Police Surveillance in Chicago

by Jennifer Helsby, Yoni Maltsman, and Freddy Martinez for Lucy Parsons Labs

Chicago is one of the most heavily surveilled cities in the world. Cameras, automatic license plate readers, cell site simulators and many other surveillance devices are currently used in the city by the Chicago Police Department and its sister agencies. However, many Chicago residents are unaware of the scope of the surveillance systems, their huge cost, and the privacy implications of their use. Here we survey the major parts of the surveillance system in Chicago with respect to:

costs

capabilities

efficacy

legal and privacy concerns

This intro to police surveillance technologies was produced from ongoing research through FOIA documents acquired by Lucy Parsons Labs as well as some public data. We'll be updating this intro as we learn more through our ongoing investigations. Email the author if you would like to submit other data.

Surveillance Cameras

Video monitoring is the most well-known part of Chicago's surveillance infrastructure, consisting of a network of well over 50,000 cameras (including cameras on the CTA). This system is operated by Chicago's Office of Emergency Management (OEMC).

Cameras

Where

The locations of the subset of cameras operated by CPD and DHS are known, as they are not intended to be covert. A map of these "blue light" cameras - so called due to the flashing bright blue light on some of the older cameras operated by CPD also known as "Police Observation Devices" or PODs - in Operation Virtual Shield (OVS) is below. These locations were acquired through FOIA by the author.

However, the locations of the cameras connected into the Private Sector Camera Initiative - wherein private cameras from Chicago businesses and sister agencies allow their feeds to be accessed by the city - are not publically known. The author attempted to FOIA for their locations, but was denied due to "privacy reasons". Other Chicago agencies with a significant number of cameras in the network include Chicago Public Schools (CPS), Chicago Transit Authority (CTA), Chicago Housing Authority (CHA), Midway and O'Hare airports, and Chicago Park District.

Costs

The cameras purchased by the city - ignoring the significant maintenance costs - cost from $12,000 to $29,000, depending on the version of the camera. Given that the city has thousands of cameras, this puts the cost of the camera system at least at tens of millions of taxpayer dollars. Older cameras are clearly denoted with the logo of the Chicago Police Department along with a bright blue light. Newer cameras are nondescript and blend into the environment.

Operation Virtual Shield: Police Observation Devices

Capabilities

The cameras in Operation Virtual Shield have pan and zoom capability, and are able to zoom in close enough to read a license plate or to capture a still shot for facial recognition purposes.

Efficacy

Police claim a reduction in crime in the vicinity of the cameras. However, no experimental study has been performed that controls for the many other confounding factors that are present - including other CPD programs intended to reduce crime. Agencies like the CTA claim that hundreds of arrests have resulted at least in part from their cameras.

Legal and Privacy Concerns

There are numerous privacy implications associated with a pervasive video monitoring system. While the cameras capture people moving in public spaces, Chicago residents' reasonable expectation of privacy may not extend to cameras capturing their attendance at political meetings, religious events, or medical appointments. Video surveillance as widespread as in Chicago may constitute a real threat to freedom of expression and association.

In addition, there need to be clear privacy policies governing the collection and storage of footage from the OEMC video surveillance system. There should not be indefinite storage of data captured from cameras unless related to an ongoing investigation. An important accountability issue concerns the detection and prevention of abuse by camera operators that may use the cameras to monitor and track Chicago residents without a legitimate public safety or law enforcement purpose. It is currently unknown how often this occurs.

Automatic License Plate Recognition

Automatic License Plate Recognition, or ALPR, take images of vehicles in public spaces, analyze the text on their license plates, and record the timestamp and position of the car (based on GPS coordinates).

ALPR

Unknown since many ALPRs are mobile. However, LPL is currently suing for the locations of stationary ALPRs. In 2019 the Chicago Police Department purchased an additional 200 ALPRs, bringing the total to over 240. Each of Chicago's 25 districts has at least six ALPR-equipped police vehicles. Chicago can also use their video surveillance network to scan license plates.

Costs

CPD has spent more than $500,000 for software to manage and analyze data from ALPRs. In addition, each device costs $25,000, which could bring the total expenditure to over $1.1 million.

