License Plate Surveillance Company Attacks Nonprofits For Filing FOIA Requests

A private company that sells surveillance technology to law enforcement is telling police departments that they are being targeted and attacked by transparency groups that request public records.

Vigilant Solutions, the country’s largest vendor of automated license plate readers (ALPRs), has accused the non-profit groups Electronic Frontier Foundation (EFF) and Muckrock of running a campaign in order to evoke fear (and ultimately donations), in a letter sent to law enforcement agencies across the country.

The two groups launched a joint campaign in February to file public records requests with law enforcement agencies that have contracts with Vigilant. A week later, the company sent the email to participating police departments, which I obtained through a California Public Records Act (CPRA) request to the City of Pleasanton in California. The full letter has been posted on Vigilant’s website and is presented as an open letter to all of its law enforcement customers. We don't know if the letter was sent directly to each of Vigilant's customers, but the company has contracts with more than a thousand law enforcement agencies nationwide.

“We know you are experiencing an onslaught of Freedom of Information Act (FOIA) and Public Records Act (PRA) requests by the Electronic Frontier Foundation and MuckRock regarding your use of our license plate reader (LPR) technology,” the email sent to the City of Pleasanton reads. “We write this letter to let you know, quite simply, that we are here for you.”

EFF a digital rights organization, and MuckRock, a government transparency site, wanted to know how law enforcement agencies that use ALPRs store and share the data they collect (disclosure: Motherboard files FOI requests using MuckRock's platform). Some ALPRs are handheld or mounted on police cars, and others are stationary, so a license plate could be recorded at any time. This data is considered by many to be highly sensitive because it can link identity to location when people drive to work, attend a protest, or even visit a reproductive health clinic.

While each agency controls with which agencies it shares data, much of this data is compiled in a database that can be accessed by local and federal agencies across the United States. Many transparency groups have expressed concern that the widespread collection and retention of such information could have serious and worrying implications for civil liberties.

EFF and MuckRock sent each law enforcement agency that works with Vigilant just one request for public records. “No agency is experiencing an onslaught,” said Dave Maass, a senior investigative researcher at EFF. He noted that each request was very narrow, and that none were for confidential documents or those that would require redcations.

One implication of Vigilant Solutions’ letter, and its reference to public records requests as “attacks” and an “onslaught,” is that government agencies are working more closely with, and are more easily accountable to, private surveillance companies than they are with the public.

The letter went on to accuse EFF and MuckRock of capitalizing on fear to bolster fundraising efforts.

“In short, they are attempting to scare individuals into hitting one of the countless “Contribute” or “Donate” buttons on their website,” it reads.

EFF and MuckRock are both nonprofit organizations. Vigilant Solutions’ contracts with many individual police departments are valued at hundreds of thousands of dollars. Its $350,000 contract with the City of Austin is nearly double the total annual budget of MuckRock.

“If local taxpayers are footing the bill for Vigilant, they deserve to know what they are paying for, what safeguards are in place with this technology, and the privacy implications involved,” said Michael Morisy, a co-founder of Muckrock.

Pleasanton Police Department is one of approximately 1,000 of law enforcement agencies using its automated license plate readers. Every time an agency signs a contract with Vigilant, the size and reach of its database, which already includes billions of reads of license plates, expands.

Vigilant Solutions claims on its website that the data it collects isn’t identifying, and that the sharing services it offers amplifies the effectiveness of law enforcement. But license plate readers are deeply controversial.

The Verge reported earlier this year that Immigration and Customs Enforcement (ICE) had signed a contract with Vigilant Solutions, giving the agency to its database of geotagged pictures of license plates. This has sparked fears among civil libertarians and immigrant rights advocates that Vigilant’s data could be used to track undocumented immigrants—even in cities that have passed sanctuary city resolutions.

And ALPRs gather data on everyone—they are not just limited to those suspected of committing a crime, and they are used without warrants. They scan every license plate they pass, whether a car is driving or parked, and have been used near sensitive locations—the NYPD recorded the license plate numbers of everyone parked near a mosque in 2012. They can be used to track vehicles in real time and reveal highly personal and identifying travel patterns.

While a person’s name is not attached to the information that Vigilant’s ALPRs collect, EFF’s Maass thinks the data isn’t anonymous. “Law enforcement and their commercial clients are able to link that to other information very, very easily,” he said. “If you know where somebody lives, you can find out with a license plate reader what plate is attached to them. You can find out plenty of things not just through the data itself, but also by linking it to other databases out there.”

A Vigilant Solutions spokesperson told Motherboard that “as policy, Vigilant Solutions is not at liberty to discuss or share any contractual details. This is a standard agreement between our company, our partners, and our clients. Our mission is to support federal, state and local governments in their efforts to save lives and make communities safer.”

Vigilant’s email contains a similar statement that its mission is to “support federal, state and local law enforcement in their efforts to make communities safer.” The goal of private companies like Vigilant Solutions may be to make its clients’ jobs less difficult. But if the role of government agencies is to not only protect, but to be accountable to the public, the privatized surveillance model has complicated fundamental transparency mechanisms.

As law enforcement agencies increasingly outsource their activities to contractors, it’s becoming more difficult for the public to uncover details of how government uses surveillance technology. And although private corporations like Vigilant Solutions are not subject to public records laws, their contracts and interactions with government agencies are. So, the filing continues.