Here is a must listen to podcast on this hot topic! An interview with Colonel Lisa Shay a professor of electrical engineering at West Point, the U.S. Military Academy, that is, in New York State. She has a Ph.D. in electrical engineering from Rensselaer Polytechnic Institute, also in New York.
The podcast touches on so many themes from a national workshop we hosted in February RNSA2012-
Shay and her fellow collaborators have previously cited dataveillance and uberveillance in a paper they wrote recently. The citation can be found here.
Here is an excerpt of the podcast write up that Shay did with Steven Cherry from IEEE Spectrum's Techwise.
Steven Cherry: All right, so a cop can see someone speeding or driving recklessly, and they’re able to snap a picture instantly, and with improving, at least, accuracy. What’s wrong with that?
Lisa Shay: Well, potentially there’s not a whole lot wrong with that. If a policeman is using this system because they’ve identified that there is a crime being committed, and they’re using this as a way of enforcing a law that they’ve already determined has been broken, I think that’s fine. The question is really the broader topic that was brought out in your introduction, that there are many cameras that are set up all over the country that are photographing traffic. And the question then is, Where is that data being sent? Who is analyzing it? And what is being done with it? Is it being used for what purpose? Because traffic cameras that are just continuously on are recording data from people who are perfectly law abiding, who are simply driving to work on a public highway.
Steven Cherry: I said that the license plate data can be correlated with a lot of other databases. Are they, in fact, being correlated? And who’s doing that?
Lisa Shay: Well, there was just actually published in a conference in Boston in October a paper discussing exactly that by a group of investigators in the United Kingdom. They assert, in fact, that, yes, these license plate readers in the UK are being combined with the police, with other data from either cellphones or other location-based information, to identify criminals or to track criminal suspects. The technology certainly exists for police to, or other organizations to, do this because every cellphone nowadays just about has a GPS in it, and the cellphone companies know where each cellphone is, so that data is available to them. And license plate data is available to whatever entities operate these roadside traffic cameras, which are a variety of different entities that operate those systems. And, of course, there’s private companies that operate the cameras that do the repo men, as you mentioned.
So these datasets exist. They exist in digital form, and any dataset that exists in digital form can be easily transmitted somewhere else; it can be easily processed. And that can be done intentionally, because the companies that own these datasets desire to aggregate them, or it could be done unintentionally, because someone hacks into this database of this information and then correlates it. So there’s the privacy concern that’s twofold: One, that this information might be accessed illegally by hackers, or that the companies that collect this data could then sell it to each other for either market research or for some other purpose.
Steven Cherry: In the movies, we often see the government with a sort of perfect ability to track someone as they move around a city or across a country. They do this in the TV show Homeland all the time, for example. It’s completely unrealistic now, but I gather you fear it’s becoming quite realistic, and that this license plate technology could end up becoming a key part of that equation.
Lisa Shay: Well, that’s a concern. There’s two parts to that: One is, can someone be tracked perfectly? What are the limits to this system? Because every technological system, every tracking system, has false alarm rates. There’s false positives and there’s false negatives, and those are inherent to any system, and there’s not a lot of rigorous analysis being done on these systems to determine what are those false alarm rates. And so it is possible that you have this illusion of perfect tracking, but in fact you’re not tracking the right person.
And then on the flipside, even if you are tracking people, then at what point do we have a right to privacy? There’s certainly expectations of privacy in one’s own home that can be violated because your GPS signal is, in many cases, detectable outside of your home. So there’s strict privacy that’s clearly violated by some of these systems. But then there’s even a less-precise notion of privacy, that at any given moment in time that I’m walking down the street, I’m in public, and anyone, of course, can see me, but that’s a very transient phenomenon. The people who see me, 99 percent of them don’t know who I am. They don’t remember me more than three or four seconds after they’ve seen me, and unless I’m looking for somebody, I’m looking to meet a friend, say, at a restaurant, it’s almost an anonymous system. Yes, I’m in public, but my data isn’t persistent in any way.
That all changes when this data is stored electronically, because now a log, a record, is being kept of my whereabouts that could be viewed later. It is a persistent record. It can be viewed not just by the 10 people on the sidewalk that I happen to pass, but anybody anywhere in the world that has electronic access to this dataset.
Steven Cherry: And to connect it up with everything else you’re doing in your day . . .
Lisa Shay: Right. Yes, and then to note that I went to a grocery store, and then the data collected by my grocery loyalty card can be linked to the fact that I didn’t go to the gym that day and instead bought a package of cookies, and then that goes to my health insurance company that says, “Oh, you’re no longer exercising and your diet has gone downhill. Perhaps we need to relook at your insurance premiums.” This all becomes very dystopian.
Steven Cherry: Yeah, and I was going to ask you, Is it a bigger problem when the government is doing this, or private companies ?
Lisa Shay: It’s no longer just the government that we have to concern ourselves with. Back in the Cold War, we certainly thought of Big Brother as the government, because the organizations with the most resources to devote to this sort of issue tended to be governmental, but that’s no longer the case. And that’s an even bigger concern, because in countries like the United States, we have a Bill of Rights. We have laws that regulate governmental behavior that’s different from the laws that regulate corporate behavior, and the corporate law hasn’t necessarily caught up with these notions of privacy and sharing data and aggregating data.
Steven Cherry: In your writings you’ve used the phrase “police state.” You say we don’t have one, but we have the technology to have one. Actually, the problem in a way goes beyond that, right? It’s not just the police that can know everything about us, it’s Walmart, it’s our insurance company, it’s our bank, it’s everybody.
Steven Cherry: So the technology keeps getting better and cheaper and faster, and it seems that it is just going to become used more and more widely until we have no privacy at all. Do you see any way off of that roller coaster, which seems to be entirely downhill?
Lisa Shay: No future is inevitable. There are certainly courses of action that can be taken. My colleagues and I have analyzed this phenomenon from a couple of different perspectives. First, you look at who are the owners of these surveillance systems and what is their interest in setting these systems up. They typically have a legitimate interest in a very specific purpose, and then the people who make these systems should then target their applications to meet that single need—and either through voluntary standards and best practices of how these systems are designed from the ground up, or from regulations and laws bounding how these systems can be operated.
There are definitely ways to allow the owners of these systems to meet their immediate need for safety or security, or for monitoring employees’ behavior that are within the bounds of their employment contract, to meet those objectives in a way that doesn’t excessively violate our privacy. And we advocate designing systems with privacy built in from the ground up, so making these systems do their intended purpose but not more than that. But in many cases it may take government regulation or laws to limit how data is released. Something as simple as having individuals having opt-out or opt-in policies for surveillance would be a step in the right direction.