Capabilities

Chicago Police Department purchases Motorola / PAGIS automated license plate readers. These devices track the GPS location a license plate was seen and the timestamp. The scanned plates are then checked against a Hot List that consist of plates of interest. According to FOIA documents acquired by the author, there might be as many as 300,000 license plates stored in the Hot List at any one time in Chicago - meaning that approximately 1 in 10 Chicagoans has their vehicle on the Hot List. Each plate's information is stored for 365 days unless it is deemed 'pertinent to criminal or civil matters,' in which case it is retained until a court orders it to be removed.

ALPRs in Chicago

From documents acquired by Jennifer Helsby

Automatic License Plate Reader in Chicago
Automatic License Plate Reader on Chicago Police Vehicle
Image courtesy Freddy Martinez
ALPRs in Chicago

From documents acquired by Jennifer Helsby

Efficacy

According to the Chicago Police Department, a vehicle mounted ALPR can capture 3,200 images of license plates in one shift. Documents from the CPD acquired by LPL show that over a two year period, ALPRs recorded over 200 million hits. CPD claims that "The recovery of stolen vehicles has increased significantly." From 2016 to 2020, carjackings have decreased by 20%, although it is unclear to what extent this can be attributed to ALPR.

Legal and Privacy Concerns

Even an incomplete record of where an individual's car has been provides detailed information about the activities of that person. In Oakland, over 4.6 million license plate scans from ALPR systems were released in a FOIA request, providing detailed information about Oakland residents' activities - including activities protected by the First Amendment.

Concerns over data retention policies and data sharing also should be addressed and publicly disclosed. The criteria that lands a given plate on the Hot List should be publicly disclosed. Check out the EFF's excellent FAQ on ALPR technology for more information.

In 2017, Immigration and Customs Enforcement (ICE) signed a contract with Thomson Reuters which gave them access to a database with billions of nationwide license plate records gleaned from ALPRs, which they can use to track and target immigrants. In addition, ICE has signed contracts with over 80 local law enforcement agencies for their data, including four in the Chicago area.

At the state level in Illinois, there are currently several bills that have been introduced (but not yet passed) in recent years to regulate ALPR use. A couple of these bills have been shot down, and one has been sitting in the Senate for over a year.

In 2018 the CPD issued a directive that sets procedural standards for ALPR use, yet which does not clarify what purposes ALPRs can or cannot be used for.

Biometrics

Biometrics is the use of physical markers like facial features, fingerprints, or gait for identification purposes. The Chicago Police Department is known to use fingerprint analysis and facial recognition technology to attempt to identify criminals.

Facial Recognition

Where

CPD has released very little information as to how they employ facial recognition technology, although it seems that most of the relevant infrastructure and personnel are located in the Crime Prevention and Information Center (CPIC), located in the Public Safety Headquarters. CPIC is part of a network of over 80 fusion centers around the country, which were created in the wake of 9/11 to gather and share counterterrorism intelligence. Fusion centers have come under a great deal of scrutiny for violating the First Amendment, resisting accountability, and failing to improve counterterrorism efforts.

Still images from cameras in Chicago's camera network can be analyzed with facial recognition technology.

Costs

FOIA documents indicate that CPD spent $63,000 on mobile fingerprint scanners in 2013. It is unclear whether CPD has continued to purchase fingerprint scanning technology since then, although they have received proposals for fingerprint scanners from NEC Corporation, which would have cost up to $5 million.

Documents obtained via FOIA by LPL reveal that in 2013, CPD paid $2.3 million to upgrade its camera network and obtain a custom built facial recognition system from Dataworks Plus, funded via a grant from the TSA. These documents also indicate that CPD continued to pay around $100k a year to Dataworks until at least 2016. It is unclear how CPD has been using FRT since then.

In 2020, CPD signed, in secret, a $49,875 contract to use facial recognition technology developed by Clearview AI. Clearview's software identifies individuals by comparing them to billions of facial images that the company scraped from social media platforms, significantly expanding police's ability to identify individuals. CPD ended its contract with Clearview in May 2020.

