I'm curious - how exactly would one refute the following argument put forth by data brokers and repo agents?
> But Digital Recognition and other so-called “data brokers” who collect plate scans are fighting Hecht’s bill, arguing that repo agents are not invading privacy when they scan a license plate, which is available for all to see. The data brokers do not disclose the owner of the plates, they point out, though customers such as banks, insurers, and private investigators have ready access to that information.
The scan of the license plan is not really the issue, it's the collecting of the scan, tagging it with GPS, and aggregating the scan into large, permanent databases that can be accessed by both government and private corporations.
If all you do is scan a plate and display "car payments past due", or discard the scan if the car is not wanted, it's not all that different from a human looking for a car.
But these folks are creating historical databases that capture everywhere you have ever been. These sorts of databases can be mined retroactively to discover all sorts of sensitive information, similar to what was pointed out by Justice Sotomayor in the recent GPS tracking case, U.S. v. Jones:
"GPS monitoring generates a precise, comprehensive record of a person's public movements that reflects a wealth of detail about her familial, political, professional, religious, and sexual associations. See, e.g., People v. Weaver, 12 N. Y. 3d 433, 441-442, 909 N. E. 2d 1195, 1199 (2009) ("Disclosed in [GPS] data . . . will be trips the indisputably private nature of which takes little imagination to conjure: trips to the psychiatrist, the plastic surgeon, the abortion clinic, the AIDS treatment center, the strip club, the criminal defense attorney, the by-the-hour motel, the union meeting, the mosque, synagogue or church, the gay bar and on and on"). The Government can store such records and efficiently mine them for information years into the future."
While the government can currently look up your license plate information, or track you manually, they are limited by their resources. (From Alito's opinion in U.S. v. Jones: "But it is almost impossible to think of late- 18th-century situations that are analogous to what took place in this case. Is it possible to imagine a case in which a constable secreted himself somewhere in a coach and remained there for a period of time in order to monitor the movements of the coach's owner?") A nationwide database of historical location information -- that may not currently require a warrant under the 4th amendment to access -- is ripe for abuse. Letting private companies access the data is also scary.
These data brokers are probably right that they don't currently violate any privacy laws, however. But that just means we need to change the laws, as I think this most definitely needs to be a violation of privacy.
> The scan of the license plan is not really the issue, it's the collecting of the scan, tagging it with GPS, and aggregating the scan into large, permanent databases that can be accessed by both government and private corporations.
I've had this idea in my mind to build the exact same thing, but have it be crowdsourced data and available to everyone for free. Wouldn't you like to know where police cars spend most of their time? Wouldn't you like to see where your mayor's car is at 3am? If private corporations and the government get the data, I should get the data, too.
"In 2012, the StarTribune newspaper in Minneapolis tracked the movement of the Mayor R.T. Rybak's car 41 times at license police readers in the prior year. The newspaper put the information on a map and gathered the data through public records requests.
As a result of that report, the mayor directed the police chief to recommend a new policy on data retention, the ACLU said."
Is it legal or even possible to prevent these scanning devices from working by having say a ring of infrared LED's shining on your license plate to prevent a camera from being able to capture it?
The repo companies here are journalists. They are collecting and reporting to their customers truthful facts. This does invade privacy, but so does TMZ.
I'm not thrilled about this, but a license plate in public view is free for anyone to do whatever they want with.
The argument against doing this is exactly the same as the argument against people scraping public data. It's something a human could do manually, but now that its automated and much more intense in volume, suddenly its wrong.
I really, really don't like it, but that's probably why many people thought that license plates and car registrations were bad things when they were first introduced.
From a financial perspective, this technology, shitty as it is, probably saves us all money on our car payments. Tracking down pieces of shit who default on car loans? I'm all for it. (Note: If you can't afford your car payment, you are contacted and can easily make arrangements to hand the vehicle over to the bank. If you don't do this, you are a thief who is making it that much harder and more expensive for another low-income person to buy a vehicle.)
I think the real interesting thing about this isn't any of these questions but really, much like with the internet, when does an IP become a person (or in this example, when does a license plate become a person)?
Is there a legal distinction? As I understood it, the reason you don't lose points on your license if you get caught by a speed camera in an automated fashion, is because technically, legally, they have to prove it was you in the car (but to charge a fine, they just have to prove it was your car and it violated a traffic law).
So if you think of it in that context, then how can I be sure it was you at all for those "sensitive" situations? If I can't be sure it was you, and the information was public (where you had no expectation of privacy in the first place), then is that information as protected as say, your medical records? (No really, I'm asking).
Many of the people that you could conceivably want to be protected from would not particularly care about the possibility of the car being driven by other people. Furthermore, in many situations, it is likely that the GPS-tagged data could be combined with other data, such as employment history, to greatly disambiguate the actual driver of the car at the time.
I don't see how quantity suddenly transforms a permitted thing into a forbidden one.
If I don't need your permission to look at your car's licence plate on a public street and write down when and where I saw it, or simply take a photo of said licence plate (as photos currently include timestamp+location) - then the situation doesn't change in any way and I still don't need your permission even if I did the same for a thousand cars this morning, and my buddies did the same thing for ten thousand cars more.
The law has thousands of examples of quantity turning permitted things into forbidden ones (or at least regulated ones, which is probably more the case here). This is in no way a unique restriction.
For example:
1) If someone glances in your window as they walk by your house, that's fine. If they stand there all day, they're probably guilty of stalking, a crime.
