​Michael Moore is a retired public-school teacher living in San Francisco. Nearly every day, as he drives to the store, to his sons’ schools, or to meet friends and family, his movements are watched and recorded at every turn. But he is not being tailed by a private detective or by the police.

Moore, like every other driver in San Francisco, is being tracked because he must navigate through the city’s network of almost 500 automated license plate readers (ALPRs).

These devices, operated by the San Francisco Police Department (SFPD), constitute a major link in the national surveillance network that the vendor Flock Safety is providing to state and local law enforcement. Moore has had enough. At the end of December, he filed a class action lawsuit in a federal courtroom on his behalf and on behalf of his fellow San Franciscans against the city and its police department over this continuous violation of their Fourth Amendment rights.

In his suit, Moore states that Flock ALPRs “make it functionally impossible to drive anywhere in the City without having one’s movement tracked, photographed, and stored in an AI-assisted database that enables the warrantless surveillance of one’s movements.”

Here are some of the topline revelations from Moore’s lawsuit:

Suspiciousness surveillance: Of the over 1 billion license plate scans collected by 82 agencies nationwide in 2019, “99.9 percent of this surveillance data was not actively related to any criminal investigation when it was collected.”

Creates “vehicle fingerprints”: “When Flock Cameras capture an image of a car, Flock’s software uses machine learning to create what Flock calls a ‘Vehicle Fingerprint.’ The ‘fingerprint’ includes the color and make and model of the car and any distinctive features, like an anti-Trump bumper sticker or roof rack. Flock’s software converts each of those details into text and stores them into an organized database.”

Tracks social networks: “Flock provides advanced search and artificial intelligence functions that SFPD officers can use to output a list of locations a car has been captured, create lists of cars that have visited specific locations, and even track cars that are seen together.”

Data stored indefinitely: “The data that Flock Cameras collect belong to the SFPD but Flock retains data on a rolling 30-day basis. Nothing, however, prevents the SFPD or its officers from downloading and saving the data for longer than SFPD’s 365-day retention period.”

Flock doesn’t just see and record – it thinks and analyzes:

“ALPR technology is a powerful surveillance tool that is used to invade the privacy of individuals and violate the rights of entire communities. ALPR systems collect and store location about drivers whose vehicles pass through ALPR cameras’ fields of view, which, along with the date and time of capture, can be organized by a database that develops a driver profile revealing sensitive details about where individuals work, live, associate, worship, protest and travel.”

Moore’s lawsuit poses a profound constitutional question: Can a city turn every resident into a perpetual suspect simply for driving on public roads?
​
The Fourth Amendment was written to forbid dragnet surveillance untethered to suspicion, warrants, or individualized cause. Yet San Francisco has quietly constructed a system that records nearly every movement of its citizens, not because they are suspected of wrongdoing, but because technology makes it easy. If this practice is allowed to stand, the right to move freely without government monitoring may become a relic – honored in theory, but surrendered in practice to cameras, algorithms, and convenience.

​When your identity is confirmed by a string of numbers in a computer, are you still yourself if the algorithm determines you (the person) are not you (the digital ID)?

One state, Utah, is leading the nation in answering this question with policies that safeguard humans, while Washington, D.C. is heading down the path of reducing humans to algorithms.
Consider ACLU’s Jay Stanley, who praised Utah for its “State-Endorsed Digital Identity” (SEDI), the state’s new framework for digital ID systems. In an approach that should be the norm rather than the notable exception, the Beehive State puts privacy first.

Utah begins with the conviction that identity “is not something bestowed by the state, but that inherently belongs to the individual; the state merely ‘endorses’ a person’s ID.” In other words, our identities belong to us. We are born with them. We own them. With that realization comes new-found respect for privacy and other forms of personal freedom. 

This view of identity stands in sharp contrast to the definition Stanley found in the data-driven world of federal law enforcement. With the feds, identity is becoming something only the state can grant, defaulting to incomplete or faulty digital verification of citizenship.

To be clear, both Utah’s SEDI platform and the federal approach utilize digital ID systems, but one is a case study in digital due diligence while the other illustrates the dangers of slapdash digital recklessness. The federal system is based on incomplete databases, poorly designed architecture, evolving (meaning, far from perfect) technology, and an utter disregard for the constitutional rights of individuals.

