I'm not quite sure how generating more data about people's locations and putting it in the hands of more people is considered a victory for privacy advocates.
On one level I agree - ensuring that it's easier for, say, a criminal gang to track unmarked police cars or abusive exes to find their victims seems a backward step.
The flips side of that, though, is that this power exists and is being used by rich, powerful entities anyway. If I was a law-abiding member of a mosque or political group, I'd love to know that undercover law enforcement officers are trying to stir up trouble, for example. If they can track me, why shouldn't I be able to track them? Or, less melodramatically, the highest rate of road fatalities in my country involve logging trucks. There are persistent claims that companies keep them on the road for more hours than their drivers are legally allowed to work, but they're politically shielded from official investigations. It would be nice for citizen groups to have the tools to investigate those claims.
If we should be able to go about free of day-to-day surveillance (absent good, court-approved cause), which I certainly agree with, then we should be modifying laws and institutions to reflect that. Since what we've got is a situation where the powerful (government agencies, large companies) use the absence of regulation and powerful tools to watch us the second-best option is for us to have the tools to watch them.
Sorry, but this is just a "movie plot terrorism" entry for Schneier's annual competition, not reality as we live in it.
In what way is acquiring the skills required to download/compile/configure this software, then integrate it with an electrically detonated bomb - more likely to be undertaken by "the bad guys" than hooking the detonator up to the backlight of a burner phone and standing a block away and texting it? (Just like every reported IED from the latest war-torn country being bombed into democracy and freedom.)
It makes me mad when intelligent people think up "bad things" that might be done with extremely high barriers to entry, when way simpler and easier to achieve methods for the same "bad stuff" are obvious.
Case in point - one of my local councils has just blanket banned "drones" (without even bothering to define what a "drone" is) on the pretext that "there is a concern about people taking unauthorised photos of children in public areas" - See more at: http://www.ausleisure.com.au/news/safety-fears-see-leichhard....
Watch this video of a $600 point-n-shoot camera (at least past the 37 sec mark) and tell me you're more at risk from someone with a drone invading your privacy: https://www.youtube.com/watch?v=Csp6asxf00o
If people want to take your (or your families) picture, they will. Probably with their cell phone without anyone noticing, or with a $600 camera on a tripod so far away you can't even see them. They _won't_ buy a $1,200+ drone and learn to pilot it, then fly it up close where you can see it. (And they _certainly_ won't be learning to assemble and tune their own quadcopter for a few hundred dollars of Chinese sourced parts. Not just to be a creep with.)
Same if they want to blow something up - they're not going to clone some open source code from github, learn how to use it's python bindings, and build a RaspberryPi powered auto-detonator to trigger off your numberplate. There are _way_ lower barrier-to-entry methods to achieve that goal (which are also way more reliable).
And hence we get groped or porno-scanned at every airport check in, and secret no fly lists which are good enough to stop people with names vaguely similar to possible terrorists from flying but which are not accurate enough for use as lists of people who shouldn't be permitted to buy guns.
Do you think that's an appropriate response? Especially since it seems to be almost universally true that every time the TSA is tested, weapons still get through the checkpoints with startling regularity.
Sorry, but I still see this as kneejerk reactions to spectacularly unlikely scenarios of "bad things happening" being proposed and regulated by people who don't care about reducing other people's freedom because it won't affect them personally.
I'm still unsure what you're suggesting "shouldn't be allowed" here? Open sourcing computer vision projects? Publishing on github? SHould all hobbyists leave face detection algorithms to Facebook and Apple and Google, because someone else might misuse the results (worse that Zuckerberg already does)? It's all extremely reminiscent of the "crypto wars" and Homeland Security's new "House Un-American Mathematics Committee": https://twitter.com/puellavulnerata/status/67290345222221824...
Me? I'm 100% for publishing this(and similar) projects - because the tech is already out there and being used. Pretty much every towtruck and repo man has had this tech running for 5+ years, and almost nobody knows. Why is it a problem now that sufficiently motivated geeks can roll their own for ~$100 and a weekend's futzing around? Same with using promiscuous wifi adapters or TV-tuner SDRs to sniff MAC addresses or TMSIs - shopping malls and law enforcement are routinely using that tech to track you, I reckon more art projects showing how simple and creepy it is would be a good thing.
