Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Electronic Frontier Foundation Privacy

EFF: New License Plate Reader Vulnerabilties Prove The Tech Itself is a Public Safety Threat (eff.org) 97

Automated license plate readers "pose risks to public safety," argues the EFF, "that may outweigh the crimes they are attempting to address in the first place." When law enforcement uses automated license plate readers (ALPRs) to document the comings and goings of every driver on the road, regardless of a nexus to a crime, it results in gargantuan databases of sensitive information, and few agencies are equipped, staffed, or trained to harden their systems against quickly evolving cybersecurity threats. The Cybersecurity and Infrastructure Security Agency (CISA), a component of the U.S. Department of Homeland Security, released an advisory last week that should be a wake up call to the thousands of local government agencies around the country that use ALPRs to surveil the travel patterns of their residents by scanning their license plates and "fingerprinting" their vehicles. The bulletin outlines seven vulnerabilities in Motorola Solutions' Vigilant ALPRs, including missing encryption and insufficiently protected credentials...

Unlike location data a person shares with, say, GPS-based navigation app Waze, ALPRs collect and store this information without consent and there is very little a person can do to have this information purged from these systems... Because drivers don't have control over ALPR data, the onus for protecting the data lies with the police and sheriffs who operate the surveillance and the vendors that provide the technology. It's a general tenet of cybersecurity that you should not collect and retain more personal data than you are capable of protecting. Perhaps ironically, a Motorola Solutions cybersecurity specialist wrote an article in Police Chief magazine this month that public safety agencies "are often challenged when it comes to recruiting and retaining experienced cybersecurity personnel," even though "the potential for harm from external factors is substantial." That partially explains why, more than 125 law enforcement agencies reported a data breach or cyberattacks between 2012 and 2020, according to research by former EFF intern Madison Vialpando. The Motorola Solutions article claims that ransomware attacks "targeting U.S. public safety organizations increased by 142 percent" in 2023.

Yet, the temptation to "collect it all" continues to overshadow the responsibility to "protect it all." What makes the latest CISA disclosure even more outrageous is it is at least the third time in the last decade that major security vulnerabilities have been found in ALPRs... If there's one positive thing we can say about the latest Vigilant vulnerability disclosures, it's that for once a government agency identified and reported the vulnerabilities before they could do damage... The Michigan Cyber Command center found a total of seven vulnerabilities in Vigilant devices; two of which were medium severity and 5 of which were high severity vulnerabilities...

But a data breach isn't the only way that ALPR data can be leaked or abused. In 2022, an officer in the Kechi (Kansas) Police Department accessed ALPR data shared with his department by the Wichita Police Department to stalk his wife.

The article concludes that public safety agencies should "collect only the data they need for actual criminal investigations.

"They must never store more data than they adequately protect within their limited resources-or they must keep the public safe from data breaches by not collecting the data at all."
This discussion has been archived. No new comments can be posted.

EFF: New License Plate Reader Vulnerabilties Prove The Tech Itself is a Public Safety Threat

Comments Filter:
  • >"it results in gargantuan databases of sensitive information"

    I would argue that. It doesn't "result in", but it CAN result in, or maybe even USUALLY results in. It brings about the question as to why they are installed and how they are using them.

    If they were just buffering data and sending it along to be compared to some database of wrong doing or active threats/chases/issues and then the data is discarded, that poses minimal privacy or safety concerns. And that is unlikely how most of this is done.

    • The way it used to work was a daily download of wanted plates, with notes as to why, to every ALPR unit. They would then only record and notify on hirs against that database and the cop would decide if it was worth a stop and a live records check.

      Maybe that's changed with ubiquitous low-cost cellular data. It's been a while since I've been involved with that stuff.

      But even if it hasn't, it's easy enough to collect everything and upload it automatically on return to home. Typically there are already robus

    • Re:Storage (Score:4, Informative)

      by sunderland56 ( 621843 ) on Sunday June 23, 2024 @11:12AM (#64571371)

      This. Look up plate, if no match then discard.

      There are not only privacy concerns here; a 'gargantuan database' costs the taxpayers money.

      • I think this gets a little bit messier since I imagine in most states but at least in mine ALPR is also used for over 90% of toll charges with most of the major highways near me effectively using that almost exlusively, a recent large expansion only uses ALPR, the RFID readers for the old school system did not even get installed as far as I am aware, it's all charge by plate so you already have this defacto database of drivers and when they pass through tolls and that gets stored for quite awhile so custome

        • Even in that case, the data only need to be saved if a ticket is to be issued or a toll is charged. I ride a motorcycle so it is toll-free, but I can almost guarantee the data are still stored. Regardless, once the dispute period is over, I doubt the data are purged.

