Weekly Security: FBI License Plate Reader Access

It's moving closer. Newly published procurement records from the FBI Directorate of Intelligence, first reported by 404 Media, show the agency preparing to spend millions of dollars for access to data captured by roadside automated license plate readers. Every driver should care. But the key demand buried in those documents is that the feed must arrive in near real time.

These aren't just checkpoint cameras. At toll booths or bridge crossings, ALPR systems take images of every passing vehicle, logging the license plate, location, timestamp, and other metadata into sprawling, searchable databases that local law enforcement agencies and some federal bodies already tap into. But the FBI's procurement documents make clear the bureau wants something far more comprehensive than periodic database queries.

A Nationwide Dragnet in Real Time

The ambition is clear. And the statement of work attached to the procurement doesn't leave much ambiguity, quoting the FBI: "The FBI has a crucial need for accessible LPRs to provide a diverse and reliable range of collections across the United States," and specifying coverage across major highways and an array of locations for "maximum usefulness to law enforcement."

It's worth pausing on. Traditional ALPR access often means an officer runs a plate and gets a hit minutes, hours, or days later, but near real time changes that equation, transforming a forensic tool into a live tracking mechanism. A vehicle's journey across town, across state lines, or across the country could be stitched together as it happens. And that capability would sit in the hands of a single federal agency.

"This data should be available across major highways and in an array of locations for maximum usefulness to law enforcement."

It doesn't specify which providers. But the industry's dominated by a handful of companies that sell access to camera networks blanketing much of the country. The FBI license plate reader access program, once operational, would effectively create a federal layer on top of infrastructure that many communities approved only for local use.

The Push and Pull Over License Plate Surveillance

Here's the part the press release skipped. At the same moment the FBI's procurement surfaced, a bipartisan pair of US lawmakers introduced legislation cracking down on ALPRs that would've effectively prevented state and local governments from using surveillance technology for police tracking. The timing is striking. But one branch of government is trying to slam the door shut while another is quietly building a national key to the same lock.

But there's a catch. That proposed legislation is an initial stab and a marker laid down in a Congress with little appetite for reining in its surveillance tools. The FBI license plate reader access initiative comes with a budget line and a statement of work, and money talks because procurement documents are concrete in a way that early-stage bills aren't.

Millions are captured daily. Cameras on patrol cars and fixed poles capture them, and the data reveals where people worship, seek medical care, who they visit, and when they're home, so for the average driver, the plate on their car is now a persistent digital identifier tied to a location history they never consented to create. And the tension between privacy advocates and law enforcement over ALPRs has simmered for years.

Other Security Headlines This Week

The FBI license plate reader access story dominated the surveillance beat, but it was not the only significant development. Here is what else happened.

Google's 42-Month-Old Bug Finally Surfaces

Google made a proof-of-concept public for an unfixed Chromium vulnerability, an open source codebase that underpins Chrome, Microsoft Edge, Brave, Opera, Vivaldi, and Arc, reported Ars Technica. It's a serious bug. Independent researcher Lyra Rebane originally reported the flaw 42 months ago. The bug abuses the Browser Fetch API, letting any website a target visits spin up a persistent service worker on the device. But these connections survive browser restarts and, in some cases, even reboots. The resulting connection can monitor browsing activity, route traffic through the victim's machine, or pull the device into a proxied DDoS network. Firefox and Safari are unaffected.

Crackdown on AI Deepfake Images Gains Momentum

Twelve companies got warnings. The FTC sent them letters for offering nudifying services, notifying them they may be in violation of the Take It Down Act. But the DOJ arrested two men, Cornelius Shannon, 51, and Arturo Hernandez, 20, for allegedly sharing thousands of AI-created photos and videos depicting real women nude or involved in sex acts. Prosecutors say they've been viewed millions of times and included celebrities, politicians, and women known to the accused.

Meanwhile, the Take It Down Act went into effect in the United States this week, allowing people to demand that websites remove nonconsensual intimate images. The UK and the EU have also announced plans to ban nudifying websites. The net is tightening, slowly.

Stolen Secrets and Fake Recipes

A former managing assistant US attorney in Fort Pierce, Carmen Mercedes Lineberger, 62, has been charged with stealing a copy of the sealed report Jack Smith produced on his investigation into Donald Trump's handling of classified documents. She allegedly forwarded the document to a personal email account in January 2025, relabeling the attachment "Bundt_Cake_Recipe.pdf." She pleaded not guilty to four felony charges, including theft of government property. The report remains sealed permanently after Judge Aileen M. Cannon ruled to protect those named but uncharged.

What the Roundup Tells Us

The FBI license plate reader access push isn't happening in a vacuum. It arrives alongside a steady erosion of digital privacy, from unfixed browser vulnerabilities that turn devices into surveillance tools to the proliferation of AI-generated abuse imagery that lawmakers are only beginning to address. The GitHub data breach carried out by the cybercrime group TeamPCP this week added yet another reminder. No repository is untouchable.

But European nations are watching. As the Trump administration and US tech companies grow increasingly intertwined, countries like France are leading a charge to find US-free alternatives for digital infrastructure, and it's the alignment of federal law enforcement with commercial surveillance networks that only accelerates that search for distance.

For now, the FBI license plate reader access procurement moves forward. The documents are public. The intent is explicit. The question that remains is whether anyone in Congress will connect the dots between the bill that was just introduced and the contract that is about to be signed. They point in opposite directions, and only one of them has a check attached.

Frequently Asked Questions

What is the FBI license plate reader access controversy about?

It involves the FBI accessing a vast network of automated license plate readers (ALPRs) without warrants, raising privacy concerns.

How does the FBI access license plate reader data?

The FBI uses data from private and public ALPR systems, often through agreements or purchases, without judicial oversight.

Is FBI license plate reader access legal?

Currently, there are no federal laws specifically restricting warrantless ALPR use, but it faces legal challenges over Fourth Amendment violations.

What data do license plate readers collect?

They capture license plate numbers, dates, times, and GPS locations of vehicles, creating detailed movement records.

Can individuals opt out of license plate reader tracking?

No, there is no opt-out mechanism, as ALPRs capture plates in public spaces without consent.