Privacy

800 readers

24 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago

MODERATORS

A privacy dilemma from a developer: user freedom, or individual privacy? (lemmy.ml)

submitted 2 days ago by cvieira@lemmy.ml to c/privacy@lemmy.ml

28 comments fedilink hide all child comments

TL;DR: I'm writing a program that could be used by a malicious user to track people. Do I license it under GPLv3 to guarantee user freedom, or do I use a more restrictive license to prevent abuse?

Introduction

Hello! I'm a software developer with quite a bit of experience in automotive electronics, and I've run into a bit of an ethical dilemma, and I'd like to get some input from people who care about the same issues I do.

ALPR

If you already know what ALPR is, you can skip to the next section.

As a brief background for those who aren't familiar, automated license plate recognition (ALPR) is a rapidly growing technology that detects, records, and logs license plates, typically on public roads. This technology is almost always pushed as a safety measure to protect the populations under surveillance. The argument generally goes that people should be willing to give up some privacy if it means helping police identify stolen vehicles, AMBER alerts, and more. If you're a member of this Lemmy community, I don't think I need to explain why I think this is a terrible idea.

V0LT Predator

Predator is my attempt to take on this industry with a highly private alternative to traditional ALPR. In short, Predator is completely open source, runs entirely locally (with no telemetry/data mining), and uses independent hot-lists to decide what plates to alert to. The idea is that instead of a government agency setting up thousands of cameras to track hundreds of thousands of vehicles, individual users can set up cameras in their own vehicles, and help track down relevant vehicles (like AMBER alerts with associated license plates) indepdently. I figure this bottom-up approach can reduce the severity of mass surveillance and data centralization without entirely giving up the advantages of ALPR.

The danger with ALPR is when someone has access to so much centralized data that they can form a map of everywhere a specific vehicle has been. This is not something that's realistically possible on the scale of an individual user operating independently.

I realize many people will probably be entirely opposed to the idea of building an ALPR platform in the first place, but I hope you can understand my motivation.

Growth

Predator started as a brief personal challenge, but rapidly turned into one of my most advanced products. As far as I can tell, it is currently the only active open source ALPR ecosystem, and is the most popular alternative to SaaS ALPR platforms like Rekor and Flock Safety.

The issue is that this growth came with surging demand for many of the features supported by traditional ALPR services. I've had to walk a very fine line with making Predator valuable enough as a product to replace traditional mass-surveillance without turning it into a mass-surveillance product in itself. My decision making when considering new features has primarily been based on these two features:

Is this feature useful to individual private users? (people with Predator dash-cams, home security systems, etc)
Would this feature make it easier for a state agency or company to conduct mass surveillance?

As I'm sure you can image, this is an extremely gray area, but I think I've managed to walk the line pretty effectively so far.

The Problem

That leads us to the latest problem. There's been a lot of interest in some kind of product to organize and centralize license plate data collected by individual Predator instances. For example, a university police department running parking enforcement might want to identify plates that haven't purchased a parking pass. I think this use-case is fair, since all vehicles being monitored implicitly consent by purchasing a pass, and vehicles are not followed off-campus. That being said, this is one of those products I've been hesitant to add, since it would absolutely make it possible to use Predator as a mass surveillance tool.

The other day, I started developing a system like this internally, and it was a bit terrifying how effectively it worked. With a $80 off-the-shelf camera system, I was able to track dozens of vehicles after driving around for ~15 minutes.

The Dilemma

Here's the dilemma. If I hosted this service as an online-only product (which is the current plan), I could pretty effectively prevent it from being used for mass surveillance. For example, I plan to limit accounts to a few hundred unique vehicles unless they apply for an override. Customers with legitimate use cases can be granted overrides with geofenced areas to fill their use-case (i.e. the university campus from the previous example). However, this significantly compromises user control, since they would have to go through my services to use the product.

Typically, I would prefer to make the software entirely open source and self-hostable under the AGPLv3. However, this would make it trivially easy for a government agency or business to set up a mass scale surveillance system.

I'm struggle to decide how to approach this issue. Have I backed myself into a corner with this one? I'd love to hear everyone's thoughts on this dilemma, and the Predator ecosystem as a whole.

you are viewing a single comment's thread
view the rest of the comments

[–] ertai@programming.dev 6 points 1 day ago* (last edited 1 day ago) (1 children)

I don't see how using a proprietary license will help your dilema. If I install proprietary software in my car, I have 0 idea what it is doing, I can have no assurance that it is not doing telemetry and sending all the collected license plates to a centralized system. You want a way for users to control their own copy of the software whilst you retain the ability to control other's copies of the software. That's impossible. Either the users control the software or the software controls the users, there's no other way.

You are afraid that if you license your software under a libre license, a government will fork the project and add centralized telemetry which to their version which they will install on their own fleet of vehicles. As you said, "The argument generally goes that people should be willing to give up some privacy if it means helping police identify stolen vehicles, AMBER alerts". The fact is, ALPR monitoring systems are already existent and in use, so people have decided to trade some of their privacy for security, trusting that their government will stick to a balance of privacy/security that is worth the trade.

THE ROOT ISSUE is that, since the software is absolutely proprietary, people have no idea which amount of their privacy is being traded for security so they have no way of holding their governments accountable, they cannot revolt if their governments overstep boundaries because they cannot know/prove if the government did step over the boundaries.

Because the system is a black box, the government can lie and say "we need this and that authorization, we need to use this dangerous tool, we need backdoors, we need to break encryption ect... to guarantee your security". Once people have been coerced into giving up their power, the government uses that power however it wants because the system is secret.

If you license your project under the AGPL, the code is required to be available so people can ensure that their government is not abusing the power they have lent, and that the balance struck between privacy/security is worth it.

[–] cvieira@lemmy.ml 1 points 1 day ago* (last edited 1 day ago)

I don’t see how using a proprietary license will help your dilema

I guess I should clarify: Predator itself is already entirely open source, offline, and self-contained. The issue here is regarding an external service that allows you to import and manage data collected by Predator. By making this external service proprietary, I would be able to host the service and regulate how it is used. By making it open-source and self-hostable, I'm giving up control over how people use it.

If you license your project under the AGPL, the code is required to be available so people can ensure that their government is not abusing the power they have lent

I'm not sure this is how that would work. The AGPL specifically guarantees users of the software the right to use it for whatever purpose they want. Assuming the government doesn't host a public instance of the software for third-party users, they are under no obligation to share the source code. As such, they could continue doing whatever they want with it with zero oversight.

The argument for a proprietary license would be that V0LT maintains control over the only public instance, meaning it could enforce the rules each agency agreed to. For example, a university wanting to do parking enforcement could be given a 7-day license plate retention limit, and have their ALPR geofenced to the perimeter of the campus. This oversight would not be possible with a free license, hence the dilemma.