Police and other law enforcement agencies are deploying an increasing number of license plate scanners across the country, but what are they doing with the data they collect and what does this mean for our privacy?

Ostensibly, the equipment – which can read license plates using cameras mounted on police vehicles – is being used to help law enforcement officers fight car crime. Upon reading a license plate, the number is relayed through a database which can alert officers to anything suspect about the vehicle or its owner; for example it can tell officers if the vehicle has been reported stolen or if isn’t registered, in addition to flagging the registered owner if he or she has a suspended license or any outstanding warrants against them.

License Plate Readers (LPRs), which combine video cameras with optical character recognition (OCR) technology, can be fitted onto police patrol cars or used at checkpoints, and have been adopted by police forces in no less than 35 states across the nation. Already, officers have achieved some notable successes, identifying stolen vehicles and returning these to their owners, but a number of concerns have been raised about just what the government might be doing with all the data it picks up besides simply fighting crime.

The American Civil Liberties Union has been especially vocal in their opposition to the use of LPRs, claiming that the systems are threatening the basic freedoms of American citizens by tracking their every move on the road, and even keeping a permanent record of everywhere they have been.

To get some answers, the ACLU has filed Freedom of Information requests in 35 states to query authorities on just how they plan to use the data collected from LPRs and to what extent they might compile ‘movement histories’ of people.

Allen Gilbert, executive director of ACLU in Vermont, recently said that the organization had discovered evidence that data collected from LPRs on non-suspect vehicles was being held for up to four years in some cases, raising serious concerns that this ‘movement history’ could lead to abuse of an innocent person’s civil liberties.

More worryingly, it’s recently emerged that law enforcement officials are not the only ones to have gotten their mitts on this data. ARS Technica reported this week that the information is being shared with hundreds of car insurance companies via the National Insurance Crime Bureau (NICB), a non-profit organization that’s funded primarily by American insurers.

The data in question comes from LPRs located at border crossings with Mexico, and includes the license plate in question, precise GPS locations, timestamps, and dates of any vehicle that leaves or enters the United States at its southern border.

NICB officials say that the data is only used in order to prevent vehicle thefts, and to track stolen cars that have been driven across the border. It notes that thousands of vehicles are stolen every year in the US, and later taken to Mexico to be resold.

Certainly, there’s no question that insurers would want to use the technology to see where stolen vehicles end up, but questions will surely be raised about what else they do with the data they collect. After all, who trusts an insurance agent? Given the much publicized concerns that health insurance companies might discriminate against certain individuals based on their genetic likelihood of developing chronic diseases, it isn’t beyond the realms of possibility to imagine that auto insurers might somehow use their LPR data in a similar way. What with the spiraling crime levels in Mexico, insurers could well decide that anyone who drives across the border more than two or three times a year deserves a substantial ‘hike’ in their premiums, and there’s little that anyone could do about it.

No doubt, many people will dismiss these concerns as ‘hype’ from a bunch of liberals with nothing better to do, but from my own investigations, I think they have some merit. There appears to be little in the way of legislation that directs how this kind of data should be collected, who can access it, and how long it should be stored. Surely, at the very least, these concerns need to be addressed?