Vigilant Solutions, a major license plate reader data broker that is now part of Motorola Solutions, provided extensive access to the Immigration and Customs Enforcement agency (ICE) without obtaining explicit consent from municipal governments whose data it was selling. An ICE contract worth $6.1 million allowed thousands of ICE user accounts to query billions of license plate records collected from traffic cameras and parking lots across the country. The most troubling aspect: in many cases, local governments—whose law enforcement agencies had collected the plate data in the first place—never explicitly agreed that their information could be shared with federal immigration agents. An email exchange obtained by the ACLU even documented a direct handoff of plate records from a shopping center to an ICE agent that bypassed Vigilant’s own internal data-access controls.
The Vigilant-ICE arrangement represents one of the most consequential examples of license plate reader data being weaponized against vulnerable populations—in this case, immigrants targeted for deportation. Although a specific class action lawsuit directly challenging Vigilant’s ICE data sales to municipal governments hasn’t yet reached class certification, the practices described here overlap significantly with ongoing ALPR privacy litigation, including the Digital Recognition Network class action that won certification in 2024. Drivers in California and other states with ALPR privacy laws may have grounds for claims if their data was improperly shared with ICE without consent.
Table of Contents
- How Did ICE Gain Access to Billions of License Plate Records?
- The Consent Problem—Municipal Governments Never Approved ICE Access
- How Non-Disparagement Clauses Kept the Public in the Dark
- Broader ALPR Privacy Litigation and Related Class Actions
- The 2019 Motorola Acquisition and Continued Market Power
- What Data Was Vigilant Actually Collecting?
- Regulatory Momentum and Future Litigation Risk
How Did ICE Gain Access to Billions of License Plate Records?
Vigilant Solutions built its business model on aggregating license plate reader data collected by law enforcement agencies, parking operators, and private companies. When the firm had amassed billions of records—each one tied to a vehicle, time, location, and often a driver’s identity—ICE approached with a proposal. The federal agency signed a $6.1 million contract to access Vigilant’s LEARN (Law Enforcement Automated Records Network) system, and the deal included thousands of ICE user accounts. This meant that ICE agents could run queries on billions of plate records at will, searching for vehicles registered to individuals they were investigating for immigration violations or deportation cases. At the height of the relationship, ICE was submitting approximately 30,000 queries per month into the Vigilant database—looking for specific license plates, vehicle owners, or travel patterns. This level of access was unprecedented for a federal immigration agency and created a surveillance apparatus that had no equivalent before Vigilant’s platform existed.
The problem: most municipal governments that contributed plate data to Vigilant had no idea ICE was using it. Their law enforcement agencies collected the data for local law enforcement purposes—traffic enforcement, locating stolen vehicles, or investigating crimes in their jurisdiction. The data-sharing agreements between local police departments and Vigilant typically did not spell out that the data would be available to federal immigration authorities. In one documented case, the Irvine Company (a major property manager) shared plate scans from its shopping centers through Vigilant, and an ICE agent directly obtained records by contacting an Irvine employee. That employee sent the plate record PDFs straight to the ICE agent—a direct bypass of Vigilant’s own data governance controls designed to prevent unauthorized access. This incident revealed how fragile the consent framework was and how easily federal agencies could work around internal safeguards if local partners weren’t vigilant.
The Consent Problem—Municipal Governments Never Approved ICE Access
When a city or county collects license plate data through automated enforcement cameras or parking enforcement operations, that data serves a specific public purpose: local traffic enforcement, public safety, or municipal parking management. The Fourth Amendment and California’s privacy law (including SB 34, the ALPR Privacy Act of 2015) treat this data as sensitive. However, municipal governments often ceded control of that data to private brokers like Vigilant without restrictions on federal use. The contracts between cities and Vigilant typically included broad indemnification clauses and non-disparagement agreements—meaning cities agreed not to publicly criticize Vigilant or disclose how their data was being shared. These contractual restrictions made it nearly impossible for residents or advocates to learn what was happening with municipal plate data until FOIA litigation and investigative journalism exposed the ICE relationship years later. Richmond, California provides a stark example of how municipal data got distributed without meaningful consent oversight.
