(From IEEE Spectrum, 20 December 2012)

Steven Cherry: Hi, this is Steven Cherry for IEEE Spectrum’s “Techwise Conversations.”

Last year we did several shows about GPS tracking of automobiles, that is, whether the police can attach a tracking device to a suspect’s car, and do they need a warrant for that. As it turns out, that question is almost irrelevant, quaint, even. Today the police have a wide variety of ways to track us, none of which involve actually touching your car.

The latest and most disturbing development is the way law enforcement officials can use license plate information culled from video cameras—a practice that turns out to be vastly more common than you might think, because there are way more video cameras photographing license plates than you probably thought. Besides fixed cameras, such as at traffic lights, cops themselves are wielding recording equipment optimized for reading license plates. According to an article in The Wall Street Journal, a study by the Center for Evidence-Based Crime Policy found that “37 percent of large police departments were using [license] plate readers.”

At just one of them, the Riverside County Sheriff’s Department in California, 49 camera-equipped vehicles took 6 million scans, recording a total of 2 million unique license plates over a two-year period that ended this August.

And it’s not just the government. The Wall Street Journal article described vast databases of hundreds of millions of license plate scans by private companies. It cited a single auto repossession agency in Baltimore, whose agents—repo men, as they’re popularly called—scan over 10 million plates each year now.

There’s a wide variety of other technologies now being employed by law enforcement: radioactivity detectors, automotive black boxes, navigation systems, automated toll collection, the GPS in your cellphone, the traffic cameras I mentioned, civilian drones, facial recognition software, and more. And it can all be correlated with driver’s license databases, credit card information, national identity registries, cellular billing records, supermarket discount cards, and, again, more.

My guest today is Colonel Lisa Shay. She’s a professor of electrical engineering at West Point, the U.S. Military Academy, that is, in New York State. She has a Ph.D. in electrical engineering from Rensselaer Polytechnic Institute, also in New York.

Lisa, welcome to the podcast.

Lisa Shay: Thank you very much, Steven.

Steven Cherry: So first tell us a little bit about the license plate readers. The technology has gotten a bit more common lately. Is that just Moore’s Law at work?

Lisa Shay: Well, absolutely, that’s a component of it. We have an increased capability to make sensors smaller and smaller, and because they’re smaller, they can physically be used in more places. As demand becomes higher, they become mass-produced, and the cost goes down, and so it’s sort of a version of Moore’s Law. It’s kind of a combination of Moore’s Law and mass production.

Steven Cherry: And they’ve gotten a lot more accurate lately?

Lisa Shay: Well, that is an interesting question. The cameras themselves are simply sensors, and so it’s not really accurate to say how accurate that is. When you talk about accuracy, you’re interpreting an image, doing some sort of optical character recognition on it, so there’s two parts to that: The sensors themselves are becoming better in that they have higher resolution, but the accuracy of the algorithm that does the optical character recognition is . . . it depends, and there’s not a lot of data on that that’s been published.

Steven Cherry: So how does this work? The video camera snaps the actual back of a car, let’s say, and the software focuses in on the license plate and tries to read it as numbers and letters?

Lisa Shay: Yes, that’s exactly what happens.

Steven Cherry: All right, so a cop can see someone speeding or driving recklessly, and they’re able to snap a picture instantly, and with improving, at least, accuracy. What’s wrong with that?

Lisa Shay: Well, potentially there’s not a whole lot wrong with that. If a policeman is using this system because they’ve identified that there is a crime being committed, and they’re using this as a way of enforcing a law that they’ve already determined has been broken, I think that’s fine. The question is really the broader topic that was brought out in your introduction, that there are many cameras that are set up all over the country that are photographing traffic. And the question then is, Where is that data being sent? Who is analyzing it? And what is being done with it? Is it being used for what purpose? Because traffic cameras that are just continuously on are recording data from people who are perfectly law abiding, who are simply driving to work on a public highway.

Steven Cherry: I said that the license plate data can be correlated with a lot of other databases. Are they, in fact, being correlated? And who’s doing that?

Lisa Shay: Well, there was just actually published in a conference in Boston in October a paper discussing exactly that by a group of investigators in the United Kingdom. They assert, in fact, that, yes, these license plate readers in the UK are being combined with the police, with other data from either cellphones or other location-based information, to identify criminals or to track criminal suspects. The technology certainly exists for police to, or other organizations to, do this because every cellphone nowadays just about has a GPS in it, and the cellphone companies know where each cellphone is, so that data is available to them. And license plate data is available to whatever entities operate these roadside traffic cameras, which are a variety of different entities that operate those systems. And, of course, there’s private companies that operate the cameras that do the repo men, as you mentioned.

So these datasets exist. They exist in digital form, and any dataset that exists in digital form can be easily transmitted somewhere else; it can be easily processed. And that can be done intentionally, because the companies that own these datasets desire to aggregate them, or it could be done unintentionally, because someone hacks into this database of this information and then correlates it. So there’s the privacy concern that’s twofold: One, that this information might be accessed illegally by hackers, or that the companies that collect this data could then sell it to each other for either market research or for some other purpose.

Steven Cherry: In the movies, we often see the government with a sort of perfect ability to track someone as they move around a city or across a country. They do this in the TV show Homeland all the time, for example. It’s completely unrealistic now, but I gather you fear it’s becoming quite realistic, and that this license plate technology could end up becoming a key part of that equation.

