Hacked surveillance firm pitches NYC with invasive camera tech to track driver journeys

Scanning technology already in use at the Mexican border was pitched as a way to build profiles of driver habits.
Written by Charlie Osborne, Contributing Writer

Congestion and traffic in New York City is a problem. In emulation of London's congestion charge, city officials plan to tax vehicles that operate on Manhattan's streets, thereby potentially providing a fresh source of income which can be poured into public transportation.

The initiative, however, will not rely on booths or toll gates. Instead, the Metropolitan Transportation Authority (MTA), wants to use new technologies able to automatically scan vehicle number plates, clock their journeys, and send them a bill in the post. 

Beyond the idea of cameras tracking your car as you pass through an electronic toll gate, you wouldn't necessarily associate congestion-reducing schemes with inherent privacy risks. Until you bring in a company which has been recently hacked and was found to storing citizen information it had no right to keep, that is. 

The company in question is Perceptics, a subcontractor of the US Customs and Border Protection agency. In June, the firm was found to be subject to a data breach in which a hacker was able to steal license plate and facial recognition photos generated at the border after Perceptics violated CBP policies and copied the data to its own network without authorization. 

See also: Hackers can exploit this bug in surveillance cameras to tamper with footage

As reported by The Intercept, a leaked internal presentation reveals that only months before Perceptics was subject to the cyberattack, the company was gearing up to pitch MTA on how to tackle its traffic problem. 

The presentation, titled "Smart Imaging Solutions for New York City Congestion Pricing," reportedly goes far beyond cameras at fixed locations or basic traffic monitoring for the purpose of issuing charges. 

Instead, Perceptics wants to conduct widespread surveillance on NYC drivers, building "vehicle-specific profiles" of vehicles, drivers, and their travel patterns -- including "likely trip purposes." 

CNET: US keeps Huawei on blacklist, but will allow licensed sales

Each vehicle passing through Manhattan would be assigned a unique vehicle identifier which could be used to identify a vehicle even if a license plate cannot be read. License plates, drivers, and passengers would all be scanned to create a digital profile for each vehicle. In addition, Perceptics technology is claimed to be "capable of observing driver behavior, cell phone usage, and seat belt enforcement," the publication notes.  

The proposal, it seems, goes far beyond a ticketing system and instead could result in a city-wide surveillance web which would track the movements of drivers and passengers in an invasive way akin to how China monitors its citizens

A vendor to manage congestion tolls is due to be selected before deployment in 2021. An MTA spokesperson told The Intercept that "all details are still to be determined." 

TechRepublic: How to securely and completely delete files in Windows 10 without third-party software

If a proposal of this nature is accepted, it is not implausible that the repository of data could also be used to track the daily lives of citizens -- including where they live, where they like to hang out, and where they work; building a picture of individuals and their lives that could, one day, end up in the hands of law enforcement. 

The Federal Bureau of Investigation (FBI) and Immigration and Customs Enforcement (ICE) were recently caught exploiting state DMV records to grab facial recognition data without driver consent, and a data repository of Perceptics' proposed magnitude would be an enticing lure for law enforcement agencies in the future. 

ZDNet has reached out to Perceptics and will update if we hear back. 

How to discover and destroy spyware on your smartphone (in pictures)

Previous and related coverage

Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0

Editorial standards