Private Companies Gathering Plate Data Are Selling Access To People's Movements For $20 A Search

from the lojacking-humans dept

License plate readers are everywhere. Their existence is predicated on the assumption that traveling on public roads strips drivers of their privacy. To a certain extent this is true. But automation allows government agencies to reconstruct peoples’ lives and movements by simply typing in a plate number and accessing the billions of image/location data records stored by ALPR manufacturers like Vigilant.

But it’s not just a government thing. The new market for plate readers is residential neighborhoods, with purchases being made by home owners associations and others who feel they have a right to know who’s traveling in and out of “their” neighborhoods.

Prior to this, though, ALPRs were already being utilized extensively by private entities. Insurance companies and repossession firms have been using plate readers for years, using them to track down vehicles after missed payments or those suspected of insurance fraud. Unlike the databases compiled by law enforcement agencies, these private databases can be accessed by nearly anyone for any reason.

That’s exactly what Motherboard did. It found someone willing to offer up their license plate as a lab rat to see how much data was being harvested by a repo company’s plate readers and ran a search.

Armed with just a car’s plate number, the tool—fed by a network of private cameras spread across the country—provides users a list of all the times that car has been spotted. I gave the private investigator, who offered to demonstrate the capability, a plate of someone who consented to be tracked.

It was a match.

The results popped up: dozens of sightings, spanning years. The system could see photos of the car parked outside the owner’s house; the car in another state as its driver went to visit family; and the car parked in other spots in the owner’s city. Each was tagged with the time and GPS coordinates of the car. Some showed the car’s location as recently as a few weeks before. In addition to photos of the vehicle itself, the tool displayed the car’s accurate location on an easy to understand, Google Maps-style interface.

Unlike government databases, there are no rules protecting citizens from misuse or limiting long-term storage of plate photos. All that’s preventing abuse is the limited language of each company’s terms of service — something these companies don’t seem to spend too much time enforcing. Digital Recognition Network’s (DRN) offering is “crowdsourced” from thousands of cameras mounted on hundreds of repo men’s vehicles. It’s a persistent, long-term database of vehicle movements controlled by a single company — one that law enforcement also has access to, as if government agencies needed any more access to plate data.

It’s also surprisingly cheap. $15,000 gets drivers a four-camera setup and access to the DRN database. Searches go for $20 per and paying $70 for a search provides the searcher with live updates when a searched plate is snagged by a plate reader. Customers love it. So do repossession outfits, whose drivers earn bonuses for racking up plate photos. And DRN loves the data it collects, which it packages for sale through other programs, like one specifically marketed to private investigators.

The potential for abuse is real. The Motherboard report notes that members of a closed Facebook group for private investigators was filled with messages asking others to run plates for them. DRN’s official line on abuse prevention is pretty much a jargon-filled shrug.

Notably, DRN does not immediately ban someone for abusing the service, according to the contract. It reads that if DRN determines or suspects that the user has used the data for personal or non-business purposes, “Licensor [DRN] shall notify Licensee in writing of the alleged breach and give Licensee an opportunity to cure any curable breaches within 30 days of Licensee’s receipt of such notice; thereafter Licensor may take immediate action, including, without limitation, terminating the delivery of, and the license to use, the Licensed Data.”

There may be no “expectation of privacy” in driving on public streets. But I think most Americans would consider their privacy violated by the existence of a product that reconstructs their lives for the low, low price of $20 a search. Given that these companies are also selling access to law enforcement, they may yet find a way to trip over the Fourth Amendment. But until a company like DRN does, it’s just another company doing what so many tech companies do best: harvest and sell data.

Filed Under: , , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Private Companies Gathering Plate Data Are Selling Access To People's Movements For $20 A Search”

Subscribe: RSS Leave a comment
Techdirt's First and Only Openly Black Commentor says:

So how much does GOOGLE charge for your web history?

