Buckinghamshire CC ANPR cameras

John Wilson tugwilson at gmail.com
Mon Jan 9 18:50:19 GMT 2012

On 9 January 2012 17:53, Roland Perry <lists at internetpolicyagency.com> wrote:
> In article
> <CAJkBBXXgep9Ojt8MBPZOuE+fJHbQ2wm=55N6HM7Fu3u1JOYc8Q at mail.gmail.com>, John
> Wilson <tugwilson at gmail.com> writes
>> I can see that there my well be significant
>> advantage for a planner to have access to detailed travel information
>> over an extended period of time. My problem is that this is
>> effectively personal data and they are using sleight of hand to deny
>> that and hence dodge their responsibility for handling it carefully.
> Is it enough that the planners [presumably] don't have a tool to turn the
> hashed data into real cars (so they can for example spy on ex-girlfriends)
> or is it the danger that 3rd parties involved in more serious data leaks
> (legal or otherwise) potentially aided by specific attacks on the hashing,
> which is the bigger concern?

I would expect that if you have me a hour's M25 data I could reverse
engineer the hashing algorithm in a day or so.

Once the hashing algorithm is known many things can happen from a
jealous spouse tracking a partner through celebrity staking to helping
the planning of the assassination of a major public figure.

The problem, as I see it, is that the people collecting and storing
this information don't believe it's sensitive. If they think it's not
sensitive they won't go to the trouble and expense of protecting it
properly e.g. they will send raw data - probably on a CD in the post -
to random academics and employees of engineering companies. Eventually
somebody will buy a hard disk off eBay and find a years worth of
traffic data fron central London.

John Wilson

More information about the ukcrypto mailing list