BILL ANALYSIS �Ó
SENATE JUDICIARY COMMITTEE
Senator Hannah-Beth Jackson, Chair
2015 - 2016 Regular Session
SB 34 (Hill)
Version: December 1, 2014
Hearing Date: April 14, 2015
Fiscal: Yes
Urgency: No
TH
SUBJECT
Automated License Plate Recognition Systems: Use Of Data
DESCRIPTION
This bill would place restrictions on the use of Automated
License Plate Recognition (ALPR) technology by both public and
private sector users. Specifically, this bill would:
add ALPR data to the list of personal information covered by
California's Data Breach Notification Law;
specify data security protocols for the use and storage of
ALPR data;
require ALPR operators and users to implement and maintain a
usage and privacy policy consistent with respect for
individuals' privacy and civil liberties;
require ALPR operators to maintain a record documenting access
to ALPR data;
require public agencies to hold a public meeting with public
comment prior to implementing an ALPR program; and
create a private right of action to enforce these
restrictions, and allow for recovery of actual or statutory
damages, attorney's fees, and costs of suit.
BACKGROUND
Automated License Plate Recognition (ALPR) systems use either
mobile (e.g., attached to the outside of a vehicle) or
stationary cameras and sophisticated computer software to
capture and record a vehicle's license plate information. These
systems typically operate by photographing an image of a license
plate, using character recognition software to convert the image
�
SB 34 (Hill)
Page 2 of ?
into the alpha-numeric characters of the license plate, and then
comparing the alpha-numeric data to data held in other databases
to, for example, instantly identify stolen cars or locate
vehicles subject to repossession. ALPR systems capture other
data as well, including the geographic location of a license
plate and the time and date that the license plate was scanned.
Using this additional ALPR captured data, it is possible over
time and with multiple scans to construct the locational history
of scanned vehicles. The technology works at lightning speed;
one company, ELSAG North America, advertises that its
vehicle-based ALPR system can capture up to 1,800 license plate
reads per minute, day or night, can capture data from parked and
moving vehicles across up to 4 lanes of traffic, day or night
and in any weather, and can read license plate data at moving
speeds of up to 150 mph (241 kph). (See http://elsag.com
/mobile.htm [as of April 8, 2015].)
Law enforcement uses ALPR technology to identify and locate
stolen vehicles and to compare information obtained against
databases of outstanding warrants. Auto repossession companies
take advantage of ALPR technology to help find debtors who are
behind on their car payments. In January 2012, a California
Watch article entitled "Private Company Hoarding License-Plate
Data on US Drivers" noted:
Capitalizing on one of the fastest-growing trends in law
enforcement, a private California-based company has compiled a
database bulging with more than 550 million license-plate
records on both innocent and criminal drivers that can be
searched by police. . . . [P]olice around the country have
been affixing high-tech scanners to the exterior of their
patrol cars, snapping a picture of every passing license plate
and automatically comparing them to databases of outstanding
warrants, stolen cars, and wanted bank robbers. The units
work by sounding an in-car alert if the scanner comes across a
license plate of interest to police, whereas before, patrol
officers generally needed some reason to take an interest in
the vehicle, like a traffic violation. But when a license
plate is scanned, the driver's geographic location is also
recorded and saved, along with the date and time, each of
which amounts to a record or data point. Such data collection
occurs regardless of whether the driver is a wanted criminal,
and the vast majority are not.
While privacy rules restrict what police can do with their own
�
SB 34 (Hill)
Page 3 of ?
databases, Vigilant Video, headquartered in Livermore, Calif.,
offers a loophole. It's a private business not required to
operate by those same rules. . . . Vigilant distinguished
itself from competitors by going one step further and
collecting hundreds of millions of scans to create what's
known as the National Vehicle Location Service. A West Coast
sales manager for the company, Randy Robinson, said the
scanners - as well as data from them compiled in the location
system - do far more than simply help identify stolen
vehicles. Stories abound of the technology also being used by
police to stop wanted killers, bank robbers, and drug
suspects. Kidnappers could be intercepted, too. (Schulz,
Private Company Hoarding License-Plate Data on US Drivers
(January 12, 2012)
[as of April 8, 2015].)
