Commentary: Time to Put the Brakes on Denver's New Residential Parking Permit Program

Heads up, Denver. If you live on a block that requires a residential parking permit, things have changed. Early this year, a big chunk of the application/renewal system was farmed out to a third-party vendor, Passport Inc of Charlotte, North Carolina. The new RPP system is entirely online, with a dashboard that displays user permits, expiration dates, and a link to renew them. While it looks far more sexy than the old system, you’ll no longer get a renewal card in the mail, and you won’t be able to head down to City Hall for an easy fix if you miss the deadline that will come through an email notification. All users must now upload annual proof of residence and, starting next year, will be charged about $20 per permit. If you have two cars and you also need a guest permit, your yearly fee will be anywhere from $60 to $75. That’s a big shift from the $0 we’ve been paying.

I don't mind having to pay for the permits; I appreciate the work that’s required to protect parking spaces in my neighborhood. There are seven rental properties on my block — one with thirteen units — and parking is a hassle, even with the permitting system. I can’t imagine life without it.

But I also can't imagine a worse rollout.

I didn’t get an email notifying me that I had to apply until August 1 — the day that my permits expired — with a message announcing that I had “0 days” to renew. Shortly after, our family minivan had a parking citation stuffed into the driver’s-side door because I no longer had a valid permit.

I'd initially ignored the email because the sender’s address looked spammy to me. I’ve never heard of Passport Inc, and the content of the email didn’t make any sense. I get five emails a day from dubious addresses like “[email protected]” or “[email protected],” and the email from “[email protected]” looked similarly suspicious. As a former web developer, I can assure you that emails like this will end up in many spam folders, never to be seen. A tech company that claims to provide mobility services for hundreds of cities all over the U.S. should know better.

Once I got the citation, I headed to the parking permits section of denvergov.org for a deeper look. Apparently, DOTI has been working on a new RPP system (among other parking-related things) since early 2021. I received an email back then inviting me to take part in a survey, but no other communications had been sent since, save the “0 days” email, which turned out to be legit. I dug it out of my trash since it contained some codes that were allegedly linked to my old account; if I entered them correctly, it promised, I could simply upload proof of address and be on my way.

Sadly, that didn’t work, probably because my expired account and all associated information had been kicked out of the system. I set out to apply for a new account, but first had to pay my ticket, because applications/renewals aren’t allowed for users with outstanding fines. I would have preferred to contest it, but at this point I needed to get things done quickly in order to avoid more tickets. To do so, my wife had been driving our smaller car to work every day, a block away, while the family minivan hid in our crowded garage.

For the next step in the application process, I had to scan and upload copies of my driver’s license, vehicle registrations and proof of residence. I have no idea how many different databases already house my personal information; being forced to upload it to yet another one drives me crazy: The more databases my personal information lives on, the less secure it is from people who seek to steal and/or sell it. And if the DMV already has this information, why does it need to be replicated on a database owned and run by another party?

I’m not worried about outside hackers, mind you; Passport Inc’s database is secured by Amazon’s AWS services and would be extremely hard for unauthorized personnel to access. It’s the authorized personnel I’m worried about, because internal data breaches have been on the rise in the past decade. While most of these breaches are accidental in nature, often resulting from users misconfiguring the system or accessing the database with compromised machines, they do happen frequently, regardless of how large and impenetrable a company might seem. In 2019, for example, a former Amazon AWS tech employee, Paige Thompson, perpetrated a massive data breach, exploiting multiple accounts whose systems weren’t configured correctly.

I have no doubt that Passport Inc is serious about data security. But I needed assurances, so I visited Passport's Privacy Policy page to see if I could find any. At the bottom of that page, past a few promises that Passport will never sell personal data, I found a link that led to another page where I was given the option to "opt out" of the sale of my personal data.

Confused, I reached out to Passport’s PR department and was assured that the opt-out option wasn’t supposed to be there; the company had misconfigured the settings in one of the third-party security services that it utilizes, Mine.IO (see my above concerns about misconfigurations and internal data breaches). The “opt out of the sale of your data” feature was quickly removed from Passport's website with nary a thank you to me for catching the error, or any acknowledgment of the magnitude of the miss. I asked if Mine.IO has access to Denver resident user data, but have yet to get a response.