          Besides, there are far probably far, far more ALPR's and general video cameras for non-toll-use than for toll-use. I lump general video into the mix because at least some of them could be turned into a reader through post-facto analysis. Jus

          • Yeah I think the only way around this is Federal or at the very least comprehensive State regulations on data storage policies and enforcing that the equipment and services necessary to accomplish that are factored into the costs of the systems. Before municipalities go around throwing these sytems with just cameras cameras cameras everywhere and then worry about the data afterwards those long term costs should have to be built into prodcurement prices. Might change their tune if these things if suddenly

        • Those collectors are a sparse set, placed in fixed locations. Their use can also be considered at least somewhat voluntary.

          Even a semi-competent admin should find it simple enough to segregate those datasets from the ones being collected through mobile license plate readers. Or, for that matter, even if it's all kept in one database - since the location data is recorded (it has to be, to enable the desired functionality), it would be simple enough to remove all data points that don't correspond to one of th

        • I imagine in most states but at least in mine ALPR is also used for over 90% of toll charges with most of the major highways near me effectively using that almost exlusively

          It has been a VERY rare thing in my life to ever see or have to deal with a "toll" road.

          I would venture that in most states...toll roads are pretty rare...?

      • by jd ( 1658 )

        Why? You don't have to store each license plate individually, as per an RDBMS. You can have the license plates stored in a parse tree. Indeed, any decomposable data can be stored in trees. Trees are highly space efficient for this, because you never store the license plate itself, its position in the tree IS the license plate.

        All searches become tree searches, which is also likely to be faster than any decent hashing algorithm and a lot faster than most RDBMS lookups.

        Each node needs two ID numbers, one poin

      • by stooo ( 2202012 )

        >> Look up plate, if no match then discard.
        It does not work that way. Lookups are recorded too (and for good reasons).
        Now try to design a system that does not record lookups, but still prevents abusive rogue users....

      • a 'gargantuan database' costs the taxpayers money.

        You have no idea how much you are paying to have the various levels of government to store and access data. The data trails that your life leaves behind are absurdly large, that is why the commercial sector is involved at all. It is too much for a government to manage... but they want access to ALL of it. Whether or not you are an ally is of supreme importance. If you will support the powers that be, your life will be pleasant and relaxing until their policies tank the country for everyone (Putin). If you o

  • by Baron_Yam ( 643147 ) on Sunday June 23, 2024 @11:06AM (#64571347)

    Can't say where or who of course, but I was involved in the implementation of a regional ALPR system.

    It started as a program to catch wanted individuals by checking for plates linked to people with active warrants or prohibited drive orders. Then they added checking for expired plates or insurance. Then they added checks for known associates of people of interest.

    The one they hadn't implemented by the time I left was the complete data hoover - adding permanent cameras at major intersections and doing regular patrols of mall parking lots with mobile units and recording everything, then keeping it basically forever so they could mine the database for any vehicle's movements as far back as the records went.

    The justification was to look for vehicles present at multiple crimes. The potential for abuse was so great I assure you I risked my career resisting it. It's not hackers getting access, it's cops stalking people you should be afraid of. The ones who have a beef with someone and want to settle it extrajudicially, the ones who can't take no for an answer from the object of their romantic interests, the ones who want to our somebody for going to the 'wrong' store or social gatherings.

    Without very tight rules, strict enforcement, and draconian punishments... You should not allow cops to collect this kind of data. It is only a matter of time before you regret it.

    • by Impy the Impiuos Imp ( 442658 ) on Sunday June 23, 2024 @11:10AM (#64571365) Journal

      The only way around this is for private citizens to set up license plate readers, then broadcast the locations politicians go to.

      No, government politicians. If you're gonna do a panopticon, which is a tool dictatorships use (someone should write a book about that!) then you suffer from it, too.

      • So Toronto used to have a mayor who would have his driver park illegally everywhere he went. It's not like he had to pay, right?

        People noticed the custom plates, and it started getting tracked and reported to the news media. So they ditched the vanity plates and the scandal went away.

        Without a trustworthy database of plates, you're just whipping up a mob against what might be innocent people.

      • by ArchieBunker ( 132337 ) on Sunday June 23, 2024 @11:30AM (#64571429)

        Oh they will pass a law overnight making that illegal. Just like they did after Elon and Taylor Swift jet tracker gained popularity.

        • by dfghjk ( 711126 )

          "...Elon and Taylor Swift..."

          LOL you know those were years apart, with lots of action in between, right? Elon, most definitely. Taylor Swift, just some daily news.

        • by AmiMoJo ( 196126 )

          That has already happened in the UK. We have had an extensive network of ANPR cameras for years, all feeding data back to the police.

          If you want to set up your own, you need to be complaint with GDPR. Naturally the police can justify their use of such data for law enforcement, but as an individual it is much harder. In fact if you tried to monitor the movements of individuals, it would be impossible - what reason could justify such an invasion of privacy?

