Private Companies Gathering Plate Data Are Selling Access To People's Movements For $20 A Search
from the lojacking-humans dept
License plate readers are everywhere. Their existence is predicated on the assumption that traveling on public roads strips drivers of their privacy. To a certain extent this is true. But automation allows government agencies to reconstruct peoples’ lives and movements by simply typing in a plate number and accessing the billions of image/location data records stored by ALPR manufacturers like Vigilant.
But it’s not just a government thing. The new market for plate readers is residential neighborhoods, with purchases being made by home owners associations and others who feel they have a right to know who’s traveling in and out of “their” neighborhoods.
Prior to this, though, ALPRs were already being utilized extensively by private entities. Insurance companies and repossession firms have been using plate readers for years, using them to track down vehicles after missed payments or those suspected of insurance fraud. Unlike the databases compiled by law enforcement agencies, these private databases can be accessed by nearly anyone for any reason.
That’s exactly what Motherboard did. It found someone willing to offer up their license plate as a lab rat to see how much data was being harvested by a repo company’s plate readers and ran a search.
Armed with just a car’s plate number, the tool—fed by a network of private cameras spread across the country—provides users a list of all the times that car has been spotted. I gave the private investigator, who offered to demonstrate the capability, a plate of someone who consented to be tracked.
It was a match.
The results popped up: dozens of sightings, spanning years. The system could see photos of the car parked outside the owner’s house; the car in another state as its driver went to visit family; and the car parked in other spots in the owner’s city. Each was tagged with the time and GPS coordinates of the car. Some showed the car’s location as recently as a few weeks before. In addition to photos of the vehicle itself, the tool displayed the car’s accurate location on an easy to understand, Google Maps-style interface.
Unlike government databases, there are no rules protecting citizens from misuse or limiting long-term storage of plate photos. All that’s preventing abuse is the limited language of each company’s terms of service — something these companies don’t seem to spend too much time enforcing. Digital Recognition Network’s (DRN) offering is “crowdsourced” from thousands of cameras mounted on hundreds of repo men’s vehicles. It’s a persistent, long-term database of vehicle movements controlled by a single company — one that law enforcement also has access to, as if government agencies needed any more access to plate data.
It’s also surprisingly cheap. $15,000 gets drivers a four-camera setup and access to the DRN database. Searches go for $20 per and paying $70 for a search provides the searcher with live updates when a searched plate is snagged by a plate reader. Customers love it. So do repossession outfits, whose drivers earn bonuses for racking up plate photos. And DRN loves the data it collects, which it packages for sale through other programs, like one specifically marketed to private investigators.
The potential for abuse is real. The Motherboard report notes that members of a closed Facebook group for private investigators was filled with messages asking others to run plates for them. DRN’s official line on abuse prevention is pretty much a jargon-filled shrug.
Notably, DRN does not immediately ban someone for abusing the service, according to the contract. It reads that if DRN determines or suspects that the user has used the data for personal or non-business purposes, “Licensor [DRN] shall notify Licensee in writing of the alleged breach and give Licensee an opportunity to cure any curable breaches within 30 days of Licensee’s receipt of such notice; thereafter Licensor may take immediate action, including, without limitation, terminating the delivery of, and the license to use, the Licensed Data.”
There may be no “expectation of privacy” in driving on public streets. But I think most Americans would consider their privacy violated by the existence of a product that reconstructs their lives for the low, low price of $20 a search. Given that these companies are also selling access to law enforcement, they may yet find a way to trip over the Fourth Amendment. But until a company like DRN does, it’s just another company doing what so many tech companies do best: harvest and sell data.
Filed Under: alpr, bounty hunters, license plates, location data, privacy
Comments on “Private Companies Gathering Plate Data Are Selling Access To People's Movements For $20 A Search”
So how much does GOOGLE charge for your web history?
Try not to forget the biggies, Techdirt. Just drop GOOGLE into your worries, and directly applies:
"Unlike government databases, there are no rules protecting citizens from misuse or limiting long-term storage of " WEB HISTORY.
"All that’s preventing abuse is the limited language of each company’s terms of service"
Re: So how much?
So what are the Terms of Service in Your much better website? how do You personally handle the moderation there mate?
Re: Re: So how much?
Are you kidding? It helps his ego far more to sit on his arse and complain about Google (while still using their services every day) than it ever would actually doing something productive.
Re: Re:
Techdirt’s First and Only Openly Black Commentor
Man oh man, blue, you’re seriously going for this shit? Hamilton being obnoxious to Stephen Stone is one thing, but the Charles Nazaire gambit, really? "You disagree with my behavior because I’m black?"
