Sunlight on surveillance (of city officials) leads to policy debate around license plate readers

An amazing thing is happening in Minneapolis.

Back in August 2012, a local reporter filed public records requests to the Minneapolis PD for license plate data the department captured on a number of high profile people, including the Mayor. The newspaper published 41 data hits it held on the Mayor's city car — it even mapped them online (see below). (You can click on each hit to see the time and date for each capture.)

View Rybak Locations in a larger map

Upon learning that his location information was published on the internet, and that the data had come from his own police department, Mayor Rybak's interest in the license plate reader issue was piqued. Privacy watchers like me cheered, thinking that the Mayor would surely push the department to limit its data retention — which at present is hardly a limit at all, at 365 days. (The MPD has collected about 4.9 million license plate data points over the past year, according to reports.)

As they say on the internet: sadly, no. Well, maybe it's more accurate to say: not exactly.

Instead of limiting its data retention policies, thereby ensuring that license plate readers do not become warrantless license plate trackers, the police department is lobbying to get license plate data reclassified as a police record, exempt from public disclosure. As it stands, Minnesota's liberal public records law designates most documents held by government agencies as automatically retrievable and available to the public, with few restrictions.

Ars Technica quotes a police representative on the department's concerns:

"We do have a concern of the way the data could be used," Sgt. William Palmer, the public information officer for the Minneapolis Police Department, told Ars.

"I don't know that as of yet we've had a case where someone misused the information—but taking proactive steps to prevent a stalking case or a domestic violence case where a partner was able to figure out where their previous partner's vehicle was located is a concern to us."

Of course, the police department could limit these abuses by deleting all captured plate data that doesn't relate to an ongoing investigation or a violation. After all, police officers who have access to the data are fully capable of abusing it, too.

But instead of limiting the database itself, by cutting the retention period to something reasonable like 1-7 days, the department's argument is that the police, and only the police, should have access to our location information without even any reasonable suspicion that we've committed wrongdoing — let alone getting a warrant.

Talk about learning the wrong lessons.

Thankfully, public officials outside the police department seem to get it and are talking about limiting police access to the data, too. From the Minneapolis Star Tribune:

Last Friday, the state's Criminal and Juvenile Justice Information Task Force voted to recommend to the Legislature that the data should be classified as "private," meaning only the subject can request it from police.

"Now that we see someone's patterns in a graphic on a map in a newspaper, you realize that person really does have a right to be secure from people who might be trying to stalk them or follow them or interfere with them," said Bob Sykora, chief information officer for the Minnesota Board of Public Defense, who recommended the reclassification.

Voting no were privacy advocate Rich Neumeister and a representative of the attorney general's office, who felt the recommendation also needed to cover data retention, usage and access. "If you make things private [without addressing these issues], there's no accountability or transparency on how they're using millions of records," Neumeister said.

In a separate motion, the task force recommended the data be retained for a "limited period" and will appoint a group to determine what that should be.

That's a hugely important step that the police department has skipped over. By acknowledging that license plate data can be easily abused and advocating for steps to limit the abuse, the police are tacitly agreeing with privacy watchers when we say that license plate data reveals a lot about our private lives. But unfortunately the police department's chief concern appears to be the possibility that other people will abuse the information, not that police officials will.

That's simply inadequate. We know police departments engage in all sorts of officially sanctioned yet questionabl e surveillance — quite apart from the issue of rogue and abusive officers who exploit police databases for their own purposes. Indeed, a recent study showed that police officers are twice as likely as non-police officers to beat their wives.

Limiting the public's access to this data does not solve the fundamental problem with license plate readers: when data is retained for a long time and pooled into regional databases, the tool enables the police to warrantlessly track our movements.

Thankfully, Rep. Tony Cornish, Republican state legislator and former police chief, gets it. He is advising his colleagues to pursue statewide legislation that would limit retention and sharing of the data among government agencies.

"Even though technology is great and it helps catch the bad guys, I don't want the good guys being kept in a database," Cornish told the Star Tribune.

Let's hope a majority of his colleagues in the state legislature agrees.