
A vast hidden surveillance network, powered by the repo industry - samkline
http://betaboston.com/news/2014/03/05/a-vast-hidden-surveillance-network-runs-across-america-powered-by-the-repo-industry/
======
r0h1n
I'm curious - how exactly would one refute the following argument put forth by
data brokers and repo agents?

> _But Digital Recognition and other so-called “data brokers” who collect
> plate scans are fighting Hecht’s bill, arguing that repo agents are not
> invading privacy when they scan a ­license plate, which is available for all
> to see. The data brokers do not disclose the owner of the plates, they point
> out, though customers such as banks, insurers, and private investigators
> have ready access to that information._

~~~
berberous
The scan of the license plan is not really the issue, it's the collecting of
the scan, tagging it with GPS, and aggregating the scan into large, permanent
databases that can be accessed by both government and private corporations.

If all you do is scan a plate and display "car payments past due", or discard
the scan if the car is not wanted, it's not all that different from a human
looking for a car.

But these folks are creating historical databases that capture everywhere you
have ever been. These sorts of databases can be mined retroactively to
discover all sorts of sensitive information, similar to what was pointed out
by Justice Sotomayor in the recent GPS tracking case, U.S. v. Jones:

"GPS monitoring generates a precise, comprehensive record of a person's public
movements that reflects a wealth of detail about her familial, political,
professional, religious, and sexual associations. See, e.g., People v. Weaver,
12 N. Y. 3d 433, 441-442, 909 N. E. 2d 1195, 1199 (2009) ("Disclosed in [GPS]
data . . . will be trips the indisputably private nature of which takes little
imagination to conjure: trips to the psychiatrist, the plastic surgeon, the
abortion clinic, the AIDS treatment center, the strip club, the criminal
defense attorney, the by-the-hour motel, the union meeting, the mosque,
synagogue or church, the gay bar and on and on"). The Government can store
such records and efficiently mine them for information years into the future."

While the government can currently look up your license plate information, or
track you manually, they are limited by their resources. (From Alito's opinion
in U.S. v. Jones: "But it is almost impossible to think of late- 18th-century
situations that are analogous to what took place in this case. Is it possible
to imagine a case in which a constable secreted himself somewhere in a coach
and remained there for a period of time in order to monitor the movements of
the coach's owner?") A nationwide database of historical location information
-- that may not currently require a warrant under the 4th amendment to access
-- is ripe for abuse. Letting private companies access the data is also scary.

These data brokers are probably right that they don't currently violate any
privacy laws, however. But that just means we need to change the laws, as I
think this most definitely needs to be a violation of privacy.

~~~
PeterisP
I don't see how quantity suddenly transforms a permitted thing into a
forbidden one.

If I don't need your permission to look at your car's licence plate on a
public street and write down when and where I saw it, or simply take a photo
of said licence plate (as photos currently include timestamp+location) - then
the situation doesn't change in any way and I still don't need your permission
even if I did the same for a thousand cars this morning, and my buddies did
the same thing for ten thousand cars more.

~~~
barrkel
Can you understand how individual letters may not be copyrighted, but an
arrangement of them into a large text may be?

~~~
TeMPOraL
No, I can't. It's actually a big philosophical/legal issue involving "illegal
numbers"[0], definition of copying and colour of bits[1].

Don't make problems simple and obvious when they're not.

[0] -
[http://en.wikipedia.org/wiki/Illegal_number](http://en.wikipedia.org/wiki/Illegal_number)

[1] - [http://ansuz.sooke.bc.ca/entry/23](http://ansuz.sooke.bc.ca/entry/23)

~~~
barrkel
My argument was by analogy, but you've taken the analogy beyond its breaking
point into another domain.

A single fact about a person at a particular place is not much more useful
than knowing the placement of a single letter in a word. But if you know the
placement of several letters in a word, you can guess the word - and that has
a whole bunch more information [1]. Similarly, know several facts about a
person's path, more information comes to light that is not evident from single
facts alone, in a way that the whole is greater than the sum of the parts;
place of work, school of children, likely friends, relatives, partners,
potential medical issues, possible infidelity.

The issue you're getting at is a philosophical issue related to the sorites
paradox on one hand, and the zero marginal cost of duplicating information on
the other. The former is somewhat related to the issue at hand, but the latter
definitely isn't.

[1] Semantically, not by Shannon, for the autistic nitpickers out there.

------
evan_
Terrifying startup prospect: Imagine a small dashcam-like consumer device that
was able to perform the same type of license plate recognition coupled with
GPS location. A data collection company could provide these devices for free
or at a low cost to anyone, and then pay drivers for every license plate scan
their box sends in.

Obvious downfall: someone will figure out how to spoof a GPS signal and
randomly generate license plate images on a computer monitor and make a bunch
of money for uploading junk data.

