In the last issue we looked at the history and development of license plate recognition (LPR), currently considered by many as a cutting-edge tool for cyber-tracking. We looked at how it originated and the companies who pioneered it in the United States. We saw how the original design application was intended for use by law enforcement but quickly spread and migrated to the asset recovery industry and finally, how this form of cyber tracking has changed the modus operandi of the automobile repossession industry.

With this new technology there are issues and concerns with the primary issue being that of privacy.

What License Plate Recognition Isn’t

Many people, upon learning of this new technique of electronic surveillance began to develop the “big brother is watching syndrome” while others felt as if they were being stalked and their movements tracked. Many felt that the use of LPR was an invasion of their privacy.

If we address these issues, we can discount stalking as per definition a person is not being followed, given chase, run after or placed under a surveillance. LPR does not meet the test.

If we look at the issue of tracking, I would have to say maybe. LPR captures point-in-time data on a vehicle. If a vehicle is spotted at different locations at varying times of day or night and a pattern is established then I would definitely feel the person, or at least the vehicle, had been tracked.

Finally, is the use of LPR an invasion of a person’s privacy? It has been stated by a major LPR entity that, “LPR doesn’t know who you are; it is anonymous data. A string of numbers and letters with a date, time, and location – That is all.”

Anonymous Identification?

Why is the LPR data considered anonymous data and is your privacy protected from this realtime technology?

Because of the protections put in place by the Driver’s Privacy Protection Act, the inability to connect license plate numbers to protected personal information held at DMVs without an expressed permissible purpose means that license plate numbers (whether obtained by writing them down or by taking pictures manually or automatically with automatic license plate reader/recognition cameras) are anonymous data.

Predicting a Consumer’s Activity

Is LPR data being used to record Americans’ movements and thus trace a person’s past movements?

LPR can be used to see where you work, where you live, what social functions you might attend, where you go to church, when and where you go to eat and drink and where you shop. This data can be used to determine your habits and patterns and therefore be predictive.

Two things the tracer should note. First, LPR technology does not know who is driving or who is in a vehicle. Second, LPR does not continuously trace all movements. LPR is not a continuous surveillance tool like GPS technology. LPR technology only takes snapshots of a license plate (and the attached car) and notes the location, time, and date if a plate happens to be within view of a camera.

This is very different from GPS tracking technology, which is capable of tracing a vehicle’s movements over time with high precision and involves physical trespass upon private property (a vehicle) in order to place a tracker. Because of these unique features of GPS technology, in 2012 the Supreme Court’s decision in United States v. Jones determined that GPS tracking constitutes a search under the Fourth Amendment and should be subject to a warrant requirement.

LPR technology is a fascinating and helpful tool for the professional tracer if used in a legal manner. Next issue we will address whether or not LPR technology can be defeated, sending the tracer on a false trail?

Ron Brown is a member of the National Association of Fraud Investigators and the author of “MANHUNT: The Book.” Contact him at This email address is being protected from spambots. You need JavaScript enabled to view it..

In the last issue we discussed the compliance requirements that a skip tracer must adhere to when attempting to obtain location information related to the collection of a debt. In this issue we will look at the compliance requirements a cybertracker must follow when tracking a person through the maze of electronic data posted on the Internet.

First let us begin by defining the action that a cybertracker performs in their effort to locate consumers.

The cybertracker locates and analyzes data that has been posted on various free data sites such as public records, social data sites such as Twitter, Facebook and LinkedIn, and pay data sites where an information broker has purchased data, refined it and made it accessible in a user-friendly format for a fee.

The two major areas of concern to a tracer should be obtaining information from data brokers and obtaining information from social media. The information obtained from free data sources such as public records and Internet news postings are usually considered “Open Source” data and there are very few laws which the tracer should be concerned about other than giving a false reason for obtaining public record data covered by a privacy law. An example of this would be driver license information which would have non-public personal information (NPPI) data such as the date of birth, physical characteristics and addresses. Most state Department of Public Safety requires a form to be filled out asking for the purpose the information is needed. The tracer must never put down a false reason as it would violate that state’s law, triggering an FDCPA violation. Now to the two major areas of concern.

Data Broker Compliance

Let’s begin with the Data Brokers who resell information. These entities usually fully vet their potential clients and conduct on-site inspections to insure the clients are legitimate, using the data in a legal manner, properly licensed and bonded as required and have taken the required steps to protect the data both in transit and at rest. The inspection will usually include a review of the various purposes the data will be used for and that the users have been properly trained in relation to the applicable laws such as the FDCPA, GLBA and FCRA. The data brokers will have an area in their program where the user is asked to indicate the reason for obtaining the data and often audit the data purchaser’s records to verify compliance. As I stated, the information obtained through these data brokers falls under a litany of federal and possible state laws and the users should be trained to follow the requirements of these statutes to the letter.

