The DMV Layer: Upstream of the Broker Tier — ObscureIQ

Spoke Document 09 · Upstream Source Analysis

The DMV Layer: Upstream of the broker tier.

State DMVs collected at least $282 million in 2024 by selling driver data to brokers, investigators, insurers, and parking enforcers. The DPPA was named the Driver's Privacy Protection Act. In practice it became the legal cover for what it was supposed to prevent. This is the upstream source for everything documented across the hub.

Published May 2026 · Confidence B2 · Est. reading time 14 minutes · License Plate Surveillance Spoke 01

The Central Argument

The broker layer documented in Document 04, the consumer-accessible web tier in Document 05, and the DPPA framework discussed across the hub all depend on a single upstream source: state DMVs selling driver records under the 14 statutory permissible-use exceptions to the Driver's Privacy Protection Act. InvestigateTV's October 2025 investigation produced the first comprehensive revenue picture from public-records requests to all 50 state DMVs. From the 23 states that disclosed detailed totals for fiscal year 2024, at least $282 million was collected. The DPPA was designed to prevent this. The 14 permissible-use exceptions, combined with contractual-compliance language that has been weaponized through three decades of litigation, transformed a privacy statute into the legal scaffolding for the data broker economy. Only three states permit consumer opt-out.

What this spoke does. The main eight-document series traces the ALPR ecosystem from vendor structure (Document 01) through to defensive doctrine (Document 08). This spoke goes deeper on the upstream source. The broker layer cannot function without the DMV data feed. The DMV data feed runs under the DPPA. Understanding how a 1994 privacy law became a 2026 monetization scaffold is foundational to understanding the rest of the hub.

The upstream question.

The Atlas treats Accurint (VND·007), TLOxp (VND·005), CLEAR (VND·009), and Tracers (VND·008) as Tier 1 broker-layer vendors. Document 04 describes them as the most accessible buy-path tier in the surveillance ecosystem. Document 05 traces a parallel consumer-tier ecosystem of free plate-lookup sites. The Atlas, Two Stacks, and Monetization Pressure analyses all treat these vendors as established facts of the market.

None of these analyses asked the question that this spoke addresses: where does the underlying data actually come from?

The answer is upstream. The broker layer aggregates from many sources, but the foundational plate-to-identity record almost always traces back to one place: the state department of motor vehicles. When you register a vehicle or apply for a driver's license, you provide name, address, phone number, driver identification number, and a record of your driving history. That record becomes a database row. The DMV is the original holder. Everything downstream is a reseller, an aggregator, or an inferrer.

InvestigateTV's October 27, 2025 investigation produced the first comprehensive picture of how this data moves from the DMV to the broker layer. The picture is not subtle. State DMVs are openly selling driver records to private investigators, debt collectors, data brokers, insurers, automakers, parking enforcers, and any other entity that can claim one of the 14 statutory permissible-use exceptions to the Driver's Privacy Protection Act.

From the 23 of 50 state DMVs that provided detailed fiscal-year-2024 records to InvestigateTV's public-records request, the disclosed total was $282 million. The remaining 27 states either refused to disclose, demanded thousands of dollars in processing fees, or claimed it would take thousands of staff hours to compile the records.

The DPPA was named the Driver's Privacy Protection Act. In 2024, twenty-three state DMVs collected $282 million selling driver data under its permissible-use exceptions.

The DPPA architecture.

The Driver's Privacy Protection Act of 1994 (18 U.S.C. § 2721 et seq.) was enacted in direct response to a documented harm pattern. In 1989, actress Rebecca Schaeffer was murdered at her home by a stalker who had hired a private investigator to obtain her unlisted address from California DMV records. Congress passed the DPPA five years later. The stated purpose was to protect drivers from violent crime by restricting third-party access to motor vehicle records.

The structural design did the opposite. The statute restricts disclosure as a general rule but then enumerates 14 exceptions, known as "permissible uses." Within these 14 categories, disclosure is permitted by default. The exceptions are broad, internally undefined, and self-certified by the requesting party.