The city shared its license plate scans with 117 different agencies through Vigilant Solutions—but more than half of those agencies were located outside California. Some were federal agencies like ICE; others were out-of-state law enforcement. Richmond residents had no idea their vehicle movements were being tracked and shared with over 100 outside entities. When the ACLU and privacy advocates began asking questions around 2016-2018, the full scope of this data sharing came to light. However, even after the public learned about ICE’s access, the contractual restrictions Vigilant imposed—combined with the federal agency’s national security justifications—made it politically difficult for cities to pull the plug. A few municipalities like Oakland and Richmond did eventually cancel their Vigilant contracts, but many others continued the arrangement. The core problem persists: drivers in cities that still feed data to Vigilant (which is now Motorola Solutions) may not know that their license plate information is accessible to ICE without any formal public consent process.
How Non-Disparagement Clauses Kept the Public in the Dark
Vigilant Solutions pioneered a contractual practice that should concern anyone worried about transparency in law enforcement: the non-disparagement clause. These clauses required police departments, parking authorities, and property managers to refrain from publicly criticizing Vigilant and to align with Vigilant’s “media messaging.” In practical terms, this meant that if a city discovered that Vigilant was sharing data with ICE or violating data-access policies, the city was contractually bound not to blow the whistle. A police chief couldn’t hold a press conference saying, “We just learned Vigilant shared our plate data with immigration authorities without our knowledge.” Doing so would breach the contract and expose the city to potential litigation from Vigilant. This silencing mechanism was extraordinarily effective. For years, the public had no idea what was happening with license plate data because the organizations that collected it were contractually prohibited from talking about it. The ACLU’s FOIA litigation was one of the few ways the truth emerged.
By requesting internal documents from ICE, the ACLU obtained emails, contracts, and user account logs that revealed the scope of ICE’s access to Vigilant data. This included the shocking email showing a direct handoff of plate records from an Irvine Company employee to an ICE agent—a transaction that appeared to bypass Vigilant’s systems entirely and suggested ICE had relationships with data custodians independent of Vigilant’s official interface. Once the ACLU published its findings, other news outlets and privacy organizations (like the Electronic Frontier Foundation) began investigating and publishing additional details. But this investigative work took years and enormous legal resources. Most citizens remain unaware that their plate data was ever accessed by ICE. The non-disparagement clause created a information asymmetry: Vigilant and ICE knew what they were doing; the public did not.
Broader ALPR Privacy Litigation and Related Class Actions
Although a certified class action specifically targeting Vigilant’s ICE data sales to municipal governments has not yet reached the courts, the broader ALPR privacy landscape includes active litigation that addresses similar concerns. The Digital Recognition Network (DRN) class action won certification in 2024 and is moving toward trial in San Diego County Superior Court (scheduled for May 2024). DRN is a license plate reader data broker, and the lawsuit alleges violations of California’s ALPR Privacy Act. The class action seeks compensation for California drivers whose plate data was accessed by DRN or shared in violation of state privacy law. This case is significant because it establishes a legal precedent: California consumers can sue data brokers for improper handling of ALPR data, and courts will recognize class claims on behalf of millions of affected drivers. The Flock Safety class action follows a similar legal theory.
Flock Safety operates license plate reader cameras and manages vehicle location data. The lawsuit alleges that Flock shared California drivers’ ALPR data with out-of-state agencies in violation of SB 34. If either DRN or Flock succeeds on the merits—or reaches a substantial settlement—it would establish a financial liability for ALPR data brokers who mishandle or improperly share plate information. The Vigilant-ICE relationship is arguably more egregious than what DRN or Flock did, because it involved a federal agency conducting mass surveillance on drivers for immigration enforcement without municipal consent or public transparency. However, the lack of a named, certified class action against Vigilant itself is a significant gap. Until someone files a class action alleging that drivers were harmed by Vigilant’s ICE data sharing, or until a regulatory agency (like the California Attorney General) brings an enforcement action, there is no formal legal remedy for affected drivers. The DRN and Flock cases show that such claims are viable in California courts—but Vigilant is now part of Motorola Solutions, and Motorola’s size and legal resources may make litigation more difficult.
The 2019 Motorola Acquisition and Continued Market Power
In January 2019, Vigilant Solutions was acquired by Motorola Solutions as part of a larger acquisition of VaaS International Holdings. This merger was significant because Motorola is a Fortune 500 company with global operations in communications technology. By absorbing Vigilant, Motorola consolidated control over the largest private ALPR database in the United States. The acquisition did not end the ICE contract—if anything, it likely strengthened it, because Motorola has greater resources, federal contracting relationships, and less reputational concern than a smaller private company would have. Motorola continued operating the LEARN platform and maintaining ICE’s access to billions of plate records. The acquisition also made litigation against the company more complicated: suing Motorola Solutions for Vigilant’s past conduct raises issues about corporate successor liability, indemnification, and the scope of what Motorola’s acquisition included.