Social Site Compliance

Next, we will discuss the social sites and the guidelines a cybertracker must follow when accessing data extracted from these sites. The two main things to remember when searching for information on the many social sites which may include high school and college sites such as Alumni.com and Classmates.com is 1): It is “read only.” The tracer must never ask to “be a friend” of the person they are attempting to locate or, for that matter, the person’s friends or relatives. And 2): The tracer should never attempt to establish a false identity to obtain information. Doing either of these two things could certainly be viewed as a violation of the Fair Debt Collection Practices Act, § 807 [15 U.S.C. §1692e] which prohibits the use of “any false, deceptive, or misleading representations or means.”

In a nutshell, these rules cover the statutes a cybertracker must adhere to when tracking people through the Internet. When there is a question as to what to do, I train people to ask themselves a simple question: “Could I get in trouble for doing this?” If the answer is “yes” or “I don’t know,” the conclusion is simple: Don’t do it.

Until next time… good luck and good hunting.

Ron Brown is a member of the National Association of Fraud Investigators and the author of “MANHUNT: The Book.” Contact him at This email address is being protected from spambots. You need JavaScript enabled to view it..

In this issue we are going to look at one of the newest and, what many consider, the most invasive form of cyber tracing: license plate recognition, or LPR. In an industry already beset with an array of privacy issues, this medium of cybertracking is a vast and virtually unknown network of surveillance, rapidly expanding through municipal/law enforcement cameras and private sector cameras. Research into the subject indicates Automatic Number Plate Recognition (ANPR) was invented in 1976 at the Police Scientific Development Branch in the United Kingdom and came into wide use with new developments in cheaper software during the 1990s. The collection of ANPR data for future use was documented in the early 2000s. The first documented case of ANPR being used to help solve a murder occurred in November 2005, in Bradford, UK. In this instance ANPR played a vital role in locating and subsequently convicting killers of Sharon Beshenivsky.

In the United States, ANPR systems are more commonly referred to as Automatic License Plate Reader/Recognition (ALPR) technology, due to differences in language. “Number Plates” are referred to as “License Plates” in the United States.

ALPR, widespread among law enforcement agencies at the city, county, state and federal level, has become a major component in intelligence gathering, as well as for recovery of stolen vehicles, identification of wanted felons and monitoring for Amber Alerts.

Pioneers in the U.S.'s LPR industry envisioned an application in the automobile repossession industry. Almost overnight recovery agency tow trucks were installing cameras and building a history of tag locations.

Three major companies emerged: Digital Recognition Network (DRN), Plate Locate and MVTRAC. As the technology improved so did the strategies for obtaining tag histories. Agencies began to place their cameras on smaller automobiles which used much less fuel, had access to more locations and were not as conspicuous as a tow truck.

The data which was once sold only to the repossession agencies began to find other markets which included investigation agencies, lenders and skip trace companies. One of the companies’ websites states “… vehicle location data and analytics to guide your collections strategy. Mitigate repossessions by making right party contact and curing loans where possible or accelerate repossession treatment for faster recovery.”

It goes on to say, “Transform your recovery process, reduce days to recovery by 50%, prevent charge-offs and ensure compliance. Direct agents to the correct address the first time and stage for live, on the spot recovery with a … Provider,” and “Recover smarter with the … Recovery Network that gives you access to thousands of LPR cameras nationwide working to pickup your assignments, 24/7. It’s fast, efficient and fully compliant.”

Today we do not even notice the small vehicles that prowl up and down the aisles of a shopping mall parking lot or through the labyrinth of apartment complex parking areas, searching for cars to repossess. Four high-speed, license plate reading cameras are attached to the hood of these vehicles, scanning cars in every direction, scooping up license plate data and snapping tens of thousands of photographs. This grows the database exponentially, now containing billions of plate numbers and their static location.

This innovative form of cybertracking has revolutionized the skip-tracing, collection and repossession business and I am informed by many purchasers of the data that using this type of cybertracking technology has doubled and tripled their production.

Two questions then surface: 1) who can purchase the equipment to use this technology and what is the cost, 2) who can purchase the data and what is the cost?

To answer the first question is just about anyone who can afford the initial cost of cameras would be able to purchase and run the cameras, including but not limited to repossession agencies, towing companies, security companies, private investigation agencies and even private individuals. As to the cost, I spoke with one of the members of Eagle Group USA, Stephanie Findley of IR Services in Houston, Texas, recognized as a subject matter expert. Used cameras could be purchased in the $5,000 to $7,000 range while a set of new cameras would usually run around $14,000.

