Principles of the Law, Policing

(a) Suspicion-based policing activities should be conducted only pursuant to a written policy that makes clear:

• (1) which personnel are authorized to utilize the method or technique in question;
• (2) what training is required before personnel are authorized to utilize it;
• (3) the predicate or level of cause that must be present to justify its use;
• (4) whether advance permission is required from a supervisor or other third party, including a court, and what form that advance permission must take;
• (5) specific steps that officials should take in order to limit the scope of the intrusion, consistent with § 3.03; and
• (6) the manner in which use of the suspicion-based technique will be documented, audited, and reported to the public, consistent with § 3.04.

(b) In developing the policy, agencies should consider:

• (1) the intrusiveness of the technique at issue, as well as the sensitivity of the information that its use is likely to obtain;
• (2) other potential harms that its use could impose, including the potential to exacerbate racial disparities, chill the exercise of constitutional rights, undermine police legitimacy, or be deployed toward illegitimate ends;
• (3) the feasibility of obtaining approval in advance of its use, as well as the likelihood that any potential misuse of the technique could be identified through after-the-fact review; and
• (4) the degree to which any particular safeguard would impose undue burdens on the agency or unduly impede legitimate law-enforcement investigations.

(c) The written policy should, consistent with § 1.06(b) (policy transparency), be made available to the public, except when there is a substantial and articulable risk that doing so would compromise the agency’s ability to carry out its policing obligations.

Comment:

a. Regulatory approach. This Chapter adopts a regulatory approach to suspicion-based seizures, encounters, and “information gathering” activities—described collectively as “policing activities.” See § 2.02 (defining “information gathering”). The goal of this Chapter is to ensure that agencies take responsibility for the manner in which officers conduct suspicion-based activities, and to minimize to the extent possible the risk that these techniques are deployed in arbitrary, unjustified, or discriminatory ways.

The approach outlined here differs in important ways from the traditional approach used by courts to regulate suspicion-based searches and seizures under the Fourth Amendment to the U.S. Constitution. As a matter of Fourth Amendment law, searches and seizures typically require warrants or probable cause—or for lesser intrusions, reasonable suspicion. Meanwhile, policing activities that fall short of a search or seizure are left entirely unregulated. This approach—bounded as it is by the text of the Fourth Amendment as well as the nature of the judicial function—is not designed to address the full panoply of concerns that suspicion-based investigative activities may pose. As the U.S. Supreme Court itself has emphasized, its Fourth Amendment doctrines are not intended to remedy the problems of racial bias and disparate impact, to promote the goals of legitimacy or harm-minimization, or to facilitate internal and external agency accountability. And of course, they do nothing to regulate the activities that fall beyond the Fourth Amendment’s scope. It is therefore essential that government activities that intrude on individual liberty, privacy, or autonomy be regulated in some way.

Although agencies and legislatures must adhere to any constitutional requirements, they have considerable leeway to regulate in areas that the U.S. Constitution does not, and in particular to adopt a more comprehensive regulatory scheme. Many agencies already have in place department polices that address the many potential issues with various information-gathering activities in ways the traditional constitutional requirements of warrants and probable cause do not (and cannot). In addition, some states and municipalities have laws that regulate various aspects of information gathering by police. To the extent that any given agency lacks those policies, this Section describes what a comprehensive administrative or legislative regime ought to include.

b. Written policy. The threshold requirement in this Section is that all suspicion-based policing tactics be carried out pursuant to a written policy that, absent a demonstrable, articulable need for confidentiality, is made available to the public. (Redaction is an option if part, but not all, of a policy must remain confidential.) This requirement also could be satisfied through legislation, which then could be implemented through more specific department policy.

This requirement accomplishes two important goals. First, it ensures that key decisions about how and when a particular technique may be used are made by responsible department officials, and not by individual officers in an ad hoc fashion. Second, it informs members of the public of these critical policy choices and, in doing so, permits at least some measure of accountability from outside of the law enforcement agency. This external check is particularly important when it comes to surveillance techniques that fall short of a Fourth Amendment search, and therefore are not subject to judicial scrutiny of any sort.

