Privacy threats: Electronic invasion, license plate readers to black boxes, drivers under assault

Link to article here.

Opinion: US Senator Reports On Automobile Privacy Threat
US Senator Ed Markey condemns automobile manufacturers for privacy invasions promoted by the federal government.
February 13, 2015

Senator Edward J. Markey (D-Massachusetts) on Monday released a report on automotive privacy highlighting the failure of vehicle manufacturers to ensure the highest levels of security and privacy. The report examined the measures industry has taken to prevent electronic intrusion and the way companies gather and treat sensitive personal information. Markey concluded that government intervention may be appropriate.

"New standards are needed to plug security and privacy gaps in our cars and trucks," Markey's news release explained. "We need to work with the industry and cyber-security experts to establish clear rules of the road to ensure the safety and privacy of 21st-century American drivers."

Left out of his analysis was any mention of the threats to security and privacy created by the government's own regulations. Markey based his report on responses to a series of questions he received from BMW, Chrysler, Ford, General Motors, Honda, Hyundai, Jaguar/Land Rover, Mazda, Mercedes-Benz, Mitsubishi, Nissan, Porsche, Subaru, Toyota, Volkswagen/Audi and Volvo. Markey had asked them to outline their policies on a number of issues, including retention of electronic data recorder or black box data. Markey suggested the industry's voluntary decision to limit data collection was inadequate.

"While this is a good step forward, limiting themselves to collection 'only as needed for legitimate business purposes' still raises many questions about the extent to which companies will continue to collect sensitive information," Markey's report explained. "The principles also do not ensure that consumers will have rights to prevent data collection in the first place."

Markey's report did not mention that in December 2012, US Department of Transportation formally proposed to mandate that all automakers to install event data recorders. The final rule remains pending, but an existing federal rule mandates that automotive black boxes collect certain data.

"In sum, the objectives of our regulation are to get the right data, in sufficient quantity and in a standardized format, and to ensure that the data can survive most crash events and be retrieved by intended users," 49 CFR Part 563, states.

Markey faulted the industry for failing to disclose to consumers how information might be used or shared with third parties.

"This lack of transparency in personal vehicle data usage leaves consumers with little knowledge about how the companies actually use their data," Markey's report states.

Markey made no mention of the ongoing federal effort to create a centralized database that tracks the movement of all motorists using equipment such as license plate reader cameras and toll road transponders. These government-sponsored programs have only come to light in heavily redacted documents released under the pressure of a freedom of information lawsuits by the American Civil Liberties Union (ACLU).

As a US senator, Markey has the power to amend legislation and vote to withhold funding if he wishes to make an effort to stop any federal agency's privacy violation.

A copy of Markey's report is available in a PDF file at the source link below.

Source: Tracking and Hacking (US Senator Edward Markey, 2/9/2015)
Link to article here.

License plate surveillance may invite political targeting
February 4, 2015
By Alice Salles | Watchdog Arena

The drug war has made a series of waves recently, but one in particular hasn’t been receiving the attention it deserves.

Through a Freedom of Information Act request filed by the American Civil Liberties Union, the American public had the opportunity to learn more about the high-speed license plate cameras and the Drug Enforcement Administration program behind them. Such details were kept under wraps until ACLU took action.
The program that stores data pertaining to motorists nationwide has one use: to gather drivers’ personal information.

Once the cameras harvest the data, it is either sold to third-party companies or made available to local law enforcement agencies. To some extent, it’s safe to say data collected may have been widely used in civil asset forfeiture operations–the legal practice that got President Obama’s Attorney General nominee Loretta Lynch under the spotlight recently.

Drug trafficking activity near the Mexican border prompted the DEA to first launch the program. But as officers’ access to the technology expanded, so did the program’s reach.

Today, the surveillance operation runs nationwide while remaining unchecked. No state has passed legislation to deter it and few civil liberty groups have used their voice to promote awareness. One of these groups is the Electronic Frontier Foundation, a nonprofit that works to defend civil liberties in the digital world.

In an interview with Watchdog Arena,  EFF spokesperson Dave Maass said it’s hard to pinpoint just one rationale behind the development of the national license plate reader program.  Regardless of its goals, Maass says, “Maintaining a massive database of locational data on everyday people is a disproportionate response to the amount of crime the DEA seeks to investigate.”

Reporters and activists have been voicing concerns linked to how officers are making use of this data. Considering we’re dealing with officers having hands-on access to this powerful tool, it’s not unlikely that the program may be vulnerable to malfeasance. According to Maass, “Such databases invite opportunities for abuse, whether it’s police using it to stalk women or using it to spy on political adversaries.”

Maass explained to Watchdog Arena how the DEA is jeopardizing our privacy by collecting license plate information on all Americans.

It only takes a few locational data points to begin to identify the individual traits of a person. Combined with other forms of data collection, plate data can create detailed pictures of the private lives of citizens and visitors to this country.

But if the program was allowed to be carried out unchecked for so long, what could be done now to turn things around?

In the name of transparency, EFF is filing a lawsuit against the Los Angeles police and sheriff’s offices “to gain access to one week’s worth of ALPR (Automatic License Plate Recognition) data.” The action would offer more details into how the program works. Such information would play an important role in making the public understand the importance of challenging the DEA.

According to The Daily Caller, the data is made available only through the El Paso Intelligence Center, known as EPIC. Jay Stanley, a senior policy analyst at the ACLU, says “It’s unconscionable that technology with such far-reaching potential would be deployed in such secrecy.” Partisanship, Stanley believes, should not be holding this story back:

People might disagree about exactly how we should use such powerful surveillance technologies, but it should be democratically decided, it shouldn’t be done in secret.

In California, Maass told Watchdog Arena, lawmakers could use information made available after the EFF’s lawsuit to limit ALPR practices. State legislators could follow the California Highway Patrol (CHP) example and limit “how long it can store data.” The CHP also must disclose “when it shares that information with other local agencies,” a crucial part of keeping law enforcement agencies in check.

While much can be done to limit the practice locally, the civil liberties group believes that any “federal agency may be able to use a court order or subpoena to access specific ALPR records from an agency” in the future.

That problem would make this issue much more difficult to address fully only through local legislation.

According to Maass, privacy advocates have a great opportunity to get involved by filing “public records requests with their own local agencies to survey what ALPR technology local police are using and what their privacy policies are.” More people involved would mean more law enforcement agencies under scrutiny for the power overreach.

But that is not all; pressuring lawmakers could also make a difference, Maass said. “Too often, policymakers aren’t even asking questions about civil liberties and privacy when approving this technology.”

This article was written by a contributor of Watchdog Arena, Franklin Center’s network of writers, bloggers, and citizen journalists.