Try not to forget the biggies, Techdirt. Just drop GOOGLE into your worries, and directly applies:

"Unlike government databases, there are no rules protecting citizens from misuse or limiting long-term storage of " WEB HISTORY.

"All that’s preventing abuse is the limited language of each company’s terms of service"

Anonymous Coward says:

Re: Re:

Techdirt’s First and Only Openly Black Commentor

Man oh man, blue, you’re seriously going for this shit? Hamilton being obnoxious to Stephen Stone is one thing, but the Charles Nazaire gambit, really? "You disagree with my behavior because I’m black?"

You know how that worked out for Nazaire’s defense for Prenda Law?

Anonymous Coward says:

The first commercial product that automatically hides your license plate when the car is turned off and is offered at a reasonable price will make a mint. There is a product out now that will do this but it’s fairly cost prohibitive still.

Next up: A face spray or lotion that somehow obscures camera images or a camera jammer (which will be made illegal moments after its introduction if it isn’t already).

Anonymous Coward says:

Re: Re:

You can’t really jam or obscure your plate here in Florida without getting in trouble with the toll people. Veterans Highway north of Tampa uses license plate cameras to send you a bill for tolls.

Only way I could think of is to just change your license plate number annually. Sure you would probably pay more, but perhaps if enough people did it, it would become unprofitable to compile and sell access. .. Just a thought.

Coward Anonymous (profile) says:

Re: Re: Re: Re:

"Mind this system will only prevent driveby scanning when parked and nothing when driving."

And in that lies it’s value. Where the car is parked is revealing much more than what roads are traveled, even if whole routes are caught.

You have a point though, parking in a public place requires visible plates. But it maybe it could be tilted or rotated or something else to prevent scanning but still readable.

Anonymous Coward says:

Re: Re: Re: Re:

The previous message said "turned off", not parked, and it’s sometimes technically legal to drive your car on the highway while turned off (although some people find those "hypermilers" annoying). The plates often have to be visible whenever the car’s on a public road, moving or parked, but usually not when on private property.

Anonymous Coward says:

Re: Re: Re: Re:

In my area, it’s illegal to park on the street without valid insurance.

So the only place this would really help is in parking lots (as nobody’s seeing my car’s plates when it’s in the garage).

That said, it would be relatively easy to create a plate cover that’s an LCD — entire plate goes black when the car power is off, goes transparent when power is on. Also illegal in my area, as it’s illegal to cover your plate with ANYTHING.

Of course, that doesn’t stop the people who put IR filters over their plates to supposedly block red light/speed cameras (btw: it doesn’t work and hasn’t in about a decade, so these plates are pretty much useless).

Skylos (profile) says:

Re: 'when turned off'

It is illegal in almost every jurisdiction to have a vehicle on the public road – not ‘operating’ – merely present – without a VALID registration displayed on it.

This is what gives them the ability to tow any unregistered/expired vehicle immediately to impound.

I wouldn’t install such a device for fear that my vehicle would be impounded as illegally present. Hell, even store and company parking lots and such have policies that ‘vehicles must display valid registration’.

Skylos (profile) says:

Re: Re: Re: A Legislative Solution

Sorry, you don’t have any privacy while you’re on the public’s clock. Its difficult to express how dismissive I am of THAT claim.

Endangered THEM? orly. because who gets injured maimed and killed more often in police/citizen interactions… police… or citizens. Its not difficult to show with data who is more endangered.

Its almost like policing isn’t how you handle the actual problems…

ECA (profile) says:


No one has noticed some thing, in your drivers manual..
Most states only require the plate on 1 end of the car.. mostly the front. think about how you park.

Then there is the Constitution.. But that is personal rights, NOT public and NOT corp..
Until a law is made to stop it, Corps can do anything they want. And even after, it can be privatized and Hidden from PUBLIC view and only the feds/cops will see it, at a Very high price.

THE most fun iv had in life was finding out that the Corp had a List of every home Iv lived, for the rental business’s. And Credit checks.. We lost our privacy YEARS ago.

