Bailiff ANPR vehicles

[Fair-Parking]

I shall break my resolution concerning this thread simply to advise that Jason Hillier, the person making these incredibly direct FOIs, is an ex JBW and Philips official.

 

He clearly knows more than most on how these two 'esteemed' companies work and what the thought process is behind the beneficiary councils, one of whom (Camden) has recently written a letter confirming that contractors working for them cannot employ sub contractors and thus there are no subcontractors (No self employed ANPR bailiffs then).

 

The replies to Mr Hillier should be very interesting.

[buzby]

Shame he's brought in an irrelevance. GSM radio communications are fully encrypted over-the-air, so no DPA breach.

[lamma]

They can answer that point to that effect then.

[TasmanianDevil]

Good afternoon all.

 

As I have seen my name mentioned on this forum, I shall also break my resolution on this thread as whilst I may have been an " Architect" in the growth and design of Bailiff ANPR and Road Blocks, I have now left the industry. Yes I have my own "Agenda" but it is one that for now remains priivate. I am aware that my profile is such that when I left Philips a few months ago and got out for good, people started to talk. And so they should as yes I was on TV and yes apart from the MD of JBW (Who is better eye candy than me) I was the media friendly face of the Bailiff World. An oxymoron if ever there was one eh???

 

Forum members, I have chosen to post the FOI requests in my own name as I have learnt to realise that people`s identities get found out sooner rather than later. I can merely look at your posts and the english used by people to immediatly know their true profiles. Also, I can track an ISP in the blink of an eye and so can many others these days! All of this hiding and throwing insults is playground behaviour and this is why I have merely looked on but not commented for so long.

 

Yes there are REAL issues that need to be addressed within the Bailiff industry. Yes, some of you mean well and some even know the law but I read so many posts that are also incorrect. I will not comment in general on Bailiff firms behavior as from reading posts, I think it`s been done a few times already! I`m not here to re-create the wheel but to ask some pertinent questions regarding the use of ANPR technology within the Bailiff industry. Yes, by doing so, I know I will upset friends still in the industry and it is not my intention to see them lose their jobs as times are tough for all concerned right now. I also know Bailiff firms will hate me for "Crawling from beneath my rock" but in life, sometimes you have to do what is right.

 

I can`t put the genie back in the bottle. ANPR will remain with Bailiff firms but they have to be seen to be following the rules. At this point, the industry still operates under legislation that dates back to the Magna Carta. How can Judges pass rulings when they don`t even know what ANPR is?? Their law books can`t advise them! As a result, firms are using ANPR without regulation.

 

My name, my history and my profile are public knowledge now. To be honest, I fear reprisal from the "Industry" more than I do the public as simply they have much more to lose. Why? Because they may know that if ANPR use is regulated, it may hurt their revenue...Never a good thing! As a result of my decision to go public, I have had to contact my local Police and also install CCTV at my property for security.

 

Back in "The day", people like me were threatened with their properties being fire bombed etc as Bailiff firms didn`t like people bringing attention to the industry. Well I say this. If you are all cleaner now after the Whistle Blower...prove it!!!!

 

Ladies and Gents, my propery was intruded earlier this year and 20K of ANPR equipment was stolen from my car park. No druggies steal this type of equipment...these were Bailiffs! I will not be intimidated or shut up and now that I have left the industry, I will speak up.

 

What is the most aggravating thing to Bailiff firms and Local Authorities??? The fact that I don`t resemble Shrek (Well I hope not!!!), I come from an educated background and I elucidate my opinions.

 

Buzby, whilst writing I have also seen your post on my alledged error in my FOI request re GSM encryption. You are indeed mistaken as before I entered the Bailiff industry, I worked for a private firm from 1996-2002 that exported Government approved Surveillance/Counter Surveillance products. One of which was GSM listening/Data monitoring. If you have interest, Google "Blowfish" as this was the the start of good encryption but was still broken. Remember...."What goes up, most come down". So what can be encrypted, can be de-crypted....sorry if I ran off topic all!!

 

Let`s wait and see what my FOI requests bring. At this point not a lot as I`m sure the LA`s will be turning to legal for help. DPA and RIPA laws are beyond navigation and my requests for info will need to be met. This will not go away.

 

For those of you that I recognise on this forum I say "HI" and for those that I don`t know, "Hi" anyway! It`s a lovely day, so I`m off to enjoy it!!!

 

Take care and sure to chat soon!!!

 

Best.

 

Jason

[lamma]

Good man. Your stance is correct. "He who does not prevent what he can, seems to commit the thing."