2) If one person is holding a protest sign in front of city hall, that's legal. If a thousand people do it, that's a protest, which in most cities is a regulated activity requiring a permit.
3) If you pour your morning orange juice out in a storm drain, that's probably legal. If you pour thousands of gallons of OJ into a storm drain, you're breaking environmental laws.
4) If someone drives by a street, that's fine. If they go back and forth down it, they're cruising, which is a crime in many cities.
5) If you give a friend $100, it's an unregulated gift. If you give them $20k, then that's regulated by tax laws.
6) If someone sells a stock and buys it back, that's fine. If they do it tens of thousands of times in a minute, they may be breaking securities laws.
7) If you bring $1000 into the country, that's an unregulated event. If you bring $100k, it becomes regulated.
8) If you access a web site with an automatic tool, that's fine. If you access it a thousand times a second, that's a DDoS attack, which is a crime.
9) If you cut a tree down on your property to sell the wood, that's fine. If you cut hundreds down, then you're running an illegal logging operation.
and on and on.
I totally don't buy the argument that it's unreasonable to forbid or regulate the case of collecting license plate numbers based on it just being a different quantity of something that's permitted. Laws use quantity as the basis for drawing the line between legal/illegal or unregulated/regulated all the time.
Okay, this is a very valid point that laws can and make a distinction based on quantity.
However, in this point no such distinction has been made, and thus they should be treated equally. There is clear law on the "low quantity" case, and no distinct law on the "high quantity" case - so the same principles should be applied even for thousandfold or millionfold increases unless/until the lawmakers (not the courts) draw a line somewhere.
This article is specifically about a lawmaker trying to draw a line, and the lobbying around that process. At least as far as this article goes, no court case is underway, nor is there a claim that this is currently illegal.
On the other hand, I'm very very worried about the risk of making it illegal - because those justifications can be used to make the low-scale personal activities into 'victimless crimes', leaving the government with a monopoly on surveillance while criminalizing citizens who do the same thing.
I'd rather prefer if everyone was permitted to do this at all scales, rather than risk restrictions on what people can do with their minds and devices with stuff that they can plainly see - it's similar to various restrictions on recording police officers in action, so as "to protect their privacy".
The government will do their thing anyways (as Snowden showed us), so if any restrictions are implemented then they will only restrict us, but not protect us.
Can you understand that if you give me the individual letters or sentences, than I'm allowed to arrange them in a large text even if you don't want them to be arranged that way?
I'm aware of the copyright legislation that applies to copying of data compilations - but those restrictions don't apply here, where people are [re]creating databases from independently made real world observations.
My argument was by analogy, but you've taken the analogy beyond its breaking point into another domain.
A single fact about a person at a particular place is not much more useful than knowing the placement of a single letter in a word. But if you know the placement of several letters in a word, you can guess the word - and that has a whole bunch more information [1]. Similarly, know several facts about a person's path, more information comes to light that is not evident from single facts alone, in a way that the whole is greater than the sum of the parts; place of work, school of children, likely friends, relatives, partners, potential medical issues, possible infidelity.
The issue you're getting at is a philosophical issue related to the sorites paradox on one hand, and the zero marginal cost of duplicating information on the other. The former is somewhat related to the issue at hand, but the latter definitely isn't.
[1] Semantically, not by Shannon, for the autistic nitpickers out there.
Differences in degree produce differences in kind all the time. Some places you're allowed to have small amounts of recreational drugs, but if you have large amounts you're presumed drug dealing. Over the years we've allowed tips uncovered on undercover operations to nab unrelated criminal activity; now that the government is shown to be monitoring online behavior on most of us, we recognize it as a problem. Some places you're allowed to cut down a Christmas tree but if you clear cut the forest, people would look askance. The examples of quantity mattering are endless. Often the issue has to do with power. Once the quantity and efficiency of an activity affords vast new power, that power must be scrutinized and regulated.
> the situation doesn't change in any way and I still don't need your permission even if I did the same for a thousand cars this morning, and my buddies did the same thing for ten thousand cars more.
I hate to say it -- because it's probably irrelevant from a legal perspective at the moment -- but this sounds exactly like the fallacy of the beard to me.
(edit: not to accuse you of committing this fallacy, just felt this was important enough that it should be highlighted)
If you can't understand how indexing turns bulk data into information you are clearly beyond help. Hint: there is a whole industry involved in data mining, and since time immemorial what distinguished a library from a pile of books is the library index.
Yes, and if I have the right to the bulk data, then I automatically have the right to all the knowledge that I can mine or infer from that data. THAT is the point that there is no difference. I can create information from data - and saying "raw data is okay, but the information mined from it isn't okay" is ridiculous.
If I have unconditional permission to read books from library, then that allows me (I don't need any extra permission) to use what I read to create a library index - even if you explicitly don't want me to have such an index.
And the public information permissions really are unconditional - what I see in public space is public info. There's no "... unless you write it down" or "...unless you plan to keep that data forever" or "... unless you don't gather too much" or "... unless you tell it to others" or "... unless you profit from it" or "... unless you make interesting conclusions from the raw data" - it's just that, public and unrestricted.
Once I have a legally obtained fact in my mind or my computer, I'm allowed to do pretty much everything with that knowledge, barring very specific exemptions such as blackmail or insider stock trading.
