Financial Markets


License Plate Reads: A Double-Edged Sword in Public Safety and Cybersecurity

In today's interconnected world, information is power, and no one understands this better than our law enforcement agencies. As we seek to harness technology's potential for public safety, we find ourselves grappling with a conundrum - Automated License Plate Readers (ALPRs). Though frequently celebrated for boosting public safety, these devices, unfortunately, spotlight sizable cybersecurity threats due to their knack for hoarding sensitive data.

According to a recent advisory by the U.S. Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA), seven vulnerabilities have been identified in Motorola Solutions' Vigilant ALPRs. In 2022 alone, these devices have been overzealous, collecting more than 1.6 billion license plate scans in California. Troublingly, the majority of this data acquisition is unrelated to public safety interests - a flagrant overreach echoing an insatiable data appetite with consequences undisclosed to the public.

Unlike GPS-based applications where consent is required, ALPRs possess the unchecked power of collecting data, which cannot easily be expunged from their systems. Furthermore, the storage and management of this massive cache of data become an attractive prey for cybercriminals, as reflected in numerous incidents over the last decade. More than 125 law enforcement agencies disclosed data breach or cyberattack occurrences between 2012 and 2020. With ALPRs, another glaring vulnerability punctuates an already beleaguered cybersecurity field.

A pressing issue underlying these concerns, as noted by a cybersecurity specialist at Motorola Solutions, lies in the recruitment and retention of cybersecurity personnel by public safety agencies. As technological advancements evolve at breakneck speed, the state of our cybersecurity defense often lags far behind. This dire talent gap ironically jeopardizes what ALPRs aspire to protect - public safety.

Gratefully, major security vulnerabilities have been spotted in ALPRs at least thrice in the last decade, thwarting potential damages. The last of these vulnerabilities was identified and reported by the Michigan Cyber Command Center, underscoring the critical importance of proactive, robust cybersecurity measures.

The report's key message elicits thought: public safety agencies must resist the gluttonous temptation to collect all data. Ensuring data collection is limited to what is necessary for actual criminal investigations not only hedges against undue privacy invasion but also strategically detracts from cybercriminals' interest. A concerted and deliberate approach to cybersecurity can thereby substantially enhance public safety, restoring the community's faith in the balance of safety and privacy.

Ultimately, the public's trust lies precariously in the hands of responsible data handling by public safety agencies. Stemming from various incidents where collected data inadvertently leaked or misused, endangering public safety, the emphasis on the responsible use of ALPRs cannot be more punctuated. Coping with the present, we must tread carefully towards a tech-driven future—juggling the advantages of technological advancement against the threat of cybersecurity vulnerabilities, we ought to ensure that in the quest for public safety, privacy does not become a casualty.