Credit: Noah Berger for CIR
Denise Green had just dropped off her sister at the 24th Street Mission BART station after picking her up from the hospital.
Green, who was driving a 1992 red Lexus, noticed a San Francisco police car with its lights on pull up behind her as she passed through the intersection of Mission Street and Highland Avenue. Green pulled over to let the patrol car pass.
She was stunned when officers yelled, “Put your hands up!”
Sgt. Ja Han Kim ordered her to step out of the car, and as Green complied, she turned and saw several officers with their guns trained on her.
“Don’t look at us!” one of them said.
“Turn around!” the officers shouted, forcing Green to her knees.
They handcuffed her and searched her Lexus. Green overheard officers standing near her license plate shouting numbers to each other.
“It’s not a seven?” one said.
“No, three five zero,” another officer replied.
Green, a Muni driver and 50-year-old San Francisco resident, had been pulled over and detained because her car was mistakenly identified as a stolen vehicle by an automatic license-plate reader the city had installed on its police cars. The officers did not confirm her license plate with their dispatcher.
“It was a nightmare,” Green said of the traffic stop. “I had no idea what was going on or why they were treating me like a criminal – I just hope that never happens to anyone else.”
Five years later, as Green’s lawsuit over the incident goes to a civil trial this year, the use of license-plate readers has emerged as one of the biggest concerns among privacy advocates. Car-tracking technology is becoming ubiquitous in cities around the United States, and the types of data collected and analyzed with the help of license-plate readers is expanding into other realms of personal information.
Documents obtained by The Center for Investigative Reporting show that a leading maker of license-plate readers wants to merge the vehicle identification technology with other sources of identifying information, alarming privacy advocates. Vigilant Solutions is pushing a system that eventually could help fuse public records, license plates and facial recognition databases for police in the field.
The Livermore, California, company released its own facial recognition software last year for use in stationary and mobile devices. The technology uses algorithms to determine whether a person’s face matches that of somebody already in a law enforcement database. Like license-plate readers, facial recognition technology has been criticized for incorrectly identifying people.
Vigilant also is the market leader in license-plate data collection. The company runs the Law Enforcement Archive and Reporting Network database, which stores more than 2.5 billion records and adds roughly 70 million new license-plate scans monthly. The company offers law enforcement free access to its license-plate data through another database, the National Vehicle Location Service.
Vigilant has faced criticism from the public, privacy advocates and lawmakers in California for working behind the scenes to rally police and sheriff’s departments to its side – including prohibiting law enforcement officials from talking to the media about its products without its approval.
A Vigilant PowerPoint presentation about its products, obtained by CIR, contains a section on the “near future” for the company. That includes a fusion of public records, license-plate data and facial recognition, according to the slide. Another technology, dubbed MOAB, would help law enforcement find vehicles using a “probabilistic assessment” of a vehicle’s location based on historical data and public records.
Another slide prepared for Texas law enforcement shows how a combined data program could work. It would pull mug shots from the local Department of Motor Vehicles database and notify law enforcement with an alert if “a vehicle is associated with someone with a known criminal history.” The slide also describes “facial images embedded into” the license-plate record. Another describes how Vigilant’s FaceSearch application works on mobile devices.
Amy Widdowson, a Vigilant spokeswoman, said the slides reviewed by CIR were of a prototype program that did not actually include facial recognition technology.
As for specific references to merging license-plate data with facial recognition and public records, Widdowson said the slide “is merely showing that law enforcement can combine data from public records with LPR (license-plate reader) data to reduce their search area for a suspect.”
Last week, Vigilant announced a new product it called Mobile Companion, which the company said was “driven by a desire” to combine license-plate data with facial recognition technology “into a very nice and easy-to-use mobile application.”
Privacy advocates said combining historical plate-reader data with public records and facial recognition technology runs contrary to law enforcement’s argument that license plates are not considered personally identifying information.
Jennifer Lynch, a senior staff attorney at the Electronic Frontier Foundation, which is suing the Los Angeles County Sheriff’s Department and Los Angeles Police Department for information about their collection and use of license-plate data, said Vigilant’s plans could represent a sea change in the technology.
Noting that Vigilant already offers analytical software that traces the movements of a vehicle through the public and private plate-reader data it retains, Lynch said the company’s plans could pose a threat to individual privacy.
By combining the location data from license-plate readers with public records such as court files and property records – as well as photographs of individuals from criminal or DMV databases – into one search tool, which in turn could be used with facial recognition software, license-plate readers could move into uncharted territory.
A plate reader could tag a passing car and the names of people associated with the vehicle and keep a log of where that person traveled. That data potentially could be stored for months or years.
“When you’re combining data from multiple sources, it becomes incredibly revealing,” Lynch said.