18 U.S.C. § 2721(b) · Permissible Uses

The fourteen DPPA-permissible purposes

Personal information may be disclosed for use by:

Government agencies in their functions
Motor-vehicle safety, theft, and emissions matters
Auto product alterations and recalls
Legitimate business need: identity verification
Court, agency, or self-regulatory body proceedings
Research activities
Insurance underwriting and claims
Notification of towed or impounded vehicle owner
Licensed private investigators acting in DPPA-permitted matters
Use by employers to verify commercial driver information
Use in connection with private toll transportation
Use by any requester with written consent of the individual
Bulk distribution for surveys, marketing (opt-in required)
Other uses specifically authorized by state law

The architecture matters because it inverts the default. A general prohibition with 14 broadly worded exceptions, none of which require third-party verification before disclosure, is structurally a permission framework. The DMV, as the disclosing entity, is not required to confirm that the requester's claimed purpose is genuine. The requester self-certifies. The DMV honors the self-certification. The data flows.

Two design features compound the issue. First, the statute contains a private right of action with liquidated damages of at least $2,500 per violation. This was intended as enforcement teeth. In practice, as the next section shows, it became a litigation vector through which the protection was hollowed out. Second, the statute permits states to charge fees to cover the cost of providing records. The fee structure created a financial incentive for state DMVs to maximize, not minimize, third-party access.

James Lee of the Identity Theft Resource Center told InvestigateTV the operative reality: "There are reasons you can get the information, and there are organizations that have access to the information, and in every case, states sell that information." The DPPA limits who can buy. It does not stop states from selling.

III

The weaponization.

Three decades of litigation have established the legal scaffolding through which the DPPA's exceptions became the operating norm rather than the limited carve-out the statute's text implied. Four cases anchor the trajectory.

2021 · Settlement · W.D.N.C.

Gaston v. LexisNexis Risk Solutions · Case No. 5:16-cv-00009 (W.D.N.C., final approval May 24, 2021)

$5.13M settlement · Crash reports established as DPPA-protected motor vehicle records

North Carolina plaintiffs alleged that DMV-349 crash reports containing their personal information had been transmitted from local law enforcement to the NC DMV, then accessed and resold by LexisNexis Risk Solutions and its subsidiary PoliceReports.US LLC to law firms and auto repair shops for marketing solicitation. After five years of litigation, the court held that DMV-349 crash reports are "motor vehicle records" under the DPPA and the disclosure occurred without permissible purpose. LexisNexis agreed to prohibit using crash reports purchased through its e-commerce web portal for marketing or solicitation, but disagreed in its public statement that the DPPA applied to crash reports at all.

2021 · Dismissed · W.D.N.C.

Hensley v. City of Charlotte · 2021 U.S. Dist. LEXIS 146752 (W.D.N.C. Aug. 2021)

The contractual-compliance loophole established

A nearly identical fact pattern to Gaston, but the case was dismissed on the pleadings. The court held that because the contract between the City of Charlotte and LexisNexis/PoliceReports.US "explicitly required that PRUS/LexisNexis use the information subject to the obligations of federal law," the disclosure was insulated from DPPA liability regardless of what the data was actually used for downstream. The plaintiff received marketing solicitations from law firms after his crash report was made available through the LexisNexis website. The court found this did not "plausibly state a DPPA claim" because compliance with federal law was a required contract term.

This is the structural loophole. Contractual language requiring DPPA compliance defeats DPPA claims even when actual downstream misuse occurs. The data flow itself becomes legally insulated by the contractual recital, irrespective of what the downstream actor does with the data.

2025-2026 · Active · D. Md.

Lucas v. Carfax, Inc. · Filed Feb 25, 2025; motion to dismiss DENIED March 2026 by Judge Julie R. Rubin (D. Md.)

The contractual-compliance insulation may be cracking

A Maryland plaintiff alleges Carfax purchased his crash report from law enforcement and then resold the report to third parties without verifying their permissible purpose under the DPPA. Carfax's database is alleged to contain over 1.5 million police reports sourced from more than 5,000 police departments. The complaint alleges Carfax routinely obtains and sells personal information from motor vehicle records for its own commercial benefit, in violation of federal law.

The significance is procedural and forward-looking. In March 2026, Judge Rubin denied Carfax's motion to dismiss, holding that the plaintiff "plausibly alleged Carfax obtained and sold his DPPA-protected information for an impermissible purpose under the statute." The court refused to apply the Hensley-style contractual-compliance insulation at the pleadings stage. Discovery will determine whether Carfax verified downstream permissible purpose. The case is now the leading current vehicle for testing whether the Hensley insulation pattern survives a contested factual record.

