License plates are crazy from a privacy standpoint. We’d riot if the government made us wear a badge with our name on it every time we left the house. But bolting a permanent unique identifier to our car? Totally normal.

Now there are ALPR (automatic license plate reader) networks everywhere, public and private, logging everything. Check deflock.org for the USA picture. From plate data + camera feeds (public or insecure private ones) you can infer where someone lives, works, when they’re not home, who they meet. Some countries even let you query the vehicle registry directly from the plate.

I don’t think accountability for cars is necessarily wrong. If you rear-end someone and flee, it’s fair they can identify you. I just don’t think we need to trade mass surveillance for that. Cryptography exists.

A basic scheme

Every day you generate a random string $$r$$, compute $$H(r)$$, and get it blind-signed by an issuing authority (they sign without learning what they’re signing: Chaumian blind signatures, same as ecash). You put $$r$$ on your e-ink plate as a QR code, along with the signature. Anyone can verify: hash the preimage, check the signature. If you cause an accident, the witness notes $$r$$ and can prove they saw your plate. To find out who you are, they go to court, the authority looks up who requested the blind signature for $$H(r)$$. No public link between your plate and identity.

Already way better than today.

Problems and improvements

Daily rotation is too slow. Cameras still build a full-day profile. Rotate every 5–10 minutes instead. Eric Rescorla arrived at a similar scheme and explores the tradeoffs well, including how the authority can precompute a lookup table for all vehicles and time windows cheaply enough that de-anonymization doesn’t require your cooperation.

The authority is still a chokepoint. Whoever registers you and creates the $$H(r) \to \text{identity}$$ link already knows both sides. Threshold encryption of the stored record is a governance improvement (requires $$k$$-of-$$n$$ parties to cooperate, auditable) but not a fundamental one. The registrar still has the information at creation time. The real protection is legal process + the fact that passive surveillance is broken. That’s already a big deal compared to today, but it’s not zero-trust.

The cryptography is production-ready. The gap between “solved” and “deployed” is almost entirely political.

https://stacker.news/items/1499201