Jump to content
The Christmas Logo Competition is back. See thread in Sheffield Discussions for details ×

Sheffield Council's Anpr System Left Open To Internet

Recommended Posts

6 hours ago, FinBak said:

Another thing of note..The ANPR cameras that SCC operate are Directly linked to the DVLA's own data base.

 

Thereby sharing information re...Taxed, uninsured motor vehicles etc.

 

 

What's not to like?

Share this post


Link to post
Share on other sites
1 hour ago, Jim Hardie said:

What's not to like?

Perfect.  More of this sort of thing please!

Share this post


Link to post
Share on other sites
16 hours ago, WarPig said:

But what harm has it done to you? I don't see the problem.

I expect anyone who holds data about me in any form to do so with respect and care, especially if it's something I have no control over.

 

There are a whole raft of reasons why the last two years of a cars movements across Sheffield might be valuable to someone.

 

If you think this information being left open to the world is fine, then feel free to upload your Google Maps timeline (or whatever equivalent your phone has) to the Internet publicly for a few years.

Share this post


Link to post
Share on other sites

Firstly, if it results in more cars being crushed that are driven by unlicensed, uninsured and, indicative of the previous two, untaxed ‘persons’ then fantastic.  Secondly, retaining the data to facilitate police in later tracking hit and run drivers who leave your family members and children dying in the road, to later track the child kidnapper, to track the county lines drug pushers, etc, etc, then fantastic retain the data and more cameras please. 
Fine if you can’t stand big brother watching but perhaps you would not mind the aforementioned consequences.

Having said that if data is breached then someone should be fully accountable.

Share this post


Link to post
Share on other sites
1 hour ago, Long Ago said:

Firstly, if it results in more cars being crushed that are driven by unlicensed, uninsured and, indicative of the previous two, untaxed ‘persons’ then fantastic.  Secondly, retaining the data to facilitate police in later tracking hit and run drivers who leave your family members and children dying in the road, to later track the child kidnapper, to track the county lines drug pushers, etc, etc, then fantastic retain the data and more cameras please. 
Fine if you can’t stand big brother watching but perhaps you would not mind the aforementioned consequences.

Having said that if data is breached then someone should be fully accountable.

Absolutely agree, in fact I would go further.  Cameras in every household to combat domestic abuse and to check that we are not voicing non government approved ideas and perhaps electrodes attached to the head to ensure that we are not harbouring racist thoughts etc..  Maybe even a camera inserted into the fundament so that the Council can check what we have been eating.   It's the way to ensure a safe and free environment so we can all rest in peace.

Share this post


Link to post
Share on other sites
Posted (edited)
3 hours ago, Long Ago said:

Firstly, if it results in more cars being crushed that are driven by unlicensed, uninsured and, indicative of the previous two, untaxed ‘persons’ then fantastic.  Secondly, retaining the data to facilitate police in later tracking hit and run drivers who leave your family members and children dying in the road, to later track the child kidnapper, to track the county lines drug pushers, etc, etc, then fantastic retain the data and more cameras please. 
Fine if you can’t stand big brother watching but perhaps you would not mind the aforementioned consequences.

Having said that if data is breached then someone should be fully accountable.

Ask the council/police/DVLA  how many untaxed cars the system has picked up in (say) a year  and then how many of them have been crushed or prosecutions have taken place and you will be surprised at just how few the number is -or  indeed ask for data on the frequency of the same car being caught.

 

Yes the theory is that it great for reducing the number of untaxed cars but the reality is somewhat different.

 

However it is a valuable help to police in the detection of some other crimes as mentioned

 

below is an extract from a question to the DVLA from 2014 when I queried the subject

 

Freedom of Information Request
Thank you for your e-mail dated 23 May requesting information under the terms of the Freedom of Information Act 2000 (FOIA).
You asked:
How many of the 453,508 vehicles driving without valid road tax in South Yorkshire and were captured by Fixed ANPC cameras (excluding mobile and those in police cars) were prosecuted as a result of being captured on the fixed ANPC camera?
This information is not held. DVLA does not receive reports of unlicensed vehicles generated by South Yorkshire police static cameras.
DVLA

Edited by Bigal1
added FOI information

Share this post


Link to post
Share on other sites

There has been a huge reduction in crime during the current lockdown, especially vehicle crime.  Perhaps this is the answer; keep every one confined to the house - enforce this with cameras and police with powers to do as they think fit, hey ho problem solved. 