In response to the issues raised by ALPR technology, this bill
would impose some restrictions on the use of ALPR technology and
ALPR system-derived data. Specifically, it would add ALPR data
to the list of personal information covered by California's Data
Breach Notification Law, would require specific data security
protocols for the storage of ALPR data and require entities that
store ALPR data to keep an access log, and would require public
agencies to hold a public meeting with public comment prior to
implementing an ALPR program. Additionally, this bill would
require ALPR operators and users to implement and maintain a
usage and privacy policy consistent with respect for
individuals' privacy and civil liberties.
CHANGES TO EXISTING LAW
Existing law , the California Constitution, provides that all
people have inalienable rights, including the right to pursue
and obtain privacy. (Cal. Const., art. I, Sec. 1.)
Existing law permits the CHP to retain license plate data
captured by a license plate reader for no more than 60 days,
except in circumstances when the data is being used as evidence
or for all felonies being investigated, including, but not
limited to, auto theft, homicides, kidnapping, burglaries, elder
and juvenile abductions, Amber Alerts, and Blue Alerts. (Veh.
Code Sec. 2413(b).)
Existing law prohibits the CHP from selling ALPR data for any
purpose and making it available to an agency that is not a law
�
SB 34 (Hill)
Page 4 of ?
enforcement agency or an individual who is not a law enforcement
officer. The data may be used by a law enforcement agency only
for purposes of locating vehicles or persons when either are
reasonably suspected of being involved in the commission of a
public offense. (Veh. Code Sec. 2413(c).)
Existing law requires the CHP to monitor internal use of the
ALPR data to prevent unauthorized use. (Veh. Code Sec.
2413(d).)
Existing law requires the CHP to report to the Legislature its
ALPR practices and usage, including the number of ALPR data
disclosures, a record of the agencies to which data was
disclosed and for what purpose, and any changes in policy that
affect privacy concerns. (Veh. Code Sec. 2413(e).)
This bill would add unencrypted information or data collected
through the use or operation of an ALPR system to the list of
personal information subject to breach notification under
California's Data Breach Notification Law.
This bill would require an ALPR operator, as defined, to ensure
that ALPR information is protected with reasonable operational,
administrative, technical, and physical safeguards to ensure its
confidentiality and integrity, as well as to implement and
maintain reasonable security procedures and practices in order
to protect ALPR information from unauthorized access,
destruction, use, modification, or disclosure.
This bill would require an ALPR operator to implement and
maintain a usage and privacy policy in order to ensure that the
collection of ALPR information is consistent with respect for
individuals' privacy and civil liberties. The usage and privacy
policy shall:
be available in writing;
be posted conspicuously on the Internet Web site of the ALPR
operator if it has an Internet Web site;
describe the authorized purposes for using ALPR systems and
collecting ALPR information;
include a description of the employees and independent
contractors who are authorized to use ALPR systems, collect
ALPR information, or access ALPR information, as well as a
description of their training requirements;
describe how the use of ALPR systems will be monitored to
ensure compliance with all applicable privacy laws and a
�
SB 34 (Hill)
Page 5 of ?
process for periodic system audits;
describe the measures that will be used to ensure the accuracy
of ALPR information and a process to correct data errors;
describe how the ALPR operator will comply with required
security procedures and practices;
describe the length of time ALPR information will be stored or
retained;
identify the official custodian, or owner, of ALPR information
and those employees and independent contractors who have the
responsibility and accountability for implementing the privacy
policy; and
describe the purpose of, and process for, sharing or
disseminating ALPR information with other persons.
This bill would require an ALPR operator to maintain a record of
access if the ALPR operator accesses or provides access to
information or data collected through the use or operation of an
ALPR system. This bill would specify that, at a minimum, the
record shall include all of the following:
the date and time the information is accessed;
the license plate number or other data elements used to query
the ALPR database or system;
the person who accesses the information; and
the purpose for accessing the information.