> The scan of the license plan is not really the issue
This is wrong:
> it's the collecting of the scan, tagging it with GPS, and aggregating the scan into large, permanent databases that can be accessed by both government and private corporations.
The real issue is the legal requirement that every car must have license plates and that every car must be registered to a "person" (individual or corporation).
If there were no such requirements, we wouldn't be having this discussion in the first place.
This issue that individual observations usually seen as benign become concerning when aggregated at computational scales is coming up in government surveillance as well. It is fairly uncontroversial that the police reading your license plate as they walk by your car isn't a 4th-amendment violation: it's not a "search" to view the exterior of a car parked on a public street. But is it still okay if the police start tracking the movements of all cars around the city using a network of license plate readers? Many people would be wary of that, but it's not clear what the difference in kind is or where a line could be drawn.
In the government case, the "mosaic theory of the 4th amendment" is an attempt to produce a new rule that certain aggregations of non-search data become searches when aggregated, so it may require a warrant to track you around the city with a network of license-plate readers, while it doesn't require a warrant to look at the exterior of your car normally. It's a bit fuzzy, though, and not clear it will survive (or be practical to administer). And it's not clear whether something analogous should or could be done for private collectors of data. And of course if it isn't, then that's an easy loophole for the government too: the government can just buy the data from the private data collectors. Under current law, at least, the government buying data lawfully collected by a private party who willingly sells it isn't considered a search, and doesn't require a warrant.
Come to think of it -- humans can't memorize all the number plates they see. Machines can. It's the "recording" of these images (though there for everyone to see) which takes us into the gray area.
In addition, the problem most people don't recognize with this, is the database keeps a history of where the car has been seen. This history is ripe data for divorce attorneys who can use it to show that assignations at motels took place.
Already, mapping technology can cause marital problems - I had a neighbor who split up because the Google car photographed a motorcycle in their driveway that wasn't the husbands.
> Already, mapping technology can cause marital problems
No, affairs can cause marital problems. Technology just makes it easier to get caught This is not a vindication of the technology in question, but it can't be blamed for everything.
I can't help but think that cheating business travellers had it a lot easier before the advent of ubiquitous, near-free mobile long distance telephony made it easier for spouses to keep tabs on the travelling partner. That doesn't make telephony a cause of marital problems.
I see this as a general trend of misattributing problems to technology that are actually caused by one's own behaviour.
Lying to people is a bad idea; some people mistakenly believe that they can lie freely without others knowing, and then cry foul when new technologies threaten that belief.
Everything we do, everything we say, has consequences that spread through the great web of causation; technology only allows us to look at this web faster and in more detail, and thus spot more inconsistencies in our model (i.e. lies). It's not the fault of technology if you lied and got caught.
I see this as a general trend of misattributing problems to technology that are actually caused by one's own behaviour.
I see. So stop doing anything controversial and you'll be just fine, right?
We better tell closeted homosexuals that someone tracking their movements isn't the problem; their behavior is the problem.
How about atheists? They're more disliked in the U.S. than just about any group out there (http://www.scientificamerican.com/article/in-atheists-we-dis...). I guess the problem isn't their boss checking via license plate scanning whether or not they go to church every week, their behavior is the problem.
I guess we better tell political dissidents to knock it off too.
And let's not forget abuse of the data. You seem to think that this data is perfectly protected, perfectly monitored. You really can't imagine a scenario where a rogue cop pulls over a young girl, becomes obsessed with her and then begins stalking her by abusing electronic tracking systems he has access to? It's happening already - Google gave me too many examples to cite.
Everything we do, everything we say, has consequences that spread through the great web of causation
This is astoundingly pseudo-intellectual tripe. The reality is that what people do in their own private lives is none of your business, and people seeking to track people's every movements are evil.
I see. So stop doing anything controversial and you'll be just fine, right?
No. But if you are lying, you have to realize that you can be caught. The fact that some kind of technology makes it easier for you to be caught is not the technologies fault. Phones, cameras, computers, internet, all make it easier for you to be caught doing something you weren't supposed to be doing.
Should it be illegal for photographers to take pictures of people in public? What if that photographer publishes the pictures on their blog? What about people taking pictures/videos of police officers? Should they be allowed to upload these pictures/videos to the internet?
We better tell closeted homosexuals that someone tracking their movements isn't the problem; their behavior is the problem.
No, the problem is people that have problems with homosexuals.
How about atheists? They're more disliked in the U.S. than just about any group out there (http://www.scientificamerican.com/article/in-atheists-we-dis...). I guess the problem isn't their boss checking via license plate scanning whether or not they go to church every week, their behavior is the problem.
Again, the problem here is the boss checking the license plates to make sure the employee goes to church. It's not that the plates are being logged, it's that the data is being used in a malicious manner.
Did you forget Murphy's Law? If it is possible for the data to be used in a malicious manner, someone will eventually use them with ill intent.
The key to preventing abuse is to make it more difficult by several orders of magnitude than allowable uses. One way to do this is to only store plate scan records where there is a pre-existing reason to track the location of the vehicle, and purge those records once that reason is no longer valid.
> We better tell closeted homosexuals that someone tracking their movements isn't the problem; their behavior is the problem.
No, my point is that it's the people doing the checking to then hurt others that are the problem, not the tools used to track, and not even the act of tracking.
> You really can't imagine a scenario where a rogue cop pulls over a young girl, becomes obsessed with her and then begins stalking her(...)
I can, but again, it's the cop who is the problem, not Google or Facebook or ALPRs.
