New Documents Show That Feds Share License Plate Scanning Data With Insurance Firms

from the crony-capitalism dept

Wed, Aug 22nd 2012 5:13am — Mike Masnick

It's one thing for governments to make use of license plate scanning equipment to catalog what cars are crossing their borders. But it takes it to a whole different level to then share that data with insurance firms. However, it appears that's exactly what the US government is doing. A Freedom of Information Act request by privacy group EPIC, discovered that US Customs (part of Homeland Security) is sharing license plate scans with the National Insurance Crime Bureau (NICB), which is actually an organization made up of just about every insurance company.

The reasons for such sharing of info may appear to be noble. It's technically to try to spot stolen vehicles.

The purpose of furnishing LPR information is to verify that vehicles departing from and arriving into the United States are not stolen vehicles. NICB has access to unique information regarding stolen vehicles, as well as the means of exchanging information regarding stolen vehicles with member insurance company Special Investigative Units and Federal and State law enforcement authorities.

The memorandum of understanding insists that the data can only be used for these purposes, but it's unclear if there's any real way to police that, and it certainly means that the uses by NICB are not subject to a FOIA request, since they're not a part of the government. The only "remedy" presented for a firm that uses the information otherwise is to be stricken from the "shared" list. There are also some concerns that even the sharing of the info may be in violation of existing laws.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: insurance companies, license plates, privacy, sharing
Companies: nicb

55 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

Ninja (profile), 22 Aug 2012 @ 5:18am

The Government working for private entities using taxpayers money? You don't say...

In another news, taxpayer money is being used to spy and promote indefinite detention of innocent citizens. Surely not in America!
[ link to this | view in chronology ]
- Anonymous Coward, 22 Aug 2012 @ 10:06am
  
  Re:
  Pretty soon they will be able to issue speeding tickets using drones
  [ link to this | view in chronology ]
David Canton, 22 Aug 2012 @ 5:38am

License plate sharing
If the real issue is to spot stolen vehicles - there is a simple solution to avoid any abuse or impinge on the privacy of innocent people. Don't share all license plates. Create an interface that compares lists of stolen vehicles with the scanned plates, and just report the matches.
[ link to this | view in chronology ]
- New Mexico Mark, 22 Aug 2012 @ 6:48am
  
  Re: License plate sharing
  That is part of what makes this activity suspect from the aspects of privacy and the use of public funds for the benefit of certain private entities.
  [ link to this | view in chronology ]
  - Anonymous Coward, 22 Aug 2012 @ 7:05am
    
    Re: Re: License plate sharing
    Well, I could make the case that insurers and their honest customers pay taxes and that reducing rates of car theft and increasing the rate of recovery of stolen vehicles provides a saving that can be realized in lower rates. Seems like in easily could benefit the general public- at least those that have any sort of insurance policy from one of the participating insurers.
    [ link to this | view in chronology ]
    - Sneeje (profile), 22 Aug 2012 @ 7:14am
      
      Re: Re: Re: License plate sharing
      Perhaps, but it becomes more difficult to argue that when there are alternatives, such as the above, that can achieve the same end without sharing or distributing the information.
      
      For example, there are some government agencies that have an arrangement with cruise lines to look for possible terrorists on their passenger and crew lists, but they do this without sharing their respective lists with one another. They do it through double-blind anonymization and comparisons of hashes. If there is a hit, they can contact the cruise line and discuss that specific hit, but otherwise the list is encrypted and not available for any other use.
      [ link to this | view in chronology ]
    - Berenerd (profile), 22 Aug 2012 @ 7:51am
      
      Re: Re: Re: License plate sharing
      You really think the savings will be passed onto you? Also, aren't all stolen stolen cars recorded in a government database anyhow? Its called a police report? Why would an insurance company not ask for a police report on a stolen car?
      [ link to this | view in chronology ]
    - John Fenderson (profile), 22 Aug 2012 @ 9:19am
      
      Re: Re: Re: License plate sharing
      a saving that can be realized in lower rates.
      