Utah’s approach differs from the federal approach in very important ways:
​

1. Being “user-centric” to ensure that government identification systems are used to empower individuals, not control them.
2. Being free from surveillance, visibility, tracking, or monitoring by any entity – including private companies and unauthorized government agencies and staff – other than the party that is solely authorized to check the ID.  
3. Making factors like security, completeness, and accuracy a top priority, in contrast to the unreliability of the facial recognition technology that underlies many of today’s digital verification systems.
4. Enforcing a user’s “right to paper” (or plastic), including continued and unfettered access to essential government services, even when using only non-digital, physical ID methods.  
5. Adhering strictly to constitutional rights, particularly Fourth Amendment protections against warrantless searches and dragnet-style fishing expeditions conducted without probable cause.

Stanley goes on to quote the Ranking Member of the House Homeland Security Committee, who reports that an app (called Mobile Fortify) used by Immigration and Customs Enforcement (ICE) now constitutes “definitive” determination of a person’s status “and that an ICE officer may ignore evidence of American citizenship – including a birth certificate.”

That’s bad enough on its own of course, but along the way, the government now sweeps up Americans’ biometric identifiers en masse. The databases Mobile Fortify accesses contain not only our photographs but enough records to constitute a permanent digital dossier.

Congress did not get to review, much less approve, any of this. The American people never voted on it. In fact, the whole thing leaves us wondering what happened to the Privacy Act, signed into law by President Ford in 1974. It has been described as “the American Bill of Rights on data.”  

By declaring that identity is solely digital, determined by stealthy algorithms and policies, and deniable to those whose data is non-existent, incomplete or inaccurate, the federal standard – in sharp contrast to Utah’s – subverts 250 years of traditional, constitutional practice. Remember: Our founders built the world’s most vibrant democracy on pieces of parchment copied by hand.

In any truly free society, identities are personal possessions (to help secure individual rights and facilitate their voluntary participation in society). Identities bestowed by the state ultimately serve only the state.

That we even need to ponder the nature of identity reveals the absurdity of these abuses our personhood and privacy. Nevertheless, here we are. Without transparent conversations and healthy debate, we face a future in which we are whomever the state says we are, made of malleable 0s and 1s, with nothing grounded in the physical world.
​
It's a discussion that, as of now, Utah alone seems committed to having.

​Robert Frommer, a senior attorney with the Institute for Justice, tells the harrowing story of George Retes, a U.S. citizen and Army veteran of the Iraq War, who was stopped in his car during an immigration sweep.

He was on his way to work when he encountered an Immigration and Customs Enforcement (ICE) roadblock. A melee broke out between protesters and ICE agents. Retes’s car was engulfed in tear gas.

The Institute for Justice reports that agents smashed Retes’s car window, dragged him out, and forced him to the ground with knees on his neck and back – even though he was not resisting.

Despite Retes presenting proof of his citizenship, ICE agents detained him for three days without charges, strip-searched him, and forced him to provide DNA samples. He was not allowed to call a lawyer or given a hearing before a judge. Because Reyes was held incommunicado, his family was left to frantically search for him.

Writing in MSN, Frommer explores what happens to the biometric data ICE collected on Reyes.

“In addition to our DNA, the Department of Homeland Security (DHS) has recently and quietly authorized ICE officers to forcibly collect and retain intimate identifiers: our fingerprints and digital images of our faces. Combined with other technologies, the department is creating a general warrant for our persons, the kind of abuse that ignited the American Revolution.

“A DHS document, meant to ensure our privacy, lays out the facts. An app called Mobile Fortify allows ICE and Customs and Border Protection (CBP) officers to photograph and scan anyone they ‘encounter’ in the field, regardless of citizenship or immigration status. If there isn’t a photo match, officers can collect people’s fingerprints, which are then checked against DHS biometric records. Once DHS has that sensitive data, the app feeds it into CBP’s Automated Targeting System – an enormous watch list that merges border records, passport photos and prior ‘encounter’ images. CBP retains every nonmatch photograph for 15 years, meaning that even if you’re an American citizen mistakenly stopped on the street, the government has your biometric records for (almost) a generation.”
​
Congress should investigate and debate this retention of Americans’ biometric records before reauthorizing a single surveillance authority. And PPSA is hopeful that ICE will be forced to explain its unconstitutional detention of George Reyes when it faces his lawsuit under the Federal Torts Claim Act.