[Cryptography] Encryption opinion

[dan at geer.org]

A couple of weeks ago, I wrote:

 | As a side note, the state of Massachusetts has just moved to toll
 | roads without toll takers, using license plate cameras instead to
 | send you a bill for a few dollars.  I've not been on any of those
 | roads, but I've gotten three e-mailed bills in the last two weeks
 | that to the unskeptical eye look fully legitimate, which also
 | indicates that the phishers know that my geolocation makes driving
 | such roads plausible.
 | 
 | You may not buy from Company XYZ, but everybody is a client of their
 | respective government...

and I mostly got "Pshaw; EasyPass spam is old hat."  Yeah, maybe
for some, but then (and now) I thought that the timing of the spam
was rather better than mere random happenstance.

I just read this article

http://rt.com/usa/license-scanners-private-database-046/

> Automated license plate readers used by car repo companies, for
> example, collect billions of personal records per year, which
> contribute to vast databases that can be used by law enforcement,
> insurance companies, banks, and the like, with few limits.
> 
> BetaBoston, working with the Boston Globe, detailed one Boston repo
> company's data collection abilities, reporting that New England
> Associates Inc. can collect $200 to $400 for each vehicle found by
> an automated reader attached to an unmarked car. The company says
> it can typically add 8,000 license plate scans to its database in
> Texas each day.
> 
> Digital Recognition Network, which works with New England Associates,
> says it collects plate scans of 40 percent of all US vehicles per
> year.
> 
> ...snip...

which is germane insofar that if the quality of a phish is the
plausibility of the context in which it appears, then widening data
collection materially enables ever more plausible context-generation;
just pick up

play.google.com/store/apps/details?id=com.itzkow.licenceplatereader

and see what you can do all by your lonesome, etc.

--dan