Just wondering what the thousands of members of the armed forces who died in WWll, fighting to protect the freedom and dignity of the British people would think of our surveillance society and those with a North Korean mindset who extol it.

Share this post


Link to post
Share on other sites
Posted (edited)
4 hours ago, Long Ago said:

Firstly, if it results in more cars being crushed that are driven by unlicensed, uninsured and, indicative of the previous two, untaxed ‘persons’ then fantastic.  Secondly, retaining the data to facilitate police in later tracking hit and run drivers who leave your family members and children dying in the road, to later track the child kidnapper, to track the county lines drug pushers, etc, etc, then fantastic retain the data and more cameras please. 
Fine if you can’t stand big brother watching but perhaps you would not mind the aforementioned consequences.

Having said that if data is breached then someone should be fully accountable.

If I wanted to know when you were out at work, and how often you spent weekends away, all I would need is your reg number.

Its not the data that's the problem here - its the data breach. And its not so much a breach, as SCC taking all this privileged data, for which you need a permit to access,  and leaving it in the equivalent of a cardboard box in a layby for anyone to find.

Edited by Phanerothyme

Share this post


Link to post
Share on other sites
16 minutes ago, Phanerothyme said:

 And its not so much a breach, as SCC taking all this privileged data, for which you need a permit to access,  and leaving it in the equivalent of a cardboard box in a layby for anyone to find.

Bad analogy I’d think. 
 

More like they forgot to lock the back door, so someone could sneak in and get the data ( if they knew there was a back door and went looking for it).

Share this post


Link to post
Share on other sites
9 minutes ago, Planner1 said:

Bad analogy I’d think. 
 

More like they forgot to lock the back door, so someone could sneak in and get the data ( if they knew there was a back door and went looking for it).

Not really sneaking in the back door. Given web sites are effectively the front door, it's more like a shop leaving the front door open overnight. There are many systems on the web that spend their time trawling IP addresses looking to vulnerable systems so there is no 'and went looking for it' as if that's some unusual event. They should have been able to see from their server logs just how often people looked for it even before they left the door open.

 

That still leaves the issue of why personal data[1] was on the system unencrypted.

 

[1] Car registration numbers count as personal data under the GDPR as they can be used to identify someone indirectly.

Share this post


Link to post
Share on other sites
2 hours ago, altus said:

Not really sneaking in the back door. Given web sites are effectively the front door, it's more like a shop leaving the front door open overnight. There are many systems on the web that spend their time trawling IP addresses looking to vulnerable systems so there is no 'and went looking for it' as if that's some unusual event. They should have been able to see from their server logs just how often people looked for it even before they left the door open.

 

That still leaves the issue of why personal data[1] was on the system unencrypted.

 

[1] Car registration numbers count as personal data under the GDPR as they can be used to identify someone indirectly.

I think I might disagree with you there. The average internet user would not know a vulnerability was there or how to find the data. You said yourself that there are systems “trawling” for vulnerabilities, which fits perfectly the analogy of the door being unlocked, but most people wouldn’t know unless they went up and tried the door.
 

As I’ve already said, I understand GDPR and how registration plate data should be treated. Something went wrong in this instance and it appears that things haven’t been done the way they should. The relevant authorities (ICO) are aware and looking into it, as I’d imagine are the system owners and the vulnerability appears to have been fixed. I’d suspect we’ll not hear much more about it officially till the ICO have completed their investigations, which is normally a good while,  so there isn’t much more to say really.

Share this post


Link to post
Share on other sites
1 hour ago, Planner1 said:

I think I might disagree with you there. The average internet user would not know a vulnerability was there or how to find the data. You said yourself that there are systems “trawling” for vulnerabilities, which fits perfectly the analogy of the door being unlocked, but most people wouldn’t know unless they went up and tried the door.

What the average internet user would do is irrelevant. In real life the average person doesn't go looking for unlocked doors but people up to nefarious purposes do. The risk is from those people, not the average person.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.