Documents Uncover NYPD’s Vast License Plate Reader Database

Supporters of license plate readers are fond of saying that unless you’re a criminal, you needn’t fear the invasive technology. But those who adhere to that argument should consider just a few examples from around the country:

  • A police officer in Washington D.C. pleaded guilty to extortion after looking up the plates of cars near a gay bar and blackmailing the car’s owners. 
  • The DEA contemplated using license plate readers to monitor people who were at a gun show. Since the devices can’t distinguish between those who are selling illegal guns and those who aren’t, a person’s presence at the gun show would have landed them in a DEA database. 
  • A SWAT team in Kansas raided a man’s house where his wife, 7-year-old daughter, and 13-year-old son lived based in part on the mass monitoring of cars parked at a gardening store. The man was held at gunpoint for two hours while cops combed through his home. The police were looking for a marijuana growing operation. They did not find that or any other evidence of criminal activity in the man’s house.

With these stories firmly in mind, the New York Civil Liberties Union’s latest license plate reader discovery is all the more chilling.

Last year, we learned that the NYPD was hoping to enter into a multi-year contract that would give it access to the nationwide database of license plate reader data owned by the company Vigilant Solutions. Now, through a Freedom of Information Law request, the NYCLU has obtained the final version of the $442,500 contract and the scope-of-work proposal that gives a peek into the ever-widening world of surveillance made possible by Vigilant.

Surveillance is about power. Vigilant gives the NYPD power to monitor our whereabouts and, by extension, our affiliations, interests, activities and beliefs. 

The scope-of-work proposal explains how Vigilant vastly expands the NYPD’s surveillance capability beyond what was possible with its own license plate database. Known as the Domain Awareness System, it collects the license plate data scanned by the approximately 500 license plate readers operated by the NYPD and combines it with footage from cameras and other surveillance devices around the city. The NYPD holds on to the license plate data for at least five years regardless of whether a car triggers any suspicion.

The Vigilant database raises similar privacy concerns as the Domain Awareness System, but those concerns are greatly magnified because the Vigilant database is massive: It contains over 2.2 billion location data points, and it is growing by almost a million data points per day. The database also isn’t limited to New York City, which means the NYPD can now monitor your car whether you live in New York or Miami or Chicago or Los Angeles. (See Vigilant’s Nationwide Scan Density Map on page 64.) Even more worrisome, the data comes from private license plate readers that scan locations that the police are less likely to scan: residential areas, apartment complexes, retail areas, and business office complexes with large employee parking areas. And, as far as we can tell, there is no limit on how long Vigilant keeps all of this private location data. There is no incentive for Vigilant to delete any data because its business model is to profit off of selling people’s data.

The Vigilant database also boasts “full suite data analytics tools.” These tools allow police officers to track cars historically or in real time, conduct a virtual “stakeout,” figure out which cars are commonly seen in close proximity to each other, and predict likely locations to find a car.

With this volume of private data and these types of tools, Vigilant enables the NYPD to learn intimate details about people’s lives with a click of a mouse. Through the “stakeout” feature, the NYPD may learn who was at a political rally, at an abortion clinic, or at a gay bar. Through the predictive analysis, the NYPD may learn that a person is likely to be near a mosque at prayer time or at home during certain hours of the day.  Through the “associate analysis,” the NYPD may come to suspect someone of being a “possible associate” of a criminal when the person is simply a family member, a friend, or a lover.

Until now, law enforcement agencies under contract with Vigilant, including the NYPD, have said very little in public about how they use the database and what privacy protections they implement. That needs to change. Fifty police officers at the NYPD’s Real Crime Center have access to the Vigilant database and tools every day. The public has the right to know what rules regulate their access and what oversight mechanisms, if any, are in place. They have the right to know when and how the police are using the database and what the consequences are. 

Surveillance is about power. Vigilant gives the NYPD power to monitor our whereabouts and, by extension, our affiliations, interests, activities and beliefs. By demanding answers to critical questions about NYPD’s use of Vigilant and other surveillance tools, New Yorkers can begin to take back the power imbalance created by the new era of mass digital surveillance. 

View comments (18)
Read the Terms of Use


The data is protected by the DPPA, or Drivers Privacy Protection Act. If anyone connects the LPR data to a person, without a permissible purpose they are violating the law and should be prosecuted. Go for it NYPD. Please lock up criminals and terrorists.


In New York State even your vehicle registration information is not really protected under DPPA. Your vehicle registration information is sold to countless data brokers.

The DPPA data is collected and sold absolutely freely in the US because of "First Amendment" and the lunatic belief that there is no privacy in public places. Anyone who claims that there is no privacy in the public should agree to wear a GPS tracking device on his body and publish his location information on Facebook in real time.

Living in NYC, I don't own a car. But your comment shows an amazing amount of naivete on the current status of digital privacy.

Also, if all you want to do is to lock up terrorists and criminals, why store location data on innocent drivers for more than 5 years? If you are trying to invoke the "haystack and pin" argument to justify this, you should be deported to North Korea.


"The data is protected by DPPA"

Citation needed


11:50 Post - Got a lot of faith in lawless times


Yeah, that stopped the NSA from illegal wiretapping everyone and monitoring everyone's internet usage.
They needed a warrant and never got them. Thank the patriot act.


Just a bit of clarification please. How does a private company get permission to place electronic monitoring devices on private and public property ? Does all this monitoring first involve contracts with private property owners or government authorities? And does that include permission to sell the data?


I think it works the same way private companies build thermonuclear weapons.


The Fourth Amendment is still the "supreme law of the land" - it has never been amended.

NYPD police officers and leaders voluntarily swore a supreme (and superseding) loyalty oath, oath of office, to follow the U.S. Constitution in their job duties and authorities. Their own loyalty oath requires that they follow the Fourt Amendment.


Lol. Tell that to the officer that committed perjury in sworn testimony against me last week.


"The Chairman of the Advisory Council is Mr. Howard Safir. Mr. Safir has a long and distinguished career as Police Commissioner of New York City, Director of Operations for the United States Marshals Service, Assistant Director of the United States Drug Enforcement Administration (DEA), Fire Commissioner of New York City, member of the Executive Committee of the International Association of Chiefs of Police (IACP) and Board Member of Lexis-Nexis Special Solutions, Verint Systems and Implant Sciences Corporation."


Stay Informed