> This is astoundingly pseudo-intellectual tripe.
It may sound like that for people who don't grok it, but it's actually also the base for my whole argument. If you understand this "tripe", then you can see that there are pretty much infinite ways you can use to obtain particular information; they only differ in cost. You can't ban them all. Progress of technology only reduces the cost of accessing some facts about the real world.
Let's look for ways to stop people from doing bad things instead of trying to fight the progress, with all the benefits it brings. For centuries we relied on limited access to information as a proxy for safety. We can't do that anymore.
> Everything we do, everything we say, has consequences that spread through the great web of causation
Like tracking, which could be used by political authorities to suppress political dissidents, employers to discriminate against homosexuals, or police to stalk or sexually harass a young woman.
Just because Google or Facebook or ALPRs don't intend for tracking to be used maliciously doesn't mean it won't. In fact, this is the entire argument against the NSA dragnet.
under that logic we should all be implanted with a sensor the records audio video of everything we see, say, and hear, as well as providing real time location data.
After all you have nothing to fear if you have nothing to hide.... right
Also, "you have nothing to fear if you have nothing to hide" is only partially not true, and I think it deserves pointing out.
If you have nothing to hide, then you only have to fear evil people (who may want to harm you, and the more they know about you the easier it gets) and morons (who jump to conclusions).
the_ancient - under that logic, I should be allowed to record what I hear, and if I catch you ever lying to me or breaking your verbal promises, you won't be able to deny that.
Yes, I do, but I don't find them relevant here. Suing you for breaching my privacy is completely independent from the fact that if you caught me lying to you by peeking through the curtains, I'd only have myself to blame.
Spoken like somebody in a privileged position of not having anything that they believe must remain hidden.
Me spying on you while you are in your home would be illegal, because you deserve some baseline privacy. Me tracking you around town should similarly be illegal.
You "blaming yourself" if I illegally violate your privacy is nothing but senseless and shameless victim blaming.
As I said, if I had something that I believed must remain hidden, then it would be my fault if it somehow became known, regardless of who and how made it happen.
And as I said, it wouldn't stop me from suing you from here to kingdom come for breaking my privacy.
I don't think that mixing those two concepts (having something to hide and a right to privacy) is a good OPSEC.
"it would be my fault if it somehow became known, regardless of who and how made it happen."
Shear lunacy. If I break into your home and steal financial documents from you, is that your fault? If I install a camera in your bathroom, would that be your fault?
Break free of the mindframe that those with secrets are keeping something wrong secret.
Break free of the mindframe that those with secrets are keeping something wrong secret.
I'm not having that mindset. I actually see three kinds of secrets people might have:
- things they shouldn't be doing in the first place (like tax fraud),
- things that are dangerous should evil people know about them (by government mass surveilence, you installing a camera in my bathroom, etc.),
- things that are inconvenient should morons know about them (like religious/sexual orientation, etc.)
Most of the privacy-related discussions here focus on the second and third kind. I argue that we shouldn't keep only blaming particular technologies (cameras, satellites, big data), but instead we should focus on dealing with evil people and morons. Fighting technology is pointless (sans starting Third World War) and potentially hurtful (all that surveillance tech we're so afraid of can and already does wonders in areas like agriculture, medicine, public safety and social studies).
How about we make sure that social and legal structure deters people from acting on collected data in a malicious way, that makes it easier to get rid of morons in your collective social network, instead of blaming mapping technologies for breaking marriages, or Twitter for government shooting their citizens in a more efficient manner, or Facebook for that boss not hiring you because you're an atheist?
I don't know. People are unlikely to remember the license plate (unless it strikes an obvious pattern) but a person who was so inclined could write numbers down manually and store them indefinitely a bit like a CPU with no storage mechanism simply would hold the data in volatile memory... unless we plug in a hard drive.
I'm imagining a future where most cameras have Street View style blurring in their hardware. Where vintage digital cameras are sought after and illicit manufacturers produce unauthorised copies with the feature disabled.
I have a picture of my cars license plate in my phone for convenient access. Furthermore, if I am ever in a fender bender I want to have the ability to photograph everything, with license plates unblurred.
Just cause something is publically visible doesn't mean it's not private. Privacy is about control of the data, not whether the data is visible in public or inside private property.
By taking, storing and cataloging the data, they, not the car owner, now have some control over what happens to the data. Hence it's an invasion of privacy of the car owner.
iamsalman offers a great response. Legally (and conceptually) there is the idea of a collection, a compilation being valuable in and on itself: this has been enforced to prevent people from selling phone books and TV programs without paying the original ‘compilers’, phone companies and TV stations, not as operators but original authors of an exhaustive description. Collecting changes useless information into, anecdotes, into a usable product: that’s the whole point of those companies, they (presumably by contract) guarantee a return rate that makes them economically sound; that changes the nature of ‘looking around’.
This idea is essential to all the creep factor around Google’s recurrent controversy: the problem is not taking street pictures, but guaranteeing that any house can be seen by anyone; it's not to murmur in your boss's ear ‘that’s the sub-commissioner in grey’ but potentially matching anyone’s face to their full public history. This is what made every page of a phone book precious, and every post-it with a phone number on it worthless.
But it should still be straightforward to make laws saying that the tags on a vehicle are a particular type of information and then restrict the way that businesses are allowed to use it.
Indeed on the copyright of collection -- which as a fact was abused; but not the change of nature of the information.
