Boston has suspended the use of scanners that check drivers’ license plates for infractions. Why? For starters, the Boston Police Department doesn’t seem to have adequate data protection measures (boldface mine):
The police inadvertently released to the Globe the license plate numbers of more than 68,000 vehicles that had tripped alarms on automated license plate readers over a six-month period. Many of the vehicles were scanned dozens of times in that period alone.
The accidental release triggered immediate doubts about whether the police could reliably protect the sensitive data….
The Boston police are one of the few departments in the state with explicit policies to protect privacy, but the released data calls into question how closely they follow their own rules.
“It’s not realistic to think that law enforcement will police itself when it comes to technologies like license plate readers,” said state Representative Jonathan Hecht, a Watertown Democrat who has filed a bill to regulate use of scanners and the sensitive data they collect…
Investigators at MuckRock, a public-records group that works with the Globe, initially requested the police scan data last January. After initially denying the request, Boston police agreed in April to release a database of plates that had triggered alarms, but without individual plate numbers.
But the records finally released in July were unredacted, revealing full plate numbers and GPS location data for more than 40,000 different vehicles, most of which belonged to private citizens.
MuckRock and the Globe brought the inadvertent disclosure to police attention beginning in September. But it was not until late November that department officials acknowledged the error and asked for the information’s return. The Globe declined, but has no intention of publishing any individual plate information.
So they mishandled data? Gotta break some privacy eggs to make a security omelette, right? Well:
It also raised questions about whether police were following up on the scans, since numerous vehicles repeatedly triggered alarms for the same offenses. One motorcycle that had been reported stolen triggered scanner alerts 59 times over six months, while another plate with lapsed insurance was scanned a total of 97 times in the same span….
But some repeat alarms were for serious violations. One Harley Davidson motorcycle that had been reported stolen passed license plate scanners a total of 59 times between Oct. 19, 2012, and March 13, 2013. It was often recorded on sequential days or multiple times in a single day, all by the same scanner and almost always within the same half-hour span in the early evening.
Boston police chief technical officer John Daley indicated that each of these scans prompted an e-mail alert to the department’s Stolen Car Unit, but there is no indication that the motorcycle was ever apprehended or even stopped….
It is unclear what Boston police have done with their mountain of scans, in part because police did not keep records of follow-ups on the data. Fiandaca said that making sure the information is used effectively will be part of Evans’s review.
Ok, but it’s not like there’s anything really creepy or weird going on with this, right?
Some of the most frequent hits in the database were scanned in Boston police’s own employee parking lots. More than two hundred vehicles parked in the police substation lot in South Boston, a mix of official and personal vehicles, triggered scanner alerts over the six months. Police declined to discuss why they would be scanning the parking lot or why there would be so many potential violations.
Oh dear. Snark aside, what we have is a giant data collection project with breaches of privacy that is not effectively used. Sound like any security state you know? And Boston at least has some oversight procedures in place. But this isn’t really just about Boston, but an ever-expanding security state with an intelligence apparatus that is anything but intelligent–though still capable of causing harm. While this might not be as pervasive as the NSA, there are three broad lessons here:
2) The security state does not work as advertised. Consider: a vehicle that was identified as stolen was identified 59 times–and nothing happened. On a larger scale, the federal government has spent billions trying to coordinate local, state, and federal intelligence, and, despite strong signals, completely missed the Boston Marathon bombers. These programs are pretty good at harassing legal protest movements, however (also see the previous point).
When you rub these two points together, it is clear that the primary purpose of modern intelligence gathering is not to prevent crime (or terrorism) but to retroactively justify particular policies, which might or might not keep us safe and free.
This can only be described as a failure. And we still have learned nothing from the Mother of All Stovepipes.