> But Digital Recognition and other so-called “data brokers” who collect plate scans are fighting Hecht’s bill, arguing that repo agents are not invading privacy when they scan a license plate, which is available for all to see. The data brokers do not disclose the owner of the plates, they point out, though customers such as banks, insurers, and private investigators have ready access to that information.
If all you do is scan a plate and display "car payments past due", or discard the scan if the car is not wanted, it's not all that different from a human looking for a car.
But these folks are creating historical databases that capture everywhere you have ever been. These sorts of databases can be mined retroactively to discover all sorts of sensitive information, similar to what was pointed out by Justice Sotomayor in the recent GPS tracking case, U.S. v. Jones:
"GPS monitoring generates a precise, comprehensive record of a person's public movements that reflects a wealth of detail about her familial, political, professional, religious, and sexual associations. See, e.g., People v. Weaver, 12 N. Y. 3d 433, 441-442, 909 N. E. 2d 1195, 1199 (2009) ("Disclosed in [GPS] data . . . will be trips the indisputably private nature of which takes little imagination to conjure: trips to the psychiatrist, the plastic surgeon, the abortion clinic, the AIDS treatment center, the strip club, the criminal defense attorney, the by-the-hour motel, the union meeting, the mosque, synagogue or church, the gay bar and on and on"). The Government can store such records and efficiently mine them for information years into the future."
While the government can currently look up your license plate information, or track you manually, they are limited by their resources. (From Alito's opinion in U.S. v. Jones: "But it is almost impossible to think of late- 18th-century situations that are analogous to what took place in this case. Is it possible to imagine a case in which a constable secreted himself somewhere in a coach and remained there for a period of time in order to monitor the movements of the coach's owner?") A nationwide database of historical location information -- that may not currently require a warrant under the 4th amendment to access -- is ripe for abuse. Letting private companies access the data is also scary.
These data brokers are probably right that they don't currently violate any privacy laws, however. But that just means we need to change the laws, as I think this most definitely needs to be a violation of privacy.
I've had this idea in my mind to build the exact same thing, but have it be crowdsourced data and available to everyone for free. Wouldn't you like to know where police cars spend most of their time? Wouldn't you like to see where your mayor's car is at 3am? If private corporations and the government get the data, I should get the data, too.
"In 2012, the StarTribune newspaper in Minneapolis tracked the movement of the Mayor R.T. Rybak's car 41 times at license police readers in the prior year. The newspaper put the information on a map and gathered the data through public records requests.
As a result of that report, the mayor directed the police chief to recommend a new policy on data retention, the ACLU said."
If not, that trick would only work on shitty cameras for so long, before manufacturers of these scanners wizened up.
Fuck everything about license plate tracking, storing and mining.
Facebook is required by the city of Menlo park to install plate trackers at their new campus building that will track all cars that drive by.
The argument against doing this is exactly the same as the argument against people scraping public data. It's something a human could do manually, but now that its automated and much more intense in volume, suddenly its wrong.
I really, really don't like it, but that's probably why many people thought that license plates and car registrations were bad things when they were first introduced.
From a financial perspective, this technology, shitty as it is, probably saves us all money on our car payments. Tracking down pieces of shit who default on car loans? I'm all for it. (Note: If you can't afford your car payment, you are contacted and can easily make arrangements to hand the vehicle over to the bank. If you don't do this, you are a thief who is making it that much harder and more expensive for another low-income person to buy a vehicle.)
Is there a legal distinction? As I understood it, the reason you don't lose points on your license if you get caught by a speed camera in an automated fashion, is because technically, legally, they have to prove it was you in the car (but to charge a fine, they just have to prove it was your car and it violated a traffic law).
So if you think of it in that context, then how can I be sure it was you at all for those "sensitive" situations? If I can't be sure it was you, and the information was public (where you had no expectation of privacy in the first place), then is that information as protected as say, your medical records? (No really, I'm asking).
If I don't need your permission to look at your car's licence plate on a public street and write down when and where I saw it, or simply take a photo of said licence plate (as photos currently include timestamp+location) - then the situation doesn't change in any way and I still don't need your permission even if I did the same for a thousand cars this morning, and my buddies did the same thing for ten thousand cars more.
For example:
1) If someone glances in your window as they walk by your house, that's fine. If they stand there all day, they're probably guilty of stalking, a crime.
2) If one person is holding a protest sign in front of city hall, that's legal. If a thousand people do it, that's a protest, which in most cities is a regulated activity requiring a permit.
3) If you pour your morning orange juice out in a storm drain, that's probably legal. If you pour thousands of gallons of OJ into a storm drain, you're breaking environmental laws.