Capabilities

If CPD officers want to identify an individual in footage from CPD’s camera network or anywhere else, Dataworks’s platform enables them to crop and mark up a face from an image, and analyze CPD’s mugshot database for potential matches through algorithms developed by NeoFace and Cognitec.

Facial Recognition
Facial Recognition
Facial Recognition
Instruction from a Dataworks manual obtained via FOIA. First, the uploaded image is edited and marked up. Then an algorithm searches for potential matches from a database.

Efficacy

In 2014, CPD claimed that they used facial recognition to identify and arrest a robber, yet investigative reporting revealed that it is unclear how facial recognition was used in this case. CPD released documents pursuant to a FOIA request by LPL that alluded to the use of facial recognition technology in a few investigations, although it is unclear how often CPD has used the technology or how successful it has been.

Although companies and industry groups boast of the technology’s accuracy, facial recognition systems do not yet seem to be accurate enough to consistently identify individuals across various demographic groups. Even Detroit’s Police Chief has said that his department’s facial recognition software is inaccurate 96% of the time.

CPD’s Latent Print Unit (LPU), which examines fingerprints from crime scenes, has come under a great deal of scrutiny for having opaque, ineffective, and outdated practices. An external review found that LPU examiners lack adequate training, and that the unit has not kept up with reformed standards in the field. Thus, the Cook County Public Defender’s Office usually motions for courts to ignore testimonies from CPD’s fingerprint analysts.

Legal and Privacy Concerns

Illinois' Biometric Information Protection Act (BIPA), passed in 2008, is one of the strongest biometric privacy laws in the country, requiring companies to obtain written consent from an individual to collect their biometric data, and also to store and dispose of that data securely. In 2019, LPL and our partner organizations helped win a supreme court case to protect BIPA. While private companies like Clearview and Facebook, which recently settledd a case for $650 million, are subject to BIPA, public agencies such as the police are not.

One of the many concerns that civil rights and privacy activists have raised is related to its inaccuracy. Studies have found that most facial recognition algorithms are significantly worse at identifying people of color than white people. There have already been cases of African American men being falsely identified by police facial recognition algorithms.

In addition, Chicago’s use of facial recognition is particularly worrying due to its secrecy, as it is unclear how CPD has been using the technology. CPD issued a directive for facial recognition technology in 2013 and hasn't updated it since, even though they promised to in 2016. The fact that this technology is primarily deployed out of the CPIC, which is quite opaque and collaborates with federal authorities, does not help. CPIC has no privacy policy in place for its use of facial recognition technology, even though this is required under DHS's funding requirements.

Due to these and other concerns surrounding facial recognition technology, LPL is leading the #PressPauseChicago coalition, which aims to ban facial recognition in Chicago.

Cell Site Simulators

Cell site simulators (CSS) or IMSI catchers, also often referred to as Stingrays after the device sold by Harris Corporation, are controversial cellphone surveillance devices. They operate by masquerading as a cellphone tower, forcing any phones in the vicinity to connect to them.

Very little information about how CPD uses CSS is available to the public. Documents obtained through FOIA lawsuits by LPL and ACLU have revealed that the CPD, FBI, and Harris Corporation have gone to great lengths to maintain secrecy around the purchase and use of CSS.

Cell Site Simulator

Where

The locations of these devices are unknown as they are mobile and some are as small as to be easily concealed. However there do exists some efforts to detect them.

According to documents obtained through FOIA, the CPD’s CSS system is stationed in the back of an unmarked Black SUV sits at Homan Square, the CPD facility in North Lawndale.

Costs

Over the last ten years, over $700,000 has been spent on cell tracking equipment including Harris Corporations's Stingray, KingFish, and AmberJack and Digital Receiver Technologies' DRTBox. The details of cell site simulator purchases is known from work by Freddy Martinez, who first revealed that Chicago police had purchased Stingray devices from Harris corporation and Ali Winston, who revealed that cell site simulators had been first purchased by Chicago police as far back as 2005.

The CPD has used “1505 funds,” money seized through civil forfeiture in drug related investigations, to finance these purchases. The CPD has also sought to obscure the costs of CSS technology from the public by censoring invoices and excluding expense records from their inventory asset management system.

