![](\"https:\/\/media.wired.com\/photos\/5d531c0bec9b530008edcd96\/master\/pass\/California-Null-530089423.jpg\"\/)
<\/p>\n<\/p>\n
Credit to Author: Brian Barrett| Date: Wed, 14 Aug 2019 00:51:05 +0000<\/strong><\/p>\n Joseph Tartaro never <\/span>meant to cause this much trouble. Especially for himself.<\/p>\n In late 2016, Tartaro decided to get a vanity license plate. A security researcher by trade, he ticked down possibilities that related to his work: SEGFAULT, maybe, or something to do with vulnerabilities. Sifting through his options, he started typing \u201cnull pointer,\u201d but caught himself after the first word: NULL. Funny. \u201cThe idea was I\u2019d get VOID for my wife\u2019s car, so our driveway would be NULL and VOID,\u201d Tartaro says.<\/p>\n The joke had layers, though. As Tartaro well knew, and as he explained in a recent talk at the Defcon<\/a> hacker conference, \u201cnull\u201d is also a text string that in many programming languages signifies a value that is empty or undefined. To many computers, null is<\/em> the void.<\/p>\n That setup also has a brutal punch line\u2014one that left Tartaro at one point facing $12,049 of traffic fines wrongly sent his way. He\u2019s still not sure if he\u2019ll be able to renew his auto registration this year without paying someone else's tickets. And thanks to the Kafkaesque loop he\u2019s caught in, it\u2019s not clear if the citations will ever stop coming.<\/p>\n In his Defcon talk, Tartaro played up the idea<\/a> that he had initially hoped a NULL plate might get him out of tickets\u2014that, once fed into the database of offenders, the violation quite literally would not compute. But he says now that pranks weren\u2019t actually his initial focus. If anything, he was surprised that the California DMV website let him register NULL in the first place.<\/p>\n That first year as a NULL driver was uneventful. But when it came time to renew in 2017, the DMV website no longer accepted NULL as an option. \u201cIt broke the website,\u201d Tartaro says. Specifically, the site told him that the license plate and vehicle identification number he had entered, knows as the VIN, were invalid. But Tartaro was still able to use a reference number to renew. He didn\u2019t think much more of it.<\/p>\n He also didn\u2019t think much of the ticket he got in early 2018, for not having the appropriate registration sticker on his license plate. Tartaro suspects someone scraped it off to use on their own car. He thought about fighting it, but the fine was only $35, so he decided to just pay it and move on with his life.<\/p>\n Then came the citations. Dozens of them, deposited in bulk to his mailbox. Parking violations, stand-stop violations, fines of $37, $60, $74, $80, from Fresno to Rancho Cucamonga. \u201cI\u2019ve never been to Fresno,\u201d Tartaro says of the California city.<\/p>\n Nor had Tartaro gone on a statewide, parking-related crime spree. Instead, by paying that $35 ticket, it appears that a database somewhere now associated NULL with his personal information. Which means that any time a traffic cop forgot to fill in the license plate number on a citation, the fine automatically got sent to Joseph Tartaro.<\/p>\n The tickets were for Hondas, Toyotas, Mercedes vehicles. (Tartaro has an Infiniti.) At one point, Tartaro says, he received two tickets written at Cyprus College within hours of each other\u2014for two different vehicles. He would have had to swap the registration during his lunch break. Worse yet, the incoming citations seemed to apply retroactively.<\/p>\n \u201cI have tickets from 2014,\u201d Tartaro adds. \u201cI didn\u2019t have the plate back then.\u201d<\/p>\n The fines were all sent by a private company called the Citation Processing Center, which, well, processes parking citations. But calling them, Tartaro says, proved fruitless. \u201cI reached out to this company, and they\u2019re basically saying that I have to prove without a doubt that these hundreds of tickets aren\u2019t mine. Trying to speak to a manager went nowhere. He\u2019s like, you\u2019ve got to mail all these back to us.