The Road Police Panopticon: the latest data grab
The Brazilian Federal Road Police (PRF), after having just being denounced by the news outlet The Intercept for acquiring biometric data of all Brazilian drivers last month (more on that below), strikes again with a new mass surveillance measure: identifying and recording the passage of every vehicle in 1,921 remote camera monitoring checkpoints, by using license plate recognition. The process is under a lightning fast public consultation, which just opened last Thursday, May 11th, and is already closing today. Such short notice does gives civil society almost no time to analyze the proposal or to organize any type of mobilization against it.
A history of vehicle movement mass surveillance in Brazil
Successive governments in Brazil have been adamant on the idea that the history of movement of every vehicle should be tracked, collected and forever stored in a database.
Siniav: a mandatory RF tag identification for every vehicle
The National Traffic Council (Contran) enacted a bylaw (Resolution 412) in 2012 that created the “National Automatic Vehicle Identification System” – Siniav, in the Portuguese acronym. The system mandated the installation of radio frequency (RF) tags on every vehicle and was to be rolled out in a gradual manner. Antennas installed on many road points would read the information on the tag, which uniquely identify the vehicle and could record the time and position of its passing.
The alleged reason for doing so would be to facilitate fighting vehicle and cargo theft and robbery. In practice, it would enable creating a database containing the whole history of movement of every vehicle. Such a database would be then ripe for many kinds of abuse and data leaks.
As explained by the attorney Marcos da Costa of the São Paulo Bar Association (OAB-SP):
In the case of the car tags, the state and municipal authorities do confirm that it can store the vehicle’s serial number, license plate, chassis and Renavam code, and it has the capacity to map the trajectory traveled by each vehicle. We are concerned, at first, about the data capture and storage that could expose people’s privacy. Once the data is stored, they could by themselves, or in combination with other information, receive automated treatment, with devastating results for the driver’s privacy.
After successive delays in implementation deadlines, the mandatory vehicle tracking tag, along with a likewise problematic mandatory GPS-tracking SIM card called Simrav, were suspended by the 3rd Regional Federal Court (Tribunal Regional Federal da 3ª Região) after a class action suit filed by the Federal Prosecutor Office (Ministério Público Federal) in the State of São Paulo.
“To track and to locate indicate the same thing, for both refer to the possibility to find the vehicle – and henceforth its driver – wherever they are.” — Cecília Marcondes, federal Judge
The next year, in 2015, the Contran decided to suspend the obligation of installing the RF tags.
Siniav: return of the RF tag inside the license plate
More recently, however, the Contran has found a new way to force RF tag identification upon Brazilians. An international agreement between the Mercosur countries in 2014 established a common license plate model for all vehicles in these countries. This license plate model has been gradually rolling out since 2018 and is the mandatory for all new vehicles sold since 2020.
Contran has enacted another bylaw establishing that these new license plates must come with an identifying RF tag inside them. According to Denatran,
22. Can the tag track the vehicle?
The tag won’t track it, it will just control the passage of vehicles on the place where the antennas are installed. The tag won’t contain information about the vehicle, nor its owner, it will contain only an encrypted identification number to be used by institutions that have been authorized by Denatran. The identification number will be the key to accessing the authorized registry data, according to each application of the institution requesting the service.
If the authorized institutions (presumably, at the very least, the local traffic authorities will be authorized) can decrypt and read this identification number, and then associate it uniquely with the rest of the data it’s own databases and on Denatran’s database, including the information on its owner, they will obviously be able to record on their databases the position, time stamp and unique vehicle identification. Thus obtaining the history of every moment that the vehicle, or its owner, has ever passed by every antenna is just an SQL query away. All things considered, the instrument of warrantless mass surveillance and the privacy violations regime are still the same.
Cortex: ubiquitous cross-referencing personal data
As evidenced in the argument above, when personal data is joined and cross-referenced between different databases the potential for harm is multiplied.
In 2020 the Ministry of Justice was denounced by The Intercept for implementing Cortex, a system that could link personal data on Brazilian citizens from many different government databases. According to the news report, the system was operated at the time by the Secretariat for Integrated Operations – Seopi. They showcase in video that one can start from a company identifier, locate a particular employee form the list of all employees, along with dates of birth and CPF identification numbers. Then, if the employee owns a car, they can see the whole itinerary of when and where they have been driving, all without obtaining a warrant.
This demonstrates how the process of collecting data points identifying all vehicles, time stamps and antenna locations really constitute an instrument of mass surveillance.
Biometric data: another recent personal data grab by PRF
Last month the PRF made the news for settling a contract to obtain biometric data of all Brazilian drivers from Denatran, something that experts hold that could hardly be justified.
“There is no clear justification on why do they need this huge database. And that makes it impossible to even make predictions on the purpose, since they are innumerable”, explains researcher Felipe Rocha, from the Laboratory for Public Policies and Internet, Lapin, which comprises the Central Committee for Data Security, created in 2019, in order to manage personal data sharing within government.
The biometric data includes high resolution photos and fingerprints of all ten fingers of every driver, a database held by the National Traffic Department (Denatran).
That database may itself violate the principle of necessity set forth by the Brazilian Data Protection Law (LGPD), as set in article 6:
III – Necessity: limit the processing to the minimum necessary for fulfilling its necessities, with a pertinent data scope, proportional and not excessive in regard to the purpose of the data processing.
That is, if the ends are identifying the driver, if that can be done by just using the photo, why take fingerprints? Even if one could make a case for collecting a fingerprint, what can be done with all ten fingerprints that couldn’t possibly be done with a single fingerprint?
Of course, the same could be also argued about the biometric database of the Superior Electoral Court (TSE) that is used in Brazilian elections, which also collects the very same kind of biometric data, but on all citizens, and not just those with a driver’s license.
In turn, the sharing of data between Denatran and PRF itself may also violate the first principle, of the purpose of data collection:
I – Purpose: carrying out the processing for legitimate, specific, and explicit purposes disclosed to the data subject, with no possibility of ulterior processing that is incompatible with these purposes.
It bears mention that, unlike passwords, people cannot change their own biometric data, once that data leaks. So databases like these are always at an immense risk of causing irrevocable damage to everyone, so much so that we must question ourselves whether it is wise for them to exist in the first place.
Political instrumentalization with data use by the PRF
With so much personal data in one’s hand, comes even more power. When that power is abused, or a data leak happens, the damage done increases in proportion to the amount sensitivity of the personal data.
In October 2022 the PRF was denounced for deflagrated a special operation to pull over vehicles, especially buses, on election day, to check for any possible irregularity, and stop them from continuing voyage in case they find any. This was especially concentrated in places in the Brazilian Northeast that got the greatest concentration of voters of the then candidate, now president, Lula, in the first round of elections. Because then-president Bolsonaro had been openly provoking political interference in some public organizations in his own favor, the operation was perceived by many as an abuse of power to illegally interfere in the elections. Evidence found last month by the Federal Police with the former Minister of Justice do indeed corroborate that suspicion. The investigations on the case are still ongoing.
It should be clear by now that collecting and storing the identification of all vehicles that pass by a reading point, by whatever means, be it optical character recognition of license plates or RF tags, will lead to databases that record every citizen’s every move forever. Tools that enable mass surveillance of everyone without judicial review, without obtaining a warrant, are a violation of the constitutional right for data protection and should be rejected and repealed.