You know how that worked out for Nazaire’s defense for Prenda Law?
The first commercial product that automatically hides your license plate when the car is turned off and is offered at a reasonable price will make a mint. There is a product out now that will do this but it’s fairly cost prohibitive still.
Next up: A face spray or lotion that somehow obscures camera images or a camera jammer (which will be made illegal moments after its introduction if it isn’t already).
Re: Re:
You can’t really jam or obscure your plate here in Florida without getting in trouble with the toll people. Veterans Highway north of Tampa uses license plate cameras to send you a bill for tolls.
Only way I could think of is to just change your license plate number annually. Sure you would probably pay more, but perhaps if enough people did it, it would become unprofitable to compile and sell access. .. Just a thought.
Re: Re: Re:
I think you missed part of the statement.
.. when parked …
It is illegal to operate a motor vehicle without plates on a public thoroughfare.
Mind this system will only prevent driveby scanning when parked and nothing when driving.
Re: Re: Re: Re:
So do garage doors.
Re: Re: Re: It is illegal
ALPR’s are worthless without license plates, but automobiles run just fine without license plates.
what is the basic problem and where does a legal solution exist?
Re: Re: Re: Re:
And in that lies it’s value. Where the car is parked is revealing much more than what roads are traveled, even if whole routes are caught.
You have a point though, parking in a public place requires visible plates. But it maybe it could be tilted or rotated or something else to prevent scanning but still readable.
Re: Re: Re: Re:
The previous message said "turned off", not parked, and it’s sometimes technically legal to drive your car on the highway while turned off (although some people find those "hypermilers" annoying). The plates often have to be visible whenever the car’s on a public road, moving or parked, but usually not when on private property.
Re: Re: Re: Re:
In my area, it’s illegal to park on the street without valid insurance.
So the only place this would really help is in parking lots (as nobody’s seeing my car’s plates when it’s in the garage).
That said, it would be relatively easy to create a plate cover that’s an LCD — entire plate goes black when the car power is off, goes transparent when power is on. Also illegal in my area, as it’s illegal to cover your plate with ANYTHING.
Of course, that doesn’t stop the people who put IR filters over their plates to supposedly block red light/speed cameras (btw: it doesn’t work and hasn’t in about a decade, so these plates are pretty much useless).
Re: Re: Re:
The DMVs, if they cared about privacy, could make an electronic plate with a QR code that changes constantly—set up so they could find the owner with a timestamped photograph (e.g. from a dashcam or any cellphone).
Re: 'when turned off'
It is illegal in almost every jurisdiction to have a vehicle on the public road – not ‘operating’ – merely present – without a VALID registration displayed on it.
This is what gives them the ability to tow any unregistered/expired vehicle immediately to impound.
I wouldn’t install such a device for fear that my vehicle would be impounded as illegally present. Hell, even store and company parking lots and such have policies that ‘vehicles must display valid registration’.
A Legislative Solution
Maybe we should delve into the personal comings and goings of those who write our laws but think there’s nothing wrong with a surveillance state.
Re: A Legislative Solution
That would result in laws being passed making it illegal to store location data of lawmakers.
Re: Re: A Legislative Solution
It’s already happened that when people started aggregating data on the locations of police cars in much the same way as ALPRs do it for everyone else, the police flipped out over how much it endangered them and invaded their privacy.
Re: Re: Re: A Legislative Solution
Sorry, you don’t have any privacy while you’re on the public’s clock. Its difficult to express how dismissive I am of THAT claim.
Endangered THEM? orly. because who gets injured maimed and killed more often in police/citizen interactions… police… or citizens. Its not difficult to show with data who is more endangered.
Its almost like policing isn’t how you handle the actual problems…
Strange..
No one has noticed some thing, in your drivers manual..
Most states only require the plate on 1 end of the car.. mostly the front. think about how you park.
Then there is the Constitution.. But that is personal rights, NOT public and NOT corp..
Until a law is made to stop it, Corps can do anything they want. And even after, it can be privatized and Hidden from PUBLIC view and only the feds/cops will see it, at a Very high price.
THE most fun iv had in life was finding out that the Corp had a List of every home Iv lived, for the rental business’s. And Credit checks.. We lost our privacy YEARS ago.
Wow, what a way to be a snitch, and not care… Make money uploading this data and get PAID..
With all the Data bases Lost in the last 10-15 years…YOU HAVE NO PRIVACY…
Re: Strange..
You have to be careful with this… some states require a plate on the front, other states require a plate on the back, and a few require both. If you go between states, you need to comply with state rules, no matter where you are registered/insured.