However, there is a limitation to this narrative: Motorola has also faced renewed scrutiny. After privacy advocates, civil rights organizations, and journalists continued publishing reporting on ALPR and ICE, Motorola became aware of the reputational and legal risks. The company has made some public statements about data governance and restrictions on law enforcement access. But critics argue these measures are insufficient—they still allow ICE and other federal agencies broad access to ALPR data. Additionally, Motorola’s dominance in the ALPR market (now holding an even larger share after the Vigilant acquisition) means that any driver whose plate is captured by law enforcement cameras or parking systems has a high probability that their data is flowing into Motorola’s database and accessible to federal authorities. The company’s market power is so extensive that opting out of the ALPR surveillance network is not a realistic choice for most drivers.
What Data Was Vigilant Actually Collecting?
Vigilant’s database included license plate records collected from numerous sources: law enforcement traffic cameras, parking enforcement operators, toll collection systems, and private businesses. Each record typically contained the vehicle’s license plate number, the date and time it was photographed, the GPS coordinates where it was captured, and sometimes the vehicle owner’s name and address (cross-referenced against state DMV records). Over years of operation, Vigilant had aggregated hundreds of millions of records—eventually billions. This gave ICE an unprecedented window into the movement patterns of individuals across the country. An ICE agent could query whether a specific person’s vehicle had been photographed anywhere in the United States, and Vigilant would return all matching records with dates, times, and locations. For someone ICE was investigating for deportation, this meant their entire travel history was exposed: where they drove, when, and what route they took. It was a level of surveillance capability that previously would have required physically trailing someone for months or years.
The scale of this surveillance is difficult to overstate. With 30,000 queries per month, ICE was essentially conducting mass surveillance on undocumented immigrants and others it was investigating. Each query could return records spanning years and covering dozens or hundreds of locations. An ICE agent could identify which states a person visited, whether they commuted regularly to work, which family members they might visit, and when they were most likely to be in a specific location. This information could directly lead to arrests or deportations. For vulnerable populations—like farmworkers, domestic workers, or undocumented immigrants working in specific industries—the ALPR data became a tool of surveillance and enforcement that had no prior equivalent. The data was so powerful that ICE was willing to pay $6.1 million for access, and the federal agency continued the contract for years despite public pressure to end it.
Regulatory Momentum and Future Litigation Risk
The ALPR privacy landscape is shifting. California’s SB 34 (the ALPR Privacy Act of 2015) established baseline protections requiring that ALPR data be used only for purposes directly related to law enforcement and that access be restricted. However, the law has gaps—it doesn’t explicitly prohibit federal agencies like ICE from accessing ALPR data, and it contains exemptions for “authorized law enforcement purposes.” Recent legislative efforts in California and other states have attempted to close these gaps by restricting ALPR access specifically for immigration enforcement or requiring explicit municipal consent for federal access. Additionally, the Biden administration briefly proposed guidelines limiting federal immigration agencies’ access to state and local ALPR data—though the legal status of those guidelines remains uncertain. Federal agencies have pushed back, arguing that immigration enforcement is an “authorized law enforcement purpose” under state ALPR laws. The litigation risk for Motorola Solutions (as the current owner of Vigilant’s ALPR platform) continues to grow.
If California passes stricter ALPR laws that explicitly restrict immigration enforcement access, or if a class action is successfully filed alleging that drivers were harmed by improper ICE access, Motorola could face substantial liability. The company’s market dominance and the historical conduct of Vigilant make it a high-value litigation target. Privacy advocates and civil rights organizations continue to call for stronger restrictions on ALPR data sharing and for compensation for drivers whose data was improperly accessed. The DRN and Flock class actions have established legal precedent that such claims are viable. It is only a matter of time before someone attempts to file a similar class action against Motorola/Vigilant, alleging that California drivers’ ALPR data was shared with ICE without consent in violation of SB 34 or other state privacy laws. The question is not whether such claims have merit—the facts clearly support them—but rather whether they will survive Motorola’s legal challenges and reach settlement or judgment.