
9M logs of Brits' road journeys spill from number-plate camera dashboard - linebug
https://www.theregister.co.uk/2020/04/28/anpr_sheffield_council/
======
tcd
> nobody came to any harm or suffered any detrimental effects as a result of
> this breach

Who gets to decide what "harm" is or whether anyone suffered "detrimental
effects"? Surveillance is so common and normalized they don't consider the act
of collecting so much information itself as a "detrimental harm".

What if that harm only presented itself years down the line? Maybe a creepy
stalker who can synthesize mulitple data sets to reconstruct a person's
movements or possibly use it against them some way (scammers and fraudsters
are increasingly using all these leaked datasets to create a more accurate
profile of an individual for more sophisticated attacks/targeting. Your
name/address/mobile number must not and can not be considered PII since it's
already been leaked probably ten's of times by now).

That's an incredibly shortsighted comment to try and justify developing a
system with not even the most basic of security considerations.

I honestly just wish those same people were jailed for 50 years as a result,
we'd see a LOT more consideration in the future if they were held personally
liable.

------
m3nu
For the Corona tracing, they were looking at the centralized system, right?
Still the latest plan? Anyone seeing parallels? :-)

~~~
asplake
Well of course there are parallels. But on the other hand, I have very high
regard for UK government digital (having twice worked in that space) and would
be much more inclined to trust them than a local authority, especially where
the potential benefit might be enormous.

------
asplake
I live close enough to Sheffield to be caught by this. Hope that both South
Yorkshire Police and the City council get some serious flak for this.

------
dsfyu404ed
I hope somebody combs through the data and uses it to publish embarrassing
trip sequences for public officials and their families because that's the only
way politicians and local officials are gonna even consider not supporting
these kinds of boondoogle dragnet projects.

~~~
zynkb0a
When I read your comment, I realized I intuitively view open access to
surveillance systems like this as more desirable than limited access, and I
don't know how to articulate that feeling.

I'd consider myself privacy-conscious, however it is clear that this sort of
open access further limits my "privacy." I wonder if privacy advocacy is more
about aversion to certain power imbalances rather than privacy as an end
itself for many folks.

~~~
mjburgess
Privacy as a constraint on government action, yes. Aren't all constraints on
government action essentially concerned with addressing the power imbalance?

But privacy itself is also a claim against your neighbor: not only is it
illegal for them to blackmail you, it is impermissible to obtain the grounds
for that blackmail.

I'm perhaps more afraid of my neighbor than I am the government. Rapists are
more often people you know, and all that.

~~~
dsfyu404ed
I'd wager that there's vanishingly few people who don't have some thing they
do, some demographic they belong to, some association with something, that
some vocal minority would crucify them over while the apathetic majority stand
idly by. The government can't always protect you from this kind of threat.
Being a subject of controversy is not a protected class, your employer can
fire you (in most states), people can refuse to do business with you, etc. etc
for no reason other than because they don't want to be involved. As we've seen
with online witch hunts, people's lives can be ruined, or at least set back
years or decades by controversy that stems from private information getting
into the wrong hands.

Urban areas have privacy by blending into the crowd. Rural areas have privacy
by density, there simply aren't enough people to observe everything.
Technology is making both those obsolete.

~~~
zynkb0a
>people's lives can be ruined, or at least set back years or decades by
controversy that stems from private information getting into the wrong hands

Private information "getting into the wrong hands" often seems to be an issue
of misplaced confidence in the confidentiality of that information. In an era
where "surveillance is democratized," how we think about the existence of
"private information" might radically change. In your example, the words,
actions, and ideas that would have generated controversy might not have ever
been spoken or acted upon in the first place, or there would be such an
apparent abundance that the "controversy" wouldn't hold ground. More of a
fringe position here, but maybe certain ideas and actions wouldn't even be
conceived of in a post-privacy world, as the result of the loss of an
expectation that those ideas or actions could be kept confidential.

It certainly feels like the cat's out of the bag when it comes to mass
surveillance. Facial recognition, for example, isn't going away, and there
doesn't seem to be enough political / institutional momentum to counter the
value that is provided to organizations by the data that one might view as an
invasion of privacy. There doesn't seem to be a meaningful debate about
maintaining personal privacy, so maybe the discussion should be who has access
to these tools, systems, and institutions moving forward.

------
kzrdude
Super interesting data for researchers, I hope someone captured it.

~~~
pjc50
Rather difficult to publish their results without admitting to a criminal
offence..

~~~
celticninja
is it a criminal offense to access an open website? if you had to use even a
default password you could imagine it being improperly accessed,but if it's
just open to the internet how is a criminal offence committed?

~~~
raziel2p
People have been tried and committed for crimes in court for this type of
thing. It probably varies from country to country but there is definitely
legal precedence that if you come across data that you _know_ shouldn't be
publicly accessible, you can't just pretend that it's okay to use it as if it
was. Intent and common sense probably plays into it.

I would link some sources because you shouldn't trust just my vague memory,
but it's incredibly difficult to find the right google search terms.

~~~
mellosouls
Note in the UK the CPS guidance which talks about "unauthorised access".

 _There has to be knowledge on the part of the offender that the access is
unauthorised_

So I guess it depends what the "offender" googled and what the link
description said before they clicked it wrt open websites. And no doubt their
explanation and demeanour when questioned etc.

[https://www.cps.gov.uk/legal-guidance/cybercrime-
prosecution...](https://www.cps.gov.uk/legal-guidance/cybercrime-prosecution-
guidance)

Section 1

------
fnordfnordfnord
License plates should be done away with. Replace them with RFID tags that log,
and can alert the driver each time they're activated. Drivers could switch
them off when they're at home or parked.

Anyone, not just the government can operate an ALPR system and record this
data for whatever purpose they wish.

------
pjc50
So who gets the 4% of turnover GDPR fine here? Or is it under the law
enforcement exemption?

~~~
globular-toast
Is it a GDPR issue? You can't identify the driver from the number plate.

~~~
jfk13
True, you can't directly identify the driver, but I would imagine the
correlation between number plate and one or a very small number of individuals
who have use of the vehicle is strong enough (in most cases) that it could be
regarded as personal information.

~~~
remus
> ...the correlation between number plate and one or a very small number of
> individuals who have use of the vehicle...

It seems analogous to an IP address in that sense, and the courts have ruled
that IP addresses are personal information.

------
alexchamberlain
There seems to be an assumption that this would come under GDPR, but that's
not obvious to me (excluding the potential images of people).

Putting aside ethical concerns , would there be any legal ramifications for
capturing the presence of a car at a certain location and sharing it? The
licence plate identifies the car, not the driver. (Similar schemes are in
place for boats and airplanes of course)

~~~
kwhitefoot
The driver of a private motor vehicle is almost invariably the registered
keeper. In most of the case where it is not then it is a family member.

Are you implying that the slightest doubt about the identity of the driver
means that it is perfectly alright to collect the data? because if so that
surely also applies to many other GDPR situations, where families share a
single computer for instance.

~~~
alexchamberlain
I'm actually saying I don't know; where is the line? Licence plates seem like
an interesting test case, given many registered keepers are companies (either
company cars, work vehicles or hire cars).

------
coldcode
Some government official probably scoffed at the need for password protection
as "no one will know how to find the site".

~~~
robin_reala
Generally it’s oversight rather than malicious incompetence.

~~~
bennyelv
I’d probably go with gross or criminal negligence for a screw up of the
magnitude and simplicity of this one.

------
blablajevic
such a cool post. Upvote