I really don’t think that you can make enough information particular enough to get away with disanonymisation techniques: you standing anywhere in a city, with a block accuracy is enough to identify most people on a transport map; even whether you like a handful of movies, and in what order or when you saw them is enough to isolate individuals from a VoD database.
A company can make use of the observations without aggregating them. For instance, if they have a documented interest in a tag, I don't really have a problem with them disseminating it to their vehicles and checking it against live scans.
Simple, I have a database wherein I scan the license plates of all known repo men and upload their current whereabouts. That way when they enter the neighborhood, I can stop and have a chat with them.
It's not so much the scanning of plates which is invading privacy. I wouldn't mind them scanning my plate just to check when a car entered or exited a parking lot. The problem is saving and matching this data to actual people. Then selling this information to corporations and PIs.
Its not about invading privacy, but rather about illegal handling of private and sensitive information.
The information about who is where and when is information that should be treated in similar way as credit cards numbers, medical information, and so on. Repo agents do not actually need to store this for their businesses, so their argument is easy refuted by simply denying their ability to profit by selling sensitive information about peoples private life.
If I'm walking on a public street, then that isn't private information - unlike medical information that's entrusted to some specific people bound by restrictions, what happens on the street is public data. And I'm perfectly allowed to say "hey, you know what? Yesterday I saw Belorn walking down that street!" no matter if you want to hide that - it's not dissemination of private and sensitive information.
If you feel so, I hope you don't mind if someone like the police create live 24/7 tracking of your position. Any driving, any movement... always tracked.
If don't consider that a intrusion of your privacy, then that is up to you.
I agree public street is public info. But it sounds like they're scanning more then public street. At what point does it become private?
1. Parked on a public street in front of my home
2. Parked on private parking lot at my apartment
3. Parked in my driveway
4. Parked in my garage with door open.
5. Parked in my garage but visible through window if you angle the camera just right.
I believe that question has been asked many times in courts and is settled long ago. Your examples 1.-4. would be treated as "in plain view" (if seen from standing on that public street) and 5. wouldn't.
Terrifying startup prospect: Imagine a small dashcam-like consumer device that was able to perform the same type of license plate recognition coupled with GPS location. A data collection company could provide these devices for free or at a low cost to anyone, and then pay drivers for every license plate scan their box sends in.
Obvious downfall: someone will figure out how to spoof a GPS signal and randomly generate license plate images on a computer monitor and make a bunch of money for uploading junk data.
You're hinting at another major problem in this area, too:
It's not just that ppl have the data and use it for amoral/unfair purposes. It's that people come to trust the data, believe in it and use it to make decisions. This is disastrous b/c there are huge margins of error.
Errors are possible at all levels in systems like this, including sabotage and incrimination and your suggestion of junk data.
E.g. in the motorcycle example cited above. It's quite possible a motorcyclist needed to stretch their legs, so they pulled into a driveway for a moment, stretched, then google snapped a photo, then it was used as evidence. It's not likely or common, but it's utterly possible and not anticipated by these systems.
For the EU, Data Protection Directive 95/46 (and the incoming changes from 2012), attempt to offer protection against automatic decisions.
In that document there is the concept of consent and that the consent can only be for the purpose the data was collected for. So should some clever company sell widgets at a loss to collect data and should that data then have an extra purpose in aggregate that does not fall into a protected area (like national security, government functions and all that) and the person did not consent to that reason, then you should (in theory) be able to bubble that argument up to the relevant courts for further inspection.
That's the theory, how well that works in practise... only time will tell.
In the licence plate situation the point would be that this isn't personal data, and thus the data protection directive and the consent requirement doesn't apply.
In the motorcycle example, there is no personal data involved whatsoever - it's just a photo that some motorcycle was there; again, DPD doesn't restrict anything at all for such cases.
Did you read my comment or just scan the second paragraph and assume I was saying license plates weren't public data? I was talking about automated decision making using collected data, I was not saying license plates were or were not public information (in fact, I have previously made some of the same points you are, that a license plate is public information and that an individual has no expectation of privacy in public).
So if a private company were to automate the collection of license plates and therefore have a trove of information that included times and places a car was and then that system was to grow so that insurance companies used that information so rates could be calculated through Bayesian classification using that data to determine risk, then that would be an automated decision based on that data AND THAT is protected (in theory) by that directive and the laws based on it in the member states.
That was the point of my comment. Automated decisions are protected unless you consent to them.
Okay, yes, automated decisions are prohibited in EU when based on unverified, unconsented data - that still doesn't prohibit from automatically gathering that data without consent, storing it forever, distributing it to third parties, and having then some human be interested or prejudiced to you based on that info.
When Google Glass first was announced, I imagined a future where it would become more common to rent out access to one's vision. I imagined a service, called BuyMyEyes, that would set up per-minute or per-user fees that sellers could use to offer access to their line of sight to interested viewers. Then there could be a chatbox where the viewers input what the "eyes" should go look at next. In such a world, I could imagine a system where police departments send a notification: "The person 50 feet in from of you is a potential person of interest in an investigation. Keep him in your line of sight for 10 minutes and win a free iPad!"
>I could imagine a system where police departments send a notification: "The person 50 feet in from of you is a potential person of interest in an investigation. Keep him in your line of sight for 10 minutes and win a free iPad!"
I'd be surprised if it doesn't go like "The person 50 feet in from of you is a potential person of interest in an investigation. Keep him in your line of sight for 10 minutes or you'll be arrested for not collaborating with our investigation."
