House bill would limit use of data from license plate readers, which cops use to spot criminals.
Using an automatic license plate reader (ALPR) system, a Maplewood officer looked for stolen vehicles or those being driven by owners with invalid or revoked licenses. Plate numbers show up on a laptop screen and are instantly run through a state Bureau of Criminal Apprehension database.
Minnesota law enforcement authorities soon will face stricter limits on the use of controversial vehicle-tracking technology to collect sensitive location data on innocent people.
The state is poised to approve its first regulations for license plate readers — small devices that law enforcement officers use to spot criminals in real time. Minnesota is one of several states that is debating or has passed restrictions on the use of the readers.
Privacy concerns drove a bipartisan vote in the Minnesota House on Friday to stop police from retaining any location data stored by the readers on noncriminals. That vote came over the objections of law enforcement groups.
License plate readers are often attached to the hoods of squad cars, scanning every plate they see against a database of wanted vehicles. But a 2012 Star Tribune investigation revealed that police also were storing massive amounts of location data about regular vehicles — all of it publicly available. The newspaper requested and published the locations of Minneapolis Mayor R.T. Rybak’s vehicle to illustrate how anyone can obtain someone else’s data.
A state agency temporarily designated the data as private, a classification that would become permanent under bills working their way through the Legislature. But police now can keep data on noncriminal vehicles for as long as they want; Minneapolis and St. Paul say they keep it for three months.
The House bill passed Friday would ban any data retention.
The bill, sponsored by Rep. Mary Liz Holberg, R-Lakeville, says no data could be retained unless the vehicle is wanted by law enforcement. A Senate companion measure, expected to pass soon, would allow the data to be retained for 90 days. The differences between those bills must be resolved before a measure goes to Gov. Mark Dayton.
Friday’s debate focused on that retention time. Law enforcement groups have argued that historical data is an important tool to help solve crimes because it allows them to scan the past whereabouts of suspects who materialize after a crime has been committed.
Rep. Debra Hilstrom, DFL-Brooklyn Center, unsuccessfully pushed an amendment that would have let police keep noncriminal data for 180 days, saying that barring them from keeping it altogether “ties the hands of law enforcement.”
But Rep. John Lesch, DFL-St. Paul, countered that it was not worth compromising the privacy of innocent people, who account for a vast majority of the vehicles being tracked. Last June, for example, only 6,100 of the 805,000 scans by plate readers in Minneapolis matched a database of wanted vehicles.
“This is about our constitutional liberties,” Lesch said. “It’s not up to the police to know where you’ve been for the past 180 days, unless they have some reasonable suspicion or probable cause to have that information.”
When Hilstrom said that people have “no reasonable expectation of privacy on your license plate on your car,” Rep. Joe Atkins, DFL-Inver Grove Heights, responded that “there is an expectation that we won’t be followed around by the government.”
The House bill also would require police departments to disclose the locations of their readers; Minneapolis has refused to say where their stationary readers are installed. It also forces departments to disclose the times of use and the amount of data collected.
Data breach bill also passed
Also on Friday, the House passed a bill attempting to shed light on misuse of private data by public employees. It came on the heels of several high-profile breaches of the state driver’s license database by police officers and other government workers.
The bill would require government entities that identify data misuse to create a public report documenting the breach — including the names of any employees who were disciplined.
Law enforcement groups aggressively lobbied to eliminate a provision requiring governments to post the report on their websites. An amendment to strike that language, sponsored by Rep. Dan Schoen, DFL-St. Paul Park, succeeded, meaning that only victims of a data breach will be notified of a report’s existence. Anyone can request the reports, however.
Schoen, a police officer, said the language would have invited unneeded criticism of small-town police officers and their families, as well as possibly motivate governments to issue fewer disciplinary actions.
“Why would … you want to protect the bad actors?” Holberg asked her colleagues, urging them to oppose the amendment. “This is not people just accused. These are individuals that violate these standards, and there was disciplinary action. Why would we make that not readily available to the public?”
Holberg also removed a provision from the bill that would allow people to obtain an audit trail of the employees who access their private data. A companion bill is pending in the Senate.