4) If someone drives by a street, that's fine. If they go back and forth down it, they're cruising, which is a crime in many cities.
5) If you give a friend $100, it's an unregulated gift. If you give them $20k, then that's regulated by tax laws.
6) If someone sells a stock and buys it back, that's fine. If they do it tens of thousands of times in a minute, they may be breaking securities laws.
7) If you bring $1000 into the country, that's an unregulated event. If you bring $100k, it becomes regulated.
8) If you access a web site with an automatic tool, that's fine. If you access it a thousand times a second, that's a DDoS attack, which is a crime.
9) If you cut a tree down on your property to sell the wood, that's fine. If you cut hundreds down, then you're running an illegal logging operation.
and on and on.
I totally don't buy the argument that it's unreasonable to forbid or regulate the case of collecting license plate numbers based on it just being a different quantity of something that's permitted. Laws use quantity as the basis for drawing the line between legal/illegal or unregulated/regulated all the time.
I hate to say it -- because it's probably irrelevant from a legal perspective at the moment -- but this sounds exactly like the fallacy of the beard to me.
(edit: not to accuse you of committing this fallacy, just felt this was important enough that it should be highlighted)
> The scan of the license plan is not really the issue
This is wrong:
> it's the collecting of the scan, tagging it with GPS, and aggregating the scan into large, permanent databases that can be accessed by both government and private corporations.
The real issue is the legal requirement that every car must have license plates and that every car must be registered to a "person" (individual or corporation).
If there were no such requirements, we wouldn't be having this discussion in the first place.
In the government case, the "mosaic theory of the 4th amendment" is an attempt to produce a new rule that certain aggregations of non-search data become searches when aggregated, so it may require a warrant to track you around the city with a network of license-plate readers, while it doesn't require a warrant to look at the exterior of your car normally. It's a bit fuzzy, though, and not clear it will survive (or be practical to administer). And it's not clear whether something analogous should or could be done for private collectors of data. And of course if it isn't, then that's an easy loophole for the government too: the government can just buy the data from the private data collectors. Under current law, at least, the government buying data lawfully collected by a private party who willingly sells it isn't considered a search, and doesn't require a warrant.
Already, mapping technology can cause marital problems - I had a neighbor who split up because the Google car photographed a motorcycle in their driveway that wasn't the husbands.
No, affairs can cause marital problems. Technology just makes it easier to get caught This is not a vindication of the technology in question, but it can't be blamed for everything.
I can't help but think that cheating business travellers had it a lot easier before the advent of ubiquitous, near-free mobile long distance telephony made it easier for spouses to keep tabs on the travelling partner. That doesn't make telephony a cause of marital problems.
By taking, storing and cataloging the data, they, not the car owner, now have some control over what happens to the data. Hence it's an invasion of privacy of the car owner.
This idea is essential to all the creep factor around Google’s recurrent controversy: the problem is not taking street pictures, but guaranteeing that any house can be seen by anyone; it's not to murmur in your boss's ear ‘that’s the sub-commissioner in grey’ but potentially matching anyone’s face to their full public history. This is what made every page of a phone book precious, and every post-it with a phone number on it worthless.
http://en.wikipedia.org/wiki/Feist_v._Rural
But it should still be straightforward to make laws saying that the tags on a vehicle are a particular type of information and then restrict the way that businesses are allowed to use it.
I really don’t think that you can make enough information particular enough to get away with disanonymisation techniques: you standing anywhere in a city, with a block accuracy is enough to identify most people on a transport map; even whether you like a handful of movies, and in what order or when you saw them is enough to isolate individuals from a VoD database.
Now see the issue?
The information about who is where and when is information that should be treated in similar way as credit cards numbers, medical information, and so on. Repo agents do not actually need to store this for their businesses, so their argument is easy refuted by simply denying their ability to profit by selling sensitive information about peoples private life.
If don't consider that a intrusion of your privacy, then that is up to you.
Obvious downfall: someone will figure out how to spoof a GPS signal and randomly generate license plate images on a computer monitor and make a bunch of money for uploading junk data.
It's not just that ppl have the data and use it for amoral/unfair purposes. It's that people come to trust the data, believe in it and use it to make decisions. This is disastrous b/c there are huge margins of error.
Errors are possible at all levels in systems like this, including sabotage and incrimination and your suggestion of junk data.
E.g. in the motorcycle example cited above. It's quite possible a motorcyclist needed to stretch their legs, so they pulled into a driveway for a moment, stretched, then google snapped a photo, then it was used as evidence. It's not likely or common, but it's utterly possible and not anticipated by these systems.
