners.

“If anything, we’re not using ALPR enough,” said Medford’s Chief Leo Sacco, who would like to deploy the scanners 24 hours a day on all of his cruisers.

Massachusetts public safety officials are trying to create a central repository of license scans similar to a system in Maryland where all 262 scanner-equipped cruisers feed data to the state. In 2011, the Executive Office of Public Safety and Security handed out $750,000 in federal grants for 43 police departments to buy scanners with the understanding that all scan results would be shared.

NOTE:  This investigation was done for the Globe in collaboration with MuckRock, a Boston-based company that specializes in obtaining government documents through records requests.

It was supported by a grant from the Fund for Investigative Journalism. Shawn Musgrave can be reached at shawn@muckrock.com.

Article Courtesy of the Boston Globe

Article Courtesy of:  The Boston Globe

Complete Boston Globe Article & More Information…

%%%%%%%%%%%%%%%%%%%%%%%%%%

Related Articles:

Network Vulnerabilities Continue to Worry Security Experts

Irrational’ hackers are growing U.S. security fear

Reuters

Article Courtesy of:  Jim Finkle | Reuters

(Reuters) – Cybersecurity researcher HD Moore discovered he could use the Internet to access the controls of some 30 pipeline sensors around the country that were not password protected.

Homeland Security - Investigative Database

A hacking expert who helps companies uncover network vulnerabilities, Moore said he found the sensors last month while analyzing information in huge, publicly available databases of Internet-connected devices.

“We know that systems are exposed and vulnerable. We don’t know what the impact would be if somebody actually tried to exploit them,” said Moore, chief research officer at the security firm Rapid7.

U.S. national security experts used to take comfort in the belief that “rational” super powers like China or Russia were their main adversaries in cyber space. These countries may have the ability to destroy critical U.S. infrastructure with the click of a mouse, but they are unlikely to do so, in part because they fear Washington would retaliate.

Now, concerns are growing that “irrational” cyber actors – such as extremist groups, rogue nations or hacker activists – are infiltrating U.S. systems to hunt for security gaps like the one uncovered by Moore.

These adversaries may not be as resourceful, but like Timothy McVeigh’s bombing of an Oklahoma federal building in 1995, it is the element of surprise that is as concerning.

DHS Secretary Michael ChertoffPhoto by Greg Henshall / FEMA

Former DHS Secretary Michael Chertoff – Photo by Greg Henshall / FEMA

Former U.S. Homeland Security Secretary Michael Chertoff said he was worried the first destructive cyber attack on U.S. soil might resemble the Boston Marathon bombings in the sense that the suspects were not on the government’s radar.

“You are going to get relatively modest-scale, impact attacks from all kinds of folks – hactivists, criminals, whatever,” Chertoff said at the Reuters Cybersecurity Summit last week. “Are they going to take down critical infrastructure? They might.”

Emerging cyber actors that security experts say they are most concerned about include Iran, believed to be behind the ongoing assaults on U.S. banking websites, as well as a devastating attack on some 30,000 PCs at Saudi Arabia’s national oil company last year.

North Korea is also quickly gaining cyber skills, experts say, after hackers took down three South Korean broadcasters and two major banks in March.

Another emerging actor is the Syrian Electronic Army, an activist group that has claimed responsibility for hacking the Twitter accounts of major Western media outlets, such as the Associated Press last month, when its hackers sent a fake tweet about explosions at the White House that briefly sent U.S. stocks plunging.

UNRELENTING ATTACKS

The U.S. power grid is the target of daily attempted cyber attacks, according to a report by California Representative Henry Waxman and Massachusetts Representative Ed Markey released at the House Energy and Commerce Committee’s cybersecurity hearing on Tuesday.

More than a dozen utilities report daily, constant or frequent attempted attacks, ranging from unfriendly probes to malware infection, according to the report. (To read the report, see http://r.reuters.com/sej38t)

Gerry Cauley, chief executive of the North American Electric Reliability Corp, told the Reuters Cybersecurity Summit that computer viruses have been found in the power grid that could be used to deliver malicious software to damage plants. NERC is a non-profit agency that oversees and ensures the reliability of bulk power system in the region.

Experts say that with so many unknown hackers trying to infiltrate U.S. industrial control systems, they fear someone somewhere – perhaps even an amateur – will intentionally or unintentionally cause damage to power generators, chemical plants, dams or other critical infrastructure.  “Even if you don’t know how things actually work, you can still wreak havoc by crashing a device,” said Ruben Santamarta, a senior security consultant with IOActive. “Probably in the near future we may face an incident of this type, where the attackers will not even know what they are doing.”

Santamarta has identified hundreds of Internet-facing control systems — on the grid, at water treatment facilities and heating and ventilation systems for buildings including hospitals. He has also uncovered bugs built into industrial control equipment.

The Department of Homeland Security’s Industrial Control Systems Cyber Emergency Response Team, known as ICS-CERT, last week warned of a flaw that Santamarta found in equipment from Germany’s TURCK, which is used by manufacturers and agriculture firms in the United States, Europe and Asia.

The agency said attackers with “low” hacking skills could exploit the flaw, letting them remotely halt industrial processes. It advised customers to install a patch that would protect them against such attacks.

Director of National Intelligence James Clapper told a Senate committee in March that “less advanced, but highly motivated actors” could access some poorly protected control systems. They might cause “significant” damage, he warned, due to unexpected system configurations, mistakes and spillovers that could occur between nodes in networks.

For the Complete Article:  CLICK HERE

Reuters