~~~
diydsp
You're hinting at another major problem in this area, too:

It's not just that ppl have the data and use it for amoral/unfair purposes.
It's that people come to _trust_ the data, _believe_ in it and use it to make
decisions. This is disastrous b/c there are huge margins of error.

Errors are possible at all levels in systems like this, including sabotage and
incrimination and your suggestion of junk data.

E.g. in the motorcycle example cited above. It's quite possible a motorcyclist
needed to stretch their legs, so they pulled into a driveway for a moment,
stretched, then google snapped a photo, then it was used as evidence. It's not
likely or common, but it's utterly possible and not anticipated by these
systems.

~~~
gnerd
For the EU, Data Protection Directive 95/46 (and the incoming changes from
2012), attempt to offer protection against automatic decisions.

In that document there is the concept of consent and that the consent can only
be for the purpose the data was collected for. So should some clever company
sell widgets at a loss to collect data and should that data then have an extra
purpose in aggregate that does not fall into a protected area (like national
security, government functions and all that) and the person did not consent to
that reason, then you should (in theory) be able to bubble that argument up to
the relevant courts for further inspection.

That's the theory, how well that works in practise... only time will tell.

~~~
PeterisP
In the licence plate situation the point would be that this isn't personal
data, and thus the data protection directive and the consent requirement
doesn't apply.

In the motorcycle example, there is no personal data involved whatsoever -
it's just a photo that some motorcycle was there; again, DPD doesn't restrict
anything at all for such cases.

~~~
gnerd
Did you read my comment or just scan the second paragraph and assume I was
saying license plates weren't public data? I was talking about automated
decision making using collected data, I was not saying license plates were or
were not public information (in fact, I have previously made some of the same
points you are, that a license plate is public information and that an
individual has no expectation of privacy in public).

So if a private company were to automate the collection of license plates and
therefore have a trove of information that included times and places a car was
and then that system was to grow so that insurance companies used that
information so rates could be calculated through Bayesian classification using
that data to determine risk, then that would be an automated decision based on
that data AND THAT is protected (in theory) by that directive and the laws
based on it in the member states.

That was the point of my comment. Automated decisions are protected unless you
consent to them.

~~~
PeterisP
Okay, yes, automated decisions are prohibited in EU when based on unverified,
unconsented data - that still doesn't prohibit from automatically gathering
that data without consent, storing it forever, distributing it to third
parties, and having then some human be interested or prejudiced to you based
on that info.

~~~
gnerd
Yep. All of that could happen as far as I can see, which again, is why my
comment was specifically talking about automated decision making.

------
jmnicolas
I think the first commenter on the site said it all :

"the systematic exploitation of private personal information by corporations
and government is the modus operandi of a surveillance / police state.

Already this is being abused for corporate espionage, political benefit, and a
host of criminal enterprises.

The manufactured pretext that all these erosions of privacy are ok because "we
found bad guys" has been the same bogus justification for every single abuse
known to history.

A simple extension of this illegal principle in practice means privacy and
Constitutionally protected rights are null and void.

Jobs! Fraud! Crime!

"We'll keep you safe!" "We'll save insurance companies money!" "We'll catch
criminals!"

They don't mention that they'll abuse this in an untold array of intrusions
and privacy violations... for their commercial and political benefit."

~~~
walid
Although I'm very much miffed by the excessive surveillance of every country
these days I don't find this to be the same. Companies and organizations do
have the right to check up on people's activities in some manner. If your car
wasn't paid for and it belongs to the bank now, I think the bank has the right
to know where it is to repossess it. I think this is one of the ugly truths of
reality rather than a matter of abusive behavior.

~~~
arca_vorago
"Companies and organizations do have the right to check up on people's
activities in some manner. If your car wasn't paid for and it belongs to the
bank now, I think the bank has the right to know where it is to repossess it."

What you are referring to is part of the agreement you make with the lender in
which you agree to keep them updated on changes of address, a violation of
which they have constitutionally legal methods to address.

So please, elaborate on why you think lenders have a right, beyond the normal
legal and reasonable updates of contact information, to "check up on" my
activities in any way whatsoever.

This sort of slippery slope reasoning that is very, very dangerous for the
peoples rights.

~~~
PeterisP
Ignoring the legal issues, I believe we have to come back to the old analogy
of Global Village that illustrates the coming reality.