This bill would require an ALPR end-user, as defined, to
implement and maintain a usage and privacy policy in order to
ensure that the access and use of ALPR information is consistent
with respect for individuals' privacy and civil liberties. The
usage and privacy policy shall:
be available in writing;
be posted conspicuously on the Internet Web site of the ALPR
end-user if it has an Internet Web site;
describe the authorized purposes for accessing and using ALPR
information;
include a description of the employees and independent
contractors who are authorized to access and use ALPR
information, as well as their training requirements;
describe how the access and use of ALPR information will be
monitored to ensure compliance with all applicable privacy
laws and a process for periodic system audits;
describe length of time ALPR information will be retained by
the ALPR end-user, and the process the end-user will follow to
determine if and when to destroy the retained information;
identify the official custodian of ALPR information;
�
SB 34 (Hill)
Page 6 of ?
describe the purpose of, and process for, sharing or
disseminating ALPR information with other persons; and
describe how the end-user will implement reasonable security
measures to secure ALPR information from unauthorized access,
destruction, use, modification, or disclosure.
This bill would provide that in addition to any other sanctions,
penalties, or remedies provided by law, an individual who has
been harmed by a violation of this title may bring a civil
action in any court of competent jurisdiction against a person
who knowingly caused that violation. This bill would further
provide that a court may award one or more of the following:
actual damages, but not less than liquidated damages in the
amount of two thousand five hundred dollars ($2,500);
punitive damages upon proof of willful or reckless disregard
of the law;
reasonable attorney's fees and other litigation costs
reasonably incurred; and
other preliminary and equitable relief as the court determines
to be appropriate.
This bill would require a public agency that considers
implementing a program to gather information through the use of
an ALPR system to provide an opportunity for public comment at a
regularly scheduled public meeting of the governing body of the
public agency before it implements the program.
This bill would define "ALPR end-user" to mean a person that
accesses or uses ALPR information, but to not include a
transportation agency when subject to Section 31490 of the
Streets and Highways Code.
This bill would define "ALPR operator" to mean a person that
operates an ALPR system, or that stores or maintains ALPR
information, but to not include a transportation agency when
subject to Section 31490 of the Streets and Highways Code.
COMMENT
�
SB 34 (Hill)
Page 7 of ?
1.Stated need for the bill
The author writes:
Used primarily by law enforcement agencies on police vehicles,
ALPR systems use a combination of high-speed cameras, software
and criminal databases to rapidly check the license plates of
millions of Californians. Some ALPR systems can scan up to
2,000 license plates per minute. When used by law
enforcement, each scanned license plate is checked against
crime databases, such as the federal National Crime
Information Center. If a 'hit' occurs for a stolen vehicle,
AMBER Alert, an arrest warrant, or other reasons, the ALPR
technology alerts the law enforcement officer.
ALPR technology has become a useful component of modern
policing. For example, the Sacramento County Sheriff's
Department, in just the first 30 days of using the technology,
identified and located 495 stolen vehicles, five carjacked
vehicles, and 19 other vehicles that were involved in
felonies. These ALPR identifications enabled the Sheriff's
Department to take 45 suspects into custody, including
individuals involved with bank robbery and home invasion.
The ACLU estimates that nationally, 75 percent of law
enforcement agencies currently use ALPRs, 85 percent plan to
expand their use, and within the next five years at least 25
percent of all police vehicles will be equipped with the
technology. The technology is also used by various private,
non-law enforcement entities, such as parking and repossession
companies. Some private communities use it to monitor who
enters and leaves the community.
The increased use of this technology has raised concern over
civil liberties. Whether or not a 'hit' occurs, all license
plate scans are sent to "fusion centers" - large regional
databases that aggregate ALPR data from various law
enforcement agencies. The ACLU estimates that only 1 percent
of ALPR data results in a 'hit,' the other 99 percent of data
has no relation to the commission of a crime.
While at least seven other states have already passed laws to
regulate ALPR systems, current California law has not kept up
with the rapid adoption of the technology. Except for the
�
SB 34 (Hill)
Page 8 of ?
