TL;DR: I’m writing a program that could be used by a malicious user to track people. Do I license it under GPLv3 to guarantee user freedom, or do I use a more restrictive license to prevent abuse?
Introduction
Hello! I’m a software developer with quite a bit of experience in automotive electronics, and I’ve run into a bit of an ethical dilemma, and I’d like to get some input from people who care about the same issues I do.
ALPR
If you already know what ALPR is, you can skip to the next section.
As a brief background for those who aren’t familiar, automated license plate recognition (ALPR) is a rapidly growing technology that detects, records, and logs license plates, typically on public roads. This technology is almost always pushed as a safety measure to protect the populations under surveillance. The argument generally goes that people should be willing to give up some privacy if it means helping police identify stolen vehicles, AMBER alerts, and more. If you’re a member of this Lemmy community, I don’t think I need to explain why I think this is a terrible idea.
V0LT Predator
Predator is my attempt to take on this industry with a highly private alternative to traditional ALPR. In short, Predator is completely open source, runs entirely locally (with no telemetry/data mining), and uses independent hot-lists to decide what plates to alert to. The idea is that instead of a government agency setting up thousands of cameras to track hundreds of thousands of vehicles, individual users can set up cameras in their own vehicles, and help track down relevant vehicles (like AMBER alerts with associated license plates) indepdently. I figure this bottom-up approach can reduce the severity of mass surveillance and data centralization without entirely giving up the advantages of ALPR.
The danger with ALPR is when someone has access to so much centralized data that they can form a map of everywhere a specific vehicle has been. This is not something that’s realistically possible on the scale of an individual user operating independently.
I realize many people will probably be entirely opposed to the idea of building an ALPR platform in the first place, but I hope you can understand my motivation.
Growth
Predator started as a brief personal challenge, but rapidly turned into one of my most advanced products. As far as I can tell, it is currently the only active open source ALPR ecosystem, and is the most popular alternative to SaaS ALPR platforms like Rekor and Flock Safety.
The issue is that this growth came with surging demand for many of the features supported by traditional ALPR services. I’ve had to walk a very fine line with making Predator valuable enough as a product to replace traditional mass-surveillance without turning it into a mass-surveillance product in itself. My decision making when considering new features has primarily been based on these two features:
- Is this feature useful to individual private users? (people with Predator dash-cams, home security systems, etc)
- Would this feature make it easier for a state agency or company to conduct mass surveillance?
As I’m sure you can image, this is an extremely gray area, but I think I’ve managed to walk the line pretty effectively so far.
The Problem
That leads us to the latest problem. There’s been a lot of interest in some kind of product to organize and centralize license plate data collected by individual Predator instances. For example, a university police department running parking enforcement might want to identify plates that haven’t purchased a parking pass. I think this use-case is fair, since all vehicles being monitored implicitly consent by purchasing a pass, and vehicles are not followed off-campus. That being said, this is one of those products I’ve been hesitant to add, since it would absolutely make it possible to use Predator as a mass surveillance tool.
The other day, I started developing a system like this internally, and it was a bit terrifying how effectively it worked. With a $80 off-the-shelf camera system, I was able to track dozens of vehicles after driving around for ~15 minutes.
The Dilemma
Here’s the dilemma. If I hosted this service as an online-only product (which is the current plan), I could pretty effectively prevent it from being used for mass surveillance. For example, I plan to limit accounts to a few hundred unique vehicles unless they apply for an override. Customers with legitimate use cases can be granted overrides with geofenced areas to fill their use-case (i.e. the university campus from the previous example). However, this significantly compromises user control, since they would have to go through my services to use the product.
Typically, I would prefer to make the software entirely open source and self-hostable under the AGPLv3. However, this would make it trivially easy for a government agency or business to set up a mass scale surveillance system.
I’m struggle to decide how to approach this issue. Have I backed myself into a corner with this one? I’d love to hear everyone’s thoughts on this dilemma, and the Predator ecosystem as a whole.
make it so that every user owns their data collected by this and its all encrypted with some key private to that user. Then have only t he user be able to share the data with others. Or rather dont collect it all to some central database but have everyone make their own for private use.
But I dont think this is very good idea in the first place. What use is it to regular people to track others licenceplates? Who do you share the information with, the government? In usa they would just gleefully abuse it, in eu using it would just be horribly difficult for everyone involved due to legal issues and having private database about other peoples information isnt allowed or it requires somekind of registration i think, or was that only in finland.? In fact this might be outright illegal system in eu. Other places likely have superior database already.
And in the end, the whole thing will likely just be taken from you by force if nothing else works. Maybe some corporation will buy you out or maybe government will just seize it. No way they would just ignore something like this if it has any use to them.
So please be really careful how you do this so you dont end up making things worse for everyone by mistake. At least have some safeguards so you can destroy the whole thing if you need to so it cant be abused if anyone trys to take it from you.
Its nice idea, being able to track stuff independently, but i think it might belongs to some different, more friendly world, that is not this awful place we have to live in.
This is how it currently works, and it’s why I think Predator is a better alternative (as far as privacy goes) to traditional ALPR services. Everything Predator records is stored locally unless explicitly configured by the user to do something differently.
To be clear using the word “track” is a bit generous here. An individual user won’t have nearly enough data to have anything close to a comprehensive location history on any given vehicle. A Predator user might be able to say “I’ve passed this car 3 times in the past month” but not “This person leaves for work every day at 9am”.
Predator is designed primarily to make use of ‘hot-lists’ where only license plates in a specific list trigger alerts. For example, the US has a program called AMBER alerts, in which emergency alerts can be issued for missing children/kidnappings. These alerts often have license plates associated with them. A Predator user can add a plate from an AMBER alert to their hot-list, and then forget about it. Predator will silently scan license plates as they drive, and alert the driver if they find the vehicle. I think this is a way better alternative to government agencies covering an entire neighborhood in license plate cameras that feed everything to a centralized database.
This seems unlikely to me. There are already established companies in the space who have zero issue with violating privacy (i.e. Flock ALPR and Axon). A malicious company or government entity is unlikely to willingly go after Predator, given that it goes out of its way to make mass surveillance difficult.
I hope it works out as you want