          Even domestic CCTV is supposed to minimize the area i

      • Panopticons, while dangerous, are overrated as both a threat and a tool. Several times, history has proven they're a money pit that swallows whole institutions in the amount of data they create, and that was before the absurd quantities generated by mass-computing. The most infamous of all time, East Germany, had practically buried itself alive in its own spy architecture, to the point that a full third of the population was employed to spy on the rest and each other.

        One caveat is that this happens onl
      • This would be an excellent way to raise public awareness - set up a real-time ALPR rig with a digital billboard type display that displays to drivers a snapshot of the back of their vehicle with their license plate number.

        One could probably hack something together pretty easily with plateanalyzer.com or openalpr.

    • adding permanent cameras at major intersections and doing regular patrols of mall parking lots with mobile units and recording everything, then keeping it basically forever so they could mine the database for any vehicle's movements as far back as the records went.

      It's happening all over. https://theappeal.org/with-vas... [theappeal.org]

    • Many jurisdictions have laws forbidding general access to plate database information. (However poorly enforced.) ALPRs might be in violation if they hit the general DB and not some hotlist. A less-incompetant defense attorney might be able to invoke "fruit of the poisoned vine".

      • In the setup I am referring to, all the data is in police hands so (at least here) privacy act doesn't apply so long as the data is used for police purposes.

        The feds here are pretty serious about cutting off agencies that abuse data - I've seen people walked out the door for inappropriate access, and they don't even bother to discuss it with the union (sorry, 'association'). You're just gone and nobody talks about it.

        I've never seen provincial data abused, but I get the feeling the OPP doesn't fuck around

        • by redelm ( 54142 )
          Granted Canada is a distinct society. With different checques and balances. Abuses tend to cause complaints which tend to come out in courts and/or press. Imagine a child custody/support case hingeing on ALPR data. Even lazy US press might cover it.
          • 'Cheques and balances'. Well played. Very well played.

            But with respect to Canada, 'distinct society' is a politically incendiary term - it is used by French separatists when demanding special treatment under federal law.

            • by redelm ( 54142 )
              Notwithstanding bloques claiming the same within N.America. I am honoured and aware.
    • by dfghjk ( 711126 )

      Correct, it is a tool to commit crimes, not to solve or prevent them. The only question is who is doing the committing.

    • I'm waiting for when they start tracking bumper stickers to sell to data brokers and alert cops of the contents of "high risk" vehicles in the vicinity based on the content.

      There won't be any tight rules or strict enforcement. Whether regional or centralized, self hosted or in the cloud, it's software rife for abuse and data rife for stealing. Police who collect this kind of information on citizens are violating their oath to protect the privacy rights of citizens. These theories where they believe they

    • The one they hadn't implemented by the time I left was the complete data hoover - adding permanent cameras at major intersections and doing regular patrols of mall parking lots with mobile units and recording everything, then keeping it basically forever so they could mine the database for any vehicle's movements as far back as the records went.

      This is the current stage where I live.

  • Ah ... technology (Score:2, Interesting)

    by Kiliani ( 816330 )

    I have personal experience with these readers not being able to discern "I" from "l". And I know, you can't either ;-) Gladly in my case it was comical and annoying, not serious and with bad consequences. The fix was even more comical than the problem ... it was "we'll just store all the possible permutations". Which, you know it, *will* cause problems some day in the future.

  • by FudRucker ( 866063 ) on Sunday June 23, 2024 @12:15PM (#64571567)
    the system been cracked, hacked and smacked and all the data bled out and soldcon the dark web
    • by AmiMoJo ( 196126 )

      If it had then security researchers would have published that fact by now, and scammers would be sending you emails claiming to have your driving history and threatening to send it to your family and employer.

      It's only a matter of time, but it doesn't seem to have happened yet.

  • by backslashdot ( 95548 ) on Sunday June 23, 2024 @12:19PM (#64571579)

    I should have the right to collect video surveillance of public areas to keep my home and neighborhood safe. If you don't like it don't come around here. At the same time, I can understand how it would be petty to use video surveillance to out someone who is having an affair or visiting a strip club. I'd favor a law making video surveillance 1. unusable in prosecution of crimes other than ones that are seriously violent or heinous, and 2. illegal to use for the purpose of defamation 3. illegal to store without safeguard 4. illegal to keep for more than 30 days.

    I'm not giving my right to keep myself and my neighbors safe because you want to jerk off on the street or visit your side chick.

    • I'd like laws in UK to not be enabling this movement surveillance by the back door: ANPR cameras are everywhere so your vehicle movements are tracked. Then there's sections 163 and 164 of the Road Traffic Act that enable any constable to stop any car at any time and demand personal details of the driver (no suspicion of crime required). Add those two together and you've got the movements of an individual being tracked (even if the car can be driven by more than one person, that is likely to be a spouse or f

      • * sliding of there = showing if there.