California Highway Patrol (CHP) and transportation agencies,
current California law doesn't require any privacy safeguards
or establish any protocols for the use of ALPR systems.
SB 34 will require reasonable usage and privacy standards for
the operation of ALPR systems.
2.Fundamental Right to Privacy
Staff notes that the right to privacy is a fundamental right
protected by Section 1 of Article I of the California
Constitution. This bill would build upon that fundamental right
by requiring entities that collect, use, share, or disseminate
information derived from an automated license plate reader
system to disclose how such information is gathered and used,
and to ensure that the use of ALPR technology is consistent with
respect for individuals' privacy and civil rights.
The prevalence of ALPR systems and the ease with which license
plate data can be gathered and aggregated have raised serious
privacy concerns. (See e.g. Clark, License Plate Readers Spark
Privacy, Public Safety Debate (November 20, 2013) [as of April 8, 2015].) Using
large datasets of ALPR data gathered over time, it is possible
to reconstruct the locational history of a vehicle and
extrapolate certain details about the car's driver. As the
American Civil Liberties Union explains in a recent report:
Tens of thousands of license plate readers are now deployed
throughout the United States. Unfortunately, license plate
readers are typically programmed to retain the location
information and photograph of every vehicle that crosses their
path, not simply those that generate a hit. The photographs
and all other associated information are then retained in a
database, and can be shared with others, such as law
enforcement agencies, fusion centers, and private companies.
Together these databases contain hundreds of millions of data
points revealing the travel histories of millions of motorists
who have committed no crime. (ACLU, You Are Being Tracked:
How License Plate Readers Are Being Used to Record Americans'
Movements (July 17, 2013)
[as of
�
SB 34 (Hill)
Page 9 of ?
April 8, 2015].)
The U.S. Supreme Court recently examined the significant privacy
concerns raised by locational tracking technology in United
States v. Jones (2012) 132 S. Ct. 945. The Jones case
considered whether the attachment of a Global Positioning System
(GPS) tracking device to an individual's vehicle, and the
subsequent use of that device to track the vehicle's movements
on public streets, constituted a search within the meaning of
the Fourth Amendment. In her concurring opinion, Justice
Sotomayor made the following observations:
Awareness that the Government may be watching chills
associational and expressive freedoms. And the Government's
unrestrained power to assemble data that reveal private
aspects of identity is susceptible to abuse. The net result
is that GPS monitoring--by making available at a relatively
low cost such a substantial quantum of intimate information
about any person whom the Government, in its unfettered
discretion, chooses to track--may alter the relationship
between citizen and government in a way that is inimical to
democratic society.
I would take these attributes of GPS monitoring into account
when considering the existence of a reasonable societal
expectation of privacy in the sum of one's public movements.
I would ask whether people reasonably expect that their
movements will be recorded and aggregated in a manner that
enables the Government to ascertain, more or less at will,
their political and religious beliefs, sexual habits, and so
on. (United States v. Jones (2012) 132 S. Ct. 945, 955-956
[internal citations and quotation marks omitted].)
As with GPS monitoring, the accumulation of ALPR locational data
into databases that span both time and distance also threatens
to undermine one's right to privacy. As with GPS monitoring,
California residents may be less willing to exercise their
associational and expressive freedoms if they know that their
movements are being compiled into databases accessible not only
to the government, but also to private industries and
individuals.
This bill seeks to strengthen California residents' fundamental
right to privacy by requiring ALPR operators and end-users to
implement and maintain privacy policies that ensure that the
�
SB 34 (Hill)
Page 10 of ?
collection, use, and dissemination of ALPR-derived information
is consistent with respect for individuals' privacy and civil
liberties. The bill would also require public agencies that
consider implementing programs to gather information through
ALPR systems to first provide an opportunity for public comment
at a public meeting. As a matter of public policy, the
requirement to allow for public comment at a public meeting
prior to implementing an ALPR program makes government
decisionmaking more transparent and enables residents to have a
voice in deciding whether their community should adopt this
technology. Writing in support, the Conference of California
Bar Associations states:
SB 34 would impose reasonable curbs on the use of ALPR
information by designating it as protectable personal
information, restricting its dissemination, and providing a
private means of enforcement. This will enable law
enforcement to use ALPR information for its legitimate
purposes, while protecting the privacy interests of
Californians.
