Tag Archives: scanners

News

Privately owned surveillance networks know where your car is

Leave a comment

Car repossession companies get paid on a bounty, that is, they get paid per car they can find. Back in the day, a repo company would get a list of repoed cars, and would try to track them down one-by-one, picking one from the list and doing the grunt work to locate it manually. That used to be time-intensive, but there really wasn’t a more efficient way to do it until just recently. With modern technology, repo companies install cameras on their tow-trucks and unmarked spotter cars, and the cameras scan for license plates.

DRN's largest competitor, TLO, gives us a glimpse of the data it captures and sells. [Source]
DRN’s largest competitor, TLO, gives us a glimpse of the data it captures and sells. [Source]
The license plate information is matched with the camera’s GPS location, plus the current date and time, and is returned to centralized databases, where a computer can instantly compare the scanned plate with their list of repoed cars. The technology infrastructure is costly, so small repo companies often enter into agreements with large scanning companies to manage the tech backend. One of the largest is Digital Recognition Network (“DRN”), owned by Vigilant, based in Texas. DRN has so many repo companies collecting data for it, they claim that they have license plate scans of 40% of all the cars in the entire United States. At the end of 2013 they had 1.8 billion plates on record, and continue to add another 70 million each month.

A diagram explaining how license plate tracking works. [Source]
A diagram explaining how license plate tracking works. Click to enlarge. [Source]
Certainly license plate scanning isn’t new; police departments have been using it for several decades. The use of license plate scanning for police purposes has both supporters and detractors, but most people can at least see there is some amount of public good that results from police-use. However, it is significantly more concerning for a private, for-profit company to collect this type of data.

Do I have a privacy interest in the location of my license plates?

DRN claims that their scanner technology and database is legal because it’s no different from a person walking down the street and writing down a car’s plate number and location. DRN further claims that the federal Driver’s Privacy Protection Act (18 USC 2721) already protects car owners from privacy invasions. However, DRN grossly misstates the level of protection the federal law provides. The federal law only restricts a government agency’s disclosure of the personal information attached to a license plate, it does not limit or control the metadata collection DRN is currently doing.

DRN claims that unlike police, who can just search the DMV databases, DRN has no way of knowing who actually owns a vehicle, and the data they collect is not personally identifiable. This is the same type of argument the NSA has made about phone metadata, and it is flawed. The license plate data collection DRN is doing is fundamentally different from a person walking down the street writing down license plate numbers. The metadata is persistent, easily machine readable, and contains precise time and location data.  For example, if DRN scans your plate at 6AM in front of a house several times, it is reasonable to assume the car’s owner lives at that house. When it later scans your plate in an office building’s parking lot at 2PM on the weekdays, it can also figure out where you work. The average high-schooler could figure out who a person is if given that person’s home and work address, and you can be sure that supercomputers are faster and better at doing that correlation than highschoolers.

What are the states doing about it?

Some states are in the process of proposing legislation which would outlaw the practice, or severely limit it. For example, in Massachusetts a proposed bill would ban license plate readers outright, except for law enforcement. Other states have already outlawed the process: Utah has a law that restricts a company’s ability to take a photograph and analyze its contents with technology.

The problem with these laws is that they can be attacked with a constitutional challenge. If you have a First Amendment right to take a photograph of a car while walking down a public street, then why shouldn’t a company? Because these types of law may infringe a fundamental constitutional right, it will have to pass strict scrutiny, which means a judge would have to find that the law:

  1. Addresses a compelling governmental interest (is protecting a citizen from constant private surveillance something that is necessary and not just preferred?);
  2. Is narrowly tailored to address that interest (the law can’t be too broadly written so that is might affect other activities, nor can it be so restrictively written that it doesn’t address the compelling interest);
  3. And must be the least restrictive means to achieve that interest (is there something else the government can do to protect citizens’ privacy rights short of banning these technologies completely?).

And what can we do about it?

In short, not much. In many jurisdictions it’s illegal to remove or cover-up your license plates, even while parked, so that’s definitely not an option. DRN and these other companies don’t have an opt-out procedure, so you can’t even tell them not to collect your data. And there aren’t any legal mechanisms that would prevent a camera from capturing your license plate number that you can use. If these technologies concern you, you can raise the issue with your legislature, but that won’t provide you with any immediate protection or benefit. Unfortunately, this is one of those just-be-aware-of-it type things for now.