Facial recognition technology is making rapid advances. The National Security Agency is reportedly mining intercepted communications, the Internet and foreign government databases for images used to identify individuals of interest to the intelligence agency. Along with its own in-house facial recognition program, the NSA also uses software made by a Google subsidiary, PittPatt.
For her part, Green filed a civil suit against the San Francisco Police Department. The case is expected to go to trial this winter after the 9th Circuit Court of Appeals overturned a lower court’s decision to dismiss her claim. At the time of the incident, San Francisco police used license-plate readers manufactured by PIPS Technology, a subsidiary of Federal Signal Corp., not technology from Vigilant Solutions.
San Francisco officials declined to comment on the pending litigation.
Green’s attorney, Michael Haddad, said the incident took a serious toll on her. “It was extremely terrifying, and Denise ended up having to miss a couple weeks of work and get counseling afterwards.”
But Haddad noted one significant fact in the documentation for the trial: The machines can have an error rate as high as 8 percent. “There’s some acknowledgment by the manufacturers,” he said, “that there’s a significant percentage of the time that they’re wrong.”
Managing Vigilant’s public image
Meanwhile, Vigilant has been working behind the scenes to shield its technology from public view and manage the public perception of its products.
An agreement between Vigilant and the Ontario Police Department in San Bernardino County, California, for example, prohibits the department from publishing material about Vigilant’s technology or cooperating with journalists who ask questions about the plate-reader system – without first obtaining the company’s consent.
“Agency agrees not to use proprietary materials or information in any manner that is disparaging,” according to the agreement. The police department agreed “not to voluntarily provide ANY information, including interviews, related to Vigilant, its products or its services to any member of the media without the express written consent of Vigilant.”
Terry Francke, a public records expert and general counsel for open-government group Californians Aware, said such agreements violate the state Public Records Act. Information related to public contracts and services, Francke said, “are public records, and the government may not withhold them to comply with the contractor’s wishes.”
As it faced legislation this year that would curb its business, Vigilant and law enforcement joined forces even further. The California District Attorneys Association, California State Sheriffs’ Association and California Police Chiefs Association all submitted letters opposing legislation that would have curbed Vigilant’s practices.
The California legislation would have banned public and private entities from selling license-plate data, required privacy policies for agencies using the technology and prevented license-plate data from being the sole basis for search warrants. The legislation was watered down significantly from a previous version that would have restricted law enforcement’s retention of license-plate data to five years.
During its campaign, Vigilant canvassed its law enforcement customers for anecdotal evidence of successful investigations using license-plate readers to lobby against the bill, which was defeated May 29 in the state Senate, according to emails obtained through the Public Records Act.
A mass email on Feb. 2 from Brian Shockley, Vigilant Solutions’ vice president for marketing, to subscribers claimed that the now-defeated legislation, SB 893, “would completely eliminate the ability for Vigilant to collect and share its license plate reader data with you.”
The email also makes clear Vigilant’s aggressive stance toward government regulation of its business. Shockley wrote that “government should not be legislating away law enforcement’s right to this tool that is helping to solve major crimes and protect the public. The focus should not be on who collects the data or how long it is stored, the focus should be on proper access controls, proper use and protections against misuse.”
Widdowson, the Vigilant spokeswoman, said the email was sent to Vigilant law enforcement customers because the company “feels it is important to inform our law enforcement customers about pending legislation that can negatively impact their ability to protect and serve.”
Vigilant sells license-plate readers to over a dozen California agencies, including the California Highway Patrol, Orange County Sheriff’s Department, and the Sacramento Police and County Sheriff’s departments. For its business with law enforcement in the city of Alameda, Anaheim, Marin County, San Rafael and Sacramento, Vigilant won the contracts without going through a competitive bidding process.
In Utah, Vigilant and a subsidiary company, Digital Recognition Network, are suing the state in civil court to block regulations passed by the state Legislature last year on license-plate readers. In Massachusetts, Vigilant is lobbying heavily against pending legislation that would restrict law enforcement agencies’ retention of license-plate data to a matter of days.
Widdowson said concerns about how long data is kept is “a red herring,” declaring that the Legislature should instead focus on “access control and enforcing existing laws.” No law currently regulates the use of license-plate data in California for public or private entities.
State Sen. Jerry Hill, D-San Mateo, author of the California legislation, said law enforcement continued to lobby against the bill even after it was amended to restrict the use of license-plate data by private entities. He said that reflects on what he calls the “incestuous relationship” between license-plate reader companies and public safety agencies.
“Vigilant has been able to leverage public safety and California law enforcement for their own financial gain by holding out the ability to access their information at no charge,” Hill said. “That enticement is the reason law enforcement opposed the bill.”
This story was edited by Robert Salladay and copy edited by Sheela Kamath and Nikki Frick.