Automated license plate readers, ALPRs, would be controversial even if they were responsibly employed by the governments that run them. Unfortunately, and to no one's surprise, the way they actually operate is "deeply disturbing and confirm[s] our worst fears about the misuse of this data," according to an audit of the programs instigated by a Californian legislator.
"What we've learned today is that many law enforcement agencies are violating state law, are retaining personal data for lengthy periods of time, and are disseminating this personal data broadly. This state of affairs is totally unacceptable," said California State Senator Scott Weiner (D-SF), who called for the audit of these programs. The four agencies audited were the LAPD, Fresno PD and the Marin and Sacramento County Sheriffs Departments.
The inquiry revealed that the programs can barely justify their existence and do not seem to have, let alone follow, best practices for security and privacy:
In other words, "there is significant cause for alarm," the press release stated. As the programs appear to violate state law they may be prosecuted, and as existing law appears to be inadequate to the task of regulating them, new ones must be proposed, Wiener said, and he is working on it.
The full report can be read here.