A new surveillance technology being promoted to law enforcement is raising a major privacy question: what happens when license plate readers no longer just track cars, but also track the devices traveling inside them?
Leonardo, a U.S. defense and security contractor, is promoting a technology called SignalTrace that is designed to connect automatic license plate reader data with signals emitted by smart devices. According to Leonardo’s own product materials, SignalTrace can collect electronic communication patterns and identifiers from consumer electronics, including mobile phones, smartwatches, fitness trackers, RFID tags, Bluetooth devices, and vehicle components.
The company says the system does not decrypt device content or read communications. But that does not eliminate the privacy problem.
The privacy risk is not only about whether the government can read the contents of a phone. The risk is whether the government, a contractor, or a database can connect a person, a vehicle, a device, a location, a time, a travel pattern, and a group of people moving together.
That is a different kind of surveillance.
From Tracking Cars to Tracking People
Automatic license plate readers already create privacy concerns because they record where a vehicle was seen, when it was seen, and often where it travels over time. Those records can reveal patterns: where someone lives, where they work, where they worship, what doctors they visit, who they associate with, what political events they attend, and what private places they frequent.
SignalTrace appears to push that model further.
The goal is no longer just to identify a plate number. The goal is to associate a vehicle with the electronic devices traveling with it. A phone, watch, headphones, vehicle infotainment system, key finder, or other signal-emitting device can help create a more detailed signature of who or what is moving through a location.
Leonardo’s description frames this as “Investigative Evidence Beyond Plate Reads” and says the system is designed to “Identify Suspects by the Electronic Devices They Use.”
That framing matters.
A license plate identifies a vehicle. A device signature can help identify the person or people inside the vehicle. Once those data sets are connected, the surveillance target shifts from the car to the occupant.
The Phrase That Should Concern Privacy Teams
The Drive reported that the purpose of the technology is to “bridge the gap between vehicle and occupant.”
That sentence captures the privacy issue perfectly.
There has always been a legal and practical gap between knowing where a car was seen and knowing who was inside it. A car may be driven by a spouse, child, employee, renter, rideshare driver, friend, valet, mechanic, or contractor. A plate scan alone does not always prove who was traveling.
But when plate data is combined with device signals, that gap narrows.
If the same phone, smartwatch, earbuds, vehicle infotainment system, and key finder repeatedly appear with the same license plate, the system can infer a recurring relationship. If those devices later appear without the plate, or with a different vehicle, the system may still help identify movement patterns. If several devices repeatedly travel together, the system may infer associations between people.
That is why this technology feels different from ordinary traffic enforcement.
It is not just recording a vehicle passing through an intersection. It is building a location intelligence layer around the devices people carry every day.
“We Don’t Read Content” Is Not a Complete Privacy Defense
Leonardo says SignalTrace does not decrypt or read the contents of devices or communications. That distinction is important, but it does not resolve the privacy issue.
Modern privacy law and public concern are not limited to message content.
Metadata can be deeply revealing. Location data can be deeply revealing. Device identifiers can be deeply revealing. Association patterns can be deeply revealing. A system does not need to read text messages to reveal that a person regularly visits a cancer clinic, fertility center, immigration lawyer, union meeting, political protest, addiction treatment facility, domestic violence shelter, or place of worship.
That is the core problem with location surveillance.
The content of a communication may remain private while the surrounding behavioral record becomes highly sensitive. Where someone goes, when they go there, how often they return, and who travels with them can reveal intimate details about their life.
This is why “we do not decrypt the content” should not end the conversation. The privacy question is broader: what information is collected, how precise is it, how long is it retained, who can query it, what legal standard applies, how often it is audited, and whether innocent people are swept into the database.
Location Data Is Sensitive Data
Companies and government agencies often underestimate how sensitive location data can be.
A single location point may not say much. But repeated location points create a pattern. A pattern creates a profile. A profile can reveal identity, habits, relationships, beliefs, health concerns, employment, political activity, and personal vulnerabilities.
That is why location data has become one of the most important privacy battlegrounds.
It is also why the combination of license plate readers and smart device signals is so powerful. A plate reader tracks the vehicle. Device signals help identify the electronics traveling with the vehicle. Over time, the combination can create a persistent movement history tied to both physical assets and personal devices.
For privacy compliance, this is the difference between collecting a record and creating surveillance infrastructure.
This Is Not Just a Law Enforcement Issue
Because SignalTrace is being marketed to law enforcement, it is easy to treat this as a government surveillance story. It is that, but it is also more than that.
The broader lesson applies to private-sector privacy programs too.
Companies are increasingly combining data sets to identify people across contexts. Retailers combine loyalty accounts with in-store location data. Auto companies combine connected vehicle data with app data. Advertisers combine device identifiers with web tracking. Data brokers combine mobile location data with demographic profiles. Security vendors combine camera footage with access logs. Employers combine badge data with device data. Smart building systems combine Wi-Fi, Bluetooth, and occupancy signals.