2024-2026 · Multiple active suits

Parking-management DPPA class actions · Multiple jurisdictions

A new vector targeting the "normal course of business" exception

Between 2024 and 2026, multiple class actions have been filed against parking-management companies that obtain DMV data to mail parking citations: Metropolis Technologies (June 2024), Municipal Parking Services (July 2024), Peoples Auto Parking Company (October 2024), and Park Happy (January 2025). The suits allege that use of DMV data in this context falls outside the "normal course of business" permissible-use exception in the DPPA. The cases are at varying stages.

Parking enforcement is a useful test of the DPPA's structural design because the entity using DMV data is neither a law enforcement agency nor a credentialed investigator. It is a private company conducting routine business operations using data the DMV sold under a permissible-use claim. Whether the courts hold that this falls inside or outside the "normal course of business" exception will substantially shape what other commercial uses are reachable through DPPA litigation.

The combined effect of these cases is a doctrinal landscape where the original protective architecture has been transformed into a system of contractually-mediated data commerce. Plaintiffs prove harm but cannot always recover because the upstream contracts recite compliance. Settlements like Gaston produce business-practice changes for individual defendants but do not change the underlying legal framework. The Carfax denial of motion to dismiss is the closest current signal that the framework may be reaching its limit, though discovery and trial remain ahead.

The state revenue picture.

InvestigateTV filed public-records requests with all 50 state DMVs in 2025 asking for the total revenue collected from selling driver data, the entities buying that data, and whether consumers could opt out. Thirty-five states responded with some information; 23 provided detailed fiscal-year-2024 totals. The disclosed total across those 23 states was $282 million. The largest disclosed state revenue figures:

State	FY2024 Revenue	Notes
Michigan	$81M+	Fee breakdown total provided; claimed 1,600 staff hours required to compile the full picture of buyers and amounts.
Georgia	$53M	Leading state among those that responded with detailed fiscal-year-2024 totals.
California	$49M	State cites costs of providing the information. Records show sales to data brokers, insurers, towing companies, automakers, and universities.
Indiana	$25M	State is required by law to release annual totals.
Ohio	$20M	Records show data sold to 289 companies.
Other 18 disclosing states	~$54M	Combined remainder of the 23 states that provided detailed FY2024 totals to InvestigateTV.
23 disclosing states total	$282M+	As of early October 2025. 27 states did not provide detailed totals.

$500M+

Plausible national annual revenue Twenty-three disclosing states generated $282 million in FY2024. As the next subsection shows, earlier journalism documents that several non-responding states are also active sellers — North Carolina alone has averaged $41 million per year in driver-data revenue per a 2021 WCNC analysis of public records. The plausible national figure is $500 million to $700 million annually, and possibly higher. The exact number is unknown because non-disclosing states have made it expensive or impossible to compile.

States that did not provide detailed totals used three strategies. Michigan acknowledged the existence of the data but said 1,600 staff hours would be required to compile it. New York demanded nearly $2,000 in processing fees. Virginia said it had no records of totals but estimated up to $1,000 in fees to produce them. The Virginia DMV's accompanying statement asserted that the agency "does not provide or sell consumer information for soliciting or making purposes" and that "Virginia has some of the strictest laws in the nation concerning the release of customer information." Whether the statement is consistent with the underlying revenue figures is unverifiable without compelling disclosure.

State DMVs largely reject the framing that they are "selling" driver data. They typically frame the practice as charging fees authorized under the DPPA to cover record-maintenance costs. The fee-versus-sale distinction is, in practical effect, semantic. The DPPA permits fees; the fees are structured in ways that produce material annual revenue; the entities paying the fees are commercial buyers who resell or use the data for downstream commercial purposes. Whether the receipts are categorized as "fees" or "sales" does not change the economics or the data flow.

Below the disclosure line

Earlier journalism documents that several states which did not respond to InvestigateTV with detailed FY2024 totals are themselves active sellers of driver data. The historical figures do not directly reconcile to the FY2024 frame, but they establish a clear point: the non-responding states are not non-selling states. They are non-disclosing states. The actual national market is materially larger than the $282 million InvestigateTV could verify.