In addition, the CPD has spent hundreds of thousands of dollars fighting a lawsuit over a FOIA request for records surrounding cell site simulators, which it eventually lost.

Capabilities

Depending on the model and upgrades available on the specific cell site simulator, these devices can be used to get the International Mobile Subscriber Identities (IMSI) of those near the cell site simulator, can be used to interfere with the cellphone's ability to make calls and send texts (denial of service), and in some cases can enable the interception of the content of messages and calls. Read more at the EFF's excellent FAQ about Cell Site Simulators.

Efficacy

Unknown. It is also unclear how often these devices have been used in the city, though there are reports that they have been used at political protests.

Legal and Privacy Concerns

There are serious legal questions surrounding cell site simulators. The manner in which these devices operate involves the indiscriminate data collection from phones of innocent bystanders.

The largest concern surrounding cell site simulators is the deliberate secrecy around their use. The CPD does not keep a log of CSS use, and there are no directives in place outlining protocols for CSS related activity, as there are with most other surveillance technologies. The CPD has also signed a non-disclosure agreement (NDA) with the FBI requiring them to inform the bureau if there are any Freedom of Information Act (FOIA) requests from the public seeking information about this technology, enabling the FBI to “seek to prevent disclosure through appropriate channels.”

In 2017 the Citizen Privacy Protection Act (CPPA) went into effect in Illinois. This law requires any use of a CSS to be validated by a court order, and restricts CSS use to locating, tracking, and identifying communications devices, rather than capturing the content of communications. CPD officers claim that CSSs are almost never used without a court order, and that each order is carefully reviewed for compliance with the CPPA. However, the CPD, Cook County State's Attorney, and City Clerk have denied numerous FOIA requests by the ACLU and LPL for court orders and warrants relating to CSS use. Without adequate recordkeeping or avenues for the public to access those records, it is impossible to tell whether CPD employs CSS lawfully and ethically.

Recently, the Department of Homeland Security and the Department of Justice have both published new policies on the use of these devices at the federal level, requiring warrants for their use. In Chicago, these devices have been used with Pen Register/Trap and Trace orders but not warrants.

These devices are also potentially in violation of state level protection from local surveillance regulation.

Harris Stingray cell site simulator
Harris Corporation's Stingray II
Credit: U.S. Patent and Trademark Office

Shotspotter

Shotspotter is an audio surveillance system. It consists of sensors - microphones - distributed over a neighborhood in order to determine the location of a gunshot. This sensor data can be used to distinguish gunshots from similar sounds such as fireworks and cars backfiring.

Shotspotter sensor

Where

Distributed through the Englewood, Harrison, Chicago Lawn and Grand Crossing neighborhoods with approximately 45-60 sensors.

Costs

Shotspotter costs approximately "$100,000 for every 1.5 square miles" of coverage. This Shotspotter deployment in Chicago was funded primarily through asset forfeiture. In addition to the cost of the devices themselves, there are additional costs due to police responding to false alarms from fireworks and cars backfiring.

Shotspotter sensor
Credit: Image from wnyc.org

Capabilities

These devices are used for the detection of gunshots. They operate by distributing sensors over a broad area, and using the sound wave and time of arrival at each sensor for detecting gunshots and localizing the position of the gunshot.

Efficacy

Efficacy of the devices in Chicago is unknown. There are several reports of issues concerning false positives reported by the Shotspotter system. However, it does appear that gun crime is significantly underreported in many US cities.

Legal and Privacy Concerns

Shotspotter is marketing its technology for several new markets, including in schools for school shooting early detection and response. However, the increasing use of this technology in areas where people will be speaking raises concerns with how the data is handled and stored, as the Shotspotter microphones may incidentally pick up a nearby conversation.

Social Media Monitoring

Manual and automated monitoring of speech on social media such as Twitter and Instagram.

Socmint

Where

It is unclear where exactly CPD has applied social media monitoring. However, CPD claims to use social media monitoring to disrupt gang and gun violence, so the practice likely disproportionately targets communities of color.

CPD has also worked with Chicago Public Schools to implement social media monitoring in at least 24 schools, most of which are in Chicago’s South and West sides, supposedly to identify and intervene with students involved in gang and criminal activity.