The cost to purchase a “hit” on a vehicle you are searching for seems to be in the $300 to $400 range.

There are a lot of changes currently occurring in the LPR industry with numerous mergers and acquisitions as well as a growing concern of privacy. These topics will be explored in the next issue.

Ron Brown is a member of the National Association of Fraud Investigators and the author of “MANHUNT: The Book.” Contact him at This email address is being protected from spambots. You need JavaScript enabled to view it..

In a previous article we briefly touched on the subject of tracing under the Fair Debt Collection Practices Act (FDCPA). As I stated in that article, I am often asked the question, “What laws do we have to follow when skip tracing a consumer regarding a debt?” My usual reply is, “That is a very broad question, let’s discuss it.”

In this article we will “discuss it” a little more in depth and see if we can clarify certain things that a tracer may or may not do when tracing.

What Kind of Tracing Are You Doing?

The first thing is to determine if we are skip tracing in the traditional sense, speaking to third parties to obtain current location or contact information, or cybertracking. In this article we will address traditional skip tracing and cover cybertracking in the next issue.

Each state may have consumer protection statutes which would relate to tracing and it is important that the tracer know the laws in the state where they are making third party contact.

The primary statute we will address today is 15 U.S. Code § 1692b, better known as Section 804 of the Fair Debt Collection Practices Act - Acquisition of location information.

The following is the exact wording of the statute:

Any debt collector communicating with any person other than the consumer for the purpose of acquiring location information about the consumer shall—

(1) identify himself, state that he is confirming or correcting location information concerning the consumer, and, only if expressly requested, identify his employer;

(2) not state that such consumer owes any debt;

(3) not communicate with any such person more than once unless requested to do so by such person or unless the debt collector reasonably believes that the earlier response of such person is erroneous or incomplete and that such person now has correct or complete location information;

(4) not communicate by post card;

(5) not use any language or symbol on any envelope or in the contents of any communication effected by the mails or telegram that indicates that the debt collector is in the debt collection business or that the communication relates to the collection of a debt; and

(6) after the debt collector knows the consumer is represented by an attorney with regard to the subject debt and has knowledge of, or can readily ascertain, such attorney’s name and address, not communicate with any person other than that attorney, unless the attorney fails to respond within a reasonable period of time to communication from the debt collector. (Pub. L. 90–321, title VIII, § 804, as added Pub. L. 95–109, Sept. 20, 1977, 91 Stat. 876.)

What This Law Means

After reading the statute there are some things that are very clear and must be followed by the tracer (information in bold indicates the way we train our tracers):

• The tracer must identify themselves (a first name ending in “ie” or “y” such as Bobby, Judy, Ronnie or Suzy).

• The tracer must state they are attempting to confirm or correct location information, “I am trying to get in touch with your brother Randy.”

• The tracer must not identify their employer unless the third party specifically requests that information. If asked by the third party the tracer must give the full and legal identity of their employer. If the tracer uses an acronym that acronym must be properly registered pursuant to state statutes. Depending on circumstances, Collection Services International or CSI Group.

• The tracer must never directly state or imply in any way that the consumer owes a debt even if directly asked by the third party.

Third Party: “Is this regarding a debt?”
Tracer: “That is a very strange question, why would you ask me that?”
After the third party answers, the tracer follows with the single word “Really” and asks the third party another question.

• The tracer is limited as to how many contacts they can make with a third party. So no matter the outcome of the conversation, whether the third party gave valid information or not, the tracer always closes the call the same way.

Tracer: “Thank you very much, you gave me just the information I needed. May I contact you again next week/two weeks/month to see if you have heard from Randy?”

• If the tracer is using any type of written communication by snail mail, text or e-mail, they must be extremely cautious and follow the applicable parts of section 804 very closely.

• If the tracer is told by any third party that the consumer is represented by an attorney and provided the attorney’s name and contact information, the tracer MUST attempt contact through the attorney before contacting any other parties in the tracing process.

These are the provisions a tracer must follow when contacting third parties to trace a consumer for payment.

One final point a tracer must be aware of is the definition of “location information.” By looking in the definition section of the FDCPA, we find the term “location information” means a consumer’s place of abode, his/her telephone number at such place or his/her place of employment. It has been made very clear by case law that if the tracers ask for any information not within this limited parameter it could easily be viewed as a violation. So yes, asking for the phone number at the place of business is viewed as a violation.

In the next issue we will look closely at what laws apply to a cybertracker when tracing consumers.

Ron Brown is a member of the National Association of Fraud Investigators and the author of “MANHUNT: The Book.” Contact him at This email address is being protected from spambots. You need JavaScript enabled to view it..