State	Documented Revenue	Period · Source
North Carolina	$123M (~$41M/yr)	~2018-2020, three-year total · WCNC Charlotte 2021 analysis of state public records
Florida	$77M	2017 · WXYZ Detroit; documented separately by Vice (Joseph Cox) September 2019
Wisconsin	$17.1M	FY2018, up from $1.1M in 2015 · State's own DMV Facts and Figures via Vice 2019
South Carolina	~$49M (~$16M/yr)	~2018-2020, derived from WCNC NC+SC combined total of $172M over three years
Texas	$3M+	2019 · CBS DFW investigation · See "The Texas Paradox" below
Rhode Island	~$384K (~$96K/yr)	2015-2019, four-year total · Vice (Joseph Cox) 2019 via public records

The figures span different reporting periods and use different fiscal definitions. They are not strictly comparable to InvestigateTV's FY2024 frame. They establish, instead, that the practice is durable and geographically widespread. Wisconsin's documented growth from $1.1 million in 2015 to $17 million in 2018 is particularly notable as a trajectory indicator: state DMV data revenue has been rising sharply in at least one documented case, and there is no obvious reason to expect the pattern to be unique to Wisconsin.

The Texas paradox

The most analytically interesting figure in the documented data is not the high-end states. It is Texas at the low end. CBS DFW documented in 2019 that the Texas Department of Motor Vehicles made "more than $3 million" in that year selling drivers' personal information. For the second-largest US state by population, that figure is striking.

$0.10

Texas DMV data revenue per resident · 2019 Texas (~30M residents) generated approximately $0.10 per resident in DMV data revenue in 2019. By contrast: Georgia ($53M / 10.7M residents = ~$5.00/resident, FY2024) generated roughly 50 times more per capita. Indiana ($25M / 6.8M residents = ~$3.68/resident, FY2024) generated roughly 37 times more per capita. California ($49M / 39M residents = ~$1.26/resident, FY2024) generated roughly 13 times more per capita.

The Texas outlier admits several interpretations. The state may genuinely operate a less aggressive DMV-data commerce program. It may charge substantially lower per-record fees. It may not maintain the institutional bulk-buyer relationships that drive revenue in states like Georgia. The 2019 figure may be incomplete relative to current activity. Or the disclosure itself may have been partial in a way the CBS reporting could not surface. The state's non-response to InvestigateTV's 2025 request makes a current verification unavailable.

Whichever interpretation holds, the Texas case is the analytically interesting outlier in the documented data. The most populous non-responding state shows the lowest per-capita revenue of any documented state by orders of magnitude. For institutional buyers and policy researchers, the Texas pattern raises a structural question the rest of the documented data does not answer: what explains the variance? Is the variance about state policy choices, about institutional buyer presence, about per-record pricing, or about something else? The answer matters because it determines whether the high-revenue states represent the inevitable trajectory of the practice, or whether the low-revenue states represent a politically reachable alternative path.

The buyer layer.

InvestigateTV's analysis of the responding states' purchaser lists identified the same vendor at the top of the buyer rankings in nearly every state analyzed: LexisNexis. The dominance is structural. LexisNexis Risk Solutions operates the Accurint investigative search platform, which is the buy-path Tier 1 anchor in Document 04's accessibility matrix. The Atlas catalogs Accurint as VND·007. Tracing the broker layer upstream produces a clear answer: the broker layer's plate-to-identity records originate, in substantial part, at LexisNexis's purchase counter at state DMVs across the United States.

LexisNexis Risk Solutions

Atlas VND·007 (Accurint) · Leading buyer

Leading buyer of state DMV data in nearly every state InvestigateTV analyzed. Operates Accurint (the Tier 1 investigative broker covered in Document 04), Coplogic Solutions (crash-report-related services), Claims Solutions, and PoliceReports.US LLC (now a LexisNexis subsidiary, central to the Gaston litigation).

Settled the Gaston class action in 2021 for $5.13 million while disputing the DPPA's application to crash reports. The settlement included business-practice changes prohibiting use of crash reports purchased through the e-commerce web portal for marketing or solicitation purposes.

Carfax, Inc.

Active DPPA litigation · Mar 2026 MTD denied

Spent millions of dollars buying data from state DMVs in 2024. Database includes vehicle history reports plus crash reports allegedly sourced from over 5,000 police departments nationwide. Operates Carfax-owned platforms including CrashDocs.org and CarfaxForClaims.com.

Defendant in Lucas v. Carfax (D. Md. Feb 2025), with motion to dismiss denied March 2026. The case is the most consequential active DPPA litigation testing the contractual-compliance insulation doctrine established in Hensley. Carfax has publicly disputed that the DPPA limits access to crash reports.

Auto Insurers and Insurance Aggregators

Permissible-use exception

Insurance underwriting and claims is one of the 14 explicit DPPA permissible-use exceptions. Auto insurers and insurance-data aggregators are among the largest single categories of state DMV data buyers across responding states. The use case is structurally legitimate: rating accuracy depends on driving-record data. The structural concern is the aggregation effect downstream of that legitimate use.