In implementing this requirement, agencies will need to determine when a new policy is required, and when the use of a particular technique falls within an existing agency policy. For technologically enhanced searches and seizures, the line is a fairly easy one to draw: agencies should have separate policies to deal with each of the technologies that officials are permitted to use. And in practice, many agencies already do. For more routine investigative activities, there inevitably may be some ambiguity as to what precisely constitutes a new “technique.” All searches of physical property, for example, arguably could be covered by a single policy or broken up into broad categories with specific policies and procedures for searches of homes, automobiles, and containers. Ultimately, agencies will need to use their common sense and practical experience in deciding whether a new policy is necessary. The various considerations listed in subsection (b) for what a policy should include also can provide some guidance for whether a distinct policy is needed. Regarding searches of persons, more intrusive searches like strip searches require additional protections that should be spelled out separately. Existing agency manuals suggest agencies already are thinking in these terms. Many agencies have separate policies—or subsections of policies—to deal with different kinds of searches of persons, including field searches, strip searches, searches of juveniles, and the like.

c. Primary safeguards. This Section then sets out the basic questions that high-level agency officials should consider—and address through written policy—in order to ensure that they are in fact taking adequate responsibility for technologies and tactics that are used. First, officials must decide who within the agency is permitted to use the technique and whether those individuals will need any specialized training in order to do so appropriately. For some techniques, the answer may very well be that any personnel may use it. For others, however, stricter limits may be appropriate. A number of agencies permit only a small number of specially trained officers to fly drones.

Second, officials should articulate the set of circumstances under which a particular technique may be used and decide who within the agency will be responsible for ensuring that the predicate has been met. Here again, agencies have a range of options to choose from that go beyond the familiar Fourth Amendment standards of reasonable suspicion and probable cause. For certain less intrusive techniques, officials reasonably might decide not to require any predicate beyond the threshold requirement of a legitimate law-enforcement purpose. In other contexts, probable cause alone may not be sufficient. For example, the federal Wiretap Act, 18 U.S.C. § 2510, prohibits the use of wiretaps to investigate low-level offenses and requires the requesting agency to show that less intrusive tactics would not be effective. Similarly, some agencies require officers to obtain supervisor approval prior to using certain investigative tactics, such as consent searches. And in some cases, agencies may even require approval from the chief of police.

Agency officials also should identify the steps that individual officers, or others within the agency, should take in order to limit the scope of the intrusion to its lawful objectives. And agencies should consider in advance the manner in which the use of a particular technique will be documented, audited, and reported, both to promote accountability within the agency and to facilitate broader public accountability over policing. Additional guidance on these aspects of the agency policy is provided in §§ 3.03 (Minimization) and 3.04 (Documentation, Auditing, and Reporting).

Importantly, in formulating its policy, an agency reasonably may decide to lean more heavily on some regulatory strategies than on others. An agency might decide, for example, not to impose a predicate but to nevertheless require either prior approval from a supervisor or after-the-fact documentation in order to ensure that a technique is not abused. What this Section requires is that agencies make these decisions affirmatively and transparently, based on a careful consideration of the various factors outlined in subsection (b).

d. Considerations. The considerations described in subsection (b) are consistent with the overall approach of this Chapter, which is to encourage agencies to view suspicion-based policing activities from a regulatory perspective, i.e., to identify the various risks and policy considerations associated with a particular policing activity and consider the feasibility of various approaches to mitigating the potential harms.

A key factor of course is the intrusiveness of the technique in question, as well as the sort of information that its use is likely to uncover. Physical searches, for example, generally are thought to be more intrusive than observation from a distance. Long-term location-tracking information, or histories of credit-card purchases over a period of weeks or months, can reveal a great deal of sensitive information even if any individual data point would not.

Importantly, subsection (b) asks agencies and legislatures to consider other factors as well, such as the feasibility of obtaining prior approval and the ease of detecting any misconduct that may have occurred after the fact. The decision to deploy a drone, for example, rarely is made in a split second; it therefore is precisely the sort of technique that could be regulated in part through supervisory review. Another factor is the degree to which a particular regulatory strategy is suited to addressing the particular concerns that use of a technology or tactic presents. In some cases, supervisory review alone—or even after-the-fact reporting—may be sufficient to ensure that use of the technique is justified based on the facts available. Studies suggest that simply requiring someone to explain their reasons to a third party can induce better decision making. In other contexts, however, supervisors (and in particular, lower-level supervisors like sergeants or lieutenants) may be susceptible to some of the same investigative pressures that skew individual officers’ decision making. In these contexts, approval by the agency head—or by someone outside the agency, such as a police commission or a judge—may be necessary.