3.Data Security
Existing law requires any state agency, and any person or
business conducting business in California, that owns or
licenses computerized data that includes personal information,
as defined, to disclose any security breach concerning that data
to any California resident whose unencrypted personal
information was, or is believed to have been, acquired by an
unauthorized person. (Civ. Code Secs. 1798.29(a), 1798.82(a).)
This bill would add unencrypted ALPR information to the list of
personal information subject to breach notification under
California's Data Breach Notification Law. This bill would also
require ALPR operators to adhere to specific data security
protocols, including ensuring that ALPR information is protected
with reasonable operational, administrative, technical, and
physical safeguards to ensure its confidentiality and integrity,
as well as implementing and maintaining reasonable security
procedures and practices in order to protect ALPR information
from unauthorized access, destruction, use, modification, or
disclosure.
Staff notes that ALPR data has been mishandled in the past, in
part due to ineffective data security protocols. In 2013, the
Boston Police Department inadvertently released unencrypted ALPR
�
SB 34 (Hill)
Page 11 of ?
records pertaining to 40,000 different vehicles as part of a
public records request. (See Musgrave, Boston Police Halt
License Scanning Program (December 14, 2013)
[as of April 8, 2015].)
Collectively, the data security protocols implemented through
this bill will help ensure that sensitive personal information
collected through the use of ALPR systems will be better
protected from improper use and inadvertent disclosure. In so
doing, these data security requirements further the
Legislature's longstanding policy of providing effective laws to
protect the integrity of personal information entrusted to or
held by third parties.
4.Exclusion of Transportation Agencies
Transportation agencies and other entities that operate toll
bridges, toll highways, and toll lanes often use ALPR systems as
automated methods to charge tolls to passing vehicles. Tolls
for crossing the Golden Gate Bridge, for example, are assessed
electronically using ALPR cameras that record images of license
plates as a vehicle passes through the toll plaza. After the
toll is assessed, an invoice is generated and mailed to the
registered owner of the vehicle. (See Toll Payment Options --
All Electronic Tolling on the Golden Gate Bridge
[as of
April 8, 2015].) In California, these entities are prohibited
from selling or providing to third parties any personally
identifiable information obtained through a person's
participation in an electronic toll collection system (ETC) or
use of a toll facility, including travel pattern and license
plate information. (Sts. & Hy. Code Sec. 31490(a).) These
entities are also required to establish a privacy policy
regarding the collection and use of personally identifiable
information by a toll system, and to provide to subscribers of
that system a copy of the privacy policy in a manner that is
conspicuous and meaningful. (Sts. & Hy. Code Sec. 31490(b).)
This bill expressly excludes a transportation agency when
subject to Section 31490 of the Streets and Highways Code from
the definition of both an ALPR operator and an ALPR end-user.
Staff notes that existing law pertaining to ALPR use in
electronic toll collection generally imposes stricter
requirements on transportation agencies than would be the case
�
SB 34 (Hill)
Page 12 of ?
under this bill. For example, a transportation agency must
destroy personal information in its possession no later than
four years and six months after a toll user's account is closed,
whereas this bill imposes no maximum retention period on
personal information. (See Sts. & Hy. Code Sec. 31490(d).)
Similarly, a transportation agency may not use a nonsubscriber's
personally identifiable information obtained using an electronic
toll collection system to market products or services to that
nonsubscriber. (See Sts. & Hy. Code Sec. 31490(k).) This bill
contains no similar restriction on marketing. However, one
provision of this bill not replicated in current law pertaining
to transportation agencies is the requirement that ALPR
operators maintain a record of access to ALPR information.
