 Thank you Mr. Chairman and members of the committee. My name is Dave Moss and I'm a senior investigative researcher at the Electronic Frontier Foundation. When all of us leave the capital today and get in our cars to go home, we will be tracked. Using automated license plate readers, also known as ALPR, police will scan our license plates to document our location. To give you an idea of the scale, in 2016 and 2017, drivers in Sacramento had their plates scanned 195 million times by police and sheriff departments. That's nearly 270,000 scans per day. That data was uploaded to the cloud where it became searchable by more than 800 agencies around the country. From police in rural Georgia to the US border patrol. The vast majority of this data belongs to people who are not and never will be connected to a criminal investigation. These numbers are not unique. Mass ALPR collection is going on across California. You may well ask, how is this data, which reveals our sensitive driving patterns, protected and controlled? You won't like the answer. In 2015, the California legislature passed SB 34, a fairly basic list of regulations that includes implementing a usage policy that protects civil liberties and privacy. In analyzing records from agencies around the state, we have determined that agencies are often flouting this law. Some haven't promulgated policies, or if they have, they aren't following them. Many aren't conducting audits or keeping the required logs of when the data is searched or shared. Whether you believe ALPR is a useful public safety tool or not, one must recognize the need to ensure that law enforcement are acting as responsible stewards of our confidential, locational data. New legislation may very well be in order, but before we can get there, we need to measure the scope of the problem. That is why EFF supports an impartial state audit, and we urge you to move this audit forward for the sake of every driver in this room and every driver in California.