Chicago Police Department’s Automated License Plate Reader Policies
CHICAGO POLICE DEPARTMENT AUTOMATED LICENSE PLATE READER POLICY COMPLIANCE
WITH BRENNAN CENTER RECOMMENDED PRIVACY SAFEGUARDS
The Chicago Police Department currently utilizes a mass surveillance technology called automated license plate readers (“ALPR”). ALPRs are high-speed cameras that scan their surroundings for vehicle license plates. When an ALPR camera scans a license plate, the camera records an image of the plate, along with the date, time, location, and photograph of the vehicle and its plate. ALPR software then uploads these images of license plates, called “detections” or “plate scans,” to a centralized database. CPD contracts with a third-party company called Vigilant Solutions for access to Vigilant’s database of ALPR detections, called the National Vehicle Location Service (“NVLS”).[1]
Vigilant Solutions’ law enforcement clients access the NVLS via Vigilant’s software/online portal, called the Law Enforcement Archival Reporting Network (“LEARN”). Law enforcement agencies like CPD can enter a license plate number into the database and the database will return a list of all instances in which its ALPR cameras detected that plate. Law enforcement agencies can also elect to make their NVLS-hosted detections accessible to other law enforcement agencies. Law enforcement agencies can also create lists of wanted license plates (“hot lists”) in the database and the database will alert that agency of all future detections of those plates when they occur (“hits”).
CPD currently owns and operates an unknown number of fixed location ALPR cameras and at least 225 vehicle-mounted ALPR cameras.[2] In 2019 and 2020, CPD paid Vigilant $337,050.00 and $386,474.71 respectively for database access services.[3]
While ALPRs provide valuable information to law enforcement agencies, this surveillance technology raises several privacy and civil liberties concerns. In September 2020, the Brennan Center for Justice issued a series of recommendations for law enforcement agencies to follow to protect our privacy and civil liberties.[4] CPD’s current policies and practices fall far short of these recommendations.
Recommendation #1: Impose brief retention periods (days, not months) of ALPR data by departmental policy and by state law.
The Chicago Police Department has a five-year retention period for ALPR data.[5] [6] This is also the retention period recommended by Vigilant Solutions.[7]
Illinois currently has no law governing ALPR data retention periods. The Illinois General Assembly considered but failed to pass an ALPR privacy bill in 2015.[8]
Recommendation #2: Require a warrant to search historical ALPR data except in exigent circumstances.
Neither CPD nor the Cook County State’s Attorney mandate or obtain warrants for historical ALPR data searches.[9]
Recommendation #3: Institute a two-step scanning process to protect personal information. When an officer individually runs a plate, the search should reveal only the registration information and the plate’s presence on a hot list (e.g. stolen, AMBER, etc). Only if this information provides the basis for further police action, should the officer be allowed to access the personal information associated with the plate’s registration such as name, address, SS#, and criminal record.
CPD does not utilize a two-step process to prevent officers from accessing personal information before verifying registration information and a plate’s presence on a hot list.[10]
Recommendation #4: Require verification of hot list data. Before an officer conducts a stop based on hot list data, that officer should be required to independently verify the information yielded. Agencies should also institute real-time updating of hot list data.
CPD requires that its officers visually verify the plate read, verify the current status of the plate or any alerts as valid and active, before performing any “law enforcement action.”[11]
However, CPD does not require real-time updating of hot list data. CPD’s hot list is updated every thirty minutes, and other information is updated daily.[12]
Recommendation #5: Require transparency and invite community input into ALPR use and policies.
CPD’s ALPR policy claims that CPD requires transparency and accountability and invites inquiries and complaints about incorrect information, and about civil rights and civil liberties protections. CPD also has designated a privacy officer to receive these inquiries.[13]
However, neither the CPD policy inviting inquiries and complaints, nor the contact information for the privacy officer appear to have been made public by CPD. This information appears in CPD’s Crime Prevention and Information Center LPR policy, which CPD has not made publicly available anywhere online.
Furthermore, this researcher could not locate any media reports of CPD ever inviting community input into its ALPR use or policies. When asked to identify any instances of CPD inviting community input into its ALPR use or policies, a CPD spokesperson could not identify any such instances.[14] CPD reports possessing no records establishing that it has invited community feedback into its ALPR policies at any time in the past five (5) years.[15]
Recommendation #6: Maintain audit logs for both alerts and searches. Also maintain logs of all the ways they receive, store and share ALPR data.
While CPD has a policy to maintain audit logs for searches[16], CPD’s policy is unclear as to whether it also maintains audit logs of alerts.
CPD also has a policy to audit how it receives, stores, and shares ALPR data.[17] However, CPD has no records of having actually performed any such audits at any time in the past two years.[18]
Recommendation #7: Conduct audits for disparate impact to protect historically marginalized communities and constitutionally-protected activities.
While CPD has policies prohibiting the use of ALPR database access for the purpose of targeting any group in a discriminatory manner or infringing on constitutionally-protected activities,[19] this researcher could not locate any CPD policy mandating audits to monitor disparate impact or infringement on constitutionally-protected activities.