[buzby]

Jason, If you worked in security, you would have known that GSM is indeed an encrypted service. Nobody is saying it is 'totally secure' as depending on how much money you want to throw at a problem, you will either fail miserably or be successful.

 

At the time of its development (1989) encryption of the GSM voice channels was mandated, because the existing TACS system had none. A decent Tandy Scanner with the ability to reach 960MHz was all you needed to listen in, and very illuminating it was too. AND you heard both sides of the conversation.

 

Using data over GSM, and the systems I have seen in operation use VPNs within data tunnels, which is not only 'reasonable' measures, and remains in use by most of the corporate world, it does what it does and does it reasonably well - indeed, considerably better than with TACS where I was able to intercept faxes over cellular with little difficulty.

 

By attemptng to question GSM security. your claim comes across as ill-concieved, especially as - if you are trying to cast doubt on the security ALREADY in place, you do not refer to this, or indeed raise issues with what the problem (as you see it) is. Add to this there is freequency hopping on the data channels to make the besy use of available bandwidths, it is considerably more secure than using a fixed line broadband connection, yet you are not prepared to acknowledge it.

 

We all know Bank PIN codes are not 'secure' and any of us have opted for 'no PIN' or 'Chip & Sig' cards as a compromise. I believe you have valid issues, but attmepting to discredit GSM is botrh a blind alley, and an irrelevant distraction. Forget this, and don't be sidetracked from the main task at hand. To break GSM requires considerable funds and equipment, and the cheapest option by intercepting at the intermediate (non wireless) stage is far more effective.*

 

 

*But not when a VPN is used.

[TasmanianDevil]

Buzby,

 

Clearly I bow to your better knowledge on this matter albeit the thread is on ANPR and not GSM encryption. The point of mentioning GSM was only a small part of a much wider problem regarding DPA/RIPA issues with private Bailiff companies and I don`t wish to over labour the point. Let`s just say you are correct with the caveat that "With enough money, things are always possible".

 

Thanks in your interest in this topic though.

 

All the best.

 

Jason

[buzby]

It's my specialist subject! I just don't want you to diminish your good arguments with an irrelevance!

[johno1066]

Good afternoon all.

 

As I have seen my name mentioned on this forum, I shall also break my resolution on this thread as whilst I may have been an " Architect" in the growth and design of Bailiff ANPR and Road Blocks, I have now left the industry. Yes I have my own "Agenda" but it is one that for now remains priivate. I am aware that my profile is such that when I left Philips a few months ago and got out for good, people started to talk. And so they should as yes I was on TV and yes apart from the MD of JBW (Who is better eye candy than me) I was the media friendly face of the Bailiff World. An oxymoron if ever there was one eh???

 

Forum members, I have chosen to post the FOI requests in my own name as I have learnt to realise that people`s identities get found out sooner rather than later. I can merely look at your posts and the english used by people to immediatly know their true profiles. Also, I can track an ISP in the blink of an eye and so can many others these days! All of this hiding and throwing insults is playground behaviour and this is why I have merely looked on but not commented for so long.

 

Yes there are REAL issues that need to be addressed within the Bailiff industry. Yes, some of you mean well and some even know the law but I read so many posts that are also incorrect. I will not comment in general on Bailiff firms behavior as from reading posts, I think it`s been done a few times already! I`m not here to re-create the wheel but to ask some pertinent questions regarding the use of ANPR technology within the Bailiff industry. Yes, by doing so, I know I will upset friends still in the industry and it is not my intention to see them lose their jobs as times are tough for all concerned right now. I also know Bailiff firms will hate me for "Crawling from beneath my rock" but in life, sometimes you have to do what is right.

 

I can`t put the genie back in the bottle. ANPR will remain with Bailiff firms but they have to be seen to be following the rules. At this point, the industry still operates under legislation that dates back to the Magna Carta. How can Judges pass rulings when they don`t even know what ANPR is?? Their law books can`t advise them! As a result, firms are using ANPR without regulation.

 

My name, my history and my profile are public knowledge now. To be honest, I fear reprisal from the "Industry" more than I do the public as simply they have much more to lose. Why? Because they may know that if ANPR use is regulated, it may hurt their revenue...Never a good thing! As a result of my decision to go public, I have had to contact my local Police and also install CCTV at my property for security.

 

Back in "The day", people like me were threatened with their properties being fire bombed etc as Bailiff firms didn`t like people bringing attention to the industry. Well I say this. If you are all cleaner now after the Whistle Blower...prove it!!!!