        Fukkin autocorrect.

      • I think there should be a frequently audited multi-party notification system whenever a cop accesses surveillance info. That way any harassment usage would at least require a large number of conspirators. The parties notified of surveillance usage must be composed of a frequently changed random/independent citizens at least a few of which are chosen the same way as jury duty. Furthermore, any person who was tracked or identified via surveillance must be notified within 120 days of it.

    • You are definitely allowed to record at a single location. But, if you have a network of devices recording at many locations and the data is indexed in a way that a person's whereabouts can be tracked in space and time then that requires a warrant afaik.
  • License Plate numbers have become PII through these data collection efforts. This means that companies and government agencies that are not treating the disclosure of License Plate Numbers as disclosure of PII are breaking the law.
  • "...that may outweigh the crimes they are attempting to address in the first place."

    They weren't created to address crimes "in the first place", that was merely a public justification.

  • The article concludes that public safety agencies should "collect only the data they need for actual criminal investigations.

    Which is exactly the way the law is written where I live. Ten day maximum retention of data (to allow the police to backtrack in case of a felony investigation), the city retains all data, access to the database is restricted to authorized personnel with all requests logged and audited, no use of the database for traffic violations or any other minor infractions, and all LPR "hits" m

    • by schwit1 ( 797399 )

      It is a big deal because the government can't be trusted. The people in government have learned that there are no consequences when they violate the law.

      The most they get is a slap on the wrist.

  • ALPRs collect and store this information without consent and there is very little a person can do to have this information purged from these systems...

    Is there an expectation of privacy when out and about in public, even for your vehicle?

  • It's the requirement to have a license plate. Wise heads will intone that you need to have license plates or you have no accountability. Well, you can have accountability or you can have freedom; one is the opposite of the other. If you are being held to account (i.e. punished), you are not free.

  • I can build an ALPR unit for about $100 in parts, but it would require wall socket power so that limits the locations where it could be placed. Adding enough battery for a few days of power would be about a hundred more, and a solar panel would not be much extra. That unit could be put anywhere I own or have permission.

    My point is that it's so cheap to make these that it will be very hard to prevent proliferation.

  • The main problem mentioned here is the crap security in the Motorola license plate readers. A serious blunder on their part to be sure and a black mark on their reputation, but presumably fixable.

    It should also be possible to cause those systems to limit the data storage and provide appropriate filters and access permissions. But will police departments insist on this? Probably not on their own.

  • Evil'; DROP TABLE plates; SELECT * WHERE '1'='1

  • Nearly 100% of businesses and government agencies, and a very large number of homes, rely on them. These cameras are often easy to hack as well.

    While there are some people who loudly object to security cameras in principle, most, judging by their actions, embrace them.

    The solution here is to address the security flaws, not eliminate the readers.

  • by jd ( 1658 ) <imipak&yahoo,com> on Sunday June 23, 2024 @04:34PM (#64572083) Homepage Journal

    Yes, cybersecurity is a moving target, but we're talking about real basic stuff here. Detecting if encryption is enabled isn't hard, for a start. But intruders really shouldn't be getting that far.

    Really, if intruders are making it past the external firewall/NIDS arrangement, there's already a problem. Connections to secure facilities should only be from trusted sources, and if your sources are trusted, they can be over IPSec or WireGuard, which means you can verify that the connecting computer is who they say they are.

    Arguably, for a government system, you should have strong authentication of the remote network being connected from, strong authentication of the remote machine that is connecting, AND 2FA (with the second factor a Class III digital certificate on a smart card, a system the Federal Government in the US started rolling out in 2001) to authenticate the user.

    That should be to just connect to the network hosting the software.

    Users should not have direct access to the software itself, but only to a secure proxy that sits in a subnet specifically for it and nothing else, where the proxy is either a single-process OS like SEL4 or a tightly controlled environment where it's pointless to break out.

    At thus point, the defective security of the application really shouldn't matter a whole lot.

  • I can a product being popular that blocks a license plate being read while parked. You can't drive with no plates without risk of being pulled over, but you could easily block it from being read whenever parked and lots of services and police scan cars parked at stores, malls, apartments, etc. It could even still show the registration sticker so places can be sure they aren't "expired".

  • few agencies are equipped, staffed, or trained to harden their systems against quickly evolving cybersecurity threats.

    LOL, this data is being exported to the "cloud". They are not managing it locally. Worse yet, numerous departments use the same cloud provider, so someone is aggregating all of this data and the agreements (yes, I have personally seen them), do not specify clearly ownership or access to the data.

    TL;DR, The panopticon is in place. You thought the "cloud" was secure, but it is not. It explicitly grants access to privileged organizations that would not normally (legally) have access to such information.

"...a most excellent barbarian ... Genghis Kahn!" -- _Bill And Ted's Excellent Adventure_

Working...