There's another movie-plot bomb detonator for you - an UberTooth One (or $5 Chinese counterfeit wifi adaptor in promiscuous mode) listening for the MAC address of your phone/smartwatch/tablet. What're we going to have to ban in response to that idea?
(I know, lets ban _ideas!_... (Sorry, that's way snarkier than intended...))
No because it is not going to make much difference.
> Sorry, but I still see this as kneejerk reactions to spectacularly unlikely scenarios of "bad things happening" being proposed and regulated by people who don't care about reducing other people's freedom because it won't affect them personally.
Fully agreed on that one.
> I'm still unsure what you're suggesting "shouldn't be allowed" here?
This software has a ton of bad use possibilities, I just threw out the first one that I could think of, there are a whole raft of others.
> Open sourcing computer vision projects? Publishing on github?
No, it's inevitable. But there is currently no framework on how to deal with these things. Just because you can doesn't always mean that you should. There are a ton of things I could do that are legal but that does not mean that all those things have a net-positive effect on the society we live in and I think that the ability to build these systems comes with some responsibility.
> Me? I'm 100% for publishing this(and similar) projects - because the tech is already out there and being used. Pretty much every towtruck and repo man has had this tech running for 5+ years, and almost nobody knows.
Yes, but they are limited in quantity and enough of a quantitative change is a qualitative change.
> (I know, lets ban _ideas!_... (Sorry, that's way snarkier than intended...))
Trivial might be a stretch. Try talking to some random people who aren't hackers/diy techies. I suspect this sort of task requires at least half a decade of somewhat specialized learning to execute with minimal physical risk, let alone without leaving ample evidence leading to your immediate detention. Most people who put this much time into building a marketable skillset find better things to do than commiting senseless acts of terrorism.
Bombs are tremendously easy, making them go off at the right moment is the hard part and with a handy open source license plate reader, a camera and a raspberry-pi with one gpio line that just got a lot easier.
Right, but it takes years of immersion in specific fields just to be made aware of the existence of git, let alone grasping the only somewhat related concepts necessary to interface your raspberry pi with your homemade bomb (a whole nother set of skills!) Do you remember your first foray into microelectronics? Let's just say you might not want to use live explosives for your first attempt...
I have a friend who likes to make and print his own 3d models. He built his own 3d printer. I connected the camera he got to his raspberry pi and installed and configured octopi for him because he wasn't confident he could figure it out in a timely manner.
Ok, well let's rephrase that: it would be trivial for me and I hate to underestimate the opposition, they're not all dumb. And the proliferation of IEDs in Iraq suggests that those skills are readily transferable.
All of the pieces are readily available online, all it takes is someone to put them together. And it's something that pretty much any high school kid with a credit card and interest in electronics could do.
> Curious the downvotes on that comment, it's totally feasible.
I'm guessing that you got downvoted because the logic is ridiculous: LPRs are to be feared because bombs can be attached to them. That is true of every technology. Also, if somebody has your plate number and knows your driving patterns well enough to leave a VBIED there - they could find a much more certain and easily executed method of assassination.
A stationary car bomb has a lot of advantages over other assassination methods. For one it allows you to get away, you only need to plant the thing and it could go off hours, days or weeks later. The assassin could be a in a different country when the bomb goes off. You could put more of them at strategic points into a city not knowing anything about the daily routine of your target, just their license plate would be enough. You could drop a bunch of them ahead of time in random places and program all of them by remote to scan for new plates and so on. Not much you could do about it either, every parked car would be a risk.
I think it'd be more effective against a class of vehicles... like if you have an agenda against Company XYZ, scope out their parking lot and build a database of their employees, then you can target those employees. Likewise, if you want to shut down the entire EMS system, build a database of police, fire, etc vehicles and target them and you can ground the entire EMS fleet.
This is a good point...when discussing the controversies behind surveillance and privacy, a frequent issue is that most people have no idea what's possible, even though it should be as clear as day. An obvious example is back when Facebook's API was more publicly accessible, youropenbook [1]
But there are other things to be mindful of...when publicizing how easy it is to be surveilled/attacked, how easy is it to for a mischievous person to make use of that information versus how long would it take to fix? I'd have mixed feelings about anyone publishing a user-friendly one-button-SWATter, even if it would most certainly spur some kind of movement to strengthen our emergency response systems (eventually).
