Eternal Vigilance is the Price of Liberty

Those that know me well will know that I hold privacy and liberty of the individual as one of my core principles. I believe we are entitled, as part of our human rights, to go about our lives without intrusion from either the government, business or individuals.

In the UK, we are subject to pervasive surveillance by CCTV, ANPR, and other monitoring technologies. The government, media and police attempt to use a “nothing to hide, nothing to fear” mantra to convince the public that these technologies are effective and have little downside. Unfortunately, the cost-benefit of many of these systems has not been demonstrated. Even if it were, the costs would be purely tangible ones – install, maintenance and operating costs – ignoring the impact it can have on our personal wellbeing. Over time, we become used to this surveillance and accept it without question.

Recent rises in crime, along with reduced police resources, have triggered community crime-fighting efforts. Neighbourhood Watch and volunteer patrols are often suggested and can have positive effects.

But a recent post on a Facebook group proposed a system that could invade privacy, would not comply with data protection law, could place homeowner’s networks at risk of attack, and has no demonstrated impact on crime levels.

Initially, I was willing to put this down to naiveté and a “anything-is-better-than-nothing” attitude, but it soon because clear that these were not the issue here.

Unfortunately, this is a closed group and I can’t just link to it. I hope that the following excerpts are representative of the whole.

I’ll summarise this, and subsequent posts:

To reduce crime, a network of Raspberry Pi based automatic number plate recognition (ANPR) cameras would be installed. This would in the area of a small town and would be operated outside of GDPR or any other data protection laws. The cameras would be located at knee-height on the perimeter of private properties, filming public roads.

Residents pay to install and operate the system. Residents can prevent their vehicles from being logged by registering their number plate with the system. This would require sending a V5 document or an image of the car in the driveway.

In the event of a crime, the list of unregistered plates would be used somehow. There is also suggestion that alerts could be raised on “bad” plates.

There is proposed expansion to record WiFi and Bluetooth identifiers alongside number plates.

I have a number of serious concerns around this scheme.

Privacy

Elliot wishes to operate the scheme outside of current data protection laws.

He has made several incorrect or questionable claims here.

It seems to have been accepted by Elliott that recording images of people would mean the system would fall under GDPR.

There are a number of claims that need examining.

Firstly, it’s highly unlikely the cameras will only gather number plates. Whilst some ANPR cameras have a limited FOV and are virtually useless at capturing images of people, this is not the case here. They are general purpose, wide-angle cameras mounted at knee-height. If you stand 3m away from this camera, you will be captured from head-to-foot. The chance that a significant network of cameras does not capture images of people is vanishingly small.

Secondly, the notion that number plates do not constitute personal information is false. The ICO ruled on this in 2009: vehicle registrations of vehicles owned by individuals are personal information.

Thirdly, the camera network gathers more than just a number plate. There is also the time and location over a network of cameras, providing a route. This makes the information even more likely to lead to an individual being identified.

Fourthly, to register your car on the system, you are required to send your V5 or an image of the car in a driveway. This is certainly personal data.

Elliott was challenged about this. Rather than accept that the system may need to handle the data under GDPR, he doubled down around the V5s and images of cars in a drive.

He now tries to argue that the system isn’t being operated by an entity – it’s just citizens sending data to each other. It seems a very odd argument, given that the operator of the system would be taking payment of £50/year per camera – that sounds a lot like central entity. More to the point, GDPR doesn’t really care if it’s a business or individual, it cares about the data being gathered.

Fundamentally, Elliott is proposing a system that would gather other people’s data and that these people would not have any of their rights under GDPR. They would not be informed, they would not have the right to access, and they would not have the right to erasure.

To make things worse, the scope creeps to include Bluetooth and WiFi data gathering. Now your phone and smart watch will be tracked by the same system.

Without the controls that data protection laws provide, who knows what the data will be used for?

Information Security

The proposed system would place a network of Raspberry Pi’s on the networks of many homeowners.

I have three concerns here.

Firstly, I would be concerned that attackers without authorisation could take command of one or more of these devices remotely, viewing the cameras, injecting false data, or attacking the homeowner’s networks. IoT security isn’t easy, and I have seen many Raspberry Pi based systems fail badly and fail hard.

Secondly, I would be concerned that someone with authorisation to access the devices could attack the homeowner’s networks. Given that the system is operating outside of data protection laws, and that it isn’t operated by a company or entity, how do you know who has access to the devices? What controls have they put in place to protect you? What comeback would you have?

Thirdly, what would happen if one of the devices was stolen? What access would this permit the attacker? I often see credentials from a single device permit access to many more.

Efficacy

It is stated that the system will avoid capturing anything except images of number plates. As a result, it won’t actually capture images of crimes. It will just know which vehicles had been in the area at a given time.

If a crime occurs, all the system will be able to provide is a list of number plates of vehicles in the area. This list will contain residents who have not been registered, visitors, people passing through, vehicles that have not been registered as leaving due to coverage, and maybe the vehicle the criminal used.

I’m not sure what this list will be used for.

I’m not sure what the police would do with a list like this.

It’s certainly not obvious that it will provide any benefit.

Essentially, anyone with the audacity to enter the Oxted ring-of-steel will become a suspect.

If 100 cameras are installed, then it will cost £5,000 to install, and £5,000/year to operate – £30,000 over 5 years. Is it going to provide value compared to other options?

I’d want something more than an appeal-to-emotion to justify installing such a system.

Ironically, if the system gathered images of people and crimes, it would probably be of more use.

Attitude

There is the explicit admission that he will try to avoid GDPR.

Conclusion

Data protection law is often maligned. It isn’t the evil beast that many make it out to be.

Entities that comply with data protection law have normally considered what data they gather, and how they will protect it.

Those that don’t comply with data protection law often gather more than they need and don’t adequately protect it, likely because they don’t think any of the penalties can apply to them.

GDPR doesn’t exist to stop people implementing ANPR systems; it exists to allow those surveilled by such a system to know what happens with the data.

It’s often less effort to comply with the law than it is to skirt around it.

Ask yourself why Elliott is trying to escape these responsibilities and what impact it could have on you.

2 thoughts on “Eternal Vigilance is the Price of Liberty

  1. Permalink  ⋅ Reply

    NKT

    May 13, 2019 at 11:21am

    This is a non-literal car crash…
    Besides a murder, the police aren’t going to have the resources to use a list of 2500 vehicle registration numbers anyway! Including every police car…
    And there will be easy access to these devices, and hence into the entire network.
    Sounds ideal if you need a tip off that the police are on the way, a few minutes ahead! Ideal for criminals with access to the system. Who would obviously be using false, stolen or cloned plates anyway!
    Or, dodgy IT people with 40 years of… Whatever… On the encrypted discs they need 126 seconds to destroy, given the warning by the ANPR system they have access to, whether legally or not.

  2. Permalink  ⋅ Reply

    Baz

    May 13, 2019 at 2:34pm

    Imagine if criminals didn’t abide by the law & used stolen cars and/or cloned plates.
    I mean, that would completely destroy the soul purpose of this ‘project’.

    Thankfully, criminals abide by motoring laws, and will only drive past these during the day, otherwise, IR lights will be needed to get a good capture+read.

Leave a Reply

Your email will not be published. Name and Email fields are required.

This site uses Akismet to reduce spam. Learn how your comment data is processed.