Imagine living in a village a hundred years ago. There is no practical
anonymity, everybody knows who you are, what you do, and they tend to share
many parts of what they know. The shopkeeper knows all your purchasing habits,
the bored old lady living on the corner knows where everybody is going at what
times, and if you buy condoms then the pharmacist likely knows with whom
you'll be using them. If you'd get judged by a jury of your peers, they would
know you and the witnesses since birth, and take all of it into account.

Like it or not, I feel that this is the social model that our changing
capabilities will bring - and it's not entirely a disaster; for pretty much
all time the civilization was like this, the anonymous faceless metropolis is
just a recent change; and USA constitution was already written for an
environment like that, and not the current (temporary?) one.

------
Shivetya
I am simply against any law that would prohibit the public from this type of
information and restrict it to only law enforcement.

If its not right for a public company to assemble such records it should be
doubly wrong for law enforcement. I tire of passing the police cars festooned
with cameras pointing in every direction. What guarantee do we have that the
data is any safer in their hands? We don't and the reason is that a law that
might offer protection today doesn't have to be in that form tomorrow or after
some obscure judge rules otherwise.

So I am all for it on the grounds it puts on equal footing with government
officials. We should be able to track them too which is most likely the real
reason there is a law coming to prevent gathering by private individuals or
companies

------
crypt1d
I really, really want to say that I think this technology is a bad idea. But I
don't. I don't think that the technology is the problem here, as Digital
Recognition said they are not _technically_ invading privacy since the license
plates are available for everyone to see. And if you outlaw it, whats stopping
a few crooks organizing their own underground data collection and selling the
stuff on a black market? Rather, I'd prefer to see a different way of
"licensing" cars. Maybe some kind of RFID chip that can only be read by law
enforcement? I know its quite unlikely something like this will ever happen,
but anyway.

~~~
hrjet
> I'd prefer to see a different way of "licensing" cars.

How about an LCD screen that shows a captcha image of the license number? The
captcha image can be regenerated after a set interval, for example, a day.

Edit: This would have the benefit that humans can still read it, but making it
difficult for OCR.

~~~
talmand
Well, consider that a government agency would still have to keep a database of
what captcha tags were assigned to you on any given day at any given time,
then it wouldn't be difficult to tie the two together. At that point you don't
need to decipher the captcha, just compare pixels.

------
sbarre
I think the article nails it on the head when it talks about technology
getting ahead of social/legal controls.

I'm sure when license plates were devised, no one thought ahead to the day a
single unregulated for-profit company could automate the scanning and
geolocation of many millions of vehicles a year.

~~~
rmc
There are legal controls in some places. The EU has had Data Protection law
since 1995. There was a lot of history in Europe of organisations (usually
countries) collecting massive amounts of data on people.

------
njharman
"ban most uses of license plate readers, ... making exceptions only for law
enforcement, toll collection, and parking regulation."

That is the worst thing. Either allow everyone or no one. Giving more and more
capability to special interests is how we have gotten into being a
surveillance state and become very unbalanced authority / responsibility
between different segments of society.

~~~
Avenger42
I'd allow law enforcement, with the strict rule that the scanner system would
have to immediately throw away any plate that they hadn't received a warrant
to search for. So they could have the scanner operating at all times, but
they'd never get a notification until they happen across one of the (very few)
cars they're specifically allowed to track.

~~~
njharman
Ok, but then why not same rule for others, such as repo?

------
ctdonath
Is this discussion any different than the one we had a couple decades ago when
credit/debit cards went from occasional use to primary currency? There was
_huge_ outcry about how everyone would be tracked, how every purchase you made
could be aggregated and monitored and tracked and sold and leveraged, how
personal problems could arise when a spouse or lawyer saw inappropriate
purchases on bank card records, etc etc. Today, we still acknowledge those
problems - while using those cards, having just given in to the sheer
convenience of its regardless of the data mining that occurs.

I still think the killer app for Google Glass type products is face & license-
plate recognition, aggregating data and pulling it up for you a la augmented
reality all the time. The devices & services would be cheap unto free by
companies accumulating that data.

~~~
cinquemb
> _I still think the killer app for Google Glass type products is face &
> license-plate recognition, aggregating data and pulling it up for you a la
> augmented reality all the time. The devices & services would be cheap unto
> free by companies accumulating that data._

I've thought about this a lot (because my startup wants to move into this
space in a year or so, depends on the progression of wearables like glass) and
have drawn the conclusion that the reason the facebooks and googles of the
world while being technically capable of executing such an idea, they might
see as even trying to do such (based on them basically creating walled gardens
around information of which one needs to create an identity to access) would
amount to a public flogging of them and maybe no clear way to monetize such
capabilities now (just look at foursquare stumbling along trying to do such,
and that's without facial recog).

