In a  February 19 front-page story, the Washington Post appeared to be breaking news of yet another massive federal surveillance program invading the privacy of innocent Americans.

The Department of Homeland Security, the story said, had drawn up plans to develop a national license-plate tracking database, giving the feds the ability to monitor the movements of tens of millions of drivers — a particularly intrusive form of suspicionless bulk surveillance, considering how strongly we Americans feel it’s none of the government’s business where and when we come and go.

The next day, however, the Post called off the alarm. The plan, the newspaper reported, had been canceled. Threat averted. Move along.

But the Post had gotten it all wrong. DHS wasn’t planning to create a national license-plate tracking database — because several already exist, owned by different private companies, and extensively used by law enforcement agencies including DHS for years.

The only thing actually new at DHS — the solicitation for services the Post decided was front-page news — was a different form of paperwork to pay for access.

And far from going away, the databases are growing at a furious pace due to rapidly improving technology and ample federal grant money for more cameras and more computers. Tens if not hundreds of millions of observations per month are streaming into bulging electronic archives, often remaining there indefinitely, for a vast array of clients in both the public and private sector.

So rather than being the tale of an averted threat, the bulk license-plate tracking saga is actually a story about yet another previously unimaginable loss of privacy in the modern information age.

In this case, unlike the telecommunications sector, it’s not the federal government with the “collect it all” mentality; it’s the private sector, arguably doing an even better and more thorough job than the government ever could, potentially with even fewer scruples.

The private companies have figured out how to leverage enormous value out of what has historically been public — but uncollectable and unmanageable — information by gathering it into databases that put incredibly detailed and revealing personal information at a paying user’s fingertips.

In this case, the act of driving through an intersection, being anywhere near a police car, or parking on the street — not to mention passing through a toll booth — now leaves a digital residue that you don’t own, and that someone else can seize, use, and sell.

DHS is not new to the license-plate tracking business — it’s been one of the top federal consumers of such data for a while now. A search on kicked up records showing that various entities within DHS’s Immigration and Customs Enforcement section (ICE) alone have paid $175,000 over the past four years to Vigilant Video — the company now known as Vigilant Solutions — for access to the license-plate database most commonly used by law enforcement. Purchase orders say the database is necessary for locating and capturing fugitives and money-launderers.

One $20,000 contract between the ICE office in New Orleans and Vigilant was made in support of an operation with the less-than-reassuring name of “Operation Blind Squirrel” — presumably an allusion to the saying that even a blind squirrel finds a nut once in a while. ICE officials declined repeated requests to discuss their use of the databases — or the naming of that particular operation.

The Air Force, Forest Service, U.S. Marshals Service, DEA and FBI also use Vigilant’s paid services.

And federal money is funding a boom at the local level: computers, software, cameras and license plate readers are among the most common types of equipment purchased with the nearly $300 million in annual DOJ assistance grants.

Indeed, the extensive and expanding use of license-plate databases is hardly a secret. Privacy advocates have been trying to raise the alarm over them for years — see, for instance, the ACLU’s hefty July 2013 report, You Are Being Tracked. But they’ve been frustrated at their inability to draw attention to the problem.

And here, when there was finally a front-page story in the Washington Post, it didn’t help.

“People got the impression we dodged a bullet, when it fact it is a quite a robust reality,” said Kade Crockford, director of the Technology for Liberty program at the ACLU of Massachusetts. Crockford operates the excellent PrivacySOS website, where she emerged as an early and devestating critic of the Post stories.

The boom in data is fueled by increasingly omnipresent automatic license plate readers mounted on cruising police cars (and fleets of free-lancers for the repo industry), or perched on road signs and bridges: small, high-speed cameras running software that can identify and log up to 1,800 plates per minute, complete with metadata about when and where the plate was captured.

People with access to the database sitting at a computer terminal can plug in license plates and see where those plates have been spotted, or can upload lists of plates they’re looking for, to be alerted if any show up.

As Julia Angwin and Jennifer Valentino-DeVries explained in September 2012, as part of an impressive Wall Street Journal series on privacy: “Until recently it was far too expensive for police to track the locations of innocent people.” But now, they wrote: “The rise of license-plate tracking is a case study in how storing and studying people’s everyday activities, even the seemingly mundane, has become the default rather than the exception.”

What’s the problem with a nationwide license plate tracking database, anyway? Crockford recently asked and answered that question in her blog:

If you aren’t the subject of a criminal investigation, the government shouldn’t be keeping tabs on when you go to the grocery store, your friend’s house, the abortion clinic, the antiwar protest, or the mosque. In a democratic society, we should know almost everything about what the government’s doing, and it should know very little to nothing about us, unless it has a good reason to believe we’re up to no good and shows that evidence to a judge. Unfortunately, that basic framework for an open, democracy society has been turned on its head. Now the government routinely collects vast troves of data about hundreds of millions of innocent people, casting everyone as a potential suspect until proven innocent. That’s unacceptable.

In this case, rather than building such a database from scratch, the federal government just sat back and let private industry satisfy what has turned out to be a lucrative market. The industry has also developed an effective business model. Vigilant Solutions, for instance, gives credentialed users initial access at no cost. “It’s free for a taste, with a fee that kicks in once they’re hooked,” Crockford explained.

Vigilant did not respond to repeated interview requests. In its promotional material, the company says its largest pool of license place recognition (LPR) data is harvested “from commercial sources,” in particular Vigilant’s subsidiary, the Digital Recognition Network (DRN).

This pool of LPR data totals over 1.8 billion detections and grows at a rate of almost 70 million per month. This data is available via an annual subscription and greatly enhances an agency’s investigative reach.

Given the constantly improving technology, increased locational surveillance to the point of effectively eternal omnipresence appears inescapable —  unless, of course, society decides to stop it, by dragging analog-era public policy into the new digital age.

The ACLU, among others, is advocating  legal limits at the state level, including restrictions on the storage of data about innocent people for any lengthy period.

The Electronic Frontier Foundation (EFF) and the ACLU are suing Los Angeles police demanding to see a sample week’s worth of that data, in order to give the public a better handle on the scale

“The retention issue I think is the biggest problem outside of collection,” said Jennifer Lynch, an attorney at the EFF. “Because the longer the agency is able to hold onto data, the more detailed a picture they can create of your life.”

The EFF counts six states — Vermont, New Hampshire, Utah, Maine, California and Arkansas — that have laws limiting automatic license plate readers in one way or another, and five others where bills have been introduced.

new law in Utah restricts plate-readers to law enforcement use. But just last month, Vigilant and DRN sued to overturn it, saying — of all things — that their First Amendment rights had been violated. “Any citizen of Utah can walk outside and photograph anything they please, including a license plate,” the companies’ lawyer said in a statement.

The Utah Republican who first proposed the restrictions is now pushing for a measure that would instead prohibit state and local agencies from working with any company that keeps data longer than nine months.

“If your license plate is scanned often enough and put into a database, it eventually becomes like unto a warrantless search,” State Sen. Todd Weiler told the Salt Lake Tribune. “It’s a little bit too Big Brother to me. It’s a little bit creepy to me and an invasion of privacy.”

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Vigilant Solutions has several dozen videos on YouTube, including this one, which shows how its system builds a comprehensive dossier on a person simply by inputting a license plate:

In this video, the ACLU imagines what location tracking might look like in the future: