[Cryptography] Encryption opinion

Bear bear at sonic.net
Sat Sep 13 12:33:37 EDT 2014 

On Fri, 2014-09-12 at 22:27 -0400, dan at geer.org wrote:
> > Automated license plate readers used by car repo companies, for
> > example, collect billions of personal records per year, which
> > contribute to vast databases that can be used by law enforcement,
> > insurance companies, banks, and the like, with few limits.
>  
> which is germane insofar that if the quality of a phish is the
> plausibility of the context in which it appears, then widening data
> collection materially enables ever more plausible context-generation;

We have to get used to the idea that surveillance and correlating   
surveillance data with data found on the Internet is not difficult. 

Heck, someone who wants to can just point a camera and an EZpass 
scanner out the window from a building near a freeway, hook up 
their own OCR software, and start crosslinking EZpass numbers with 
license plates.  No data theft is required.

In addition to the option of stealing a database to connect license 
plates to individual names and addresses, they can also buy the 
database from any number of sources of varying legitimacy, or 
build their own. 

Even if they don't get access to "private" records for addresses, 
there are all those youtube videos and facebook pages that contain 
images of cars belonging to identified people, with the license 
numbers clearly visible.  You could simply build a bot that trawls 
what google image search returns when you enter "car." It will get 
a lot of photos of cars whose license plates it can read, often on
pages identifying the owners by name, or if not then at least 
appearing on the pages of a lot of people who you can find
names/addresses for.  It's not hard to cross-correlate that data 
with what your camera and your EZpass scanner observe out your window. 

Nothing prevents the spammers and the phishers and the fraudsters 
from doing the same thing our governments and search engines do, 
unless perhaps it be the simplicity with which they can save 
the time and effort by stealing the data.  In fact nothing save 
distrust even prevents them from sharing the data they collect. 

				Bear

More information about the cryptography mailing list