But as you note, the technology is here, it's only a matter of time before
someone can adopt such and gain usage by the masses. I personally think that
the data collected from such if made publicly available, will make the the
outcry over surveillance state moot since such capabilities are slowly
creeping their way to the masses… I can only imagine the outcry from the
church when the printing press started to take hold in its abilities to spread
information to the masses…

~~~
nitrogen
Surveillance carried out by individuals and corporations, even if universally
available, doesn't make surveillance by governments any less bad. The printing
press was an instrument of giving; surveillance is an instrument of taking.

~~~
cinquemb
I didn't say anything about it becoming "less bad", just that the discussions
will mostly be purely academic and of little value to the avg person (to them
gov surveillance < miley cyrus|beyonce|justin beiber|shinny new iphone
app|that college degree) surrounding those capabilities under the situation I
put forth, especially if such masses find any utility in having access to such
information.

Edit for 1st comment: Looks like 4sq found it… and I'm sure there's room for
others to follow… [http://techcrunch.com/2014/03/05/foursquare-
revenues/](http://techcrunch.com/2014/03/05/foursquare-revenues/)

------
zacinbusiness
This is quite interesting. On the one hand, I do understand that autoloans are
very easy to default on. So there should be some method for loan companies to
get these vehicles back. However, I also think that loan companies should more
carefully screen their applicants. Of course, that would mean that loan
companies make less money on loans and fees, and that they lose money on
reselling cars that are already partially paid for. So I'm conflicted. But I
don't think that the mass collection of data is the way to go, ever. And I
wonder about the legality of putting up a "fuzzy" license plate. Say if your
plate number is 123-AB12G or whatever, you simply write on a piece of
cardboard "One Two Three Dash Aye BEE One Two Gee." I'm sure there's
legislation against that, though.

~~~
landryraccoon
Strict screening will make it harder for the poor, who have poor credit, to
buy a car. Tracking vehicles will make lenders less paranoid about lending,
which will enable less wealthy households to lend. IMO if you're wealthy (
like the vast majority of the readers of HN ) you should be able to opt out of
tracking for an additional financing feel whereas the poor should still be
able to voluntarily subject themselves to tracking in exchange for a more
favorable rate. Personally I wouldn't care if the bank is tracking my car
while it's not paid off, so I'd go for the lower rate anyway.

~~~
Wistar
The "Buy Here Pay Here" car sales lots that sell primarily to low-income folks
often install tracking equipment in the vehicles they sell as a part of the
deal.

Ken Bensinger's 2011 LA Times series about the practices of Buy-Here-Pay-Here
car sales businesses:

"A vicious cycle in the used-car business"
[http://articles.latimes.com/2011/oct/30/business/la-fi-
buy-h...](http://articles.latimes.com/2011/oct/30/business/la-fi-buy-here-pay-
here-part1-storyb)

Fairly depressing.

~~~
GFischer
To me, used to the abusive interest rates here in Uruguay, 20% sounds really
good.

And while the tactic they used to repossess the car was pretty shady, they
were in their right. And 25% default rate is tough.

It's depressing, but the alternative would be leaving people with no financing
options.

A NGO or maybe a startup that helped people balance their economies would be
doing a lot of help, in the U.S. and everywhere. I've read about some that try
to disrupt lenders, including a Y Combinator backed one (LendUp).

[http://techcrunch.com/2013/11/12/lendup-raises-14m-from-
goog...](http://techcrunch.com/2013/11/12/lendup-raises-14m-from-google-
ventures-data-collective-to-disrupt-payday-lending/)

------
emiliobumachar
>repo industry

When I saw the title, first think to cross my mind was "what the hell does
GitHub have to gain from it?"

~~~
Crito
Correlate an account with a license plate, and now you can have not only an
approximate dataset of where people tend to be while commits were made (which
you can get with _far_ less precision from IPs), but a decent idea if that
location is their home, a business (locating new stealth-startups and
identifying their employees by finding new clusterings of people making
personal commits during lunchbreaks in a new office?), etc.

------
EGreg
This information is all public, it is only becoming more searchable and cross
referenceable by computers.

Where have we seen that before? Many years ago when facebook first revealed
the Newsfeed. There was a huge backlash, to which Mark Z personally wrote to
all users, "Relax, breathe, we hear you." He went on to explain that all the
info in the newsfeed was already public, just better accessible to us for
consumption.

