Road pricing - Blair's shock 'privacy guarantee'

Stronger than the usual 'safeguards'?

Combat fraud and increase customer satisfaction

Europe is keen on black boxes that will be built in by the manufacturers (a directive to this effect is on the wishlist of the DfT's own feasibility study), which means systems that can't easily be interfered with that record driving data, perhaps govern speed, maybe use location data (Galileo) to match position with local limits and adjust speed accordingly, etc. Some of the pay-off from the black boxes will be of benefit to the motorist (e.g. there are advantages to location-based services) but there's clearly a price to be paid in terms of privacy and nanny-avoidance. Consider, for example, the upsides and downsides of Norwich Union's voluntary pay as you drive black box system - you get better rates, but your data is recorded, but only shared with "carefully selected partners". Reportedly, the DfT is considering a similar approach for some road pricing pilots.

While legislators see higher levels of monitoring as being good for road safety, police are keen to benefit from the crime-fighting spin-offs. As we noted last week, ACPO sees Electronic Vehicle Identification (EVI) as a next step in the development of its '24x7 vehicle movement database', and EVI comes as standard with the black box systems. So the point to take on board here is that with or without a road pricing network that has the ability to track you, the police are going to track you anyway, and start using EVI and Galileo to do so, unless the Government orders them to stop. It would however be absurd (or at least it would seem absurd to our legislators) to have a road pricing system collecting all of the data then throwing it away, only to have the police collect it by parallel means, so you can perhaps predict how that one will play out if road pricing gets that far. The privacy threat is clearly broader and further up the food chain than road pricing, or for that matter ID cards, and this needs to be understood if the threat is to be opposed.

Pressing the Government on those road pricing guarantees, however, still has a worth because it is possible to construct non-invasive road pricing schemes, and Blair himself touches on this, albeit in characteristically vague/misleading terms with his reference to "mobile phones and pay-as-you-drive insurance schemes". Anonymous insurance policies? Are you sure about that, Tone?

You meet anonymous pay as you drive systems whenever you use a toll bridge or a road where you hand over some money and a ticket spits out or a barrier lifts. These aren't necessarily or entirely anonymous, because if there isn't already CCTV and an ANPR system at the toll gate there soon will be, and because such systems almost always include a capability to ID vehicles that attempt to subvert them, but in design terms they're pretty much anonymous, and if legislators had the data protection brain rush they'd find it fairly easy to make them more particularly so. Consider the London Congestion Charge in this context - there is much about its design that is anonymous, but its use of registration systems (optional) and recording of ANPR tends to subvert the anonymity. TfL (Transport for London) claims only to retain data on non-payers and to give police access to this, although it's not immediately clear for how long it retains data on compliant vehicles these days.

TfL sees tag and beacon as one of the likely ways forward for the Congestion Charge, and although the DfT's study rejects this as too expensive for a national scheme, it's more obviously viable for urban areas and short stretches, it could be fairly non-invasive, and it's more easily retro-fitted. As an evolution of the Congestion Charge you could envisage this operating as a kind of 'Oyster for autos' - you buy a tag for your car, charge it up with money and as you drive it communicates with beacons on the roads that deduct the cash according to the journey. There needs to be a mechanism for intercepting and billing the 'gate jumpers' superimposed, but in principle the invasiveness of this can be restricted, and if there's one useful lesson the Congestion Charge has taught us it's that a tolerably high level of voluntary compliance can be achieved in such systems.

For the avoidance of doubt, we should point out at this juncture that none of the above should be interpreted as suggesting that we believe the Congestion Charge is either particularly effective or value for money. Oh, no. And it's probably also worth pointing out that a substantial slug of the Congestion Charge 'profit' is still accounted for by penalty charges for non-compliance. The achievement of 100 per cent compliance would at current pricing put it in some considerable financial difficulty.

Galileo however remains the likely winner for as long as a national scheme is on the table, and local planners will quite sensibly take this into account when they're designing their schemes. They won't want to spend on implementing one kind of scheme when they're going to have to start from scratch to implement a different one a few years down the line. So satellite it is? On the other hand, LRUC did not look promising at the time of its demise, and despite the improvements promised via Galileo, satellite projects still have plenty of scope for cock-up, failure, subversion and IT disaster. Nor will Galileo be fully in place until after 2010, so which local authorities will be brave enough to be at the bleeding edge? And how will they fare? But, if you haven't got enough volunteers to pilot the proposed national road pricing technology, what does this mean for the national scheme you're (not?) planning? And how do you pilot a national scheme locally, when the appropriate technologies are quite possibly different?

It's early days, but we think we can smell a train wreck or two not too far ahead... ®

SANS - Survey on application security programs

More from The Register

next story
Android engineer: We DIDN'T copy Apple OR follow Samsung's orders
Veep testifies for Samsung during Apple patent trial
MtGox chief Karpelès refuses to come to US for g-men's grilling
Bitcoin baron says he needs another lawyer for FinCEN chat
Did a date calculation bug just cost hard-up Co-op Bank £110m?
And just when Brit banking org needs £400m to stay afloat
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Don't let no-hire pact suit witnesses call Steve Jobs a bullyboy, plead Apple and Google
'Irrelevant' character evidence should be excluded – lawyers
EFF: Feds plan to put 52 MILLION FACES into recognition database
System would identify faces as part of biometrics collection
Ex-Tony Blair adviser is new top boss at UK spy-hive GCHQ
Robert Hannigan to replace Sir Iain Lobban in the autumn
Alphadex fires back at British Gas with overcharging allegation
Brit colo outfit says it paid for 347KVA, has been charged for 1940KVA
Jack the RIPA: Blighty cops ignore law, retain innocents' comms data
Prime minister: Nothing to see here, go about your business
Singapore decides 'three strikes' laws are too intrusive
When even a prurient island nation thinks an idea is dodgy it has problems
prev story


Designing a defence for mobile apps
In this whitepaper learn the various considerations for defending mobile applications; from the mobile application architecture itself to the myriad testing technologies needed to properly assess mobile applications risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.