Reporters’ Notes

1. Constitutional backdrop. As compared to some of the other Chapters in this volume, the Sections in this Chapter address an area of policing that has been heavily constitutionalized. The core of the U.S. Supreme Court’s Fourth Amendment jurisprudence deals precisely with the set of activities addressed here: policing activities aimed at specific targets, based on some level of suspicion that they are engaging in unlawful conduct.

And yet, as the Supreme Court itself has made clear, the Fourth Amendment rules that govern the use of targeted (or suspicion-based) policing activities are designed to address only a subset of the possible concerns that their use may pose. The Court has emphasized, for example, that a police tactic may be “reasonable” for Fourth Amendment purposes even if it creates a serious risk of disparate racial impact. See Whren v. United States, 517 U.S. 806 (1996) (permitting stops for pretextual reasons so long as there is some objective basis for the stop). And it has made clear that so long as there is probable cause for suspicion of even a minor offense, it does not matter for Fourth Amendment purposes whether a search or arrest was in fact prudent or wise. See Atwater v. City of Lago Vista, 532 U.S. 318, 354 (2001) (“[T]he standard of probable cause applies to all arrests, without the need to ‘balance’ the interests and circumstances involved in particular situations.”). Similarly, the Supreme Court generally has approached policing activities with a narrow frame, focusing on the specific facts of a particular encounter, as opposed to evaluating the broader systemic consequences that the use of a particular tactic might pose. See, e.g., Tracey L. Meares, Programming Errors: Understanding the Constitutionality of Stop-and-Frisk as a Program, not an Incident, 82 U. Chi. L. Rev. 159, 162 (2015) (identifying a “mismatch” between judicial analysis of stop-and-frisk and its real-world practice, where courts focus on the facts in individual cases but stop-and-frisk is “in reality . . . more typically carried out by a police force en masse as a program”) (emphasis in original); see also Utah v. Strieff, 136 S. Ct. 2056, 2069 (2016) (Sotomayor, J., dissenting) (rejecting the notion that suspicionless police stops are “isolated instance[s] of negligence,” but rather are the “product of institutionalized training procedures” that instruct officers to stop first and find suspicion later). And of course, many of the activities that constitute “information gathering” for the purposes of these Principles are not subject to regulation at all under the Fourth Amendment because the courts have not deemed them to be “searches” or “seizures.” See § 2.02 (defining “information gathering”). In short, the Fourth Amendment never was meant to be a comprehensive code for the police, and it could not possibly fulfill that function.

2. Legislative and administrative regulation. Legislative and administrative regulation of suspicion-based policing, on the other hand, has been a patchwork quilt. Although, as discussed below, some agencies have developed comprehensive and transparent regulatory schemes for at least some of these tactics, many others have not. See, e.g., Stingrays and the Chicago Police Department, ACLU Illinois (2019) (noting the Chicago Police Department’s failure to develop internal policies on Stingrays, which can be used to obtain location data and other identifying information from all cellphones in a particular location); Joseph Goldstein, New York Police Are Using Covert Cellphone Trackers, Civil Liberties Group Says, N.Y. Times (Feb. 11, 2016), https://‌www.nytimes.com/‌2016/02/12/nyregion/new-york-police-dept-cellphone-tracking-stingrays.‌html (noting the New York Police Department’s failure to do the same); see generally Automatic License Plate Readers, NYCLU, https://www.nyclu.org/en/automatic-license-plate-readers (observing flaws in agencies’ policies regarding the collection, use, sharing, and retention of location information gathered from automatic license-plate readers). Too often, agency policies on various kinds of searches and seizures simply restate the constitutional line. See Maria Ponomarenko, Rethinking Police Rulemaking, 114 Nw. L. Rev. 1, 32 (2019) (“Virtually every policing agency has a ‘search and seizure’ policy that, more often than not, just restates the constitutional requirement that a stop be based on reasonable suspicion.”); e.g., Tampa Police Dep’t, Standard Operating Procedures 2 (2011), http://www.justiceacademy.org/iShare/‌Library-‌Manuals/‌TampaPD.pdf (explaining that an officer may frisk upon “reasonable belief that the individual may be armed”); Honolulu Police Dep’t, Policy on Warrantless Searches and Seizures 4 (2019), http://www.honolulupd.org/information/pdfs/WarrantlessSearchesand‌Seizures-10-31-2019-10-14-58.pdf (specifying that an “investigative stop” requires “specific and articulable facts which . . . with rational inferences from those facts, reasonably warrants the intrusion.”).