The inexorable march of technology proceeded unabated. The next few years
produced the slogan "privacy is dead" on the social networks. So many people
now post mundane details of their lives IN ORDER for others to read and to
collect "likes".

Fast-forward to last year: Graph Search comes out, to help us all find what
we're looking for using only the data available to us, and facebook doing the
searching. No big splash this time. The graph search is arguable much more
dangerous to privacy than ever:

[http://gawker.com/5978327/men-interested-in-men-in-tehran-
an...](http://gawker.com/5978327/men-interested-in-men-in-tehran-and-other-
dangerous-real-facebook-graph-searches)

And the inexorable march of technology continues. Remember - it's not that
you're caught on camera in a public place that's scary. It's that later, all
the information can be cross referenced and mined for any purpose.

Should I write a blog post about this?

------
iamsalman
Eventually, our new found love for collecting lots and lots of data about
everyone and everything would come back to haunt us, making some billionaires
and a vast majority living under surveillance. Sketchy but probable.

------
Ryanmf
Easy fix: pay for access to the DB and a few others like it, plot the
movements of congresscritters, judges, DAs, et al. and publish. The brokers
will be swimming in injunctions by the end of the week.

------
joering2
Would be awesome if someone reverse-engineer it: an app that alerts you when a
repo truck is around the corner. Imagine all those pissed off truck owners
being angry that their publicly available information has been scanned and
delivered via alert system to someone trying to hide from a repo truck.

------
crystaln
Is there any legal way to make a license plate not easily photographable,
perhaps with a bright led?

------
mavhc
It's interesting that in a software world the difference between good and bad
systems can be a single bit, leave debug=true and accidentally record all your
keystrokes, or your wifi packets, or store info permanently instead of
temporarily.

------
sologoub
And unfortunately, the data brokers can even argue that the system includes an
identity reset just like iOS - just request a new plate from your state...

However, this won't work, as linking the two records is trivial via DMV
records...

------
linuxlizard
I see a potential market for a mechanical device that automatically covers up
the license plate when the car is parked & turned off.

Pull into parking space in the mall. Cover up your license plate. Or, better
yet, put an image of random numbers.

Ta da!

~~~
Wistar
It will earn you a ticket in most states, at least on a public street.

I am, and have been, very interested in countermeasures that obscure plates to
non-humans. Bright IR to severely overexpose, shuttered lenses or pulsed LEDs
that create severe beat-frequency disruption of the image, some magical thing
that causes the characteristics of a plate (retro-reflectivity is a key
signature, I think) to not look like a plate to an ALRP so that it won't even
think to try and capture, etc.

—I mention retro-reflectivity only because within the last few years
Washington state has required that license plates be replaced every three
years rather than just getting new tabs as it had been forever. I asked a DMV
engineer why this policy was put into place and he replied that it was due to
decreasing reflectivity over time. Perhaps coincidental but the policy was
instituted right about te same time ALRPs started to be used by parking
enforcement and police.

------
trhway
the privacy as we know it has been obsoleted by technology, just like many
other things in the past and will be in the future.

Instead of trying to save terminally ill patient - privacy - we need to look
into the future. The real fight is who owns the data, not whether the data is
collected. For example can we just force that all the data anybody has about
anybody is to be public?

~~~
logfromblammo
Privacy returns when all surveillance becomes a two-way channel. If someone
watches you, you would know who it is and can watch them right back, change
your behavior for as long as they watch, or demand that they stop entirely.

The problem we are having now is not just that people are watching us, it is
that we also don't know who they are or when they are doing it.

------
wehadfun
Back into parking spaces. Of course in some states you are supposed to have a
license plate in the front of your car as well

------
darksim905
Where exactly do they get their scanner tools from? I always thought these
were police/3 letter agency only?

~~~
weavie
The article says they cost 10,000-17,000 which surprises me. Surely an iPhone
would be enough technology for this?

~~~
rmc
In the same way an iphone can be good enough for your wedding photos?

These are high quality cameras, that have to work in large range of weather
and lighting conditions. This cost might also include the software to OCR and
store the details.

~~~
hengheng
Parent's point was valid though, I can't imagine these devices to cost more
than $170 in a couple of years, making this discussion quite relevant.

~~~
RyJones
Until the cost of grinding glass comes way down, this won't be true.

~~~
Crito
They don't need pictures that look nice. They just need to extract information
from them. Better image processing will facilitate this.

------
rmc
Thankfully this sort of behaviour is illegal in the European Union, under the
Data Protection Directive.