So if you live in a front plate state and drive your car to a rear plate state or a two plate state, this can result in a traffic stop and a hefty fine.
So yeah; privacy’s been gone for over a decade. I found some tracking info on me that goes all the way back to the 90s.
Re: Re: Strange..
All US states require a rear plate. 31 states require a front plate. (Search engines are handy.)
The same "Full-faith-and-credit" laws that allow you to drive anywhere in the US with your state-issued driver license apply to cars, if your car meets the standards of your home state, you cannot legally be be cited for failing to meet the standards of another state. If cited, politely point out that your state has no such requirement, and if the officer insists, don’t argue further, just collect the ticket and have it dismissed later.
Re: Re: Re: Strange..
Not all states require a rear plate. In Missouri certain types of truck registrations only require a front plate.
Re: Strange..
Fun part…
If you are OFF; the roadway do you need a plate??
If on a Private road section LIKE THE MALL…do you really need the Plate showing??
Thats the Catch..
Re: Re: Strange..
They can certainly ask you to exhibit registration or leave – being private property.
Plate Data
I had to do a double take when I saw the headline. My first thought was that some high-tech food company was monitoring our eating habits and selling our bowel activities. The most food-related movements they’re probably monitoring is what drive-thrus we’re using and selling it to fast-food marketers.
"But I think most Americans would consider their privacy violated by the existence of a product that reconstructs their lives for the low, low price of $20 a search."
Hi Tim! I’m a smartphone. I’m practically in the pocket or purse of people around the world. I contain apps which siphon data from me and send it out every second of every day.
My owners install these apps, most of which are free.
They do not care about privacy.
They do not care data is siphoned from all parts of me.
They do not care about protecting this data.
Worse, my very operating system grants the creators full access to my GPS coordinates, which cannot be turned off.
If you think people would be upset their driving data would be compromised for a mere $20, then I must regret stating your belief is misguided.
People don’t care about their privacy until it’s used against them.
I think we should do it open source
There are interesting things we want to know – where are the fire trucks? Where are the police cars? The garbage trucks? The commercially operated vehicles? The vehicle who knocked over my mailbox? The car that bumped yours and ran off in the parking lot? The latest ‘amber alert’? You have the right to move among the several states – you do not have the right to do so in a way that allows you to evade responsibility for what you do while you move around the several states. And you certainly don’t have a right to engage in commerce on our publically subsidized roads anonymously – tons of regulation already applies to that.
We should have an open source crowd sourced data system that reads and tags all the license plates seen by all the cameras and stores them for anybody to view at any time. It needs to be entirely unremarkable and free to get this information.
Lets put these guys out of business – by undercutting them in the extreme. With more information than they could ever have. That information shouldn’t be behind a paywall.
You know, if I were a car thief....
$20 for the ability to know when you’re at work, and where you park your car would be one hell of an ROI.
Re: You know, if I were a car thief....
I think $20 still quite expensive
Do you need to do a person search? example: search for Michelle Johnson
⋮
Why not can the plates and go to encrypted short range electronic responders?
Only police can decrypt.
I suppose that any attempt at changes to the laws will result in massive lobbyist bowel movements.
Re: transponders?
do you really think that an encryption key that can be interacted with by every police cruiser on a minute by minute basis throughout their shift is going to be ‘secure’? You’re talking the same level of obfuscation as the digital-trunking-encrypted radio systems municipalities use – that is – it only stops those who don’t really care to know, those who do care steal the key from some of the equipment that uses it.
Re: Re: transponders?
Why would the encryption key need to be in the cruiser?
Re: Re: Re: transponders?
Yeah, you don’t need an encryption key, you can just go real anonymous.
If you fall back to the true anonymity (non-obfuscation based) of a polypseudonym strategy – that is transmitting one of many identities (a decade worth!) that have never been seen in the wild before but are unique to the transponder. So you’d do it this way:
Victor(verifier)’s query is signed by Leo(officer)’s crypto agent and is forwarded to Peggy(prover) which is encryptosigned by the key-of-the-moment, whose ID and data are returned to Victor which forwards to Trent(Trusted authority) which decrypts using psuedonomous identity pubkey from its private stores, validates Leo’s credentials, and returns to Victor relevant permitted information per its rules regarding the validity, identity, and provenance of Peggy.
And do you think that a bureaucracy the size of the US DOT and each municipal entity beneath it could implement a protocol of that complexity at the scale required and have it work, without serious security compromises due to operational just downright fouling it up?
The real problem is between the keyboard and the chair. From Leo all the way up to Trent operations.