The failure on the part of legislatures and agencies to regulate where the courts have not (and could not) has, across a variety of contexts, caused real and substantial harm. Countless studies and reports have found racial disparities in the use of various investigative techniques, particularly those that do not require any degree of individualized suspicion under the Fourth Amendment, and thus often are left entirely to officer discretion. See, e.g., ACLU of Illinois, Racial Disparity in Consent Searches and Dog Sniff Searches: An Analysis of Illinois Traffic Stop Data from 2013 (2014); see also Richard A. Oppel, Jr., Activists Wield Search Data to Challenge and Change Police Policy, N.Y. Times (Nov. 20, 2014) (describing similar findings of disparate impact in Durham, North Carolina, and Austin, Texas); Cholas-Wood et. al., An Analysis of the Metropolitan Nashville Police Department’s Traffic Stop Practices (2018), https://‌www.nashville.gov/Portals/0/SiteContent/MayorsOffice/docs/reports/policing-project-nashville-report.pdf (finding substantial and unexplained racial disparities in low-level traffic stops, which typically involve the greatest degree of officer discretion given the sheer number of potential violators). There also have been many examples of police intruding into protected First Amendment spaces or targeting groups on the basis of protected First Amendment activity. See, e.g., Activists Say Chicago Police Used ‘Stingray’ Eavesdropping Technology During Protests, CBS Chicago (Dec. 6, 2014), https://chicago.cbslocal.com/2014/‌12/06/activists-say-chicago-police-used-stingray-eavesdropping-technology-during-protests/ (describing police surveillance during protests); Matt Apuzzo & Adam Goldman, After Spying on Muslims, New York Police Agree to Greater Oversight, N.Y. Times (Mar. 6, 2017), https://www.nytimes.com/‌2017/‌03/‌06/‌ny‌region/nypd-spying-muslims-surveillance-lawsuit.html (detailing New York Police Department’s decade-long surveillance of Muslim neighborhoods after the September 11 terrorist attacks); see Peter Overby, IRS Apologizes for Aggressive Scrutiny of Conservative Groups, NPR News (Oct. 27, 2017) (noting that IRS applied higher scrutiny to applications for tax-exempt status from groups whose names included words like “Tea Party” and “Patriots.”). There likewise have been many documented instances of police officials deploying investigative resources to serve personal as opposed to public ends. See Sadie Gurman, Across US, Police Officers Abuse Confidential Databases, Assoc. Press (Sept. 28, 2016), https://apnews.com/‌69923694‌6e‌314‌06‌59‌fff8a‌2362e‌16f43 (documenting widespread police abuse of law-enforcement databases for personal use, including gathering information on romantic partners, business associates, neighbors, and journalists). Finally, the absence of transparency and sound regulation of certain techniques itself can undermine agency legitimacy wholly apart from the manner in which the techniques are in fact used. See, e.g., Catherine Crump, Surveillance Policy Making by Procurement, 91 Wash. L. Rev. 1595, 1609 (2016) (describing the public backlash against the Seattle Police Department’s drone program—despite the drones’ very limited capabilities—due largely to the fact that the department had acquired the drones in secret and had failed to develop a policy to govern their use). In some cases, failure to regulate at the front end has resulted in agencies losing access to certain investigative tools entirely. See, e.g., Crump, supra, at 1606-1607 (noting that the Seattle Police Department ultimately was forced to end its drone program); Rashida Richardson, Jason M. Schultz & Kate Crawford, Dirty Data, Bad Predictions: How Civil Rights Violations Impact Police Data, Predictive Policing Systems, and Justice, 94 N.Y.U. L. Rev. 192, 211-214 (2019) (recounting how City of New Orleans was forced to end its use of Palantir’s predictive-profiling service after public backlash regarding the lack of transparency around Palantir agreement).

