Over the last decade, license plate readers have become an increasingly popular tool for law enforcement around the United States. One federal agency that has aggressively pursued this data is US Immigration and Customs Enforcement, through a $6.1 million contract with a private firm called Vigilant Solutions. Now, new details of this arrangement have been revealed through extensive documents obtained by the American Civil Liberties Union of Northern California through a Freedom of Information Act request.

The internal documents show that through its Vigilant Solutions contract, which began in 2018 and runs to September 2020, ICE has access not only to five billion records gathered by private businesses, but also to 1.5 billion data points contributed by over 80 local law enforcement agencies from more than a dozen states. Often, these data-sharing agreements stem from friendly professional relationships between local police and ICE, but these casual arrangements may violate ICE privacy policies and state and local data-sharing laws—particularly in cases where the data originates from sanctuary cities. Vigilant Solutions and ICE did not immediately return a request for comment.

“The records raise many questions about the relationship between ICE and local agencies,” says Matt Cagle, a staff attorney at the ACLU of Northern California. “Federal law does not require that local agencies expose sensitive local driver locations. It is surprising when a government agency obtains unfettered access to information that reveals where we live, where we work, and our private habits.”

Automated license plate readers, sometimes called ALPRs, are high-speed cameras mounted on overpasses, bridges, road signs, public vehicles, or on private property like at malls or parking lots. They can record thousands of license plates per minute, and capture the location coordinates, date, and time along with each photo for long-term aggregation and storage. The data they accumulate can be used to create a detailed picture of where a car has been over time. Both private companies and local law enforcement partner with Vigilant to build up its databases.

ICE doesn’t collect license plate data directly, or maintain a database. It instead relies on its Vigilant contract. The ACLU documents, which were viewed by WIRED, show that more than 9,200 ICE officers have database accounts. And Vigilant claims to add hundreds of millions of new license plate scans from private businesses every month. The documents also show that Vigilant provided training to ICE on how to convince local law enforcement agencies to make their regional license plate data available. The documents also show ICE agents asking local police to run searches for them, even when ICE doesn’t have full access to that repository.

This type of informal access seems incongruous with ICE’s privacy guidance for license plate location data. For example, ICE claims to limit license plate data collection near “Sensitive Locations” like churches, hospitals, schools, or protests. But when data is streaming in from so many sources, both public and private, it’s almost impossible to avoid this data in searches. The more data is collected and stored through private contractors, the easier it is in practice for the boundaries to bleed together.

“Privately-owned and profit-driven surveillance databases are an expanding threat to civil liberties and civil rights,” the ACLU’s Cagle says. “By taking data collected for one purpose—like traffic enforcement, repossession trucks—and allowing ICE to exploit it for another completely unrelated purpose, Vigilant also violates a core privacy principle that any responsible company should abide by.”

The documents indicate that sanctuary cities like Union City, California have contributed local license plate data to ICE-accessible databases. And the ACLU points out that in addition to sanctuary protections, which limit a municipality’s cooperation with federal immigration investigations, some states have more general laws that limit or prohibit license plate data sharing between local and out-of-state agencies. In California, for example, local agencies sharing license plate data with ICE seems to violate Senate Bill 34 and the California Values Act (SB 54), which limit data sharing between local and federal authorities, particularly for immigration enforcement.

Communities that want to block this type of data-sharing can oppose contracts that enable license plate data collection in the first place, and can pass ordinances that require oversight of local police surveillance tools. But private companies like Vigilant virtually guarantee the continued national growth of these data repositories.

Though many local agencies contribute willingly to the Vigilant databases ICE can access, the combination of these mechanisms plus informal, backdoor sharing agreements give ICE license plate data access on a scale that is difficult to fully measure. The ACLU says that one extensive batch of emails between an ICE “Homeland Security Investigations” officer and a detective in the Orange County Intelligence Assessment Center, a “fusion center” in which multiple law enforcement agencies collaborate, illustrates how the agency circumvents privacy rules. The exchange is clearly friendly, and the ICE agent regularly asks the detective to run plate numbers, and even the numbers from parking permits for people with disabilities, on the agent’s behalf.

In one exchange the ICE agent writes, “I finally have access to [the Vigilant database]! But only the commercial system … would you mind running the following plate for me?” The detective replies, “Well, i am glad you have access, but i am also glad you still need me once in a while :))))”

More Great WIRED Stories