Privacy Story of the Week (PSotW) - January 13

by John Wunderlich

No need for papers, we have your license plate 

Cheap data storage, better surveillance equipment, and the false belief that knowing more instead of knowing better makes us safer leads police to a place where they end up acting like the secret police in a cheap thriller. 

There were a number of stories this week about automated license plate recognition systems (ALPR) being tested or used in a number of cities, including Ottawa and Vancouver where the privacy commissioner ordered the police to change the way that they used the cameras. While known by many names or acronyms, these systems combine character recognition technology with (usually) infrared cameras to record the license plate number of ever vehicle that they ‘see’. The systems were originally designed for fixed use, such as in a camera over an intersection (like a red-light or speeding camera).

In Ottawa the system is used to cross-check the plate number to search for outstanding warrants, stolen vehicles and driving infractions. In Vancouver, where the system was used for similar purposes, the issue for the privacy commissioner was the ‘non-hit’ data (about 98% of the data collected), that is to say the information about all the drivers whose license plate, time and location was recorded who did not have a stolen vehicle, an outstanding warrant, or a driving infraction. It turns out that this data was being turned over to the RCMP so that they could compile a list of innocent drivers in case an alibi ever needs to be checked. This reeks of the ‘If you’ve got nothing to hide, why does this bother you?" argument that is often used by surveillance advocates. Of course this misses the point of entirely. As Daniel Solove has pointed out, the prior question is, “What gives you the right?".  It is worth remembering here the 2004 case of the Edmonton Sun reporter Kerry Diotte who was critical of photo radar systems in Edmonton and was consequently targeted by some police officers, in part by using the system itself.

The head of the Ottawa Police Board seems to understand the gravity of the nature of the potential rights infringement here, and has asserted that these readers will be subject to a full public discussion about privacy safeguards. For example, the Ontario Provincial Police, working with the Ontario Privacy Commissioner’s office have engineered to delete ‘non-hit’ data within 20 minutes of collection. This seems in stark contrast to the Victoria police who have, according to an op-ed in the Victoria Times-Colonist, refused to comply with the BC Privacy Commissioner’s order and to continue to collect, store, and forward information to the RCMP. It’s not clear from the story what the original scope of the BC Commissioner’s order was. If it was for a specific police force, and not directed to the Victoria force, then they are necessarily defying a Commissioner’s order. Nonetheless it is clearly the case that the Victoria Police Board (who voted on this in-camera) have placed the convenience of their investigation above the privacy rights of the citizens they are supposed to protect. This is the attitude of a force that sees the citizenry as objects of suspicion and that need to be controlled. This is not the attitude of a police force in a modern democracy. 

Finally, in related news, even if you do manage to maintain some semblance of anonymity by not having your license plate tracked, your car has a black box that is collecting information about you and your driving habits. 

Other privacy stories of note

Privacy breach at HRSDC (again)

This time it was an unencrypted external hard drive, containing the information about 583,000 Canada Student Loan borrowers. Just what they needed on top of paying off the debts - the possibility that their data could be used for identity theft to put them farther in debt. You can see the Globe and Mail story here.

Canadian Government Unveils Big Loopholes in Anti-Spam Regulations

Intensive lobbying by business groups have watered down the effectiveness of the proposed regulations, so that we can expect continued intrusions upon our privacy. You should consider reading this in conjunction with the CBC story,Offshore telemarketers defy Canada’s do-not-call list

When Privacy and Enhanced User Experience Collide Online

Disney World’s new plan to track visitors with wireless bracelets….coming soon to a theatre near you?

Obama OKs Netflix-to-Facebook Sharing as E-Mail Privacy Reform Falters

Do you really want the default on your Netflix or other streaming video to be to share?

U.S. Spy Law Authorizes Mass Surveillance of European Citizens: Report

Is anyone surprised that the U.S. self-declared policeman to the world, arrogates to itself the right to infringe on non-U.S. citizens data sovereignty?

How Generation Y really feels about online privacy

A group of consumer panelists shared their candid thoughts on online privacy during a tell-all panel discussion on Generation Y and digital media at CES.

Report on the European Commission’s data protections (this link opens the pdf of the report)

See the commentary about this on the Privacy and Information Law Blog. Of note in the context of this week is the contradiction between the report author’s expectation of scope extending to non EU-based controllers and the above mentioned “U.S. Spy Law". More privacy conflicts ahead for the EU and the US. The tech industry, especially those that depend on user data and profiled advertising will not be pleased, according to a Wired UK piece.

Checking the Numbers Behind BC CareCard Fraud

A nice analysis, with more to come, on the proposed hi-tech provincial identity card for services.