Lisa Shay: Well, that’s a concern. There’s two parts to that: One is, can someone be tracked perfectly? What are the limits to this system? Because every technological system, every tracking system, has false alarm rates. There’s false positives and there’s false negatives, and those are inherent to any system, and there’s not a lot of rigorous analysis being done on these systems to determine what are those false alarm rates. And so it is possible that you have this illusion of perfect tracking, but in fact you’re not tracking the right person.

And then on the flipside, even if you are tracking people, then at what point do we have a right to privacy? There’s certainly expectations of privacy in one’s own home that can be violated because your GPS signal is, in many cases, detectable outside of your home. So there’s strict privacy that’s clearly violated by some of these systems. But then there’s even a less-precise notion of privacy, that at any given moment in time that I’m walking down the street, I’m in public, and anyone, of course, can see me, but that’s a very transient phenomenon. The people who see me, 99 percent of them don’t know who I am. They don’t remember me more than three or four seconds after they’ve seen me, and unless I’m looking for somebody, I’m looking to meet a friend, say, at a restaurant, it’s almost an anonymous system. Yes, I’m in public, but my data isn’t persistent in any way.

That all changes when this data is stored electronically, because now a log, a record, is being kept of my whereabouts that could be viewed later. It is a persistent record. It can be viewed not just by the 10 people on the sidewalk that I happen to pass, but anybody anywhere in the world that has electronic access to this dataset.

Steven Cherry: And to connect it up with everything else you’re doing in your day . . .

Lisa Shay: Right. Yes, and then to note that I went to a grocery store, and then the data collected by my grocery loyalty card can be linked to the fact that I didn’t go to the gym that day and instead bought a package of cookies, and then that goes to my health insurance company that says, “Oh, you’re no longer exercising and your diet has gone downhill. Perhaps we need to relook at your insurance premiums.” This all becomes very dystopian.

Steven Cherry: Yeah, and I was going to ask you, Is it a bigger problem when the government is doing this, or private companies ?

Lisa Shay: It’s no longer just the government that we have to concern ourselves with. Back in the Cold War, we certainly thought of Big Brother as the government, because the organizations with the most resources to devote to this sort of issue tended to be governmental, but that’s no longer the case. And that’s an even bigger concern, because in countries like the United States, we have a Bill of Rights. We have laws that regulate governmental behavior that’s different from the laws that regulate corporate behavior, and the corporate law hasn’t necessarily caught up with these notions of privacy and sharing data and aggregating data.

Steven Cherry: In your writings you’ve used the phrase “police state.” You say we don’t have one, but we have the technology to have one. Actually, the problem in a way goes beyond that, right? It’s not just the police that can know everything about us, it’s Walmart, it’s our insurance company, it’s our bank, it’s everybody.

Lisa Shay: Yes. “Police state” is a turn of phrase that perhaps is a bit dated now. It’s designed to elicit . . . it’s a metaphor, and certainly in the ’50s and ’60s, we were most concerned with what governments were doing. And if you think about what life might have been like in Eastern Europe or in the Soviet Union in the 1950s, imagine what the KGB would have done with this kind of technology. But nowadays it’s not just the governments that we have to think about, it’s what happens when Walmart and my insurance company and my Visa card and my auto insurance company all are collecting data about where I am every minute of the day. Is my life really intended to be something that everybody can view at any given moment?

Steven Cherry: So the technology keeps getting better and cheaper and faster, and it seems that it is just going to become used more and more widely until we have no privacy at all. Do you see any way off of that roller coaster, which seems to be entirely downhill?

Lisa Shay: No future is inevitable. There are certainly courses of action that can be taken. My colleagues and I have analyzed this phenomenon from a couple of different perspectives. First, you look at who are the owners of these surveillance systems and what is their interest in setting these systems up. They typically have a legitimate interest in a very specific purpose, and then the people who make these systems should then target their applications to meet that single need—and either through voluntary standards and best practices of how these systems are designed from the ground up, or from regulations and laws bounding how these systems can be operated.

There are definitely ways to allow the owners of these systems to meet their immediate need for safety or security, or for monitoring employees’ behavior that are within the bounds of their employment contract, to meet those objectives in a way that doesn’t excessively violate our privacy. And we advocate designing systems with privacy built in from the ground up, so making these systems do their intended purpose but not more than that. But in many cases it may take government regulation or laws to limit how data is released. Something as simple as having individuals having opt-out or opt-in policies for surveillance would be a step in the right direction.

Steven Cherry: Well, we can hope that those laws come to exist or that those options come to exist. And let me thank you, Lisa, first of all for your service. . . . Your biography mentions that you were deployed as part of the NATO peacekeeping mission in Bosnia.

Lisa Shay: Oh, thank you.

Steven Cherry: And, of course, for your continued service at West Point. And let me thank you for joining us today.

Lisa Shay: Thank you very much for this opportunity.

Steven Cherry: We’ve been speaking with Colonel Lisa Shay of the U.S. Military Academy about our continually diminishing privacy, this time from portable license-plate-reading video cameras.

For IEEE Spectrum’s Techwise Conversations, I’m Steven Cherry.

Announcer: Techwise Conversations is sponsored by National Instruments.

This interview was recorded 14 November 2012.
Segment producer: Barbara Finkelstein; audio engineer: Francesco Ferorelli