The privacy risk often comes from linkage.
One data point may seem harmless. Another data point may seem harmless. But when combined, they can identify a person, infer sensitive behavior, and create a record that the individual never expected.
That is exactly what makes SignalTrace important as a privacy story. It shows the direction surveillance technology is moving: more sensors, more identifiers, more correlation, more inference, and more persistent tracking.
The Problem Is Inference
Privacy programs are often built around obvious personal information: name, email address, phone number, account number, Social Security number, address, or payment information.
That is no longer enough.
Modern tracking systems often identify people through inference. They may not need a name if they can connect a device signature to a vehicle, a location pattern, and a repeated routine. They may not need a driver’s license number if they can recognize a recurring cluster of devices. They may not need a login if they can identify the same person through signals, timing, and movement.
That is why privacy law is increasingly focused on identifiers, precise location data, profiling, automated decision-making, and sensitive inferences.
The question is not only whether a system collects a name. The question is whether the system can single someone out, follow them over time, or infer sensitive information about them.
Why This Raises Civil Liberties Concerns
License plate reader networks already raise civil liberties concerns because they can collect data about everyone who passes a camera, not just people suspected of wrongdoing.
When that data is expanded to include device signals, the concern grows. The system may collect information about passengers, pedestrians nearby, rideshare occupants, family members, visitors, employees, and people who have no connection to an investigation.
That creates several questions:
Is a warrant required before searching the database?
How long is data retained?
Can agencies search by device signature?
Can the system identify people who travel together?
Can data be shared across jurisdictions?
Can federal agencies access local data?
Can contractors use the data for product development?
Are searches audited?
Can individuals find out whether their data was collected?
Can data be deleted?
Can the system be used around protests, clinics, religious institutions, schools, immigration offices, or political events?
Those are not abstract questions. They are the governance questions that should exist before powerful surveillance systems are deployed.
Data Retention Is Where Risk Multiplies
The privacy risk of surveillance technology depends heavily on retention.
If a system only uses a signal momentarily to respond to a specific, immediate threat, that is one privacy profile. If the system stores the signal, correlates it, analyzes it, links it to other records, and makes it searchable later, that is a much larger privacy profile.
Leonardo’s product materials say SignalTrace data can be stored on a server where it can be queried and analyzed to aid investigations.
That is the key operational detail.
Once data is stored and searchable, it becomes a database. Once it becomes a database, it needs governance. Once it is used for investigations, it needs rules. Once it can reveal movements and associations, it needs oversight.
Without strong retention limits, surveillance databases tend to grow. They collect more records, cover more places, support more searches, and become useful for more purposes than originally advertised.
That is mission creep.
Mission Creep Is the Predictable Risk
Surveillance technology is often introduced for serious cases: stolen vehicles, violent crime, missing persons, organized crime, terrorism, border security, or major investigations.
Those use cases can be compelling. But once a system exists, the pressure to use it more broadly increases.
A tool built for serious crimes may later be used for minor offenses. A tool built for vehicle identification may later be used for protest monitoring. A tool built for suspects may collect information about everyone. A tool built for plate reads may later add device tracking. A tool built for one agency may become available to many agencies.
That is why privacy safeguards cannot rely on good intentions. They need to be built into procurement, contracts, policy, access controls, retention limits, audit logs, public reporting, and legal process.
What Good Governance Would Require
If a public agency or private contractor deploys technology that connects vehicles, devices, locations, and people, the governance bar should be high.
At a minimum, there should be clear rules around purpose limitation. The system should be limited to defined use cases, not open-ended surveillance. There should be written policies explaining what the system can and cannot be used for.
There should be retention limits. Data should not be kept indefinitely simply because storage is cheap. The more sensitive the data, the shorter and more justified the retention period should be.
There should be access controls. Not every officer, analyst, contractor, or agency should be able to search the database freely.
There should be audit logs. Every search should be recorded, reviewable, and tied to a legitimate purpose.
There should be independent oversight. Powerful surveillance tools should not be governed only by the agency using them or the vendor selling them.
There should be public transparency. Communities should know whether these systems are deployed, where they are used, what they collect, how long data is kept, and who can access it.
There should be procurement review. Agencies should not acquire systems that create broad location intelligence without privacy impact assessments, legal review, and community oversight.
There should be deletion rights where legally appropriate. People should not be permanently entered into a movement database simply because they drove past a sensor.
The Private Sector Should Learn From This Too
Private companies may not be deploying SignalTrace, but many are making the same basic privacy mistake: collecting signals first and asking governance questions later.
A company may collect mobile app location data. Another may collect Wi-Fi or Bluetooth signals in stores. Another may use vehicle telematics. Another may use employee badge data. Another may use smart cameras. Another may use foot traffic analytics. Another may combine customer profiles with precise location data.