 

Ladies and Gents, my propery was intruded earlier this year and 20K of ANPR equipment was stolen from my car park. No druggies steal this type of equipment...these were Bailiffs! I will not be intimidated or shut up and now that I have left the industry, I will speak up.

 

What is the most aggravating thing to Bailiff firms and Local Authorities??? The fact that I don`t resemble Shrek (Well I hope not!!!), I come from an educated background and I elucidate my opinions.

 

Buzby, whilst writing I have also seen your post on my alledged error in my FOI request re GSM encryption. You are indeed mistaken as before I entered the Bailiff industry, I worked for a private firm from 1996-2002 that exported Government approved Surveillance/Counter Surveillance products. One of which was GSM listening/Data monitoring. If you have interest, Google "Blowfish" as this was the the start of good encryption but was still broken. Remember...."What goes up, most come down". So what can be encrypted, can be de-crypted....sorry if I ran off topic all!!

 

Let`s wait and see what my FOI requests bring. At this point not a lot as I`m sure the LA`s will be turning to legal for help. DPA and RIPA laws are beyond navigation and my requests for info will need to be met. This will not go away.

 

For those of you that I recognise on this forum I say "HI" and for those that I don`t know, "Hi" anyway! It`s a lovely day, so I`m off to enjoy it!!!

 

Take care and sure to chat soon!!!

 

Best.

 

Jason

 

 

Back on topic, Jason, it's good to have someone who has been in the industry on the forum, It is very sad that you have had to go to such levels to protect your home and yourself but I take my hat off to you for what you're doing and have done.

 

Look forward to chatting with you.

[TasmanianDevil]

Hi Fair-Parking,

 

I`m not sure you are correct with your comments re self employed Bailiffs and ANPR as they are still used by the majority of Bailiff firms to town. Whilst showing my identity is being open and honest, it does limit my posts somewhat as I am unable to mention specific company names for fear of libel action....understandable to a point so I like to mention Councils instead.

 

All big Councils bar one are still currently using Bailiff firms that contract self employed Bailiffs and some also still use private Bailiff ANPR contractors as it keeps their costs to a minimum. News from the street is that the use of these private ANPR staff are now upsetting the other Bailiffs as I know of one contractor that has a fleet of ANPR vans that work through the night spotting cars. The sub contracted "Boss" them simply fields the phone calls from clamped vehicle owners the following day. Seems ANPR Bailiffs that rent the company vans at £250+ per week are getting a bit upset about this!!! At this point, the question is are these "Night crawlers" Certificated? Let`s see shall we?

[TasmanianDevil]

Hi Johno1066,

 

Thanks for your support and kind words. To be fair, I made a good living for a long while before I realised that enough was enough and I had to do something more worthwhile with my life. The industry is toxic and still riddled with incidents and mis-behaviour that would make you turn green if you knew! Some people reading my posts will be angry as they wish to fight for an industry that is now on it`s last legs. My advise to them is to do what I have done and get out of it now!

 

Thanks again.

 

Jason

[TasmanianDevil]

Thanks for your kind comments!

 

Bless.

[tomtubby]

Hi Johno1066,

 

Thanks for your support and kind words. To be fair, I made a good living for a long while before I realised that enough was enough and I had to do something more worthwhile with my life. The industry is toxic and still riddled with incidents and mis-behaviour that would make you turn green if you knew! Some people reading my posts will be angry as they wish to fight for an industry that is now on it`s last legs. My advise to them is to do what I have done and get out of it now!

 

Thanks again.

 

Jason

 

Jason,

 

Welcome to CAG !!

 

Our company has a commercial business providing bailiff advice to the public and frankly, the matter of ANPR to enforce an unpaid parking charge notice is very worrying and I am aware that the Information Commissioners Office (ICO) have received correspondence on this matter which is being addressed.

 

I have also made FOI's to various local authorities and like quite a few people, I will be watching with interest to see the response from Westminster.

 

To demonstrate my concerns regarding ANPR even further, Hammersmith & Fulham Council have only just started requesting warrants for debt registrations that in 2007!!!

 

This is because they have only recently signed a new bailiff contract.

 

What this means is that ANPR vehicles operated by their new bailiff company are currently driving around London streets looking to locate a vehicle with the number plate of a car that was being driven by the owner 3 YEARS AGO !!!

 

This is absolute utter madness and the quicker it is brought to a STOP the better.

[TasmanianDevil]

Hi TomTubby and thanks for the post,

 

All agreed. Let`s see what the FOI delivers eh?

[patrickq1]

It's my specialist subject! I just don't want you to diminish your good arguments with an irrelevance!

