Two weeks in a row, I wrote about surveillance of drivers and only to learn hours later that the problem was even worse than I thought. Last week we learned cell phone spy LocationSmart didn’t require authentication to use its tracking API. Anybody in the world could track you.
During the rise of Facebook somebody remarked, if you aren’t paying for the service you are the product. The basic problem with LocationSmart, Equifax, and the ironically-named Securus, is that they have no interest in keeping your data secure. Their business model is selling your personal data to their customers. Location information you leak by turning on your phone or displaying a license plate is compiled by people with your worst interests in mind.
How many stories have I heard about a stolen car being ignored as parking tickets pile up and plate scanners drive past? Meter maids and plate scanners are not meant to help you. They’re meant to raise revenue. They’re meant to make high value arrests.
My real job is working for a cloud computing company. Keeping data private is explicitly part of what customers pay for. Like some other companies, we offer a free service that does not include data privacy.
Some companies have a bug bounty. We do something similar. We made a copy of our system without customer data. We pay hackers to try to break into it. The more bugs they find, the more they get paid. If we had an unsecured API they would have found it.
All the financial incentives are lined up. We want a secure system to attract paying customers. The hopefully-ethical hackers can make money right now by reporting bugs instead of selling them on the black market.
When Google says it’s going to make Chrome more secure I kind of believe it. Google already injects tracking code into a large fraction of the world’s web pages. They want to close security holes to keep other gangs out of their turf. The less competition, the more valuable Google’s treasure trove is.
Google also wants to avoid embarrassing itself. A small part of its business is selling email and other services to companies. Customers of Google’s corporate services division might worry if Google’s advertising division leaked data.
What incentive does LocationSmart or Equifax have to keep its data private? A leak is like a free trial. They need to keep the leak rate low enough so customers will pay to see the rest. Even if they released everything, they’re alway gathering new surveillance data and can build a new database. It’s not like you’re going to say “I’m never giving my location information to LocationSmart again!” Are you?
When I was in fifth grade we had home economics. A friend’s daughter gets “health.” Maybe one day children will have information security class.
Maybe they won’t. The government, which runs the schools, wants your information. You are not their customer. Paying taxes doesn’t count; you’re not likely to stop paying taxes in protest. An uninformed public is their best bet.
So consider turning off your phone’s radio while driving. Download listening material ahead of time. Learn how much you can legally obscure a plate. In Massachusetts courts threw out an RMV regulation banning license plate covers, but especially where ticket cameras are used even transparent covers may be illegal. Put your transponder in its foil bag when you don’t need it. Ask your police department about its license plate scanner system. Instead of slowing down for the usual speed trap, take a different route to avoid being scanned.
And don’t think “I haven’t done anything wrong.” When the UK was expanding plate scanners the government explained a reason. Criminals use one car to commit the crime and have the getaway car following. If you drive too close to a criminal, you become a suspect.
Not leaking information is becoming a more valuable skill.
The opinions expressed in this post belong to the author and do not necessarily represent those of the National Motorists Association or the NMA Foundation. This content is for informational purposes and is not intended as legal advice. No representations are made regarding the accuracy of this post or the included links.