Parking-Management Companies

Emerging litigation vector

Metropolis Technologies, Municipal Parking Services, Peoples Auto Parking Company, and Park Happy are all defendants in active DPPA class actions filed 2024 to 2025. The companies obtain DMV records to mail parking citations to vehicle owners. The cases will determine whether routine parking enforcement falls inside or outside the DPPA's "normal course of business" exception.

Private Investigators

Explicit DPPA permissible use

Licensed private investigators acting in DPPA-permitted matters constitute one of the explicit 14 permissible uses. PIs are subject to state licensing, contractual access agreements with state DMVs, and audit obligations. As Arizona PI Rich Robertson told InvestigateTV, the access carries real obligations and accountability requirements that vary by state but are non-trivial.

Automakers and Auto-Industry Data Buyers

Product/safety exception

Auto product alterations and recalls is one of the 14 DPPA permissible uses. Automakers and tier-one auto suppliers purchase state DMV data for what is nominally recall and safety-product targeting. State AGs in Montana, Indiana, and Nebraska have opened 2025-2026 investigations into Ford, Stellantis, GM, and OnStar over potential collection and sale of personal driving data to third parties including insurance companies.

The buyer layer is not exotic. It consists almost entirely of mainstream commercial entities operating within the DPPA's stated permissible-use framework. The structural problem is not bad actors operating outside the law. The structural problem is that the law's stated framework, operating as designed, produces a $282-million-plus annual market for driver data and a downstream broker layer that the rest of this hub documents.

The opt-out reality.

Of the 50 US state DMVs, only three told InvestigateTV that consumers can affirmatively opt out of having their data shared in certain DPPA-permitted situations.

Delaware

Opt-out permitted

One of three US states confirming to InvestigateTV that consumers can opt out of certain DPPA-permitted disclosures of their driver data.

Wisconsin

Opt-out permitted

Second of three US states confirming an explicit opt-out pathway for residents under DPPA-permissible-use disclosures.

Wyoming

Default opt-out

Wyoming Driver Services told InvestigateTV that the state determined in 2012 that over 90% of citizens had chosen to opt out, and made the decision that all Wyoming drivers are considered opt-out status where the DPPA permits the choice.

The remaining 47 states either do not offer opt-out at all under their implementation of the DPPA or did not confirm an opt-out pathway to InvestigateTV. For drivers in those states, the default is data-collection-and-resale within the 14 DPPA permissible-use exceptions, with no consumer mechanism to alter the default. Crystal Justice of the National Domestic Violence Hotline told InvestigateTV the consequence: victims and survivors take painstaking steps to protect their privacy by separating phone lines, using anonymous numbers, moving, and guarding their addresses, while their DMV record continues to be sold under exceptions they cannot opt out of.

The partial mitigation available in most states is the Address Confidentiality Program, the state-level program described in Document 08 of this series. ACPs operate in 45 states for survivors of domestic violence, sexual assault, and stalking. They suppress an individual's actual address from public state records and provide a substitute address for legal and administrative purposes. The eligibility criteria are restrictive in most states; the programs originated for documented-victim populations and have not generally expanded to broader consumer use.

The structural reality is that the DPPA's protection model is opt-in for state DMVs (they elect whether to permit consumer opt-outs at all) and inferred-consent for consumers (the default is participation). The market that runs on this design generated $282 million in disclosed revenue across 23 states in fiscal year 2024.

VII

Connection to the series.

This spoke clarifies the upstream source for several specific findings across the main eight-document series.

Document 04 (Feasibility). The Tier 1 broker layer's accessibility, framed as the most-accessible buy-path tier requiring only a permissible-purpose self-certification, depends on the DMV-layer data feed described here. Removing the DMV feed would not eliminate the broker layer, which aggregates many sources, but it would substantially weaken the plate-to-identity conversion that defines Tier 1's operational value.

Document 05 (Web Tier). The consumer-accessible plate lookup ecosystem (findbyplate, lookupaplate, EpicVIN, publicrecordsdata.us, and the Docusearch-style upsell partners) operates on data sourced through chains that ultimately include DMV records. The web tier's Layer 2 (paid PII via DPPA self-cert) and Layer 3 (public records aggregators) both consume DMV-originated records as part of their identity-resolution layer. The DPPA self-cert gate described in Document 05's Section V is the consumer-facing instance of the same self-certification mechanism described in this document's Section II.