GSM security

 

This article focuses on the security put in place on GSM networks. The first generation mobile phone network devices were vulnerable in a variety of ways, the most notable being connection eavesdropping and handset cloning. Subsequent mobile systems introduced protection against these attacks. Throughout this article I refer to GSM, which is the basis for the 2G network in the UK.

 

Before analysing the security of any system, it is important to review the design goals of the system in question. For GSM, the design goals were to provide the same protection as a fixed line system. This was achieved using cryptographic mechanisms, which were implemented to provide authentication of the handset to the network, confidentiality of the data transferred, and anonymity of the customer.

 

Authentication is provided using a challenge-response protocol, based around the knowledge of a pre-shared 128-bit key, Ki. The key is held at the authentication centre (AuC) for the mobile provider, and an identical copy is held on the SIM card. The AuC also generates a random number, and passes it through one of a set of algorithms, implemented at the AuC and on the mobile device. Here is the protocol run, with the terminology defined:

 

ME: Mobile Device MSC: Mobile Switching Centre AuC: Authentication centre

 

RAND: 128-bit Random number

Ki: 128-bit shared key

Kc: 64-bit encryption key

XRES: Expected response

RES: Response

 

1) MSC -> AuC: Authentication Request

2) AuC generates a random number, RAND, and uses it along with Ki to compute: XRES and Kc

3) AuC -> MSC: {RAND, XRES, Kc}

4) MSC -> ME: RAND

5) ME uses RAND and Ki from the SIM to calculate: RES and Kc

6) ME -> MSC: RES

7) MSC: XRES == RES ??

 

If the response is equal to the expected response, then authentication is successful, and the network can be sure the SIM is authentic. The transaction also set up a shared encryption key, Kc, which was never transmitted, but was calculated at both ends. This key is now used along with TDMA frame sequence numbers to generate keystream, which is fed into the stream cipher to encrypt voice traffic. Since the keystream depends on sequence numbers, it is effectively re-synchronised at each frame.

 

There are several problems with these security measures. The first is that the voice data is only encrypted up to the base station, which sits between the ME and the MSC. If the link between the base station and the MSC is wireless (for example, via microwave dish), the data will be sent unencrypted, and anyone with the proper sniffing equipment can gather unencrypted voice data. Another problem is that it is not unfeasible for a malicious user (or more likely, a government or security agency) to obtain a microcell, or base station, which can be configured to act as a man-in-the-middle.

 

This attack is possible due to the use of unilateral entity authentication, because the handset gets no guarantee of the identity of the network. 3G networks use mutual entity authentication, so rogue base station attacks can no longer be used, as the cannot know the secret key, Ki.

 

This has been a very quick and dirty review of GSM security. I have left out most of the details, as the article would go on forever if I hadn't. I hope you have all learnt something from this article, please take the time to rate and comment. If I find the time I will do a follow-up on UMTS and 3G networks soon.

[TasmanianDevil]

Thanks for this. I think we can all put a full stop to GSM now as it`s somewhat off topic.

[buzby]

I'm sure Tasmanian Devil found that interesting, however, as his point (AFAICT) was based on concerns relating to the possible misrepresentation or misuse of data due to it being handled wirelessly.

 

OTOH your explanation only looked at GSM in its 'raw form', not the additional protections evidenced by using data terminals using GSM as the enabling path, not the additional encryption provided to the data as part of a VPN, which - as you must surely know, is an end-to-end solution and has nothing to do with BTS hacking or any intermedate issues.

 

Therefore, since the system in place is more than adequate to be 'reasonable' protection of the data being carried, the agencies making use of them have nothing to fear from an accusation that 'it can be hacked' and therefore at risk under the DPA provisions under a need to hold and process data in a secure manner.

 

GSM/VPNs provide this, and as such are an irrelevance and work against the OP by unsiccessfully trying to emphasise a non-exsitant 'risk'.

 

As previously noted, if you through enough money at an issue you get the results you want, however since even basic GSM encryption is of an acceptable standard for over-the-air transmissions, there would be no benefit in trying to highilight this as a cause for concern.

[tomtubby]

I'm sure Tasmanian Devil found that interesting, however, as his point (AFAICT) was based on concerns relating to the possible misrepresentation or misuse of data due to it being handled wirelessly.

 

OTOH your explanation only looked at GSM in its 'raw form', not the additional protections evidenced by using data terminals using GSM as the enabling path, not the additional encryption provided to the data as part of a VPN, which - as you must surely know, is an end-to-end solution and has nothing to do with BTS hacking or any intermedate issues.