Furthermore, this researcher could not locate any record of CPD conducting any audits for disparate impact on marginalized communities or constitutionally-protected activities. CPD has specifically denied having records of any such audits from any time in the past two years.[20]
Recommendation #8: Conduct audits to ensure effective safeguards. ALPR data should be available only to employees who need to access the data and access should be promptly terminated when no longer necessary. Searches should be appropriately limited to specific law enforcement investigations. Agencies should employ oversight on the use of ALPR data.
While CPD has a policy to conduct audits on employee access and to ensure access is limited to specific law enforcement investigations,[21] this researcher could not locate any record of CPD ever conducting any such audits. CPD has specifically denied having records of any such audits from any time in the past two years.[22]
Further, CPD does not appear to have a policy in place to promptly terminate an employee’s ALPR database access when no longer necessary.
[1] Handley, Joel, “Chicago Police Tight-lipped About Use of License Plate Scanners, Despite $500,000 New Contract”, In These Times (February 20, 2015), available at: http://inthesetimes.com/article/17659/cpd-tightlipped-about-use-of-license-plate-scanners-despite-new-contract ; see, also, CPD 2019 Hit Ratio Report, available at: https://beta.documentcloud.org/documents/20389070-chicago-il-police-department-alpr-hit-ratio-report-2019 ; and CPD 2020 Agency Data Sharing Report, available at: https://beta.documentcloud.org/documents/20389124-chicago-il-police-alpr-agency-sharing-2020 .
[2] CPD ALPR Vehicle List, available at: https://beta.documentcloud.org/documents/20389072-chicago-il-police-department-alpr-vehicles-list
[3] See 2019 and 2020 CDW Government Invoices for Vigilant Solutions database access available at: https://beta.documentcloud.org/documents/20389128-chicago-il-police-vigilant-solutions-alpr-invoices-2019-and-2020
[4] Brennan Center for Justice, “Automatic License Plate Readers: Legal Status and Policy Recommendations for Law Enforcement Use” (September 10, 2020), available at: https://www.brennancenter.org/our-work/research-reports/automatic-license-plate-readers-legal-status-and-policy-recommendations
[5] Chicago Police Department Crime Prevention and Information Center License Plate Reader Policy, at K1, available at: https://beta.documentcloud.org/documents/20398286-chicago-il-police-cpic-lpr-policy
[6] Another CPD policy, CPD Special Order S03-20, lists the retention period for “plate reads maintained by CPD” as 365 days. However, CPD’s plate reads are maintained by Vigilant Solutions/LEARN, not by CPD. When specifically asked via FOIA request for its detections/plate reads retention period, CPD provided the CPIC LPR policy cited above. See, CPD Special Order S03-20 Automated License Plate Reader (ALPR) Systems available at: https://beta.documentcloud.org/documents/20389065-chicago-il-police-department-alpr-directive-april-2018; and CPD ALPR Policies FOIA Response Letter 1 (October 21, 2020), available at: https://beta.documentcloud.org/documents/20398285-chicago-il-police-alpr-policies-response-letter-1
[7] See Vigilant Solutions LEARN 5.1 Agency Manager Guide, p. 5 (p. 6 of PDF), available at https://beta.documentcloud.org/documents/20400768-vigilant-solutions-learn-51-manager-guide-color.
[8] Freedom from Automatic License Plate Reader Surveillance Act., 2015 Bill Text IL H.B. 3289, IL S.B. 1753
[9] See, Chicago Police Department Crime Prevention and Information Center LPR Policy, supra; CPD Special Order S03-20 Automated License Plate Reader (ALPR) Systems, supra; CPD Special Order S12-09 Law Enforcement Archival and Reporting Network (LEARN) available at: https://beta.documentcloud.org/documents/20389066-chicago-il-police-department-alpr-learn-directive-june-2018 ; and Cook County State’s Attorney ALPR Policies FOIA Response Letter (November 5, 2020), available at: https://beta.documentcloud.org/documents/20402244-cook-county-states-attorney-alpr-policies-foia-response-letter.
[10] Id.
[11] Chicago Police Department Crime Prevention and Information Center LPR Policy, supra, at H2.
[12] Id., at E3
[13] Id., at L1 and L2.
[14] Official Chicago Police Reform Twitter account (@CPDReform) response (October 29, 2020), available at: https://twitter.com/CPDReform/status/1321913623078342656?s=20
[15] CPD ALPR Policies FOIA Response Letter 1, supra.
[16] Chicago Police Department Crime Prevention and Information Center LPR Policy, supra, at J7 and J8
[17] Id., at L2
[18] CPD ALPR Policies FOIA Response Letter 2 (November 4, 2020), available at: https://beta.documentcloud.org/documents/20402046-chicago-il-police-alpr-policies-response-letter-2
[19] Chicago Police Department Crime Prevention and Information Center LPR Policy, supra, at F2
[20] CPD ALPR Policies FOIA Response Letter 2, supra.
[21] Chicago Police Department Crime Prevention and Information Center LPR Policy, supra, at J1 – 9 and L2.
[22] CPD ALPR Policies FOIA Response Letter 2, supra.