Document 06 (State Legality Map). The state ALPR statutes inventoried in Document 06 regulate law enforcement use of ALPR. They do not, with limited exceptions, regulate the upstream DMV data sales described here. A state can simultaneously operate one of the strictest ALPR regulatory regimes (New Hampshire's 3-minute data purge) and one of the more permissive DMV data sale regimes. The two channels are governed by different statutory frameworks operating in parallel.

Document 07 (NDAA). The NDAA frame addresses federal procurement of Chinese surveillance equipment. The DMV-layer data sales operate inside a separate federal regulatory framework (the DPPA) with no overlap. A federal contractor in full Section 889 compliance may still consume DMV-layer broker data through downstream broker-tier subscriptions; the two frameworks address different concerns.

Document 08 (Defensive Doctrine). The personal-layer defensive moves in Document 08 (broker opt-outs, public records suppression, vehicle ownership restructuring) all operate downstream of the DMV layer. The DMV layer itself is largely outside individual defensive reach, with three-state opt-out and 45-state ACP availability the only meaningful individual-level interventions. The doctrine's emphasis on broker opt-outs is in part an acknowledgment that the upstream DMV layer is not opt-outable in most states.

The rest of the hub describes a downstream ecosystem. This spoke describes its source.

VIII

What this means.

For institutional buyers. The broker layer's data is not magically aggregated. It originates, in substantial part, at state DMVs operating under the DPPA's permissible-use framework. Defensive postures that focus on broker-layer opt-outs while ignoring the upstream DMV layer treat the symptom rather than the source. The source is mostly not directly addressable by individual or institutional action; it is a state-government commercial relationship operating under federal law. Reduction of exposure runs through aggressive broker-layer suppression because the upstream source is largely fixed.

For policy researchers. The DPPA is the most visible case study of a privacy statute whose stated purpose was inverted by its structural design and three decades of litigation. The 14 permissible-use exceptions, combined with contractual-compliance insulation from Hensley, transformed protective restriction into commercial scaffolding. Any future federal privacy legislation that imports the DPPA's structural model (broad prohibition with enumerated exceptions and private right of action) is likely to follow the DPPA's trajectory. Effective privacy legislation requires either narrower exceptions, real third-party verification requirements, or different enforcement architecture.

For attorneys. Lucas v. Carfax is the most consequential active DPPA litigation. The motion-to-dismiss denial in March 2026 was procedural but signaled that contractual-compliance insulation is not categorical at the pleadings stage. Discovery and trial in 2026 to 2027 will produce the next major doctrinal data point. The parking-management cases provide a parallel test of the "normal course of business" exception. Combined, these cases may produce the first material change in the operative legal framework since the late-2010s.

For journalists. The 27 states that did not provide detailed FY2024 totals to InvestigateTV constitute the next investigative target. Earlier reporting has already documented at least six of those states as active sellers — North Carolina at ~$41 million per year (WCNC), Florida at $77 million in 2017 (WXYZ/Vice), Wisconsin at $17 million in FY2018 (state's own data via Vice), South Carolina at ~$16 million per year (WCNC), Rhode Island at ~$96,000 per year (Vice), and the Texas outlier at $3 million in 2019 (CBS DFW). Compelling current disclosure from these states through state attorney general action, legislative inquiry, or persistent FOIA litigation would produce the comprehensive national picture that does not currently exist. The actual national annual revenue figure is plausibly $500 million to $700 million; the verified disclosed figure is $282 million from 23 states; the documented historical floor from non-responding states adds at least $150 million more, even before adjusting older figures forward.

For drivers. Three states permit opt-out: Delaware, Wisconsin, and Wyoming. In the other 47 states, the default is participation in a commercial market the driver did not knowingly enter. Forty-five states offer Address Confidentiality Programs for documented survivors of domestic violence, sexual assault, and stalking; eligibility criteria are restrictive. For everyone else, the personal-layer doctrine of Document 08 is the available toolkit. The upstream layer is, for most consumers in most states, simply not under their control.

The hub closes the analytical loop here. The Atlas mapped the vendor ecosystem. The Two Stacks described its convergence. Monetization Pressure projected its trajectory. Feasibility named its operational accessibility. The Web Tier showed its consumer-facing edge. Legality and NDAA mapped its regulatory frame. Defensive Doctrine translated all of it into operational practice. This spoke goes upstream one more step, to the state DMV counter where the data flow begins. The $282 million annual figure is the closest current measure of how much that beginning is worth.