      Savings that wouldn't be kept as profit? Oh, man, now that's funny! Thanks for making my day!
      [ link to this | view in chronology ]
    - orbitalinsertion (profile), 22 Aug 2012 @ 12:05pm
      
      Re: Re: Re: License plate sharing
      It's more likely that they would use this to go after individuals for driving further than they said they normally do on the insurance application, and raise their rates.
      [ link to this | view in chronology ]
- Jesse (profile), 22 Aug 2012 @ 9:12am
  
  Re: License plate sharing
  Exactly. Or the insurance companies can just share the list of stolen vehicles, as that is not the sensitive data.
  [ link to this | view in chronology ]
  - Jesse (profile), 22 Aug 2012 @ 9:14am
    
    Re: Re: License plate sharing
    PS and it would make more sense for border agents to have access to the list, so that they can quickly apprehend those in possession of stolen property.
    [ link to this | view in chronology ]
Anonymous Coward, 22 Aug 2012 @ 5:54am

Now why wouldn't a local/state/federal government agency have this information on stolen vehicles and the accompanying crime?

I'm sure we can create one to fill the void. We can even come up with a random name for them just for arguments sake. How about the "police?" It's catchy.
[ link to this | view in chronology ]
- Anonymous Coward, 22 Aug 2012 @ 6:33am
  
  Re:
  Pretty sure that name is taken. What are you trying to do, start a lawsuit?
  [ link to this | view in chronology ]
  - The eejit (profile), 22 Aug 2012 @ 7:46am
    
    Re: Re:
    I don't know. Is there a patent on "applying and enforcing the legal applications in a non-controlled evironment?"
    [ link to this | view in chronology ]
Anonymous Coward, 22 Aug 2012 @ 5:54am

I am not necessarily against the sharing of information, I am way more concerned about how it is used or/and how it is shared.

With that said, I don't see how this could be misused, therefore I am asking what kinds of risks this can bring and what is the be bad or good in it? what are the scenarios that are possible?

Is there more info being shared?
Locations, dates, photos, videos, vehicle owner information?
Accident reports anything that shows this could be a problem?

Only plate numbers are not that much of a concern, but maybe I am wrong and someone can explain it to me how this could be abused.
[ link to this | view in chronology ]
- Anonymous Coward, 22 Aug 2012 @ 6:16am
  
  Re:
  Very little information is actually harmful until it's harmful. Take for example, the Netherlands birth certificate system, which didn't seem bad in its extensiveness until the Nazis used it to track down people of Jewish descent. (That's the classic case of privacy concerns)
  
  In this case, the insurance company already knows your plate number & the info associated with that, so knowing when you're travelling out of country, (and where to, and where along the border), is a substantial amount of information. With the wealth of other information insurances companies keep and sniff out, I'm not too comfortable with the gov't giving them direct aid in this unethical behaviour.
  [ link to this | view in chronology ]
Anonymous Coward, 22 Aug 2012 @ 6:09am

Why not just reverse the data direction?
Wouldn't it make a lot more sense to turn the data sharing around? Have NICB tell Customs what vehicles/plates are stolen and then Customs can compare plates and take appropriate action when a stolen vehicle is found.
[ link to this | view in chronology ]
- The eejit (profile), 22 Aug 2012 @ 7:50am
  
  Re: Why not just reverse the data direction?
  That would be sensible. IT would apparently, however, hit the bottom lines. And the bottom line is everything.
  [ link to this | view in chronology ]
G Thompson (profile), 22 Aug 2012 @ 6:12am

With that said, I don't see how this could be misused,

Say you have insurance for your vintage vehicle that states it can only be driven a certain number of miles/kilometres per year and/or cannot go interstate and especially not cross borders unless you pay an extra charge for some reason.

Lo and behold the Insurance company sends you a bill to either pay this or they will remove your insurance (for voiding the bullshit contract requirement) and let other insurers know that you have lied on your promise. Guess where they got the info from?

Oh they get fined? or removed from the list? so what. That's probably going to be incorporated into the cost of your insurance premium in future anyway.

Yes it can be abused and because it can be logic dictates at some point it WILL BE!