You realize that's essentially what's already happening the article, right? Large databases companies like DRN are providing free or low cost ALPRs to repo men who submit a minimum number of records per month.
I'm not sure consummerizing it makes it much more terrifying, given the tremendous size these databases have already achieved.
...and someone else would pay good money to a clown to put on a fake license plate cover of their business rival and commit aggressive acts, so vigilantes and a mob would go after them.
We need time-varying crypto license plates. apparently.
How about a google glass like device, that we all wear all the time, and the camera runs all the time, and sends face pictures of people with the GPS coordinates and the timestamp?
This is all fun to talk about, but none of these is going to end well.
>Terrifying startup prospect: Imagine a small dashcam-like consumer device that was able to perform the same type of license plate recognition coupled with GPS location.
your car already has GPS, "parking" cam and Wi-Fi/Bluetooth (for engine computer at least, not necessarily that you know about it). You're just not being paid for the info your car collects.
>Obvious downfall: someone will figure out how to spoof a GPS signal and randomly generate license plate images on a computer monitor and make a bunch of money for uploading junk data.
cross-referencing with streams from other cams will immediately identify "low trust" streams.
I think the first commenter on the site said it all :
"the systematic exploitation of private personal information by corporations and government is the modus operandi of a surveillance / police state.
Already this is being abused for corporate espionage, political benefit, and a host of criminal enterprises.
The manufactured pretext that all these erosions of privacy are ok because "we found bad guys" has been the same bogus justification for every single abuse known to history.
A simple extension of this illegal principle in practice means privacy and Constitutionally protected rights are null and void.
Jobs! Fraud! Crime!
"We'll keep you safe!" "We'll save insurance companies money!" "We'll catch criminals!"
They don't mention that they'll abuse this in an untold array of intrusions and privacy violations... for their commercial and political benefit."
Although I'm very much miffed by the excessive surveillance of every country these days I don't find this to be the same. Companies and organizations do have the right to check up on people's activities in some manner. If your car wasn't paid for and it belongs to the bank now, I think the bank has the right to know where it is to repossess it. I think this is one of the ugly truths of reality rather than a matter of abusive behavior.
But if your car was paid for can they store the information about the time/location they saw it? Can they sell that information? What if there were enough of these devices out there that your information was updated every 10 minutes when you were on the road?
I wouldn't object to the scan but the storage of the data is a different matter.
"Companies and organizations do have the right to check up on people's activities in some manner. If your car wasn't paid for and it belongs to the bank now, I think the bank has the right to know where it is to repossess it."
What you are referring to is part of the agreement you make with the lender in which you agree to keep them updated on changes of address, a violation of which they have constitutionally legal methods to address.
So please, elaborate on why you think lenders have a right, beyond the normal legal and reasonable updates of contact information, to "check up on" my activities in any way whatsoever.
This sort of slippery slope reasoning that is very, very dangerous for the peoples rights.
Ignoring the legal issues, I believe we have to come back to the old analogy of Global Village that illustrates the coming reality.
Imagine living in a village a hundred years ago. There is no practical anonymity, everybody knows who you are, what you do, and they tend to share many parts of what they know. The shopkeeper knows all your purchasing habits, the bored old lady living on the corner knows where everybody is going at what times, and if you buy condoms then the pharmacist likely knows with whom you'll be using them. If you'd get judged by a jury of your peers, they would know you and the witnesses since birth, and take all of it into account.
Like it or not, I feel that this is the social model that our changing capabilities will bring - and it's not entirely a disaster; for pretty much all time the civilization was like this, the anonymous faceless metropolis is just a recent change; and USA constitution was already written for an environment like that, and not the current (temporary?) one.
I am simply against any law that would prohibit the public from this type of information and restrict it to only law enforcement.
If its not right for a public company to assemble such records it should be doubly wrong for law enforcement. I tire of passing the police cars festooned with cameras pointing in every direction. What guarantee do we have that the data is any safer in their hands? We don't and the reason is that a law that might offer protection today doesn't have to be in that form tomorrow or after some obscure judge rules otherwise.
So I am all for it on the grounds it puts on equal footing with government officials. We should be able to track them too which is most likely the real reason there is a law coming to prevent gathering by private individuals or companies
I really, really want to say that I think this technology is a bad idea. But I don't.
I don't think that the technology is the problem here, as Digital Recognition said they are not _technically_ invading privacy since the license plates are available for everyone to see. And if you outlaw it, whats stopping a few crooks organizing their own underground data collection and selling the stuff on a black market? Rather, I'd prefer to see a different way of "licensing" cars. Maybe some kind of RFID chip that can only be read by law enforcement? I know its quite unlikely something like this will ever happen, but anyway.
> I'd prefer to see a different way of "licensing" cars.
How about an LCD screen that shows a captcha image of the license number? The captcha image can be regenerated after a set interval, for example, a day.
Edit: This would have the benefit that humans can still read it, but making it difficult for OCR.
Well, consider that a government agency would still have to keep a database of what captcha tags were assigned to you on any given day at any given time, then it wouldn't be difficult to tie the two together. At that point you don't need to decipher the captcha, just compare pixels.
Weren't modern license plates made the way they are to aid automatic (or human) detection? For instance, traffic cameras, automated scanning from traffic police to make sure your car is insured or even your elderly neighbour writing down a license plate late at night after seeing a car speed away from a possible hit-and-run.