In that document there is the concept of consent and that the consent can only be for the purpose the data was collected for. So should some clever company sell widgets at a loss to collect data and should that data then have an extra purpose in aggregate that does not fall into a protected area (like national security, government functions and all that) and the person did not consent to that reason, then you should (in theory) be able to bubble that argument up to the relevant courts for further inspection.
That's the theory, how well that works in practise... only time will tell.
In the motorcycle example, there is no personal data involved whatsoever - it's just a photo that some motorcycle was there; again, DPD doesn't restrict anything at all for such cases.
I'd be surprised if it doesn't go like "The person 50 feet in from of you is a potential person of interest in an investigation. Keep him in your line of sight for 10 minutes or you'll be arrested for not collaborating with our investigation."
I'm not sure consummerizing it makes it much more terrifying, given the tremendous size these databases have already achieved.
The long arm of ... revenge.
We need time-varying crypto license plates. apparently.
This is all fun to talk about, but none of these is going to end well.
The world is a small place, if you do mischief there's a good chance someone remembered you, and a quite reasonable chance it was somebody you know.
your car already has GPS, "parking" cam and Wi-Fi/Bluetooth (for engine computer at least, not necessarily that you know about it). You're just not being paid for the info your car collects.
>Obvious downfall: someone will figure out how to spoof a GPS signal and randomly generate license plate images on a computer monitor and make a bunch of money for uploading junk data.
cross-referencing with streams from other cams will immediately identify "low trust" streams.
The cameras used for OCR on license plates need to have a fairly high resolution, fast shutter speed, and a number of other little additions which make it more expensive than an iPhone camera. Granted, $10,000 is really expensive for such a device, and the real cost for something like that is probably a few hundred dollars, but after you add in software and radio communication (probably a cell plan if I had to guess), you're looking at an expensive device.
Of course, we could build one ourselves for a fraction of that, but that's why we don't drive tow-trucks or license plate scanner cars for a living.
These are high quality cameras, that have to work in large range of weather and lighting conditions. This cost might also include the software to OCR and store the details.
One of these companies does in fact have an iPhone app that police officers can use to query a national database, but it can't scan 1800 plates per minute as you cruise down a highway.
Here's an example large manufacturer of these: http://elsag.com/mobile.htm
Also note that they help local and state agencies obtain grant funding from federal sources, so I'm sure there's a bit of cost-cutting that could occur in a less bureaucratic and funded market. Also, these were like $30k 10 years ago, so prices are falling.
"the systematic exploitation of private personal information by corporations and government is the modus operandi of a surveillance / police state.
Already this is being abused for corporate espionage, political benefit, and a host of criminal enterprises.
The manufactured pretext that all these erosions of privacy are ok because "we found bad guys" has been the same bogus justification for every single abuse known to history.
A simple extension of this illegal principle in practice means privacy and Constitutionally protected rights are null and void.
Jobs! Fraud! Crime!
"We'll keep you safe!" "We'll save insurance companies money!" "We'll catch criminals!"
They don't mention that they'll abuse this in an untold array of intrusions and privacy violations... for their commercial and political benefit."
I wouldn't object to the scan but the storage of the data is a different matter.
What you are referring to is part of the agreement you make with the lender in which you agree to keep them updated on changes of address, a violation of which they have constitutionally legal methods to address.
So please, elaborate on why you think lenders have a right, beyond the normal legal and reasonable updates of contact information, to "check up on" my activities in any way whatsoever.
This sort of slippery slope reasoning that is very, very dangerous for the peoples rights.
Imagine living in a village a hundred years ago. There is no practical anonymity, everybody knows who you are, what you do, and they tend to share many parts of what they know. The shopkeeper knows all your purchasing habits, the bored old lady living on the corner knows where everybody is going at what times, and if you buy condoms then the pharmacist likely knows with whom you'll be using them. If you'd get judged by a jury of your peers, they would know you and the witnesses since birth, and take all of it into account.
Like it or not, I feel that this is the social model that our changing capabilities will bring - and it's not entirely a disaster; for pretty much all time the civilization was like this, the anonymous faceless metropolis is just a recent change; and USA constitution was already written for an environment like that, and not the current (temporary?) one.
I still think the killer app for Google Glass type products is face & license-plate recognition, aggregating data and pulling it up for you a la augmented reality all the time. The devices & services would be cheap unto free by companies accumulating that data.
I've thought about this a lot (because my startup wants to move into this space in a year or so, depends on the progression of wearables like glass) and have drawn the conclusion that the reason the facebooks and googles of the world while being technically capable of executing such an idea, they might see as even trying to do such (based on them basically creating walled gardens around information of which one needs to create an identity to access) would amount to a public flogging of them and maybe no clear way to monetize such capabilities now (just look at foursquare stumbling along trying to do such, and that's without facial recog).