By this point, Passport was beginning to seem a little sloppy. To get a bigger picture of its operation, I headed over to Glass Door, an online jobs resource hailed by money.com as the best resource for employee reviews. Currently, glassdoor.com reports a 2.7 star (out of 5) employee satisfaction rating for Passport Inc, with many former/current employees posting negative reviews about “the product,” among other things. Granted, Passport reportedly experienced a run of layoffs in the fall of 2022 when some of these reviews were penned, so you can’t expect high marks. But even its “currently employed” folks had some interesting things to say:

“Leadership is a little all over the place, not a lot of clear direction.”

“[The] Executive Team is constantly redefining the company's mission and expanding scope, but doesn't have funding or follow through to get it done even while asking the team to do more with less.”

“Micromanagement abound[s]. People at [the] director-level lack basic skills to lead a team (true in a majority of groups). They hire folks on the cheap and promote them. [They] spend a lot of time promoting culture but no reinforcement of it. High turnover. People leave within months of joining. Unheard of at such a high number. Also: constant client complaints.”
None of this eased my concerns. Because of the way we do business today, I'm resigned to the fact that my personal information is now living a nomadic lifestyle that's out of my control. In this instance, however, I don't understand why it's so important to further dilute its security.

Further frustration came after waiting two weeks for my application to be approved. Passport’s user dashboard still showed that all three of my applications were “pending,” so I called Denver's Parking Business Office to find out what was going on. The representative I spoke with said that approval generally takes at least two weeks. She went ahead and approved my application for one car and one guest pass — in under a minute — but declined the minivan application. Apparently, each permit has to be submitted under a different resident, with each car listed under a different driver, so I was instructed to delete the minivan application and start a new one, uploading the previous documents in addition to my wife’s driver’s license and a signed note from me, giving her permission to park the minivan in front of our house. When I told the rep that all of this should be clearly stated on the website, she suggested that I complain to 311 so she could get back to processing permits.

I instead complained to Westword, and soon found myself on the phone with Nancy Kuhn, spokeswoman for Denver's Department of Transportation and Infrastructure, who assured me that the city's RPP system had been in need of an automation upgrade and reminded me that the old system had the same restriction, understandably intended to keep the number of permits under control. Still, it would be helpful if the website threw some kind of error message, alerting the user that their application won’t go through under certain circumstances.

I can’t tell you how easy it is to add things like pop-up boxes, information links and short instructions posted directly onto the signup form, all intended to make the application process a hundred times easier for users and administrators. The lack of such common, basic, easy-to-execute elements left me wondering if the system was adequately tested before launch.

Minimal testing is common in the world of online systems deployment where developers get in a hurry and launch — a “shoot first, aim later” approach. Adequate testing costs time and money; it’s much easier to skip all of that and use the end user as the test base. The end users will complain, but they have nowhere else to go; they're happy to provide developers with more than enough feedback — emotional and negative as it typically is.

But Kuhn dismissed the bugs and mishaps I brought to her as “not uncommon when rolling out a new software system," she said. "There is almost always some customization that needs to occur in order for a system to meet a city’s particular business needs, and things are discovered that need to be improved upon.”
I’ve now spoken with four permit holders from three RPP zones. Only two received reminder emails prior to their expiration date; most got the “0 days” email that I mentioned.

“I’ve been waiting three weeks for my permits to be approved. No emails, no explanation as to what’s taking so long, what they need from me, etc. DOTI doesn’t give one iota of a rat’s ass about customer service,” said Ryan, who lives in City Park West.

“After getting an email stating that my permits expired in 0 days, the system didn’t even remember my account so I had to redo the whole thing. Annoying, but can’t say I’m surprised. After completing the application, I got three more emails from the parking system: a receipt, an approval, and one saying that my app for the guest permit was canceled but they would be reissuing it anyway. So, progress?” wondered CK, a Baker resident.