Costs

Invoices obtained through FOIA indicate that CPD spent $1.25 million on Dunami, a social media analytics software funded by In-Q-Tel, the venture capital arm of the CIA.

CPD has also spent hundreds of thousands of dollars for other social media related products and services over the past few years.

Chicago Public Schools’ social media monitoring program was funded by a $2.2 million grant from the National Institute of Justice, which lasted from 2014 to 2018.

Socmint
An OSINT log including social media posts, obtained by the ACLU via FOIA.

Capabilities

CPD Open Source Intelligence (OSINT) officers are responsible for compiling publicly accessible information (e.g. social media posts) related to investigations. Logs produced by OSINT officers on individual subjects often include links to social media accounts and even posts.

Geofeedia can associate social media posts with locations. After being called out by the ACLU, however, many social media platforms have restricted Geofeedia’s access to their users’ data.

Dunami has been used by FBI and CBP “to determine networks of association, centers of influence and potential signs of radicalization.” Dunami has been used by CPD and CPS to monitor for “signs of violence and gang membership” among students.

Efficacy

CPD’s social media policy claims that social media is a valuable tool for investigating crimes and gang activity, although the efficacy of social media monitoring is unclear.

The University of Chicago Crime Lab, which helped implement CPS’ social media monitoring program, claims that schools which used social media monitoring experienced greater drops in misconduct and suspensions than those that didn't, although they did not find a significant difference in incidents of gun violence between these two sets of schools.

However, researchers have raised concerns about the accuracy of social media monitoring algorithms, which are far from capable of understanding the complexities of human communication and how it varies contextually. For example, algorithms cannot understand jokes or slang, and thus are prone to flagging posts that don't need to cause concern.

A study by Stanford sociologist Forrest Stuart on social media use and gang conflict on the South Side of Chicago found that online activity that officers or administrators may find threatening, such as posts with gang symbols or guns, are more likely to be shows of strength aimed at preventing violence rather than indications that violence will occur.

Documents obtained by the ACLU of Illinois and LPL via FOIA reveal that CPD monitors the social media accounts of victims of gun violence, as well as their families and friends.

Legal and Privacy Concerns

ACLU has called on the CPD to end social media monitoring, arguing that the CPD’s social media monitoring practices are opaque, and that CPD did not notify or receive consent from the City Council to purchase social media monitoring software.

Social media monitoring threatens first amendment protected activities. In its marketing materials, Geofeedia claims that it helped police monitor protests in Ferguson in 2015. Activists are concerned about geofencing, whereby law enforcement can monitor social media posts and other data in a given place, such as a protest or a mosque. Amidst protests in 2020 against racial inequality, CPD set up a 20 person team to monitor social media and respond to looting and unrest. CPD emphazises that it only analyzes publicly available social media posts, yet by using these posts to target and investigate individuals, they are breeching constitutional protections of free expression.

An investigation by ProPublica found that many students and even administrators were unaware that social media monitoring was occurring at their schools. The report also notes multiple incidents where students were uncomfortable in interventions by police and were pressured to admit gang affiliations. Students who are flagged for their social media activity are also at risk of being added to CPD's gang database.

Predictive Policing

Since 2012, the CPD has used a statistical model to predict the likelihood of someone becoming a “Party to Violence” (PTV), or be involved as either a victim or offender of a violent crime. The model, developed in collaboration with the Illinois Institute of Technology, was initially called the Strategic Subject List (SSL) and was later revised and renamed the Crime and Victimization Risk Model (CVRM). This model was quietly decommissioned by the CPD in 2019.

Socmint

Where

The CVRM was meant to play a key role in CPD’s new Strategic Decision and Support Centers (SDSCs,) "real time crime centers" which are now located in all but two of Chicago’s 22 districts. Officers could also view at risk individuals identified by the CVRM on a phone app.

Costs

CPD received $3.8 million in federal grants to develop the SSL and CVRM. CPD also paid close to $1.2 million to a team led by University of Chicago’s Crime Lab for technical assistance in crime reduction initiatives, including a “Total overhaul of mission assignments to use predictive analytics and SSL on offenders.” Of this sum, $200,000 was alloted to Sean Malinowski, a former LAPD chief of staff who marshalled LAPD’s use of controversial predictive policing software, which it recently ended.