Criminal data which stolen goods are should ONLy be used by authorities that have a mandate with that criminal data. NOT private companies who can take no action anyway other than call the police, though they might try heavy handed unlawful interference actions... which is called abuse of power (ultra vires)
[ link to this | view in chronology ]
- G Thompson (profile), 22 Aug 2012 @ 6:14am
  
  Re:
  Oops.. this was in reply to this comment #3
  [ link to this | view in chronology ]
  - Anonymous Coward, 22 Aug 2012 @ 6:18am
    
    Re: Re:
    He says, pointing to comment #4 :p
    [ link to this | view in chronology ]
- Anonymous Coward, 22 Aug 2012 @ 6:19am
  
  Re:
  That's the way it goes I guess :/ all the big companies can pretty much get away with murder.
  
  There is no real deterrent to stop abuse.. A fine is no big deal they will be like okay our bad and continue to do the same bullshit.
  
  Now if we fuck up it's a whole different story we will face jail time for even some of the most stupid shit like "farting at a cop"
  [ link to this | view in chronology ]
  - The eejit (profile), 22 Aug 2012 @ 7:51am
    
    Re: Re:
    Then perhaps an EMP ont he corporation's entire data network would be appropriate. After all, it's not a real person. Can't murder what's not there.
    [ link to this | view in chronology ]
- Anonymous Coward, 22 Aug 2012 @ 6:38am
  
  Re:
  But hold on a second...you just committed insurance fraud...isn't that a problem?
  
  If you don't like a "bullshit contract requirement", don't sign the contract.
  [ link to this | view in chronology ]
  - G Thompson (profile), 22 Aug 2012 @ 8:46am
    
    Re: Re:
    There are a fair few reasons why people sign contracts, especially insurance contracts, even when they don't like or even understand (though that's a separate issue) the terms.
    
    It could be due to monopilisation, industry standard duress practices, the list is huge
    
    And just because you might of committed Insurance fraud (has to be proven first) does not give the insurance companies the right to ultra vire information.
    
    Or would you like them to start profiling you based on your DNA that might be on file. It's the same situation though not as controversial
    [ link to this | view in chronology ]
  - orbitalinsertion (profile), 22 Aug 2012 @ 12:15pm
    
    Re: Re:
    While it goes without saying that not everyone is terribly honest all the time, corporations have the upper hand against a consumer in that department.
    
    Why should you declare that you might take a trip or two a year beyond the forty mile radius you normally occupy when they are already nickle-and-diming you to death?
    
    It's a somewhat food thing that there is an increasing amount of "good driver" exceptions used in the industry, but the default is to use statistics against every individual. And no matter the discount, they are still gaming you somewhere else.
    
    I don't say this from some sort of personal bitterness, either. I had a freaking awesome insurance agent when I was driving.
    [ link to this | view in chronology ]
    - orbitalinsertion (profile), 22 Aug 2012 @ 12:16pm
      
      Re: Re: Re:
      lolwut? "food" → "good"
      [ link to this | view in chronology ]
- Anonymous Coward, 22 Aug 2012 @ 6:47am
  
  Re:
  So you fear that the data will be used against people defrauding insurance companies? Interesting.
  [ link to this | view in chronology ]
  - G Thompson (profile), 22 Aug 2012 @ 11:19am
    
    Re: Re:
    breaching a contract (whether over a dubious clause or not, is not fraud. You cannot defraud for contract breach there needs to be financial gain or the intent to obtain financial gain by falsifying a claim for damages.
    
    We are NOT talking about that here and if you think we are you are deluding yourself and need to really go and understand what contracts are and what fraud is and the absolute differences between them.
    [ link to this | view in chronology ]
- Anonymous Coward, 22 Aug 2012 @ 6:49am
  
  Re:
  So you fear that the data will be used against people defrauding insurance companies? Interesting. Seems to me that all of us other honest consumers are probably paying higher premiums when someone lowers their own risk profile by lying to insurers. Not sure that example evokes a lot of sympathy.
  [ link to this | view in chronology ]
  - A Dan (profile), 22 Aug 2012 @ 7:05am
    
    Re: Re:
    The same argument you're using is an argument used for spying and throttling/capping of internet connections. It's an attempt to get us to turn on each other instead of the corporations screwing us over. Don't take the bait.
    [ link to this | view in chronology ]
  - Anonymous Coward, 22 Aug 2012 @ 7:39am
    
    Re: Re:
    I think he is more fearful of the insurance companies defrauding the public through questionable acts.
    