“I found the new website to be horrible… I just got an email today saying that my order had been canceled because they can’t decipher the insurance card photo I provided. Honestly, I am at my wit's end here,” admitted Jule, who lives in Capitol Hill.

“I’m incensed. I already got a ticket and I’ve been fighting with them about it. I’m pissed about them changing the renewal process without notifying anybody, and also pissed that they are squeezing more [expletive] money out of residents," added Matt, another City Park West resident.

Matt successfully contested his citation with the Parking Magistrate, but not without getting a short lecture about personal responsibility and how it's up to the resident to keep up with expiration dates. This is true even for private companies, he said.
I’m not aware of any "private" subscription company that doesn’t send reminders, and I’ve never before gotten a single reminder on the day of expiration. Add to that the fact that, for the past ten years, DOTI has, without fail, sent a reminder thirty days before expiration, and you can understand why so many of us came to rely on these reminders, as we do all the reminders from private companies that we deal with.

Kuhn assured me that there has been no significant increase in parking citations since the new RPP program rolled out at the start of August, but that hasn’t been the case on my block: I hadn't gotten a parking ticket in ten years, and neither had my neighbor who was ticketed while on vacation and unable to upload the required documents...once he learned they were required. Kuhn didn’t mention whether complaints have been on the rise, or if the city has eased off on issuing citations while they correct the website’s issues.

The city's posture reminds me of an experience that my wife and I shared at a sushi restaurant in Little Rock, Arkansas. We weren’t thrilled about the odd fusion of hillbilly culture and delicate, uncooked Asian cuisine, but the restaurant promised free martinis with every order, so we risked it. The food got better with every sip, but toward the end of my third martini, I bit into something chewy. I wasn’t in the right frame of mind to ask good questions, so I worked on it for a bit before making any attempt at identification. When I called the manager over to show him the Band-Aid that I had been chewing on, he assured me that it didn’t come from any of his employees. It must have been in a bag of rice — his cooks simply missed it. While he paid for one of our dinners, a $20 value, no apologies were made.

Granted, I’d rather get a hundred parking citations than chew on a used Band-Aid that traveled in a bag of rice from a faraway land, but this customer-service experience was similar: Shit happens, get over it.

And “get over it” I must. This new, poorly launched RPP system is part and parcel within the odd relationship between resident and city, where the customer is seldom right and customer service is centralized through one huge 311 hub in which few residents have any confidence. We simply can’t expect much from a culture of entitled customer service that’s sure to evolve in a competition-less market. I’m sure Denver isn’t the only city that suffers from it, and I’m certain that it feeds upon itself: i.e., poor customer service erodes trust, which leads to less patience, which leads to poorer customer service. Wash, rinse, repeat, etc.

At the same time, my affection for Denver and my appreciation of the efforts of DOTI and other agencies to enhance our transportation system run deep. Each morning, our youngest child boards an RTD bus for school, experiencing a reliable and surprisingly tranquil commute. The creation of new bike lanes in my neighborhood fills me with gratitude. While Denver faces its fair share of challenges, I can't envision residing anywhere else.

I’ll add that the RPP system is small potatoes in the grand scheme of everything on DOTI’s plate; I understand why it would be farmed out to a third-party vendor for greater automation. But it’s not the jank of the new system that bothers me the most; it’s the abysmal lack of communication and the implied lack of concern that comes with it. Eight months after launch, there have been no user-wide communications announcing the new system, no requests for feedback, and no apologies for the inconvenience that my neighbors and I experienced — simple as all of that would be to execute. Kuhn acknowledged that, in hindsight, it would have been good to send a letter to affected residents. And when you have a database full of everyone’s contact information, and it takes roughly five minutes to pen an update or two or ask for feedback, why wouldn’t you?

It’s a little silly to write all of this off as "not uncommon,” when the new RPP is on a collision course with common sense.

Mark Landry is a Denver resident of twenty years, living in the City Park West neighborhood with his partner and three kids, blogging weekly at peacehacks.com.

Westword.com frequently publishes commentaries on matters of interest to the community on weekends. Have one you'd like to submit? Send it to [email protected], where you can also comment on this piece.