U.S. Customs and Border Protection has admitted that there is no practical way for Americans to avoid having their movements tracked by its license plate readers, according to its latest privacy assessment.
CBP published its new assessment — three years after its first — to notify the public that it plans to tap into a commercial database, which aggregates license plate data from both private and public sources, as part of its border enforcement efforts.
The U.S. has a massive network of license plate readers, typically found on the roadside, to collect and record the license plates of vehicles passing by. License plate readers can capture thousands of license plates each minute. License plates are recorded and stored in massive databases, giving police and law enforcement agencies the ability to track millions of vehicles across the country.
The agency updated its privacy assessment in part because Americans “may not be aware” that the agency can collect their license plate data.
“CBP cannot provide timely notice of license plate reads obtained from various sources outside of its control,” the privacy assessment said. “Many areas of both public and private property have signage that alerts individuals that the area is under surveillance; however, this signage does not consistently include a description of how and with whom such data may be shared.”
But buried in the document, the agency admitted: “The only way to opt out of such surveillance is to avoid the impacted area, which may pose significant hardships and be generally unrealistic.”
CBP struck a similar tone in 2017 during a trial that scanned the faces of American travelers as they departed the U.S., a move that drew ire from civil liberties advocates at the time. CBP told Americans that travelers who wanted to opt-out of the face scanning had to “refrain from traveling.”
The document added that the privacy risk to Americans is “enhanced” because the agency “may access [license plate data] captured anywhere in the United States,” including outside of the 100-mile border zone within which the CBP typically operates.
CBP said that it will reduce the risk by only accessing license plate data when there is “circumstantial or supporting evidence” to further an investigation, and will only let CBP agents access data within a five-year period from the date of the search.
When asked about its privacy assessment, CBP spokesperson Matthew Dyman responded: “How would you be able to opt out of a license plate reader? Can I opt out of speed cameras here in DC?”
CBP doesn’t have the best track record with license plate data. Last year, CBP confirmed that a subcontractor, Perceptics, improperly copied license plate data on “fewer than 100,000” people over a period of a month-and-a-half at a U.S. port of entry on the southern border. The agency later suspended its contract with Perceptics.
Updated with CBP response.
Source: Tech Crunch