A screenshot of an individual's risk classification produced by the SSL. Obtained via FOIA request by South Side Weekly.

Capabilities

CPD’s PTV model outputs a risk classification for anyone arrested in Chicago over the past four years (over 300,000 people.) The model’s output is based on risk factors such as a subject’s age and involvement in various types of crimes, with more recent incidents being given a higher weight than older ones. Individuals’ scores are also influenced by the scores of co-arestees. IIT provided a fact sheet which describes the model in greater detail. Note, however, that the model and its inputs and outputs have changed over time. Previously, the model took into account gang affiliation based on the now defunct (although soon to be revamped) gang database.

CVRM contributed to the Custom Notification Program, which is supposed to work with at risk individuals and families by contacting and visiting them, reminding them of the risks of being involved in violent crime, and connecting them with social services. In reality, however, an individual who has received a custom notification and is arrested is liable to receive the "highest possible charges," even though these notifications may be based off of an algorithm.

SSL and CVRM scores were also being used to assist in investigations and mission related activity, although it is unclear to what extent.

Efficacy

IIT claims that among the individuals with the highest CVRM risk scores, about one in three will be involved in a shooting incident within 18 months of the classification.

In a review of SDSCs and the CVRM, the Rand Corporation found the CVRM to be ”operationally unsuitable” as the model takes many months to run, and it must be run at IIT, which stopped working on the CVRM because of the expiration of grants for the project.

In addition, the report notes that the model doesn’t take into account factors that would be necessary to identify appropriate interventions for those at risk, such as educational, medical, and social factors, which would fall outside of police records and which would be difficult to quantify.

An earlier RAND study from 2016 found that the first version of the SSL was essentially ineffective in predicting homicide victims. CPD disputes this study, claiming that the model has changed since then. However, due to the lack of transparency surrounding these models and CPD’s reluctance to evaluate them, it is impossible for the public to understand whether or not these models are effective.

Legal and Privacy Concerns

Although the PTV model’s developers claim that it does not take race and other social factors into account, 56% of all Black males between 20 and 29 had an SSL score. The model is trained on historical arrest data which is skewed due to biased policing practices. An investigative report by ProPublica from 2016 revealed how predictive policing algorithms tend to disproportionately target people of color.

In addition, there are concerns that the CVRM unfairly targets subjects who are involved in petty crimes by weighting connections with co-arrestees

A major concern around CPD’s use of PTV modelling, as with most of the department’s uses of technology, is its secrecy. An anonymized version of the SSL was released in 2017, five years after its initial development, after a legal battle with the Chicago Sun-Times. A spokesperson for the CPD claimed that PTV scores were not being used for law enforcement purposes, yet this turned out to be false. The CPD also told the Office of the Inspector General (OIG) that data from PTV models was not being shared, yet OIG found that CPD was in fact sharing this data with multiple public agencies, including the State Attorney’s Office, which may have used SSL scores to aid in prosecutions. This last point is particularly worrying, since individuals are given an SSL score if they are arrested and not necessarily charged or found guilty of any crime.

What's Next

Chicago residents have legitimate questions surrounding the use of these technologies: Are appropriate policies and procedures in place to ensure these systems are responsibly used? To what degree are these systems necessary or even useful? Do the benefits of these systems justify the tens of millions of taxpayer dollars being spent on them? Do members of the public want this level of surveillance to be used?

In the past, police surveillance of public spaces was constrained by resources such as availability of police officers. However, surveillance technology is producing a significant expansion of police capabilities. Police were historically unable to follow every resident with a police car, but with new surveillance technologies they may be able to effectively accomplish the same goal albeit in a less disruptive manner.

Members of the public need to recognize the far-reaching implications of giving over this level of power to law enforcement. The transition from police officers having a restricted ability to follow and monitor suspicious people to having pervasive surveillance capabilities is occurring in our city today. We must have public knowledge of surveillance capabilities, policies and procedures in order to have the critical debate about this infrastructure as well as to campaign for transparency and accountability.

Follow Lucy Parsons Labs on Twitter for more.