And they didn’t need to request search warrants from the courts, the article explains, since “the agency did just what hundreds of other businesses and investigators do: straight-up purchase access to commercial databases.”
U.S. Customs and Border Protection (CBP) has been buying access to commercial automated license plate-reader databases since 2017, TechCrunch reports, and the agency says bluntly that there’s no real way for any American to avoid having their movements tracked. “CBP cannot provide timely notice of license plate reads obtained from various sources outside of its control,” the agency wrote in its most recent privacy assessment. “The only way to opt out of such surveillance is to avoid the impacted area, which may pose significant hardships and be generally unrealistic….”
CBP already buys cell phone location data, even though it would not legally be able to hoover it up on a wide scale directly. Police also purchase hacked and breached data from third-party vendors that they can then use to track and identify individuals in ways that otherwise might have required a warrant.
Although hundreds of jurisdictions nationwide use automated plate-scanning technology, fewer than 20 states have laws of any kind on their books governing the collection, use, and storage of automated license plate-reader (ALPR) data. Even fewer of those laws specify what private entities can collect ALPR data and what can be done with that information. The software also seems to become more granular almost by the day.
Theoretically, CBP only has authority to operate within 100 miles of the US border. The data it purchases, however, may allow it to track any given license plate basically anywhere in the country.