America Under Surveillance with Michael Soyfer

Summary of America Under Surveillance with Michael Soyfer

by Software Engineering Daily

52mJanuary 15, 2026
Listen to Episode

Overview of America Under Surveillance with Michael Soifer

This episode of Software Engineering Daily features Michael Soifer, an attorney at the Institute for Justice (IJ), in conversation with host Kevin (K) Ball about the rapid spread of automated license plate readers (ALPRs), other public‑space surveillance tools, and the legal and policy responses (or lack thereof). Soifer explains IJ’s lawsuit against Norfolk, Virginia over a citywide Flock ALPR deployment, the constitutional questions these systems raise under the Fourth Amendment, the limits of existing case law and legislation, and practical steps technologists and citizens can take to push back or create guardrails.

Key points & main takeaways

  • What’s happening: Police departments are deploying networks of ALPRs (e.g., 172 cameras in Norfolk) that capture plates and other vehicle “fingerprint” data (make, color, stickers, roof racks), store it in searchable databases, and allow reconstruction of people’s movements over days or weeks.
  • Core legal concern: Long‑term, population‑level tracking by government raises Fourth Amendment issues. The Supreme Court’s Carpenter decision (2018) signaled that location‑tracking data can require a warrant; courts and legislatures are slow to adapt broader doctrine to new surveillance tech.
  • Difference from corporate tracking: Private companies collecting location data is concerning, but government control and indefinite retention of movement data creates a qualitatively greater threat because of state power and potential for abuse.
  • Narrow acceptable uses: IJ accepts limited, point‑in‑time uses such as “hotlist” alerts (stolen cars, active warrants, AMBER alerts). The objection is to building long‑term dossiers on law‑abiding citizens without probable cause or judicial approval.
  • Current regulatory patchwork: Vendors often default to 30‑day retention; Virginia recently capped retention at 21 days and limited sharing but did not require warrants. New Hampshire requires deletion within three minutes unless retention is justified. Protections vary widely across localities and states.
  • Governance failures: Purchases often bypass democratic oversight (grant funding, limited city council review), audit tools exist but are rarely or weakly used, and internal access controls are often poor (e.g., multi‑factor authentication not enforced).
  • Broader trend: ALPRs are an early, accessible form of ground‑level mass surveillance. Other tools—facial recognition, video analytics, gunshot detectors, cross‑camera matching—are coming online and compound the risk.

Topics discussed

  • How ALPRs work: image capture at speed → OCR of license plates → vehicle feature extraction (“vehicle fingerprint”) → central searchable database (plate, timestamps, locations).
  • Norfolk case: IJ sued Norfolk over its network of Flock cameras; case survived motion to dismiss and proceeded through discovery; summary judgment motions filed (possible trial timeline discussed).
  • Relevant precedent: Carpenter v. United States (warrant required for historical cell‑site location info) as a key modern Fourth Amendment touchstone; courts otherwise rely on older cases about short‑term tracking or beeper/GPS facts that don't map cleanly to today’s big‑data surveillance.
  • Government vs. private data access: As private repositories tightened (warrants/subpoenas restricted), governments shifted to self‑collected surveillance (ALPRs, aerial surveillance).
  • Auditing & accountability: Effective oversight requires active audits, detailed search justifications, access restriction, retention limits, and enforceable discipline—not just a downloadable log.
  • How tech professionals can engage: local advocacy (city council), expert amicus briefs, plaintiffs in public interest litigation, public education, and collaboration with policy groups like IJ.

Notable insights & quotes

  • “The problem isn’t that the technology exists; it’s that the government is doing population‑level surveillance and keeping it just in case.” (paraphrase)
  • “Move fast and break things doesn’t work well when the thing you’re breaking is our constitutional order.” (paraphrase)
  • ALPRs/“Flock cameras” are described as the accessible first step toward a broader age of big‑data government surveillance.
  • Practical privacy baseline proposed by Soifer: if police have no individualized suspicion and no warrant, data about ordinary movements should be deleted quickly (Soifer suggested around 24 hours; New Hampshire’s law is an extreme example at 3 minutes).

Action items / recommendations

For concerned engineers, privacy advocates, and citizens:

  • Check whether your city uses ALPRs: use mapping tools and transparency portals (see Resources below).
  • Ask local officials (city council, police oversight) specific questions: retention period, who has access, audit frequency, justification categories, enforcement and disciplinary policies, MFA and other technical protections.
  • Advocate for technical safeguards: strong access control, enforced multi‑factor authentication, role‑based access, mandatory audits with independent reviewers, and logging with meaningful review processes.
  • Support (or draft) local/state legislation based on model bills that require data minimization, warrant requirements for long‑term searches, short retention windows, sharing restrictions, and audit/enforcement mechanisms.
  • Consider legal engagement: file comments, help prepare amicus briefs, or (if willing) become a plaintiff in public‑interest litigation; IJ and other orgs can advise or represent plaintiffs.
  • Use public meetings: city council and local hearings are high‑leverage places to raise concerns—attendance and clear, fact‑based questions can shape outcomes.

Resources mentioned

  • Institute for Justice — Plate Privacy Project (IJ’s initiative on ALPRs and model legislation).
  • Model bill discussed: IJ’s model legislation to limit police surveillance (referred to in the episode as a “Protecting Everyone from Excessive Police Surveillance” act — model language includes data‑minimization, warrant and audit provisions).
  • Deflock (deflock.me) — community map of Flock camera locations and density.
  • Example state policies:
    • Flock default retention: ~30 days
    • Virginia law (2024): lowered retention to 21 days, limited sharing—stops short of warrant requirement
    • New Hampshire: retention mandate of 3 minutes unless justified
  • Key Supreme Court case: Carpenter v. United States (2018) — warrant required for long‑term historical cell‑site location information.

Closing thought

ALPRs illustrate how inexpensive, widely deployable surveillance tech can outpace both judicial doctrine and legislative oversight. The episode frames the issue as a structural problem—preventing the creation of massive, long‑term government dossiers is more robust than trying to rely on goodwill or retroactive fixes. Local engagement, better technical safeguards, and forward‑looking legislation are the practical paths forward for technologists and citizens who want to protect public‑space privacy.