13:26 GMT +322 September 2019
Listen Live
    License Plate Reader Program

    ‘Terrifying’: Hack Shows Extent of Private Data US License-Plate Readers Collect

    © Flickr/ Florida Turnpike
    Opinion
    Get short URL
    3221
    Subscribe

    The companies that sell car license-plate readers used by US authorities to track drivers within its borders collect far more information than most would think possible ‒ and fail to adequately protect that personal data, as a recent hack shows.

    These license-plate readers collect and store information including peoples' locations, zip codes and even MP3 files, presumably from individuals' computers. Invasive technologies and the "surveillance state" they reveal are a major privacy concern, technologist Chris Garaffa told Sputnik. 

    ​On Thursday, a hacker using the name "Boris Bullet-Dodger" contacted technology news website the Register, providing internal data belonging to Perceptics, a US company that designs "vehicle identification and license-plate recognition products to serve border control, commercial vehicle enforcement, electronic toll collection and security industries," according to its website. 

    "These license-plate readers — these are terrifying," Garaffa told Radio Sputnik's By Any Means Necessary host Sean Blackmon. "They exist when you go through a toll. If you don't have to stop, they have them on there. Cops have license-plate readers on their cars. Truck companies have these license-plate readers, and they all have to connect back to DMV [Department of Motor Vehicle] databases. So, these license-plate generator readers are constantly taking data from your car when you're going down the street or when they [law enforcement] are driving down the street and you're parked at home," Garaffa added.

    ​"So, what they [the unidentified hackers] found online is hundreds of thousands of files relating to zip codes, locations and even images from these license-plate readers. It's an unbelievable cache of files, and it shows exactly what these devices are tracking and keeping on us. Let's say they go and see my license-plate; they're storing that information, and they could correlate that with when they see my license-plate later on. You do that enough and you can figure out, well, Chris [for example], works here and he lives there. So, there is a lot of different things they [companies like Perceptics] can do with this. So, the issue with license-plate readers themselves is a privacy issue, but now this company has been so derelict in its responsibility to protect that data that they have left it online, open for folks to see," Garaffa continued. 

    According to the Register, the hundreds of gigabytes of data stored by Perceptics include XLSX (Microsoft Excel spreadsheet) files for locations and zip codes, JPG files that refer to "driver" and "scene," DOCX (Microsoft Word document) files likely related to government clients like the US Immigration and Customs Enforcement (ICE), and many other other files such as MP3 files with songs like "Superstition" by Stevie Wonder and "Wannabe" by the Spice Girls most likely downloaded from someone's laptop. It is not clear how either the license-plate readers or the hackers accessed this information. "Boris Bullet-Dodger" refused to answer any questions regarding the hacked information.

    "In this case, Perceptics — their four main focuses [on their website] are electronic toll collection, highway and city security, commercial vehicle enforcement and border security. So, they are tracking cars coming through the border as well, enabling ICE to do that. So, I think the first call that they made when they figured this out was not to their customers, not to the public, but to their lawyers, and that's a typical thing," Garaffa explained.

    Following the breach, Casey Self, director of marketing for Perceptics, released a statement saying that the company is "aware of the breach" and has notified its customers. 

    "We can't comment any further because it is an ongoing legal investigation," Self added. Perceptics did not immediately respond to Sputnik's request for comment.

    Perceptics, which used to be a subsidiary of government contractor Northrop Grumman, provides license-plate readers, under-vehicle cameras and driver cameras to US, Canada and Mexico to install at the borders. According to information published by the company, both its readers and cameras can correlate to individuals' "biographic" and "passport data."

    "Often when we think about license-plate readers, we are thinking about the tow trucks that come around and tag your car because you haven't paid your car taxes locally. These license-plate readers are used by law enforcement for tracking people; they are used by the DHS [US Department of Homeland Security] and ICE at the border as well. License plates are just one facet of this surveillance state," Garaffa noted.

    The views and opinions expressed in the article do not necessarily reflect those of Sputnik.

    Related:

    Facebook Profits Expected to Plummet Amid Data Privacy Rows – Analysts
    Netizens Sure Meghan Markle 'Owns' Baby Privacy Amid Rumours of Successful Birth
    New Policy Allows Inmates at UK Prison to Lock and Unlock Cells For ‘Privacy’
    US Cuts Bush-era Phone Spying to Save Money, Not Privacy - Ex-NSA Tech Chief
    ‘Privacy Overreach’: Chicago Schools Monitor Students on Social Media
    Tags:
    technology, Automatic License Plate Readers (ALPR), license plate readers, United States
    Community standardsDiscussion
    Comment via FacebookComment via Sputnik