5.Technical and Clarifying Amendments
The author offers the following technical amendments to correct
erroneous references in the bill:
On page 12, line 28, strike (b) and insert (a)
On page 12, line 33, strike (b) and insert (a)
The author offers the following clarifying amendments to ensure
that an ALPR operator's privacy policy matches the scope of
requirements specified for inclusion in that privacy policy:
On page 12, line 5, strike "collection" and insert
"collection, use, maintenance, sharing, and dissemination"
On page 13, line 8, strike "access and use" and insert
"access, use, sharing, and dissemination"
The author offers the following clarifying amendment to resolve
ambiguity surrounding the identity of a person recorded as
accessing ALPR information:
On page 13, line 4, strike "(c) The person who accesses the
information." and insert "(c) The name of the person who
accesses the information, and, as applicable, the organization
or entity with whom the person is affiliated."
The author offers the following clarifying amendments to
eliminate inconsistencies between the privacy policy
requirements of ALPR operators and ALPR end-users:
On page 13, line 27, strike "custodian" and insert "custodian,
�
SB 34 (Hill)
Page 13 of ?
or owner,"
On page 13, between lines 32 and 33, insert "(8) Which
employees and independent contractors have the responsibility
and accountability for implementing subdivision (a) and this
subdivision."
Support : Bay Area Civil Liberties Coalition; Conference of
California Bar Associations; Media Alliance; Small Business
California
Opposition : None Known
HISTORY
Source : Author
Related Pending Legislation : None Known
Prior Legislation :
SB 893 (Hill, 2014) would have placed restrictions on the use of
automated license plate recognition (ALPR) technology by both
public and private sector users. Among other things, this bill
would have: required retained ALPR data to consist only of a
license plate number, date and time of capture, and geographical
location; would have prohibited ALPR operators from trespassing
onto private property to collect ALPR data without first
obtaining written consent of the landowner; and would have
prohibited any public agency from sharing ALPR data with any
private entity or individual absent a court order. This bill
died on the Senate Inactive File.
AB 179 (Bocanegra, Ch. 375, Stats. 2013) prohibits
transportation agencies and other entities that employ an
electronic transit fare collection system (ETFC) for the payment
of transit fares from selling or providing to third parties any
personally identifiable information obtained through a person's
participation in an electronic transit fare collection system
(ETFC), with certain exceptions.
SB 1330 (Simitian, 2011) would have placed restrictions on the
use of automated license plate recognition technology by private
entities, including restrictions on the retention, use, and sale
of such data. This bill would have also restricted the ability
�
SB 34 (Hill)
Page 14 of ?
for a person to transfer ALPR data to a law enforcement agency
absent a search warrant or other specified circumstances. This
bill died on the Senate Floor.
AB 115 (Committee on Budget, Ch. 38, Stats. 2011), see
Background.
SB 1268 (Simitian, Ch. 489, Stats. 2010) prohibits
transportation agencies from selling, or providing to any other
person, the personally identifiable information of either
subscribers of an electronic toll collection system or anyone
who uses a toll bridge, lane, or highway that utilizes an
electronic toll collection system.
SB 854 (Committee on Budget and Fiscal Review, 2010) would have,
among other things, authorized the Department of the California
Highway Patrol to retain license plate data captured by an
automated license plate reader for not more than 72 hours unless
the data is being used as evidence or for a legitimate law
enforcement purpose. The bill would have prohibited the
Department from selling ALPR data or making the data available
to an agency that is not a law enforcement agency or an
individual that is not a law enforcement officer, and would
require the Department to monitor internal use of the data to
prevent unauthorized use. This bill died on the Senate Floor.
AB 1614 (Committee on Budget and Fiscal Review, 2010) would
have, among other things, authorized the Department of the
California Highway Patrol to retain license plate data captured
by an automated license plate reader for not more than 72 hours
unless the data is being used as evidence or for a legitimate
law enforcement purpose. The bill would have prohibited the
Department from selling ALPR data or making the data available
to an agency that is not a law enforcement agency or an
individual that is not a law enforcement officer, and would
require the Department to monitor internal use of the data to
prevent unauthorized use. This bill died on the Senate Floor.
Prior Vote :
Senate Transportation and Housing Committee (Ayes 8, Noes 2)
**************
�
SB 34 (Hill)
Page 15 of ?