This Tesla Mod Turns a Model S Into a Mobile ‘Surveillance Station’
Credit to Author: Andy Greenberg| Date: Fri, 09 Aug 2019 23:00:00 +0000
Automatic license plate reader cameras are controversial enough when law enforcement deploys them, given that they can create a panopticon of transit throughout a city. Now one hacker has found a way to put a sample of that power—for safety, he says, and for surveillance—into the hands of anyone with a Tesla and a few hundred dollars to spare.
At the Defcon hacker conference today, security researcher Truman Kain debuted what he calls the Surveillance Detection Scout. The DIY computer fits into the middle console of a Tesla Model S or Model 3, plugs into its dashboard USB port, and turns the car's built-in cameras—the same dash and rearview cameras providing a 360-degree view used for Tesla's Autopilot and Sentry features—into a system that spots, tracks, and stores license plates and faces over time. The tool uses open source image recognition software to automatically put an alert on the Tesla's display and the user's phone if it repeatedly sees the same license plate. When the car is parked, it can track nearby faces to see which ones repeatedly appear. Kain says the intent is to offer a warning that someone might be preparing to steal the car, tamper with it, or break into the driver's nearby home.
Despite the obvious privacy concerns, Kain pitches his invention primarily as a helpful tool for Tesla owners who rate above average on the paranoia spectrum. "It turns your Tesla into an AI-powered surveillance station," Kain says. "It's meant to be another set of eyes, to help out and tell you it's seen a license plate following you over multiple days, or even multiple turns of a single trip."
Kain, a consultant for the security firm Tevora, also isn't oblivious to his creation's creep factor. He says the Surveillance Detection Scout demonstrates the kind of surveillance the data that self-driving cars already collect could enable. If a large group of Surveillance Detection Scout users were to combine their license plate recognition data—a feature that Kain has purposefully left out of the software—the system could create a crowdsourced version of the same powerful surveillance provided by commercial automatic license plate reader systems, whose use by police has been banned in some states. "I’d be able to see everyone across the US, thousands of cars on this Surveillance Scout network," Kain says. "So I think there’s a real ethical issue there."
Surveillance Detection Scout stores and analyzes its video on an Nvidia minicomputer that fits into a Tesla Model S’s console.
The Surveillance Detection Scout prototype, whose software Kain has made available on Github, works by capturing and analyzing the video from a Tesla's three cameras—two on its sideview mirrors and one forward-facing—on a $700 Nvidia Jetson Xavier mini-computer. It uses an open source neural network framework called Darknet as its machine learning engine, along with ALPR Unconstrained for recognizing license plates and Facenet for tracking faces. Both of those programs are available for free on Github. The system also uses Google's Open Images Dataset as training data.
"I’m not doing any cutting-edge AI," Kain says. "I’m just applying what’s already freely available, off the shelf." The software even identifies the make and model of cars it sees based on license plate lookups on the service FindByPlate.com. (Kain says it's far harder to link license plates to actual names, and he doesn't intend to include that data in his tool.)
An example of a push notification sent to a phone from Surveillance Detection Scout.
Kain says he came up with the idea for his follower detection mechanism last year after he attended a talk on countersurveillance at last year's Defcon. He'd been thinking since he first bought his Tesla Model 3 about the gigabytes of video it collected and deleted, overwriting its video logs every hour. "I had a little bit of FOMO, thinking about how all this video is gone if I don't do something with it," Kain says.
A screenshot of Surveillance Detection Scout’s interface, showing recently detected license plates.
After learning about a tool available on Github called Tesla USB that allows Tesla owners to store their video to an external drive indefinitely, Kain came up with the idea of combining that storage capability with image recognition to give his car features similar to the Nest camera in his home, which includes so-called "familiar face detection." Beyond tracking license plates, the face detection element of his tool also functions as what he describes as an upgrade to Tesla's existing Sentry security system, which starts recording when someone touches your car and sets off an alarm if they attempt to break into it.
By stitching together a patchwork of public code, Kain's 4-inch-cubed box can recognize license plate numbers and faces from the car's video stream and alert the car's owner if it spots repeated plates or faces in that data. It uses the software integration tool If This Then That to send alerts. By default, the system will notify the driver if it sees the same car following for every minute over a five-minute span, though Kain says the settings can be adjusted to the driver's preference. The notifications have about a one-minute delay, Kain says, because of the time a Tesla's cameras take to record a video file. And for now, users have to set up their own web server for it to work, though Kain says he may offer simpler web-based logins on his own server in the future.
Kain proposes some scenarios where his system could do some good: confidential sources meeting with a journalist, or anyone else who has reason to believe they're being followed or targeted by snoops. "If it helps keeps someone safe, that’s great," Kain says. "If it lets me know that someone’s sneaking around my car, that’s also great."
The Surveillance Detection Scout, however, faces not just ethical issues but also legal ones, says Joseph Lorenzo Hall, the chief technologist with the Center for Democracy and Technology. State laws against automatic license place readers, even for private use, would likely make it illegal in Arkansas, Georgia, Maine, and New Hampshire. Its facial recognition features make it illegal in Illinois.
Laws aside, Hall argues that Kain's invention could have unintended consequences and serious privacy implications. Confrontations could result from false positives, he says, if a driver mistakenly believes they're being followed by someone who happens to have the same commute. "I’m worried about the subjective judgment a human would make from this technological system," says Hall. "That could result in people pulling guns on each other when there's really nothing to worry about."
Hall also worries more broadly worry about the widespread form of AI-enabled surveillance that the system represents, particularly if its users tweaked Kain's code to share their data with each other. "You're going to have very rich records of people’s movements," Hall says. "It’s essentially a surveillance camera on wheels, not providing anyone notice of that fact, mapping pieces of people's paths through the cities they live in."
Kain says he’s not oblivious to his surveillance invention’s creep factor: “I think there’s a real ethical issue there.”
Even more troubling, Hall says, would be the potential for law enforcement to gain access to the data, either through some sort of incentive to drivers—just as local police in some cities have subsidized Amazon's Ring home surveillance cameras as a way to access their data—or by compelling users to share it with subpoenas.
Kain says he's aware of those concerns, and built his system in part to demonstrate the possibilities of self-driving cars' video surveillance before a shady commercial startup could do it first—one that might aggregate the data between users rather than keep it separated. A new era of ubiquitous self-driving car video data collection is coming, he says, and that much of it may end up on centralized repositories.
But he also admits that someone could easily tweak his code to enable data sharing between users, taking a big step toward the very future he warns about. "It would be trivial for someone to build that in if they have any development experience," Kain says. "Is it a slippery slope? Potentially."