When the Cops are Worried About Your Privacy-You Should Worry Too!

Kaye Beach

Dec 5. 2011

I imagine somebody is making a mountain of money off of this deal.  It will be ordinary travelers along with the cops on the beat that will end up paying the interest on this foolish plan.

In today’s world, your information is VALUABLE and your rights are CHEAP.

GATSO USA Forms Unique, Strategic Partnership with Nlets

Earlier this month, GATSO USA was approved as a strategic partner by the Board of Directors of the National Law Enforcement Telecommunications System (Nlets).  Nlets is the nation’s premier interstate network for the exchange of critical law enforcement, criminal justice, and public safety-related information. Supporting every agency at the state, local and federal level. . .

The approval of GATSO is an exciting first for the photo-enforcement industry.

Nlets will be hosting GATSO’s back office and server operations within the Nlets infrastructure. GATSO will have access to registered owner information for all 50 states plus additional provinces in Canada. The strategic relationship has been described as a “win-win” for both organizations.

. . .From GATSO’s perspective, hosting the system with Nlets will provide a ruggedized, robust connection to comprehensive registered owner information.

. . .Nlets was created over 40 years ago by the principal law enforcement agencies of the States. Today, it serves law enforcement agencies in all of the United States and territories, all Federal agencies with a justice component, selected international agencies, as well as a variety of strategic partners — all cooperatively exchanging data. (Emphasis mine) The types of data exchanged vary from motor vehicle and drivers’ data, to Canadian and Interpol databases, state criminal history records, and driver license and corrections images.

Read More

Here are some of NLETS’ “strategic partners”

REDFLEX (Red Light (S)camera company)

OnStar (your on board eavesdropping and tracking device)

BioKey (biometric company)

and an old Oklahoma favorite,  InsureNet

 

 

 

 

 

 

 

 

 

 

The following is from the ‘Nowhere to Hide’ Blog (A site that says it is ‘ for cops by cops’)The writer reviews a few basic facts of the situation and asks some obvious questions that really illuminate this liberty and privacy travesty that is happening right under our noses.

“Should we be worried” he asks.  Worried?!  Worried is an understatement.

As the author notes, this endeavor involves;

. . . innovative use of technolgy for law enforcement, a psuedo-government agency (Nlets), two foreign-owned private companies, and LOTS of PII sharing.- some might even say it had all the makings of a Will Smith movie “

Security, Privacy, and Innovative Law Enforcement Information Sharing: Covering the bases

Excepts from NowheretoHide.org, published Feb 6, 2011;

The main points I took away from this press release were:

  1. Nlets is going to host the back-end server technology that GATSO needs to look up vehicle registration information of red-light runners;
  2. Gatso is going to have access to vehicle registration information for all vehicles/owners in ALL 50 states in the U.S. and (some) provinces in Canada; and
  3. And, because it’s behind Nlets firewalls, security is not an issue.

. . .After I read the press release, I thought that it would be a good case-study for the topic of this blog – it involved innovative use of technolgy for law enforcement, a psuedo-government agency (Nlets), two foreign-owned private companies, and LOTS of PII sharing – some might even say it had all the makings of a Will Smith movie.

To help set the stage, here are a few facts I found online:

  • Gatso-USA is a foreign company, registered in New York State, operating out of Delaware; its parent company is a Dutch company, GATSOmeter BVGatso.
  • Gatso does not appear to vet all of the red-light/speed violations itself; it uses another company – Redflex Traffic Systems to help with that (Redflex is not mentioned in the press release).
  • Redflex seems to be a U.S. company, but it has a (foreign) parent company based in South Melbourne, Australia.
  • Finally, there are no-sworn officers involved in violation processing. Red-light/speed enforcement cameras are not operated by law enforcement agencies; they outsource that to Gatso, who installs and operates the systems for local jurisdictions (with Redflex) for free, (Gatso/Redflex is given a piece of the fine for each violation).

BUT what is new here is that a sort-of-government agency (Nlets), has now provided two civilian companies (with foreign connections) access to Personally Identifiable Information (PII) (vehicle registrations) for the entire U.S. and parts of Canada…should we be worried?

Here are nine questions I would ask:

  1. Personnel Security: Will Nlets have a documented process to vet the U.S. and overseas Gatso and Redflex staff who will have access to this information through direct or VPN access to Nlets systems?
  2. Data Security: Will Gatso or Redflex maintain working/test copies of any of the registration information outside of the Nlets firewall? If so, are there documented ways to make sure this information is protected outside the firewall?
  3. Data Access: Will Gatso/Redflex have access to the entire registration record? or, will access be limited to certain fields?
  4. Code Security: Will any of the code development or code maintenance be done overseas in the Netherlands or Australia? If so, will all developers be vetted?
  5. Network Security: Will overseas developers/site suport staff have access to the data behind Nlets firewalls? What extra precautions will be taken to protect Nltes systems/networks from abuse/attack?
  6. Code Security: Will Nlets conduct any security testing on code loaded on the servers behind their firewalls?
  7. Stakeholder Support: Have all 50 U.S. states, and provinces in Canada, been made aware of this new information sharing relationship? Do they understand all of the nuances of the relationship? And, are they satisfied that their constituents personal information will be protected?
  8. Audit/Logging: Will all queries to vehicle registration information logged? Is someone checking the logs? How will Nlets know if abuses of authorized access are taking place?
  9. Public Acceptance: How do states inform their constituents that their personal vehicle registration information is being made available to foreign owned company? Will they care?

How these questions are answered will determine whether or not we should worry…

Read more

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s