3. Regulatory framework. The goal of this Chapter—as well as the Chapter on encounters that follows—is to develop a more comprehensive regulatory framework to address the full range of concerns that are implicated whenever police officials engage in suspicion-based policing. The challenge in doing so is that the tactics and technologies that agencies use vary across a number of dimensions, including their intrusiveness, their susceptibility to abuse, and the frequency with which they are used. Requesting an individual’s utility bill implicates a very different set of interests than requesting several years or months of credit-card transactions. Regulatory strategies—such as supervisory review—that work well for low-frequency activities are simply not going to be feasible (or effective) for techniques that are used dozens of times each day. See generally, Louis Kaplow, Rules Versus Standards: An Economic Analysis, 42 Duke L.J. 557, 595 (1992) (citing “the frequency with which a command will apply” as a key consideration in deciding how best to regulate); Kyle D. Logue, In Praise of (Some) Ex Post Regulation: A Response to Professor Galle, 69 Vand. L. Rev. En Banc. 97 (2016) (outlining the various considerations that inform the choice between ex ante and ex post regulation).

In lieu of a specific set of requirements, this Section requires that all suspicion-based policing activities take place pursuant to a written policy—and sets out the six regulatory choices that each policy would need to resolve. What this ensures, at the very least, is that high-level officials take the time to consider the potential harms associated with the technique in question, to identify potential strategies to mitigate them, and, ultimately, to take responsibility—in a transparent fashion—for how the technique will be used.

The six regulatory strategies outlined in subsection (a) are modeled after the techniques that legislatures and agencies themselves have adopted to regulate various suspicion-based policing activities. Agencies routinely limit the use of certain tactics or technologies to officers who have received specialized training or work as part of specific units. See, e.g., Baltimore Police Dep’t, Policy 1004: Cell-site Simulators (2016) (limiting use of “Stingray” technology to trained members of the Advanced Technical Team); Seattle Police Dep’t Manual, 16.170 Automatic License Plate Readers (2019) (“Only employees trained in the use of ALPR equipment will use and access ALPR devices and data.”); Seattle Police Dep’t Manual, 12.045 Booking Photo Comparison Software (2014) (limiting use of BPCS facial-recognition software to “department-trained photo unit personnel”); L.A. Cnty. Sheriff’s Dep’t, Policy: Use of Cell-Site Simulator Technology (2016) (“Only specific, sworn Department personnel, as well as trained technicians working under their direction, will be authorized to use and/or access the cell-site simulator technology.”); Michigan State Police, Statewide Network of Agency Photos Acceptable Use Policy 2 (recommending that “only trained facial examiners should conduct FR searches”); see also Int’l Ass’n of Chiefs of Police, Aviation Comm., Recommended Guidelines for the Use of Unmanned Aircraft (2012) (“U[nmanned aircrafts] will only be operated by personnel, both pilots and crew members, who have been trained and certified in the operation of the system.”).

Agencies and legislatures also have established predicate requirements—ranging from a legitimate purpose to probable cause—for a variety of investigative activities, including those that would not constitute a Fourth Amendment search. See, e.g., Seattle Police Dep’t Manual, 12.045 Booking Photo Comparison Software (2014) (requiring officer to establish “reasonable suspicion” before using facial-recognition software); Michigan State Police, Statewide Network of Agency Photos: Acceptable Use Policy 3 (restricting use of mobile facial-recognition software to where officer has “probable cause,” valid court order, or individual is unable to provide reliable identification); Salt Lake City Police Dep’t, Policy Manual, Policy 612.5.1: Covert Use of Social Media 482 (2018) (requiring “reasonable suspicion” for use of covert alias on social media for investigative purposes); Austin Police Dep’t, Policy Manual, Policy 455.6: Utilization and Access to Social Media Monitoring Tools 414 (2017) (requiring “reasonable suspicion” or “criminal predicate or threat to public safety” before using social media for investigative purposes); Georgia Bureau of Investigations, Guidelines for the Use of Social Media by the Investigative Division (2012) 31-32 (requiring “reasonable suspicion” or “criminal predicate or threat to public safety” before creating online alias on social media for investigative purposes).

The requirement of supervisory approval is another common regulatory technique, which can be used either in conjunction with a predicate, or as an alternative safeguard in circumstances in which it may be difficult to articulate precise standards in advance. See, e.g., New Orleans Police Dep’t, Operations Manual, Chapter 1.2.4: Consent to Search 4 (2018) (“Before an officer may conduct a consent search, the officer must have the express approval of his or her supervisor.”); L.A. Cnty. Sheriff’s Dep’t Policy, Use of Cell-Site Simulator Technology (2016) (“Each use of a cell-site simulator by qualified Department personnel must be approved by the Chief of Detective Division or his/her designee(s) prior to deployment of the simulator.”); Seattle Police Dep’t Manual, 5.125: Social Media (2019) (“Any employees using non-official social media accounts for investigative purposes will obtain written permission from the Chief of Police, regardless of duty assignment.”); Georgia Bureau of Investigations, Guidelines for the Use of Social Media by the Investigative Division 32 (2012) (requiring supervisory approval to create online alias or engage in online undercover activity); Salt Lake City Police Dep’t, Policy Manual, Policy 612.5.1: Covert Use of Social Media 482 (2018) (requiring supervisory approval to use covert online alias for investigative purposes).