    Specially when already pointed out that it could be made more privacy friendly by sharing only the data from stolen vehicles.
    [ link to this | view in chronology ]
  - G Thompson (profile), 22 Aug 2012 @ 8:49am
    
    Re: Re:
    Read my comment to other poster above, and rememebr just becasue you might do something wrong or not.. could be reasonable circumstances -necessity, hardship, etc for you to travel cross border - up to court to decide if you have breached your contract or whether it was just de minimus. This does not equate to a corporation obtaining private records (and would be interesting if it was a breach of Canadian privacy laws this one) for unknown dubious means
    
    Two wrongs do not a right make
    [ link to this | view in chronology ]
  - orbitalinsertion (profile), 22 Aug 2012 @ 12:21pm
    
    Re: Re:
    Of course! Don't blame the unfair system used by insurers. Blame consumers who are required to have insurance and try to drag their premiums somewhere back near to reality.
    
    I think you'll also find that strictly honest consumers/taxpayers are largely a myth. Just as honest corporations are. The American Way is for everyone to game everyone else for the best personal outcome. It is indirect haggling.
    [ link to this | view in chronology ]
DannyB (profile), 22 Aug 2012 @ 6:26am

Darn -- FOIA'ed again!
Only criminal terrorist commies support FOIA. It should be abolished. It lets bad people obtain information on how the good guys (eg government and private money) are going after 'bad' people. Trust us. This kind of information would never be misused. Shouldn't the government share all the information it has on citizens with private interests -- as long as they are wealthy and/or powerful enough? What could go wrong?

Think of the children!
[ link to this | view in chronology ]
Anonymous Coward, 22 Aug 2012 @ 6:53am

I wonder if this would be OK if Google was doing it?
[ link to this | view in chronology ]
- The eejit (profile), 22 Aug 2012 @ 7:52am
  
  Re:
  Dude, what are you on? Of course if The Goog was doing it, they'd have had a multi-trillion-dollar fine already! We'd have this deficit malarkey solved, dammit!
  [ link to this | view in chronology ]
- Berenerd (profile), 22 Aug 2012 @ 7:56am
  
  Re:
  GOOGLE PLATES!!!!!
  
  Plates.google.com Register your car now!
  [ link to this | view in chronology ]
Machin Shin (profile), 22 Aug 2012 @ 6:56am

Backwards?
Is it just me that thinks this just seems like the flow of information if totally backwards? Why would the government be sharing all the license plate scans with a private group to "look for stolen cars". Wouldn't it make much more sense for this group to instead feed the government with information about what license plates are reported stolen?
[ link to this | view in chronology ]
artp (profile), 22 Aug 2012 @ 7:14am

Why aren't the insurance companies sharing data with the government?
Funny that the National Insurance Crime Bureau (NICB) isn't sharing data with the government. Trade secret, perhaps? Loss of economic advantage. maybe? Just corporate stubbornness about letting anybody else get an advantage? Did you want fries with that?

It has always baffled me that police officers want to know if you are insured. Part of the requirements of passing a law requiring me to have car insurance should be that the insurance companies open up their databases to the authorities, so that they can KNOW that I am insured without asking me. That is legal evidence, isn't it? What's the difference between subpoenaing the information versus requiring the insurance companies upfront to make it available?

In 2000, after Y2K expired and after the dotcom crisis decimated the tech market, things were still going good for tech companies here in Iowa, the capital of the insurance industry. There are more SANs in Des Moines, Iowa than you can shake a stick at. The data is there. Like most industries, they invest heavily in fraud detection, which requires humungoid datasets, and the processor horsepower to query it.

