Sheffield Council exposes details of 8.6 million road journeys to the internet

News

As debates rage about the ethics of apps tracking people to help understand and combat the spread of COVID-19, incompetence is as big a worry as ill intent.

Concerns about the potential misuse of data or data falling into the wrong hands and potential threats to democracy have lead to a lot of soul searching during the pandemic.

While the Sheffield project was not set up to deal with COVID-19, it illustrates the pitfalls of improperly deployed tracking technology.

According to a report in The Register, Sheffield City Council’s management dashboard for the ANPR camera system could be accessed simply by entering the system's IP address into a web browser.

No login details or authentication was needed, according to the report, to search the live system which logs where and when vehicles, identified by their number plates, travel through city’s road network.
Sheffield is a city in the north of England.

Joint responsibility

Tony Porter, the UK’s Surveillance Camera Commissioner, (who knew?) said the lapse was "both astonishing and worrying," and demanded a full probe into how it happened.

Eugene Walker, Sheffield City Council's executive director of resources, together with Assistant Chief Constable David Hartley of South Yorkshire Police, told The Register, “We take joint responsibility for working to address this data breach. It is not an acceptable thing to have occurred.

“However, it is important to be very clear that, to the best of our knowledge, nobody came to any harm or suffered any detrimental effects as a result of this breach.”

Part of the issue is that they wouldn’t necessarily know, and not yet or not known doesn’t mean no detrimental effects.