\u201d<\/p>\n Tartaro declined, worried about potentially losing the paper record of the misallocated fines. But the next day, he says, he noticed something odd in the public online listing<\/a> of citations maintained at the Citation Processing Center\u2019s website. He had given them an example of a specific ticket he had gotten that implicated a Honda. Online, that record had been changed to an Infiniti with Taranto\u2019s VIN. Taranto shared a side by side comparison of his paper copy and the apparently altered database version as part of his Defcon talk<\/a>.<\/p>\n \u201cAfter I had the phone call, directly after the phone call, those same tickets where I still have the physical printouts in front of me right now that say their make and model were modified,\u201d Tartaro says. A Citation Processing Center employee said that while she was aware of Tartaro\u2019s situation, the company was unable to comment.<\/p>\n Tartaro next turned to the DMV, which he says worked with the Citation Processing Center to void out the bulk of tickets that had errantly come his way. That successfully got the amount owed down to $6,262 as of last weekend, but didn\u2019t solve the core problem. More tickets continued to trickle in. The database still had him pegged.<\/p>\n Even through all this, Tartaro remained mostly unconcerned. The CPC was just a private company; he could keep working with the DMV to void the fines as they came in, which was an annoyance but not a catastrophe. He had successfully registered his car the previous year despite CPC citations piling up. But just days before Defcon, according to Tartaro, he says he received a notice that the California DMV would not let him renew his registration unless he actually paid some of those fines.<\/p>\n \u201cNow that the DMV is enforcing these tickets that are falsified, it changes everything,\u201d he says. \u201cAt the moment, I cannot reregister my vehicle without paying the tickets. But I can\u2019t pay the tickets because it admits guilt, and the minute I admit that it opens me up to all the other tickets. I\u2019m basically in a really bad situation.\u201d<\/p>\n The situation has improved somewhat in recent days, at least. Tartaro calculates that tickets assigned to his car still tallied over $6,000 when he last checked on Sunday. When WIRED looked up the NULL plate in the CPC database Tuesday, after asking the company about the charges, it showed only $140 worth of tickets remaining\u2014both from Fresno.<\/p>\n Tartaro doesn\u2019t see this as much of a reprieve. He\u2019s glad the tickets have vanished, but he would still need to pay $140 to reregister his car. And there\u2019s no guarantee that more fines won\u2019t show up along the way.<\/p>\n It\u2019s also hard to know where to turn for resolution. \u201cMr. Tartaro\u2019s situation appears to stem from policies set by local parking authorities\u2014which the DMV has no control over,\u201d California DMV spokesperson Marty Geenstein said. \u201cFrom the DMV\u2019s perspective, our system recognizes his personalized plate and shows he is eligible to renew his registration online.\u201d Assuming he pays the fee.<\/p>\n Prank or not, Tartaro was playing with fire by going with NULL in the first place. \u201cHe had it coming,\u201d says Christopher Null, a journalist who has written previously for WIRED<\/a> about the challenges his last name presents. \u201cAll you ever get is errors and crashes and headaches.\u201d<\/p>\n If anything, Null says, the problem has gotten worse over the years. \u201cThe \u2018minimum viable product\u2019 concept has pushed a lot of bad code through that doesn\u2019t go through with the proper level of testing,\u201d Null says, adding that anyone affected is inevitably an edge case, a relatively small problem not worth devoting a lot of resources to fix. Null has himself had to deal with countless annoyances, from American Express dropping his last name altogether, to Bank of America refusing to accept emails from his "nullmedia.com" domain.<\/p>\n Still, Tartaro says he\u2019s determined to keep his problematic license plate, and not just as a point of pride. \u201cI still have tickets associated with me. The moment I change my plate I just know it\u2019s going to be even more convoluted, and more confusing,\u201d he says. \u201cI didn\u2019t feel comfortable changing it until I knew it was actually solved.\u201d<\/p>\n