Sure, require people to carry around a small, easily counterfeited proof-of-insurance card. But then check back to the mothership to make sure.

It should be the same with any other data that the government requires from insurance companies.
[ link to this | view in chronology ]
Anonymous Coward, 22 Aug 2012 @ 7:30am

I was wondering what sort of nefarious purpose this could entail, and that was when I started browsing the net.

Came across a cracked article, 6 Terrifying User Agreements You've Probably Accepted, and it seemed to have in some part a tie in to this.

I'll quote the gist so it can be cleared up.

"As it turns out, OnStar [...] They recently updated their terms of use contract to include two new points. First off, a new agreement forces you to allow OnStar to sell your driving data to whomever they want. We're talking stuff like vehicle speed and location, current odometer reading, driver seat-belt use and air-bag deployment. If that doesn't sound too bad, wait until they sell it to your insurance company, Speedy.

There's also a fine chance that, much like the GPS company TomTom, they could receive a subpoena ordering them to release your data to the police. And since we're talking about technology that can basically record everything you do and say inside your vehicle, OnStar offers so much more information than your typical GPS. In other words, if you're fleeing from justice, don't do it in a newer vehicle."

Suddenly the comparing of government databases seem kind of a better way to go.
[ link to this | view in chronology ]
Anonymous Coward, 22 Aug 2012 @ 7:42am

To fuel the conspiracy theories I would like to point out that such database must be huge and probably is using more computer resources than say the drug enforcement people that have only 40 TB of global storage.

http://arstechnica.com/tech-policy/2012/08/drug-enforcement-administration-only-has-40-t b-of-electronic-storage-world-wide/

I alone have half that in my home.
[ link to this | view in chronology ]
- The eejit (profile), 22 Aug 2012 @ 7:54am
  
  Re:
  O.o That's insane. My question, though, is if it takes 1.88 Gigawatts to power, and does it fit in a DeLorean?
  [ link to this | view in chronology ]
GMacGuffin (profile), 22 Aug 2012 @ 7:44am

Goal: Profit; Means: Deny Claims
I worked on behalf of insureds for a decade. This is what I learned:

Insurance companies have one goal, and that is to make a profit. The easiest way to do that is to deny claims. The *preferred* way to do that is legitimately. That's why the insurance industry probably has better investigators than the government. Anything they can tack onto one of the myriad coverage exceptions can be used to deny payment.

Say our hypothetical injured insured goes to Mexico for cheap drugs. InsCo gets wind of it. Suddenly, they are denying claim. "People who are actually injured don't go to Mexico." OR "Purchase of potentially illegal drugs voids policy" OR "Injury, if any (which we don't admit), must have occurred in Mexico, which the policy doesn't cover" ... you get the point.

So there's likely all sorts of nefarious stuff Insurance Industry could do with the license plate data.

(Also, all that "news" about rampant auto-insurance fraud is pure propaganda.)
[ link to this | view in chronology ]
- Baldaur Regis (profile), 22 Aug 2012 @ 8:32am
  
  Re: Goal: Profit; Means: Deny Claims
  Insurance companies have one goal, and that is to make a profit. The easiest way to do that is to deny claims.
  The second easiest way is to add (and charge for) hilariously implausible scenarios. For instance, I can't drive through "radioactive areas" or transport "explosive or potentially explosive materials". This totally ruined my plan to fund my vacation to visit Chernobyl by selling hairspray. Damn you AllState!
  [ link to this | view in chronology ]
  - orbitalinsertion (profile), 22 Aug 2012 @ 12:24pm
    
    Re: Re: Goal: Profit; Means: Deny Claims
    For instance, I can't drive through "radioactive areas" or transport "explosive or potentially explosive materials".
    
    Does your vehicle have an internal combustion engine?
    [ link to this | view in chronology ]
- artp (profile), 22 Aug 2012 @ 9:07am
  
  Re: Goal: Profit; Means: Deny Claims
  You got that right. They set their rates based on the actuarial tables, and then winnow out the folks that make the actuarial tables less profitable.
  
