Automated Plate Readers Let Police Collect Millions of Records On Drivers

schwit1 writes with a report on just how extensive always-on license plate logging has gotten. The article focuses on California; how different is your state? "In San Diego, 13 federal and local law enforcement agencies have compiled more than 36 million license-plate scans in a regional database since 2010 with the help of federal homeland security grants. The San Diego Association of Governments maintains the database. Unlike the Northern California database, which retains the data for between one and two years, the San Diego system retains license-plate information indefinitely. Can we get plate with code to delete the database?"

Had this in the UK for years

[clickclickdrone]

The police set up vans with cameras that scan the number plates of all the cars that go down the street that day, cross ref for road tax, MOT and/or insurance and send out automated fines if any aren't in order.

Re:Had this in the UK for years

[Frobnicator]

Great, the UK is becoming a panopticon state even faster than the US. As an American, I'm not petty enough to welcome the company.

You got it backwards.

The UK entered the mass-surveillance business back before WW1. Pax Brittania meant they could monitor the world with impunity, just like the US does now. Mass surveillance of British citizens entered the public knowledge around WW1, so the government made the GCCS (Government Code and Cypher School) public after the war. It was later named the GCHQ, which is the functional equivalent to the NSA in the United States. Thanks to the CCTV cameras every five meters it is still the most surveilled nation --- the US is not alone in monitoring every phone call.

US mass-surveillance came a bit later, but WW2 saw the industry boom. It entered public knowledge after WW2, which is about the time the NSA was formed. The "Five Eyes" program during World War 2 expanded government surveillance to the global scale. The five nations (UK, US, Canada, Australia, and New Zealand) are still working together to ensure that when one country can't do the spying, another country will gladly step in and spy for them.

The US joined the UK. Even though the US does an incredible amount of spying around the globe, the UK has been and continues to be the "leader" in homeland surveillance.

Exploits implementation

There was a joke circling in Poland a couple years ago:
http://i.pinger.pl/pgr456/3d49724c000eb4404b01224d
worth a try ;)

Re:Exploits implementation

[gmuslera]

Thats the real world equivalent to the xkcd strip. The problem is, knowing the trend, going in the streets with something like that will surely put you in jail, for years. If they put in jail, for a decade, for scribbling anti-bank messages in sidewalks with washable chalks this will be harder. In fact, is a hack attempt, you could get a century in prison for that kind of things. Meanwhile, you keep the money and walk free, even if caught screwing the entire world's economy. In their view, law needs justice like a fish needs a bicycle.

Re:public?

[TheGratefulNet]

we believe you: you probably DO fail to see why this is such a big deal.

but it is. even if you don't get it.

Re:public?

[Antipater]

i didn't realize small towns were keeping permanent databases.

They have for decades. It's an undeletable, all-seeing database called "the Pastor's Wife"

Data Lifecycle

[onyxruby]

The thing that people need to think about is that data is an asset. Like any asset it has a date of acquisition, a period of usefulness and a time that it should be removed from service. Just like you would have a retention policy for your corporate email or payroll records, you should have a retention policy for all other data.

The key is to define the lifecycle of your data ahead of time - before there are any legal actions against it and within legal compliance requirements. Once you have defined your requirements and useful period of retention you need to purge it and destroy all backups - all as a matter of policy. As long as this is your normal course of business your butt is covered in court.

Government owned data like license plate data should be treated the same way. Since it is publicly owned data the public should have a say in how long it is retained. My suggestion is to simply define a policy with a very short retention period. Normal data would be kept for a week and data that matches up to a criminal investigation (stolen car etc) could be retained per legal requirements.

The balance of the thing between big brother / police state and a bonafide crime fighting tool (these things are really good at catching stolen cars for example) is to define your data retention policy as short as possible and zealously enforce it.

Being done commercially too ...

[perpenso]

I believe businesses are doing it too. Auto repossessors, bail bondsmen and others have mounted cameras on their cars to scan and record the license plates of vehicles around them and enter the data into a private central database that they all subscribe too. The driver receives an alert if a nearby license plate is tagged in the database. Previous location information is also available.

If you have parked in Wal Mart parking lot a local auto repo guy has probably scanned you and you have been entered into the database.

I believe the number of vehicles recovered using this technology is currently in the tens of thousands per year in the U.S.

Read / Write power is God power

[WOOFYGOOFY]

All these databases are used as evidence during criminal investigations... this one... the NSA one etc. etc..

Any political operative with read / write access to these databases can fabricate evidence as they see fit. And it's not just theoretical :

http://www.ibtimes.com/changing-timestamp-mystery-continues-after-texas-abortion-bill-defeat-wendy-davis-filibuster-1324549

If you believe, as I do (and even if you don't ) , that we can't do law enforcement without databases like this, then I submit we have an engineering challenge here.

We need stores of data which are designed to be "evidential" or "purely factual" in nature and once an entry is written, it can't be changed at a later time to have another value. I am using the word database here but I am pretty sure it's more like a "store" .

Is there a one way, write-once technology which is provably tamper proof? Can one be designed?

The scenario I am trying to prevent is the most obvious one where a malefactor, at some possibly distant date after information about their target has been recorded, attempts to change that information to produce a perception or suspicion or even proof of "guilt".

It's not just a theoretical worry. It's not much different than what the Texas legislature attempted to do with its own record yesterday. Seen in a certain way, they attempted to "frame" Wendy Davis, D-Fort Worth, as having not begun her filibuster in time.

This is benign compared to what a Dick Cheney or Richard Pearle or Donald Rumsfeld type could / would do with some career analysts' whereabouts, phone records etc. etc. who displeased them ala Valerie Plame. Sure, Scooter Libby went to jail for the crime, but I think we all know who he was protecting.

It's not even slightly far fetched and the consequences couldn't be more corrosive to democracy. In fact, just the potential for this kind of manipulation could under the right circumstances lead to a widespread loss of faith in all law enforcement on the part of the general public. That itself is unacceptably corrosive and dangerous to the republic.

So how do we solve this problem so it can't be "unsolved" by some domestic Axis Of Evil ? A running, recorded one way hash on the totality of input seems unworkable , but I am not an expert.....