And as discussed in greater detail in § 3.03, agencies have provided guidance to officers on how to limit the scope of intrusions in various ways. See, e.g., Baltimore Police Dep’t, Policy 1004: Cell-Site Simulators (2016) (limiting data captured by Stingray technology to specific criminal investigations and mandating that any data captured not relevant to the investigation be “purged” within 24 hours); Oakland Police Dep’t, Policy 609: Cellular Site Simulator Usage and Privacy (2017) (limiting types of information that may be gathered using Stingray). Finally, both statutes and policies often specify the manner in which use must be documented and subjected to periodic audit. See, e.g., OR. Rev. Stat. § 837.362 (2019) (requiring public agencies that use drones to establish data collection and storage procedures); Tex. Gov’t Code Ann. § 423.008 (2013) (requiring law-enforcement agencies to submit biennial reports to governor and public regarding drone usage, including how often and when drones were used, the number of criminal investigations aided by use of drones, the type of information collected, and cost of using drones); Baltimore Police Dep’t, Policy 1004: Cell-Site Simulators (2016) (“The BPD shall document each use of the equipment referenced in this Policy. Random audits of usage shall be conducted.”); Seattle Police Dep’t, Policy 12.045: Booking Photo Comparison Software (2014) (setting forth specific procedures for retaining, logging, and auditing BPCS facial-recognition system and its associated data).

These regulatory requirements also are consistent with the guidance that law-enforcement organizations, such as the International Association of Chiefs of Police (IACP), have provided on regulating the use of various investigative tools. For example, the IACP’s model policy regarding automatic license-plate readers (ALPRs) instructs agencies to designate which officials will be permitted to utilize the technology and ensure that these individuals are trained adequately; to establish specific policies and protocols for accessing historical ALPR data; and to document all ALPR deployments and outcomes. David J. Roberts & Meghann Casanova, Int’l Ass’n of Chiefs of Police, Automated License Plate Recognition Systems: Policy and Operational Guidance for Law Enforcement (2012). Similarly, IACP’s model policy on “surveillance” activities states that long-term monitoring of individuals and groups must be approved in advance by supervisory officials, and only may be approved if there is reasonable suspicion of criminal activity and a clear showing that less intrusive techniques would not be effective. IACP Law Enforcement Pol’y Ctr., Model Policy, Surveillance 1 (2009). The policy spells out a variety of additional considerations, including the safety of officers or members of the public, the risk of violating individuals’ civil liberties, as well as the risk of undermining public confidence in the department. Id. at 3-4. Finally, consistent with these principles, the policy sets out procedures for minimizing the acquisition and retention of information that goes beyond the scope of the investigation and provides for documentation and ongoing supervisory review. Id. at 8.

A number of jurisdictions already have in place statutes requiring agencies to develop “use policies” to govern the use of various surveillance technologies and to address precisely the set of questions included here. See, e.g., OR. Rev. Stat. § 837.362 (2019) (requiring public agencies that use drones to establish procedures governing drone data collection and storage); Tex. Gov’t Code Ann. § 423.007 (2013) (“The Department of Public Safety shall adopt rules and guidelines for use of an unmanned aircraft by a law enforcement authority in this state.”); see also ACLU, Community Control over Police Surveillance, https://www.aclu.org/issues/privacy-technology/‌sur‌veillance-technologies/community-control-over-police-surveillance (listing 13 cities that have passed legislation regarding community control of police surveillance, which requires city council approval for surveillance equipment and mandates procedures regarding data collection, training, and public impact reports); Policing Project, NYU School of Law, Authorized Policing Technology (APT) Act Working Draft, https://www.policingproject.org/apt-act (proposing model ordinance for regulating police surveillance in a manner consistent with these Principles). In short, although these Principles address a pressing need for more comprehensive, uniform regulation of various suspicion-based investigative tactics, they also reflect a great deal of consensus on what a regulatory approach ought to entail.