I think the article nails it on the head when it talks about technology getting ahead of social/legal controls.
I'm sure when license plates were devised, no one thought ahead to the day a single unregulated for-profit company could automate the scanning and geolocation of many millions of vehicles a year.
There are legal controls in some places. The EU has had Data Protection law since 1995. There was a lot of history in Europe of organisations (usually countries) collecting massive amounts of data on people.
"ban most uses of license plate readers, ... making exceptions only for law enforcement, toll collection, and parking regulation."
That is the worst thing. Either allow everyone or no one. Giving more and more capability to special interests is how we have gotten into being a surveillance state and become very unbalanced authority / responsibility between different segments of society.
I'd allow law enforcement, with the strict rule that the scanner system would have to immediately throw away any plate that they hadn't received a warrant to search for. So they could have the scanner operating at all times, but they'd never get a notification until they happen across one of the (very few) cars they're specifically allowed to track.
Is this discussion any different than the one we had a couple decades ago when credit/debit cards went from occasional use to primary currency? There was huge outcry about how everyone would be tracked, how every purchase you made could be aggregated and monitored and tracked and sold and leveraged, how personal problems could arise when a spouse or lawyer saw inappropriate purchases on bank card records, etc etc. Today, we still acknowledge those problems - while using those cards, having just given in to the sheer convenience of its regardless of the data mining that occurs.
I still think the killer app for Google Glass type products is face & license-plate recognition, aggregating data and pulling it up for you a la augmented reality all the time. The devices & services would be cheap unto free by companies accumulating that data.
>I still think the killer app for Google Glass type products is face & license-plate recognition, aggregating data and pulling it up for you a la augmented reality all the time. The devices & services would be cheap unto free by companies accumulating that data.
I've thought about this a lot (because my startup wants to move into this space in a year or so, depends on the progression of wearables like glass) and have drawn the conclusion that the reason the facebooks and googles of the world while being technically capable of executing such an idea, they might see as even trying to do such (based on them basically creating walled gardens around information of which one needs to create an identity to access) would amount to a public flogging of them and maybe no clear way to monetize such capabilities now (just look at foursquare stumbling along trying to do such, and that's without facial recog).
But as you note, the technology is here, it's only a matter of time before someone can adopt such and gain usage by the masses. I personally think that the data collected from such if made publicly available, will make the the outcry over surveillance state moot since such capabilities are slowly creeping their way to the masses… I can only imagine the outcry from the church when the printing press started to take hold in its abilities to spread information to the masses…
Surveillance carried out by individuals and corporations, even if universally available, doesn't make surveillance by governments any less bad. The printing press was an instrument of giving; surveillance is an instrument of taking.
I didn't say anything about it becoming "less bad", just that the discussions will mostly be purely academic and of little value to the avg person (to them gov surveillance < miley cyrus|beyonce|justin beiber|shinny new iphone app|that college degree) surrounding those capabilities under the situation I put forth, especially if such masses find any utility in having access to such information.
Hopefully never; discounting war and other emergencies, it's a waste of material. The moment people wearing such things become an issue, the government or a company will get few undergrads to fix the image recognition algorithm and boom, all the protection is gone in the blink of an updating flash memory.
This is quite interesting. On the one hand, I do understand that autoloans are very easy to default on. So there should be some method for loan companies to get these vehicles back. However, I also think that loan companies should more carefully screen their applicants. Of course, that would mean that loan companies make less money on loans and fees, and that they lose money on reselling cars that are already partially paid for. So I'm conflicted. But I don't think that the mass collection of data is the way to go, ever. And I wonder about the legality of putting up a "fuzzy" license plate. Say if your plate number is 123-AB12G or whatever, you simply write on a piece of cardboard "One Two Three Dash Aye BEE One Two Gee." I'm sure there's legislation against that, though.
Strict screening will make it harder for the poor, who have poor credit, to buy a car. Tracking vehicles will make lenders less paranoid about lending, which will enable less wealthy households to lend. IMO if you're wealthy ( like the vast majority of the readers of HN ) you should be able to opt out of tracking for an additional financing feel whereas the poor should still be able to voluntarily subject themselves to tracking in exchange for a more favorable rate. Personally I wouldn't care if the bank is tracking my car while it's not paid off, so I'd go for the lower rate anyway.
The "Buy Here Pay Here" car sales lots that sell primarily to low-income folks often install tracking equipment in the vehicles they sell as a part of the deal.
Ken Bensinger's 2011 LA Times series about the practices of Buy-Here-Pay-Here car sales businesses:
To me, used to the abusive interest rates here in Uruguay, 20% sounds really good.
And while the tactic they used to repossess the car was pretty shady, they were in their right. And 25% default rate is tough.
It's depressing, but the alternative would be leaving people with no financing options.
A NGO or maybe a startup that helped people balance their economies would be doing a lot of help, in the U.S. and everywhere. I've read about some that try to disrupt lenders, including a Y Combinator backed one (LendUp).
I can see a sort of opt-in thing working. And that would be better than just sending out camera equipped cars to scan all the vehicles. But in the same way that I would agree to a tracking system I would also agree to an automatic debit from my account each month. At least that way there's no location data for the government to subpoena.
If the loans are so easy to default on, maybe they should rethink the current practices instead of considering a system that's so easily abused to invade people's privacy?