But something that is basically an object detector plus OCR? No doubt that if many people run this software, and then feed into a system that makes it as easy (and ubiquitous) as Google to look up any license plate and see instantly all locations where it has been photographed, we would have a situation that would make most people a bit unhappy...but without those network effects, the personal use of this software would seem to be relatively benign, while at the same time educating people how easy it is to be tracked.
On remote locations collected data could be transmitted into this public LPR system over free LoRaWAN networks like The Things Network https://news.ycombinator.com/item?id=10438352
That's a pretty dystopic view. I'd rather the government not collect the data at all. The massive perpetual databases that are amassing around the world are really ticking time bombs.
The cameras are there. They are not going away. Cameras are incredibly cheap, tiny and readily available, and legislating them out of private hands just isn't going to happen.
So we'll have to deal with them somehow, and I'd prefer that the government not have a monopoly on the data -- frankly, I think that the data that the government collects in public should be made public, rather immediately, so that we can see what is being collected.
I don't have a huge problem with individuals running license plate readers, since that is necessarily limited in scope. I meant that it's a bit of a dystopic view to assume that the government should be allowed to have their license plate readers and use them to accumulate massive databases that track the position of every car on every road.
Given that a lot of the license plate capture right now is private companies (that insist that everybody can do so) such restrictions would achieve at least some the goal. Now if that's worth it is a different question...
I'd like to see the license plates of stolen vehicles published. I don't see that as a violation of privacy, especially if the owners agree to publish them.
Then anybody could see stolen vehicles and report them. That would discourage theft.
Frankly, I'd like to see all ALPR data published in real time. If my local government wants to collect data based on what's in plain public view, I see no reason why that data should not also be public.
I don't think anyone serious about stealing cars would drive them around with their original license plate.
Most likely the first thing thieves do is switch their plate with the plate of a similar car (same make, same color), then drive to another country where they'll be resold.
I think you presume too much about the motives and planning behind the majority of car thefts.
A professional car thief who steals cars in order to resell them may very well work that way. But I suspect those people are a small minority in comparison to the opportunists who probably don't have appropriate spare plates on hand, or the desperate criminals trying to pick up a getaway car, or the joyriders, etc.
That's a lot of work, plus you don't know if the owner of the stolen plate has warrants, suspended license, lack of insurance, or anything else that might cause an ALPRS alert. Better to just remove the plate and go. I commuted in one car for a year with no plate. Drove by cop cars with ALPRS regularly. I don't think these things alert when an object passes by but it failed to recognize a license plate.
In another car that I'd just purchased a cop pulled up next to me at a light and asked about my lack of plate. Said I bought it a couple days ago, he said I have X days in this state to get tagged and drove off.
As someone else pointed out, this could be a good way to crowd source watching the watchers.
You may be able to get a list of law enforcement license plates through a FOIA request and then use this plus a network of many highway cameras to show a map of where law enforcement was last seen.
the same way that Wireshark benefits security professionals by making it easier to monitor the network for bad people and audit applications to make sure they aren't doing bad things even though it also makes it easier for bad people to see what good people are doing.
* note: the definition of "good people" and "bad people" is not the point here
At least there is a more trustworthy method of validation. Is it illegal for me to spend my time on a lawn chair on the side of the highway logging the plates I see if that's the kind of thing that blows my skirt up?
The flips side of that, though, is that this power exists and is being used by rich, powerful entities anyway. If I was a law-abiding member of a mosque or political group, I'd love to know that undercover law enforcement officers are trying to stir up trouble, for example. If they can track me, why shouldn't I be able to track them? Or, less melodramatically, the highest rate of road fatalities in my country involve logging trucks. There are persistent claims that companies keep them on the road for more hours than their drivers are legally allowed to work, but they're politically shielded from official investigations. It would be nice for citizen groups to have the tools to investigate those claims.
If we should be able to go about free of day-to-day surveillance (absent good, court-approved cause), which I certainly agree with, then we should be modifying laws and institutions to reflect that. Since what we've got is a situation where the powerful (government agencies, large companies) use the absence of regulation and powerful tools to watch us the second-best option is for us to have the tools to watch them.