  My current (mis)insurance company is great at denying claims, forgetting claims for a few months, reversing denial of claims, telling me my claims are not eligible for payment because I have files too many of them, and then starting all over again. Apparently, their health care professionals, who have never seen me or talked to me, know more about my case than the professionals that are actually treating me. I keep calling that medical malpractice, but I haven't found anyone who agrees with me.
  
  They were supposed to pay on the same rules as my previous insurance company, but their rules keep changing besides not complying with the rules that they are supposed to follow. Imagine my surprise when I found out that they are owned by my previous insurance company.
  [ link to this | view in chronology ]
weneedhelp (profile), 22 Aug 2012 @ 8:18am

B.S.
I call bullshit. First thing when you steal a car is to switch the tags with an identical car.
[ link to this | view in chronology ]
- Anonymous Coward, 22 Aug 2012 @ 8:58am
  
  Re: B.S.
  First thing I do when stealing a car is change the radio station. Just can't stand cowboy rap.
  [ link to this | view in chronology ]
jupiterkansas (profile), 22 Aug 2012 @ 8:24am

Couldn't the insurance companies file a Freedom of Information Act for the same information? Couldn't anyone?
[ link to this | view in chronology ]
Anonymous Coward, 22 Aug 2012 @ 9:21am

gee, do you pirates get mad at the fact if you cancel your insurance, because you sold the car, do not even own car, and the insurance company will tell the state you have no insurance and the state suspends your license, do you feel that is abuse??? or because its not the big evil government tracking you, its ok???
[ link to this | view in chronology ]
- orbitalinsertion (profile), 22 Aug 2012 @ 12:26pm
  
  Re:
  lolwut? Especially on the suspended license because you no longer have a car.
  [ link to this | view in chronology ]
Cosmicrat, 22 Aug 2012 @ 10:01am

Insurance co.s are not your friend
Regarding "people who violate their contracts with car insurers cause rates to go up for the rest of us", are you high? Car insurance companies are never going to lower rates overall unless they are forced to. All this advertising about "let us track you and we might lower your rates" is BS. What they will do is raise rates for everyone save a few, and laugh all the way to the bank. And to those who say "just don't sign the contract", it's not like you have a realistic choice. Car insurance is mandated by law, and the insurance industry colludes to create monopolistic standards and uniform contracts. I have talked personally to and outgoing deputy insurance regulator in my state who told me the industry is highly unethical and operates essentially outside government regulation because legislators and executives who have been bribed with campaign contributions de-fund the regulatory agencies. These are corporations we are talking about and corporations have no soul, no moral compass. Their only purpose is to make a profit. Any time the government requires you to buy a product from a for profit business they have a responsibility to he public to regulate that industry very carefully, and they fail miserably in this case. The car insurance business is out of control and needs to be reigned in. Sharing information with them this way is a big mistake, leading to even worse exploitation of their captive customers.
[ link to this | view in chronology ]
Anonymous Coward, 22 Aug 2012 @ 11:23am

I eagerly await the insurance companies taking note of the license plates of vehicles found to be driving in traffic some arbitrary number of times in some arbitrary period of time, and using that as justification to increase the person's insurance rate.

After all, people who drive in traffic are at elevated risk for being in an accident, and they should have to pay more, right?
[ link to this | view in chronology ]
Steve Ross, 19 Feb 2014 @ 11:52am

AAA denies collision claim on basis of border crossing information
The Automobile Club of Southern California is denying my collision claim on the grounds of my being a "regular or frequent" driver into Mexico which amounts to less than a half a dozen times a year at the most. They obviously obtained this information from license plate recordings at the San Ysidro Border crossing data base. I have a date to meet them in Small Claims Court. Any ideas on what I can present to the Court to disqualify their information ? With 300,000 crossings a day as a 71 year old retired guy going to Tijuana a few times a year for lunch I hardly am a frequent and regular driver in Mexico and feel it is unfair of them to deny my claim but they are using this information against me. any thoughts to steve.baddog.ross1@gmail.com
[ link to this | view in chronology ]