Correlate an account with a license plate, and now you can have not only an approximate dataset of where people tend to be while commits were made (which you can get with far less precision from IPs), but a decent idea if that location is their home, a business (locating new stealth-startups and identifying their employees by finding new clusterings of people making personal commits during lunchbreaks in a new office?), etc.
This information is all public, it is only becoming more searchable and cross referenceable by computers.
Where have we seen that before? Many years ago when facebook first revealed the Newsfeed. There was a huge backlash, to which Mark Z personally wrote to all users, "Relax, breathe, we hear you." He went on to explain that all the info in the newsfeed was already public, just better accessible to us for consumption.
The inexorable march of technology proceeded unabated. The next few years produced the slogan "privacy is dead" on the social networks. So many people now post mundane details of their lives IN ORDER for others to read and to collect "likes".
Fast-forward to last year: Graph Search comes out, to help us all find what we're looking for using only the data available to us, and facebook doing the searching. No big splash this time. The graph search is arguable much more dangerous to privacy than ever:
And the inexorable march of technology continues. Remember - it's not that you're caught on camera in a public place that's scary. It's that later, all the information can be cross referenced and mined for any purpose.
Eventually, our new found love for collecting lots and lots of data about everyone and everything would come back to haunt us, making some billionaires and a vast majority living under surveillance. Sketchy but probable.
Easy fix: pay for access to the DB and a few others like it, plot the movements of congresscritters, judges, DAs, et al. and publish. The brokers will be swimming in injunctions by the end of the week.
Would be awesome if someone reverse-engineer it: an app that alerts you when a repo truck is around the corner. Imagine all those pissed off truck owners being angry that their publicly available information has been scanned and delivered via alert system to someone trying to hide from a repo truck.
It's interesting that in a software world the difference between good and bad systems can be a single bit, leave debug=true and accidentally record all your keystrokes, or your wifi packets, or store info permanently instead of temporarily.
And unfortunately, the data brokers can even argue that the system includes an identity reset just like iOS - just request a new plate from your state...
However, this won't work, as linking the two records is trivial via DMV records...
It will earn you a ticket in most states, at least on a public street.
I am, and have been, very interested in countermeasures that obscure plates to non-humans. Bright IR to severely overexpose, shuttered lenses or pulsed LEDs that create severe beat-frequency disruption of the image, some magical thing that causes the characteristics of a plate (retro-reflectivity is a key signature, I think) to not look like a plate to an ALRP so that it won't even think to try and capture, etc.
—I mention retro-reflectivity only because within the last few years Washington state has required that license plates be replaced every three years rather than just getting new tabs as it had been forever. I asked a DMV engineer why this policy was put into place and he replied that it was due to decreasing reflectivity over time. Perhaps coincidental but the policy was instituted right about te same time ALRPs started to be used by parking enforcement and police.
the privacy as we know it has been obsoleted by technology, just like many other things in the past and will be in the future.
Instead of trying to save terminally ill patient - privacy - we need to look into the future. The real fight is who owns the data, not whether the data is collected. For example can we just force that all the data anybody has about anybody is to be public?
Privacy returns when all surveillance becomes a two-way channel. If someone watches you, you would know who it is and can watch them right back, change your behavior for as long as they watch, or demand that they stop entirely.
The problem we are having now is not just that people are watching us, it is that we also don't know who they are or when they are doing it.
I read a half of the article and it doesn't seem to mention where from, but all you need is a camera with image recognition. Number plates are much easier to spot than faces since they are very uniform and flat and would only be translated in an image.
I've seen these cars in the Cincinnati area. They're using the same technology (Cameras, at least) that the Law Enforcement folks (Ohio State Highway Patrol) are using, but on a 4 year old Honda Civic versus a Crown Vic/Dodge Charger/Chevy Impala.
An iPhone camera isn't really good enough to OCR vehicles as you move past them in a parking lot. You get skew from rolling shutter effects, plus it's going to be shaking violently when attached to an automobile without proper dampening.
The cameras used for OCR on license plates need to have a fairly high resolution, fast shutter speed, and a number of other little additions which make it more expensive than an iPhone camera. Granted, $10,000 is really expensive for such a device, and the real cost for something like that is probably a few hundred dollars, but after you add in software and radio communication (probably a cell plan if I had to guess), you're looking at an expensive device.
Of course, we could build one ourselves for a fraction of that, but that's why we don't drive tow-trucks or license plate scanner cars for a living.
In the same way an iphone can be good enough for your wedding photos?
These are high quality cameras, that have to work in large range of weather and lighting conditions. This cost might also include the software to OCR and store the details.
Correct, these work in inclement weather, in various lighting conditions, at high speeds (60 mph down the highway), and include computers that OCR, extract the plate number, match against a large database, and notify on a dashboard laptop if a hit occurs. They also often include multiple cameras (e.g. to capture cars parked on the left and the right of a street.)
One of these companies does in fact have an iPhone app that police officers can use to query a national database, but it can't scan 1800 plates per minute as you cruise down a highway.
Also note that they help local and state agencies obtain grant funding from federal sources, so I'm sure there's a bit of cost-cutting that could occur in a less bureaucratic and funded market. Also, these were like $30k 10 years ago, so prices are falling.
> But Digital Recognition and other so-called “data brokers” who collect plate scans are fighting Hecht’s bill, arguing that repo agents are not invading privacy when they scan a license plate, which is available for all to see. The data brokers do not disclose the owner of the plates, they point out, though customers such as banks, insurers, and private investigators have ready access to that information.