Posted by Lloyd Chebaclo at 12:12 PM

On Monday March 18, 2013, the Minnesota Department of Administration ruled data collected on the license plate readers is private, including plate numbers, times, dates and locations of vehicle scans, and vehicle photos. Automatic license plate readers (ALPRs) are used by law enforcement to rapidly scan plates and can be used to track wanted vehicles. These cameras take a photograph of every license plate that passes them by, often storing that photo of the vehicle in addition to the plate number, meta-tagging each file with a GPS location, time and date, and converting each number into text that is searched in a database of plate numbers entered manually or selected by an agency. In December of 2012, the City of Minneapolis released a database of over 2 million license plate scans, as reported in the StarTribune.

The reclassification of license plate reader data as private is temporary through 2015. The Minnesota House of Representatives Civil Law Committee addressed Rep. Mary Liz Holberg’s (R) bill to regulate automated license plate reader data to make it classified, require log of use, and require data to be destroyed.

When the City disclosed the data, it nonetheless sought to protect the locations of its stationery cameras by redacting the locations across much of the entries. ALPRs are generally mounted on stationery objects like telephone poles and under bridges or on patrol cars. Among the seven people that requested and received the data from the city were a web developer, a University of Minnesota researcher, and a StarTribune reporter.

This practice sparked a debate in the legislature, a push to reclassify the data as private from Minneapolis Mayor R.T. Rybak (among those tracked), and calls from privacy advocates to narrow limitations on retention policies for such data. Arstechnica reported that a local Minnesota firm, Datalytics had received the database. The firm caught the local police department’s attention when it advised that it was able to pin the locations of the stationery cameras, underscoring the vulnerability exposed by making all of the data collected freely accessible for the police itself. The data had been public by default, and could be stored indefinitely absent state law on the matter. StarTribune reported last August that in Minneapolis the location data is stored for one year, while St. Paul discards it after 14 days, and State Patrol erases it in 48 hours.

The discourse over how to manage the data echoes the concerns of nationwide public interest groups and privacy advocates like the American Civil Liberties Union (ACLU). ACLU noted in July 30, 2012 that only two states had passed legislation barring retention of “non-hit” plate data, which is data on cars that are not wanted by the police. This locational information provides potential for data mining, generating profiles on plate owners and potentially sensitive information about where they have been, raising privacy concerns similar to those raised by warrantless GPS tracking. The license plate reader data in effect becomes a retroactive warrantless surveillance tool. States and municipalities have a valuable tool in license plate readers, but should regulate them with considered data retention and access policies that address the privacy interests of the public to prevent unfettered tracking and abuse of sensitive information.