If it flags you wrong once, you have the receipt for next time.
An automated license-plate reader can flag you wrongly today, and flag you again next week — because the record they cited the first time is cached across agencies that may never receive a correction. Your dashcam, your phone audio, your stop record, your resolution-attempt log: anchored to a public chain that outlives the device, the vendor, and the agency.
An ALPR can flag you wrong this week and again next week. AAM is the receipt that outlives the device, the vendor, and the cached error.
- The propagation problem. A bad ALPR read can cite a record cached across agencies that may never receive a correction. The next agency to query the same plate may surface the same wrong flag — without ever hearing about the correction.
- Operator-anchored evidence. Your dashcam, your phone audio, your stop record, your resolution-attempt log — anchored to a public chain that outlives the device, the vendor, and the agency database state.
- Five Knox event types. alpr_plate_observed_assertion · alpr_hot_list_match_emitted · alpr_driver_evidence_anchored · alpr_resolution_attempt_recorded · alpr_data_correction_propagated.
- For the next stop. Replayable from any device, in any court, by any counsel. Architecturally aligned with FRE 902(13)/(14) self-authentication.
- Posture. Defensive-only. Bonis records what the operator captured; never accesses the ALPR system, never spoofs plates, never advocates as policy.
One uncorrected upstream record. Many stops on the same driver.
The story keeps repeating. A court enters a record. A character is mistyped. The bad row propagates through the license-plate-reader network to dozens of agencies. The local police department that pulled you over admits the alert was wrong — and then admits they have no way to clear it from the wider hot-list. Next week, a different agency makes the same stop, on the same alert, on the same uncorrected record.
The audit log that would prove the pattern of harm sits inside the vendor’s own systems. You don’t have a copy. The local department doesn’t have the network- wide copy. The originating county sometimes won’t even tell you the suspect’s name you would need to clear your own record, citing an ongoing investigation. The cached row keeps firing.
What you have, on your side, is your dashcam, your phone, and your memory of the conversation. None of those are, by themselves, a chain of evidence the next agency to stop you will recognize. They become a chain when the SHA-256 hash of each is anchored to a public timestamp at the moment it was captured — when the original file no longer needs to leave your custody to prove it existed at the time it claims.
Cherry Hills Village, Colorado.
A driver in Cherry Hills Village, Colorado has been repeatedly stopped because of a hot-list entry tied to a court data-entry error originating in Gilpin County — the county confused his plate with a wanted man’s, and Colorado plates use both the letter O and the numeral 0, so character confusion at data-entry is structurally easy.
Cherry Hills Village PD admitted the alert was wrong and suppressed it in their own system. They had no path to remove him from the wider multi-agency network. The originating county’s court and sheriff’s dispatch told him he needs the suspect’s name to clear his own record, and that they cannot share it. He keeps getting pulled over.
The case is reported by 9news.com (Denver, Colorado). It is cited here only as a publicly reported pattern — not as a relationship. No engagement with Mr. Dausman, his counsel, Cherry Hills Village PD, Gilpin County, or any vendor is implied or claimed. The architectural reading is that a driver-side anchored chain — dashcam, audio, stop record, and resolution-attempt log — is the layer that does not depend on any agency or vendor finally fixing what is broken upstream.
Each becomes a Knox event. Each becomes a receipt.
The audit primitive is small and content-addressable. Five interaction shapes map to canonical Knox event types — each a SHA-256 commitment over an artifact you control, each anchored to a public chain you do not control.
Your dashcam clip of the stop. Your phone audio of the conversation. The photograph of the citation or the alert text. Compute the SHA-256 on your device, post the hash, keep the file. The receipt outlives the device.
Every call to the originating county. Every email to dispatch. Every contact with the vendor. The cumulative record of attempts to clear an alert known to be wrong is anchored — so the pattern of unsuccessful resolution attempts is provable from the chain alone.
If you have a copy of the alert text the officer recited — read off a screen, written in the citation, recorded by the dashcam — anchor that too. The chain records what the system claimed at the moment of the stop, separately from what was true.
If you receive a FOIA response, an agency disclosure, or a court production showing how the cached match propagated to the agency that stopped you — anchor each artifact at the moment it lands in your custody. Chain-of-custody becomes a verification step, not a credibility contest.