Wow, what a way to be a snitch, and not care… Make money uploading this data and get PAID..

With all the Data bases Lost in the last 10-15 years…YOU HAVE NO PRIVACY…

Anonymous Coward says:

Re: Strange..

You have to be careful with this… some states require a plate on the front, other states require a plate on the back, and a few require both. If you go between states, you need to comply with state rules, no matter where you are registered/insured.

So if you live in a front plate state and drive your car to a rear plate state or a two plate state, this can result in a traffic stop and a hefty fine.

So yeah; privacy’s been gone for over a decade. I found some tracking info on me that goes all the way back to the 90s.

MikeVx (profile) says:

Re: Re: Strange..

All US states require a rear plate. 31 states require a front plate. (Search engines are handy.)

The same "Full-faith-and-credit" laws that allow you to drive anywhere in the US with your state-issued driver license apply to cars, if your car meets the standards of your home state, you cannot legally be be cited for failing to meet the standards of another state. If cited, politely point out that your state has no such requirement, and if the officer insists, don’t argue further, just collect the ticket and have it dismissed later.

Anonymous Coward says:

"But I think most Americans would consider their privacy violated by the existence of a product that reconstructs their lives for the low, low price of $20 a search."

Hi Tim! I’m a smartphone. I’m practically in the pocket or purse of people around the world. I contain apps which siphon data from me and send it out every second of every day.

My owners install these apps, most of which are free.
They do not care about privacy.
They do not care data is siphoned from all parts of me.
They do not care about protecting this data.

Worse, my very operating system grants the creators full access to my GPS coordinates, which cannot be turned off.

If you think people would be upset their driving data would be compromised for a mere $20, then I must regret stating your belief is misguided.

People don’t care about their privacy until it’s used against them.

Skylos (profile) says:

I think we should do it open source

There are interesting things we want to know – where are the fire trucks? Where are the police cars? The garbage trucks? The commercially operated vehicles? The vehicle who knocked over my mailbox? The car that bumped yours and ran off in the parking lot? The latest ‘amber alert’? You have the right to move among the several states – you do not have the right to do so in a way that allows you to evade responsibility for what you do while you move around the several states. And you certainly don’t have a right to engage in commerce on our publically subsidized roads anonymously – tons of regulation already applies to that.

We should have an open source crowd sourced data system that reads and tags all the license plates seen by all the cameras and stores them for anybody to view at any time. It needs to be entirely unremarkable and free to get this information.

Lets put these guys out of business – by undercutting them in the extreme. With more information than they could ever have. That information shouldn’t be behind a paywall.

Skylos (profile) says:

Re: transponders?

do you really think that an encryption key that can be interacted with by every police cruiser on a minute by minute basis throughout their shift is going to be ‘secure’? You’re talking the same level of obfuscation as the digital-trunking-encrypted radio systems municipalities use – that is – it only stops those who don’t really care to know, those who do care steal the key from some of the equipment that uses it.

Skylos (profile) says:

Re: Re: Re: transponders?

Yeah, you don’t need an encryption key, you can just go real anonymous.

If you fall back to the true anonymity (non-obfuscation based) of a polypseudonym strategy – that is transmitting one of many identities (a decade worth!) that have never been seen in the wild before but are unique to the transponder. So you’d do it this way:

Victor(verifier)’s query is signed by Leo(officer)’s crypto agent and is forwarded to Peggy(prover) which is encryptosigned by the key-of-the-moment, whose ID and data are returned to Victor which forwards to Trent(Trusted authority) which decrypts using psuedonomous identity pubkey from its private stores, validates Leo’s credentials, and returns to Victor relevant permitted information per its rules regarding the validity, identity, and provenance of Peggy.

And do you think that a bureaucracy the size of the US DOT and each municipal entity beneath it could implement a protocol of that complexity at the scale required and have it work, without serious security compromises due to operational just downright fouling it up?

The real problem is between the keyboard and the chair. From Leo all the way up to Trent operations.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...