San Jose's ALPR Network Faces Constitutional Challenge

Three San Jose drivers, represented by the Institute for Justice, filed a federal class-action suit challenging the citys automated license plate reader program. The complaint targets a network of 474 ALPR cameras deployed under a contract with Flock Safety, asserting the program enables warrantless, bulk collection of drivers location records and constitutes an unconstitutional search under the Fourth Amendment. Plaintiffs seek an order requiring deletion or blocked access after 24 hours unless police obtain a warrant or invoke a recognized exception. The city recently cut retention from 365 days to 30 days, but the lawsuit argues that is still constitutionally insufficient.

ALPR systems capture high-speed images of passing vehicles, run optical character recognition and machine vision to extract license numbers and vehicle attributes, and store time-stamped geolocation metadata in searchable databases. The complaint highlights these operational features:

• •automatic capture of every plate that passes a camera, creating continuous location trails;
• •AI-driven matching and search tools that accept full or partial plates, descriptive filters, or uploaded images to return candidate hits;
• •data sharing and role-based access that permits thousands of government users and hundreds of agencies to query the logs without individualized suspicion.

The plaintiffs allege San Jose allowed around 1,000 authorized SJPD users and shared access with nearly 300 other agencies across California, producing millions of records, including nearly 2.8 million vehicle detections in a recent 30-day window reported by local outlets.

The complaint frames ALPR location histories as sensitive historical location data implicating the Fourth Amendment. Expect the suit to rely on the Supreme Courts decision in Carpenter v. United States, which recognized heightened privacy interests in historical location records and required warrants in many contexts. The plaintiffs ask for class-wide relief, seeking both injunctive rules for collection and retention and a narrow remedy: deletion or blocking after 24 hours unless police obtain probable cause and a warrant. Parallel litigation and state-level suits, including prior complaints by privacy groups such as the Electronic Frontier Foundation and the ACLU of Northern California, show this challenge fits a broader nationwide pushback against municipal ALPR programs.

Municipal deployments of ALPRs have accelerated as vendors like Flock Safety market turnkey cameras, analytics, and optional statewide sharing. The business model incentivizes broad coverage and longer retention because analytic value increases with more data. That dynamic collides with privacy concerns: continuous plate capture builds a searchable history that can reveal trips to medical providers, places of worship, protests, or political events. For practitioners, a ruling that treats long-term ALPR retention and warrantless searches as unconstitutional would reshape procurement, access controls, and vendor contracts across jurisdictions and could force technical mitigations such as stricter retention, access logging, and encryption-by-design.

Policymakers and practitioners can reduce legal risk and privacy harm by adopting several technical and governance controls:

• •enforce short default retention windows and automated deletion policies;
• •require warrants or narrowly tailored probable cause standards for historical searches;
• •implement strict role-based access, audit logging, and periodic external audits;
• •limit interagency sharing and require written agreements for any cross-jurisdictional queries.

These are practical measures that cities and vendors can implement without disabling investigatory uses entirely.

The Northern District of California will test whether Carpenter-style protections extend to municipal ALPR networks and their shared databases. A favorable ruling for plaintiffs would create a binding federal precedent likely to prompt rapid policy and technical changes at other agencies and could pressure vendors to embed privacy-preserving defaults into their systems.