But as you note, the technology is here, it's only a matter of time before someone can adopt such and gain usage by the masses. I personally think that the data collected from such if made publicly available, will make the the outcry over surveillance state moot since such capabilities are slowly creeping their way to the masses… I can only imagine the outcry from the church when the printing press started to take hold in its abilities to spread information to the masses…
Edit for 1st comment: Looks like 4sq found it… and I'm sure there's room for others to follow… http://techcrunch.com/2014/03/05/foursquare-revenues/
Then when face recognition kicks in, never going out in public. Might be an opportunity in there somewhere for selling comfortable face masks.
Ken Bensinger's 2011 LA Times series about the practices of Buy-Here-Pay-Here car sales businesses:
"A vicious cycle in the used-car business" http://articles.latimes.com/2011/oct/30/business/la-fi-buy-h...
Fairly depressing.
And while the tactic they used to repossess the car was pretty shady, they were in their right. And 25% default rate is tough.
It's depressing, but the alternative would be leaving people with no financing options.
A NGO or maybe a startup that helped people balance their economies would be doing a lot of help, in the U.S. and everywhere. I've read about some that try to disrupt lenders, including a Y Combinator backed one (LendUp).
http://techcrunch.com/2013/11/12/lendup-raises-14m-from-goog...
How about an LCD screen that shows a captcha image of the license number? The captcha image can be regenerated after a set interval, for example, a day.
Edit: This would have the benefit that humans can still read it, but making it difficult for OCR.
That is the worst thing. Either allow everyone or no one. Giving more and more capability to special interests is how we have gotten into being a surveillance state and become very unbalanced authority / responsibility between different segments of society.
I'm sure when license plates were devised, no one thought ahead to the day a single unregulated for-profit company could automate the scanning and geolocation of many millions of vehicles a year.
When I saw the title, first think to cross my mind was "what the hell does GitHub have to gain from it?"
Pull into parking space in the mall. Cover up your license plate. Or, better yet, put an image of random numbers.
Ta da!
I am, and have been, very interested in countermeasures that obscure plates to non-humans. Bright IR to severely overexpose, shuttered lenses or pulsed LEDs that create severe beat-frequency disruption of the image, some magical thing that causes the characteristics of a plate (retro-reflectivity is a key signature, I think) to not look like a plate to an ALRP so that it won't even think to try and capture, etc.
—I mention retro-reflectivity only because within the last few years Washington state has required that license plates be replaced every three years rather than just getting new tabs as it had been forever. I asked a DMV engineer why this policy was put into place and he replied that it was due to decreasing reflectivity over time. Perhaps coincidental but the policy was instituted right about te same time ALRPs started to be used by parking enforcement and police.
Instead of trying to save terminally ill patient - privacy - we need to look into the future. The real fight is who owns the data, not whether the data is collected. For example can we just force that all the data anybody has about anybody is to be public?
The problem we are having now is not just that people are watching us, it is that we also don't know who they are or when they are doing it.
If its not right for a public company to assemble such records it should be doubly wrong for law enforcement. I tire of passing the police cars festooned with cameras pointing in every direction. What guarantee do we have that the data is any safer in their hands? We don't and the reason is that a law that might offer protection today doesn't have to be in that form tomorrow or after some obscure judge rules otherwise.
So I am all for it on the grounds it puts on equal footing with government officials. We should be able to track them too which is most likely the real reason there is a law coming to prevent gathering by private individuals or companies
Where have we seen that before? Many years ago when facebook first revealed the Newsfeed. There was a huge backlash, to which Mark Z personally wrote to all users, "Relax, breathe, we hear you." He went on to explain that all the info in the newsfeed was already public, just better accessible to us for consumption.
The inexorable march of technology proceeded unabated. The next few years produced the slogan "privacy is dead" on the social networks. So many people now post mundane details of their lives IN ORDER for others to read and to collect "likes".
Fast-forward to last year: Graph Search comes out, to help us all find what we're looking for using only the data available to us, and facebook doing the searching. No big splash this time. The graph search is arguable much more dangerous to privacy than ever:
http://gawker.com/5978327/men-interested-in-men-in-tehran-an...
And the inexorable march of technology continues. Remember - it's not that you're caught on camera in a public place that's scary. It's that later, all the information can be cross referenced and mined for any purpose.
Should I write a blog post about this?
However, this won't work, as linking the two records is trivial via DMV records...