 

Therefore, since the system in place is more than adequate to be 'reasonable' protection of the data being carried, the agencies making use of them have nothing to fear from an accusation that 'it can be hacked' and therefore at risk under the DPA provisions under a need to hold and process data in a secure manner.

 

GSM/VPNs provide this, and as such are an irrelevance and work against the OP by unsiccessfully trying to emphasise a non-exsitant 'risk'.

 

As previously noted, if you through enough money at an issue you get the results you want, however since even basic GSM encryption is of an acceptable standard for over-the-air transmissions, there would be no benefit in trying to highilight this as a cause for concern.

 

 

Well Teresa May is one Minister who would appear to realise the seriosuness of ANPR vehicles. The following is from today's papers:

 

 

More regulation for police cameras | News

[buzby]

Doesn't appear so. Her concern is the recording of driver's movements by the police - and by entension, the 'fixed' network of cameras that record all vehicles passing a certain point.

 

It will be argued that Bailiffs using video* capture are simply an enforcement of previoius identified wrongdoing - which is considerably different to the capturing of the movements of otherwise 'innocent' road users..

 

*I'm not going to refer to this as 'ANPR' as it is simply a rough-n-ready budget wannabe.

[green_and_mean]

Doesn't appear so. Her concern is the recording of driver's movements by the police - and by entension, the 'fixed' network of cameras that record all vehicles passing a certain point.

 

It will be argued that Bailiffs using video* capture are simply an enforcement of previoius identified wrongdoing - which is considerably different to the capturing of the movements of otherwise 'innocent' road users..

 

*I'm not going to refer to this as 'ANPR' as it is simply a rough-n-ready budget wannabe.

 

Her point is the long term storage of data collected by the Police not the actual use of ANPR cameras.

[buzby]

So as it has nothing to do with 'Bailiff's use of VRM lists, isn't particularly relevant nor an indication that 'something will be done'.

[green_and_mean]

So as it has nothing to do with 'Bailiff's use of VRM lists, isn't particularly relevant nor an indication that 'something will be done'.

 

No nothing at all! As state before ANPR is a genereic term that covers any system of vehicle recognition. It can be anything from a simple system that identifies car park permit holders and opens a barrier to those on the database, complex systems like those used for the congestion charge to huge systems the Police use linked to several databases and the PNC.

[buzby]

For the first point, we both know this - it was for clarificastion to the poster that TM was not doing anything useful.

 

As to the second - describing the systms that Bailiffs or Car Park enbforcers use as 'ANPR' is giving credit to technology where none exists. Police ANPR (the 'real thing') resolves the RK details and other information pulled from a comprehensive database. Bailiff ANPR has no access to the full database, just a very small sub-set of it. Car Park enforcement ANPR doesn;t even do this. Sure it recognises the plate, but nothing else. There is nothing 'automatic' about their looking up the RK details, they have to pay for it like anyone else deciding which ones to pay for an enquiry and which to disregard (like their own vehicles, for instance).

 

We're in serious dange of awarding crediibility where none exists, which is why it is flawed to call it Bailiff ANPR. It'sa like calling two musicians an 'orchestra' or a canoe a ship, sure a mobile phone these days is a computer... so why don't we call it one? Bailiff/Car Park NPR might be more accurate - as there is no point in talking up a technology that is misunderstood by most.

[johno1066]

For the first point, we both know this - it was for clarificastion to the poster that TM was not doing anything useful.

 

As to the second - describing the systms that Bailiffs or Car Park enbforcers use as 'ANPR' is giving credit to technology where none exists. Police ANPR (the 'real thing') resolves the RK details and other information pulled from a comprehensive database. Bailiff ANPR has no access to the full database, just a very small sub-set of it. Car Park enforcement ANPR doesn;t even do this. Sure it recognises the plate, but nothing else. There is nothing 'automatic' about their looking up the RK details, they have to pay for it like anyone else deciding which ones to pay for an enquiry and which to disregard (like their own vehicles, for instance).

 

We're in serious dange of awarding crediibility where none exists, which is why it is flawed to call it Bailiff ANPR. It'sa like calling two musicians an 'orchestra' or a canoe a ship, sure a mobile phone these days is a computer... so why don't we call it one? Bailiff/Car Park NPR might be more accurate - as there is no point in talking up a technology that is misunderstood by most.

 

 

I think we're going around in circles here. Whether we are talking about Police ANPR or not, the technology is still ANPR and it the collection and processing of data that could lead to a vehicle being unlawfully removed or destrained on the Highway.

[buzby]

But it's not AUTOMATIC in the case of Car Parks etc - hence NOT ANPR! Surely that concept is not too difficult to grasp?