If, finally, the originating county fixes the upstream record — and an agency confirms the correction reached them — anchor the confirmation. The gap between when the upstream fix happened and when each downstream agency stopped acting on the bad cached row is the measurable harm window.
Five questions a chain answers that memory cannot.
The same five questions decide every wrongful-stop matter, every harassment-pattern complaint, every civil-rights inquiry that follows from a repeat ALPR-driven stop. Each is answerable from the chain alone — without re-trusting the vendor, the agency, or the originating record.
When did the driver first know the record was wrong?
The first anchored stop receipt establishes the date the driver acquired knowledge of the bad cached row. Every subsequent stop is the second, third, fourth event in a documented pattern — not a one-off.
What did the system claim, and when, and where?
The dashcam-clip anchor and the alert-text anchor commit the system’s claim at the moment of the stop. The vendor’s own log cannot be silently rewritten without the public-chain copy diverging detectably.
Has the driver attempted to resolve it, with whom, when?
The resolution-attempt anchors record every contact with court, dispatch, vendor, and agency. Cumulative count and timeline of unsuccessful attempts is provable, not testified-to.
Did the chain-of-custody for the dashcam, audio, or photograph hold?
The receipt at moment-of-capture is on a public chain. Verification does not require the device, the dashcam vendor, or any cloud provider to be online or cooperative. The architectural target is FRE 902(13) and 902(14) self-authentication; admissibility in any matter remains a determination of the presiding court.
If the originating record gets fixed, when did the fix actually reach each agency?
The data-correction-propagation anchor records the moment the correction reached each downstream agency. The gap between upstream-record-fixed and downstream-cache-cleared — sometimes a permanent gap — is the measurable window in which harm continued.
What anchoring gives you that nothing else does.
You keep the file
The dashcam clip, the audio, the photo never leaves your device. Only the SHA-256 hash is sent to the public anchor endpoint. The hash reveals nothing about the content of the file. The file stays where you put it.
The receipt outlives the device
The receipt is published to the Bitcoin blockchain via OpenTimestamps. If the dashcam fails, the phone is lost, the cloud account is closed — the receipt remains independently verifiable as long as the Bitcoin chain remains.
Tamper-evident architecture
Anchors and the affidavits derived from them are architected to meet the self-authentication requirements of FRE 902(13) and 902(14). Admissibility in any given matter remains a determination of the presiding court; the structural requirements are met by construction.
Post-quantum resilient
Driver-side commitments may carry post-quantum signatures via Knox Agent #11 Layer 4 — ML-DSA-44 / 65 / 87 (NIST FIPS 204) and SLH-DSA-128s / 192s / 256s (NIST FIPS 205). The receipt remains verifiable under threat models that assume future quantum-capable adversaries — relevant for civil-rights records that may be litigated decades after the originating stop.
Independent of vendor and agency
Verification does not require Bonis, the ALPR vendor, the dashcam vendor, or any agency to be online, in business, or cooperative. The receipt is a public-chain commitment; anyone can verify it.
Pattern of harm becomes provable
Single-incident dashcam footage establishes one stop. Anchored receipts across multiple stops establish a pattern — when the driver first knew the record was wrong, how many times the same bad cached row fired, and how many resolution attempts went unanswered.
One HTTP call per artifact. The file never leaves your device.
You do not have to wait for a Bonis driver app to ship. The public anchor endpoint is already live. Any device that can compute a SHA-256 hash and issue an HTTP POST can pair its evidence stream with Knox today — phone, laptop, dashcam-companion software, or your lawyer’s case- management system.
Audit-permanence, not counter-surveillance.
Bonis does not access ALPR cameras, does not read or transmit camera feeds, and does not provide plate-spoofing, plate- obscuring, license-plate-cover, detection-evasion, or counter-surveillance tooling of any kind. Bonis does not advocate against ALPR programs as policy. Bonis does not write to courts, agencies, or vendors on your behalf. The audit primitive is invitational — you instrument your own emit path. What lawful authority — your counsel, the court, the regulator, the originating agency — does with the resulting evidence is decided by lawful authority. The evidence layer is yours.