Automatic number plate recognition (ANPR) cameras are used by local authorities and law enforcement to monitor traffic flow and collect data. ANPR captures the registration plates on passing vehicles. This chapter will consider their use against existing policies and inherent risks associated with the management of the data they produce, focusing on economic theory and considerations, predominantly within law enforcement. The chapter finds that creating well-written policies and legislation ensures accountability and responsibility. Ensuring the correct budgeting models are applied both locally (microeconomy) and at the government (macroeconomy) level, the ANPR infrastructure can remain secure and effective. The policy must also include sharing security information and event management (SIEM) logs between law enforcement agencies to share actor intelligence as there is no risk of IP disclosure, reducing the risk of a tragedy of the commons. This will also improve public confidence.
Top1. Introduction
ANPR cameras have software that allows them to capture characters, known as indexes, on a vehicle's number plate. One former civil servant, Perrin (2015), said that the UK's ANPR network 'could be one of the world's largest non-military surveillance systems and probably contains more data about people than the NHS.' Whilst ANPR is perhaps not directly part of the critical national infrastructure (CPNI 2022), it can be argued that it supports it, if not manages it, in many ways (Dakin & Brown 2017).
Figure 1.
An example of a fixed ANPR camera and an associated read (Lyddon, 2016) (SAE Systems, 2022).
Figure 2.
An example of a mobile ANPR camera and associated read (Hargan, 2022) (Petards Group, 2022).
Once the index has been captured, it can then be used in countless ways (Patel et al. 2013). UK law enforcement store ANPR data locally and upload data to the National ANPR Data Centre, where data is stored together with other data from across the country for two years (Gov.uk, 2022). It is estimated that there are 11,000 ANPR cameras and, on average, 60 million reads each day across the UK (Police.uk, 2022), equating to around 22 billion reads each year. There are 14 fixed-site cameras and 18 vehicle-mounted systems in Dorset alone, producing around 250,000 reads (2013/14) (Dorset Police 2022). Access to ANPR is relatively simple for law enforcement officers. Any trained officer or staff member can access data on their authority for up to 90 days. Searches beyond 90 days and up to two years require a senior officer to authorise. These searches are only authorised for serious crimes (Dorset Police 2022). The risks associated with such unfettered access become clear when considering corruption in the Police (Newburn, 1999).
ANPR cameras are a fundamental part of law enforcement (Allen et al., 2008) (Haines, n.d.). In addition, ANPR data is a considerable data asset containing personal and confidential data of members of the public, emergency services, military, members of parliament, and royalty. The threat and risks associated with this kind of data speak for themselves (Huq et al., 2022). Threat actors associated with Advanced Persistent Threat (APT) groups with enemy state backing may have an interest in tracking the movements of military vehicles or diplomats (Shackelford et al., 2022). Equally, the media may have an interest in tracking the movements of celebrities. Whilst most mainstream media are not likely to look at hacking ANPR systems, lone reporters or actors in China intent on finding their next story might (Reuters, 2022). With the human factor often being the weakest link in cyber security, these actors may be drawn to vulnerable Police officers susceptible to social engineering (Kaushalya et al., 2018).