Boston's License Plate Reader Database Could Be Downloaded By Anybody

Illustration for article titled Bostons License Plate Reader Database Could Be Downloaded By Anybody

A huge amount of Boston’s traffic data dating back to 2012 was stored on an insecure website that didn’t even require a password once the user was guided to the server’s back door by a simple Google search. Boston!


When investigative journalist Kenneth Lipp alerted the operators about this massive security flaw, they made the site private in two hours. But to learn what went on before that and how Boston’s Police and Transport Departments ended up creating this data-leak privacy clusterfuck, head over to PrivacySOS!

Remember: It’s at least a $54 fine if your license plate is on incorrectly. Money well spent.


Photo credit: AP Images

Contact the author at

Share This Story

Get our newsletter


So here’s the thing - you have no expectation of privacy out on the roads. Anyone can take pictures. So private collection is definitely legal. As soon as there’s a way to make money off it, you’ll see license plate readers installed at privately owned parking garages/lots, buildings on major intersections, what have you, and the data collected and sold. It’s just that there’s no business case for it yet.

But beyond that - I’m wondering when the first enterprising journalist will file a Freedom of Information Act request regarding license plate scanner data. It’s data collected by public agencies, in a domain that doesn’t have a constitutional expectation of privacy. This is a case where technology has accelerated something that was always prohibitively expensive but perfectly legal (collection of pictures of public spaces), added another perfectly legal thing (reading the publicly visible license plate numbers we all drive around with in an automated fashion), and voila, you have yourself something that, while just an extension of what was always possible (but not feasible) becomes seriously creepy.

And I think it’s going to take a civic-minded journalist to expose that - get a media organization behind the FOI request, get the records, then compile identifiable data out of that, then write up a big article that potentially exposes some big names. Let’s say you were to find that certain council members keep entering a parking lot belonging to an adult bookshop on their way back from church. Let’s say you published that in such an article. How long until people wake up to the fact that this sort of thing is becoming a bit creepy?

It’s the same story with facial recognition software. That’s a much harder problem, technically, then license plate scanners, but they’re getting pretty good and will get cheaper and cheaper. The assumption has always been that being out and about has no expectation of privacy - but I think we need to redefine that notion, probably through legislation (as the courts only have unhelpful precedent to fall back on).

We’re already giving a bit of (very basic) protection to the data that’s generated by the cell networks - our cell providers can pretty much pinpoint where our devices are most of the time, at least to the point of which cell towers they’re connecting to - that’s how they route calls/texts after all, and our phones are constantly accessing the network to refresh email and such. The act of driving around with a visible license plate, or walking around public spaces with a face that can be recognized by software, should not result in a total loss of privacy, just like the act of carrying around a cell phone should.