All of those practices require serious review.
Companies should ask:
Are we collecting location data?
Are we collecting device identifiers?
Are we combining device data with customer profiles?
Can we infer visits to sensitive locations?
Are we sharing data with advertisers, brokers, analytics vendors, or government agencies?
Is the data necessary for the stated purpose?
Do individuals understand what is happening?
Do we obtain consent where required?
Do we retain the data longer than necessary?
Can we defend the practice if it becomes public?
That last question is often the best test. If the company would struggle to explain the practice clearly to a customer, journalist, regulator, plaintiff, or board member, the practice probably needs more governance.
This Is a Sensitive Data Issue
Location data tied to devices and vehicles can reveal sensitive information even if the system does not intentionally collect sensitive categories.
A person’s routes may reveal medical appointments, fertility treatment, addiction recovery meetings, religious worship, political activity, union activity, legal consultations, immigration appointments, domestic violence shelter visits, school routines, child custody exchanges, or intimate relationships.
That means companies and agencies should not treat location data as ordinary operational data.
It can become sensitive because of what it reveals.
This is especially important under state consumer privacy laws, consumer health data laws, biometric laws, surveillance ordinances, wiretap and eavesdropping theories, unfair trade practice laws, and broader privacy principles around minimization and purpose limitation.
The legal analysis will vary by jurisdiction and use case. But the privacy principle is straightforward: collecting movement patterns at scale creates heightened risk.
Why Notice Alone Is Not Enough
Some organizations think transparency solves every privacy issue. It does not.
Posting a notice that says a location uses surveillance technology may be useful. A privacy policy that mentions device identifiers may be necessary. A procurement document that describes data collection may help.
But notice alone does not make broad tracking fair, proportionate, or lawful.
People cannot realistically opt out of driving on public roads. They may not be able to turn off every signal-emitting device. They may not know which devices are broadcasting identifiers. They may not know where sensors are located. They may not know which agencies can query the data. They may not know how long records are retained.
That means privacy programs need more than disclosure. They need limits.
The Real Issue Is Power
Surveillance tools like SignalTrace raise a deeper issue than technical compliance.
They shift power.
When a government or company can silently collect signals from people moving through public space, correlate those signals with vehicles, infer relationships, store the results, and search them later, the individual has very little visibility or control.
That is why these technologies trigger such strong reactions. People understand that a license plate is visible in public. They also understand that building a permanent, searchable, device-linked movement history is something different.
Privacy law is still catching up to that difference.
Until it does, the burden falls on agencies, vendors, legislators, regulators, and companies to create guardrails before the technology becomes normalized.
What Organizations Should Do Now
Any organization working with location, vehicle, device, or surveillance data should review its data practices now.
The first step is an inventory. Identify every system collecting location data, license plate data, device identifiers, Wi-Fi signals, Bluetooth signals, RFID data, telematics, camera data, badge data, or movement analytics.
The second step is data classification. Determine whether the data can identify a person, single out a device, reveal precise location, infer sensitive behavior, or connect people together.
The third step is purpose limitation. Define exactly why the data is collected and prohibit unrelated secondary uses.
The fourth step is retention control. Delete data that is no longer needed. Avoid indefinite retention. Apply shorter retention periods to sensitive movement data.
The fifth step is vendor review. Contracts should restrict data use, resale, sharing, training, product improvement, law enforcement access, subcontractors, and retention.
The sixth step is access governance. Limit who can query location or device data. Log all access. Review searches. Escalate suspicious use.
The seventh step is transparency. Update notices, privacy policies, public disclosures, procurement materials, and internal policies so they reflect what the technology actually does.
The eighth step is ongoing monitoring. These systems change. Vendors add features. Agencies expand use cases. Data sources get combined. A privacy review performed at purchase is not enough.
Where Captain Compliance Fits In
Captain Compliance helps organizations understand and manage privacy risk before it becomes a regulator problem, lawsuit, customer trust issue, or public controversy.
While SignalTrace is a law enforcement surveillance story, the compliance lesson is much broader. Organizations are collecting more identifiers, more location data, more device signals, and more behavioral data than ever before. The risk comes from what happens when those data sets are connected.
Captain Compliance helps companies with privacy notices, data mapping, consent management, DSAR workflows, vendor disclosures, cookie and tracking reviews, and ongoing monitoring for digital privacy risk.
The next generation of privacy disputes will not only be about cookies and breach notices. It will be about inference, location, device identity, automated surveillance, and whether organizations can justify the data they collect.
If your organization collects location data, device identifiers, consumer behavior, website tracking data, or sensitive personal information, the question is not whether the data is useful. The question is whether the organization can explain it, govern it, minimize it, secure it, and defend it.
That is the difference between responsible data use and surveillance risk.
