By John Chigos.
Early in March, the Virginia General Assembly passed a bill (SB965) that would, among other things, limit the retention period for LPR systems used in the state to seven days. After that, any LPR captures not being used in an investigation would have to be deleted.
In a surprising move of common sense, Governor Terry McAuliffe sent back an amended version of the bill that changes the seven-day retention period to sixty days and does away with language that would make the proposed law apply to future technologies in addition to LPR.
The General Assembly now has until April 15th to decide whether to keep the amendments or force the Governor to either sign or veto the original version. Considering that legislators were overwhelmingly for this bill as written, it is far from certain that we have heard the last of its Draconian provisions.
I believe that this bill is indicative of a disturbing trend in the public perception of LPR and similar technologies, and we are likely to see many more like it in the months and years to come. I have written this piece in an effort to address this trend, and as such, it is concerned with the original language of the bill and not with Governor McAuliffe?s amendments.
I have written at length about government-mandated LPR retention periods in the past and have been generally supportive of them. I am on record as stating that determining the proper amount of time for LPR capture data to be retained is a proper function of state government.
However, I personally believe that seven days is too short a retention period, since historical data going back several months is often necessary to solve certain crimes.
A good illustration of this point is the recent case of the ISIS terrorist dubbed ?Jihadi John.? How much more could we have learned about this individual, the organizations he is affiliated with, and other active members if we could have gone back and traced his movements or those of his compatriots over a longer period?
The United Kingdom understands this well, as they have used LPR successfully as a counter-terrorism tool for decades. Their nationally mandated LPR data retention period is two years1, which usually provides enough data to deduce the behavior patterns of potentially threatening individuals.
I fear that it will take no less than a heinous act of terror on the level of 9/11 to make us understand this point.
Instead of putting up roadblocks at every turn, we have to place trust in the officials tasked with protecting us. There has to be some level of confidence that the information they gather will be used properly and on point; otherwise, we cut ourselves off from valuable and possibly life-saving intelligence.
By allowing them the proper leeway and the proper technological tools to perform their duties, we enable them to gather the objective, dispassionate data they need to take informed and rational action against threats.
So, along comes Virginia SB965, and the public and the politicians just blindly go along with the established notion that advanced video surveillance technologies are generally evil and need to be restricted almost to the point of uselessness.
At least, that?s the impression you get from the press coverage.
I understand that there was at least some public debate; Democratic State Senator Chap Petersen, the bill?s author, partnered with Republican Delegate Richard Anderson to form what they call the ?Ben Franklin Privacy Caucus,? which apparently held a public forum on this issue in September of last year.
However, I was unable to locate any transcript or minutes from this forum online. Upon further inquiry, I was told by a representative from Mr. Anderson?s office that such records are not kept because the meetings are not staffed for it.
I?m not making any accusations, but I do have to wonder just how much staff is actually needed to record a meeting and transcribe it. I also have to ask why no one thought it was necessary to preserve a record of a meeting as important as this one. I do not think it is an unfair interpretation to surmise that no one is anxious to broadcast the events of that debate.
Could that be because no one representing the other side was allowed a fair hearing? Or possibly because such a person did speak and cleaned the politicians? Luddite clocks? We may never know. So let us discuss the provisions of the bill itself.
The aspects of Virginia SB965 that I find disconcerting have mostly to do with the findings that spurred its creation and the broadness of some of its language. These, as I have stated, represent a dangerous attitude toward LPR and other advanced surveillance technologies that perpetuates a public misconception of such technologies? capabilities and intent.
The sum total of my disagreement with the bill boils down to two things, which I will discuss in greater detail in the following paragraphs: First, that it expands the definition of ?personal information? past the point that is reasonable, especially when compared with the privacy provisions of the 4th Amendment to the U.S. Constitution.
Second, it places such overly restrictive boundaries on law enforcement?s ability to collect so-called personal information that they may be unable to perform their regular duties effectively.
Additionally, new surveillance technologies other than LPR are likely to be even more greatly hampered in their effectiveness if the bill?s current language becomes law.
Bottom line, although there appear to be some exceptions granted for LPR, the overall tenor of the bill seems to be one of further curtailing the ability of the police to do their job while Mr. Petersen attempts to keep his job through manipulating public opinion.
As to the definition of ?personal information:? The bill adds two significant definitions: first, that it means all information that ?describes, locates, or indexes anything about an individual including, but not limited to? his or her vehicle license plate number; second, that it means any data that ?affords a basis for inferring? a person?s presence at any place.
With these two definitions added to an already lengthy list, I?m hard pressed to think of any data about someone that could not be considered ?personal.?
Now, consider the bill?s stipulations in Section C that state, ?There shall be no personal information system whose existence is secret,? and that, ?Information shall not be collected unless the need for it has been clearly established in advance.? The first stipulation is not entirely disagreeable, even if its intent is wrongheaded; the knowledge that such a system is in use can be a powerful deterrent to crime and terrorism.
I would merely argue that detailed information on how these systems work should not be made public. As to the second, however, the problem is that the need cannot always be established in advance. Sometimes the data itself is the only indication of its necessity; for example, the suspicious movement pattern of a vehicle, revealed by LPR, may be the only indication that further investigation and tracking is warranted.
Worse yet are the boundaries the bill appears to place on law enforcement. Just to note one glaring example: The language in the secrecy clause could easily apply to any technology, even a pen and paper. Will police now be disallowed from even writing down the presence of a person they find suspicious and including a description?
Under the definitions established by this bill, that would qualify as personal information because it affords a basis for inferring that person?s presence at that place.
What I think we have in this bill is a clear case of overreach. Riding on the tide of negative publicity surrounding LPR and similar surveillance technologies, some politicians are trying to make names for themselves by putting forth a bill that is sure to be popular with an unjustly scared public.
They are also doing a fine job of adding to that fear factor by constantly raising the issue. We as an industry need to work to reverse this trend.
As this bill shows us, the more sophisticated our technology becomes, the more the Chap Petersens of the world (and there are many) will rise up to oppose it and thereby strip us of valuable tools for our defense. We cannot capitulate in that battle lest we leave our loved ones that much more vulnerable.
About The Author: John Chigos is the Founder, Chairman & CEO at PlateSmart Technologies, Inc. http://www.platesmart.com/
SecurityHive: Opinions expressed by contributors and commentators do not necessarily reflect the views of SecurityHive.
Agree. Have a differing opinion? Leave your comments below.
1 National ANPR Standards for Policing Part 3 ? Data Access and Management Standards, October 2014, Home Office, London, UK, p. 7.
Source: platesmart.com