Omniveillance

This is quite scary. Basically, the city of 1 million people is installing iris scanners across the entire city in public places. The city will index the iris scans of every criminal, and if a criminal walks past a scanner, he will be flagged and the authorities will be alerted. Additionally, the scanners will track people as they travel across the city.

Here is the story From Fast Company:

Biometrics R&D firm Global Rainmakers Inc. (GRI) announced today that it is rolling out its iris scanning technology to create what it calls “the most secure city in the world.” In a partnership with Leon — one of the largest cities in Mexico, with a population of more than a million — GRI will fill the city with eye-scanners. That will help law enforcement revolutionize the way we live — not to mention marketers.

Leon is the first step. To implement the system, the city is creating a database of irises. Criminals will automatically be enrolled, their irises scanned once convicted. Law-abiding citizens will have the option to opt-in.

When these residents catch a train or bus, or take out money from an ATM, they will scan their irises, rather than swiping a metro or bank card. Police officers will monitor these scans and track the movements of watch-listed individuals. “Fraud, which is a $50 billion problem, will be completely eradicated,” says Carter. Not even the “dead eyeballs” seen in Minority Report could trick the system, he says. “If you’ve been convicted of a crime, in essence, this will act as a digital scarlet letter. If you’re a known shoplifter, for example, you won’t be able to go into a store without being flagged. For others, boarding a plane will be impossible.”

From now on your iris is your digital scarlet letter.

Law-abiding citizens will have the “option to opt-in”–for now. Let’s see how long before opt-in becomes mandatory.

For such a Big Brother-esque system, why would any law-abiding resident ever volunteer to scan their irises into a public database, and sacrifice their privacy? GRI hopes that the immediate value the system creates will alleviate any concern. “There’s a lot of convenience to this–you’ll have nothing to carry except your eyes,” says Carter, claiming that consumers will no longer be carded at bars and liquor stores. And he has a warning for those thinking of opting out: “When you get masses of people opting-in, opting out does not help. Opting out actually puts more of a flag on you than just being part of the system. We believe everyone will opt-in.”

Gizmodo has more about this scary phenomenon:

Imagine a public eye scanner that can identify 50 people per minute, in motion. Now imagine that the government install these scanner systems all across an entire city. Or don’t imagine it, because it’s already happening, right now.

There are different kinds of machines being installed across Leon, from large scanners—capable of identifying 50 people per minute in motion— to smaller ones—like the EyeSwipe in the video above—that range from 15 to 30 people per minute. These devices are being installed in public places, like train and bus stations, and connected to a database that will track people across the city.

According to Jeff Carter, the Chief Development Officer of Global Rainmakers, the producer of this technology:

the future, whether it’s entering your home, opening your car, entering your workspace, getting a pharmacy prescription refilled, or having your medical records pulled up, everything will come off that unique key that is your iris. Every person, place, and thing on this planet will be connected within the next 10 years.

Can’t wait till Google finds out about this. Omniveillance fail.

From Gizmodo:

The notion behind Dan 3.0 is that “groups make better decisions,” he says. (About what? That’s up to the group.) Using an online “decision engine,” Dan is outsourcing his “decisions” by letting participants suggest and vote on daily tasks. Each day, he says, he’ll do the most popular task. So far this has taken him to the streets of Lincoln, Nebraska to high-five strangers. And it’s taken him on a walk to the nearest city, Walton.

But don’t worry, Dan says, the big tasks are coming; he and Internet-television network Revision3 just need more time to plan. Then they can focus, for instance, on one of Dan’s favorite topics: his girlfriend. She might get a birthday visit from Dan—if his viewers want it. And since “my viewers care about me,” Dan says, chances are they’ll give him the task he wants. Now who’s controlling whom?

I wish him well, though he may be better off just letting the Google tell him what to do.

I would be remiss if I did not quote from Eric Schmidt from Omniveillance:

In an interview conducted by the Financial Times, Google CEO Eric Schmidt admitted the company’s future goal is to organize people’s daily lives.139 Specifically, Schmidt augured that one day “users [will] . . . be able to ask the question such as ‘What shall I do tomorrow?’ and ‘What job shall I take?’ ” and Google would be able to answer those questions.140 Udi Manber, Google’s Vice President of Engineering in charge of Google Search, reaffirmed this sentiment, and posited that Google has “to understand as much as we can user intent and give [users] the answer they need.”141 Mr. Schmidt acknowledged that the primary obstacle to this goal is not the technology, but the lack of information Google possesses about people.142

The Feds uses body scanners at airport checkpoints that look under your clothes. Even though these images are supposed to be destroyed, Declan McCullagh at CNET reports that the Marshals Service has saved tens of thousands of these scans from a Florida courthouse. Uh-Oh. H/T Gizmodo.

Please take a look at this interesting new article from M. Ryan Calo, titled The Boundaries of Privacy Harm (H/T Legal Theory Blog). He attempts to “uncouple[] privacy harm from privacy violations, demonstrating that no person need commit a privacy violation for privacy harm to occur (and vice versa).” Here is the abstract:

Just as a burn is an injury caused by heat, so is privacy harm a unique injury with specific boundaries and characteristics. This Essay describes privacy harm as falling into two related categories. The subjective category of privacy harm is the unwanted perception of observation. This category describes unwelcome mental states – anxiety, embarrassment, fear – that stem from the belief that one is being watched or monitored. Examples include everything from a landlord listening in on his tenants to generalized government surveillance.

The objective category of privacy harm is the unanticipated or coerced use of information concerning a person against that person. These are negative, external actions justified by reference to personal information. Examples include identity theft, the leaking of classified information that reveals an undercover agent, and the use of a drunk-driving suspect’s blood as evidence against him.

The subjective and objective categories of privacy harm are distinct but related. Just as assault is the apprehension of battery, so is the unwanted perception of observation largely an apprehension of information-driven injury. The categories represent, respectively, the anticipation and consequence of a loss of control over personal information.

The approach offers several advantages. It uncouples privacy harm from privacy violations, demonstrating that no person need commit a privacy violation for privacy harm to occur (and vice versa). It creates a “limiting principle” capable of revealing when another value – autonomy or equality, for instance – is more directly at stake. It also creates a “rule of recognition” that permits the identification of a privacy harm when no other harm is apparent. Finally, the approach permits the sizing and redress of privacy harm in novel ways.

Calo also notes that massive outdoor surveillance has a high degree of subjective privacy harm:

Having described the properties of subjective privacy harm, however,

we can now say that the degree of aversion is small—2 out of 10, for

instance. But we do not stop here: we must multiply the degree of aversion

by the extent of surveillance. In the case of massive outdoor surveillance

by closed circuit television camera (“CCTV”) or pervasive aerial

photography, especially where the footage is stored and processed, the

extent of the surveillance is enormous. Thus, the ultimately harm can be

quite large (8 out of 10).149

This is the essence of the term I dubbed omniveillance, which I described as “omnipresent,omniscient, digital surveillance in public, broadcasted indiscriminately throughout the Internet, without any concern for newsworthiness.” The idea of a subjective category of privacy harm, focusing on “an apprehension of information-driven injury” jives well with the nature of the privacy tort I introduced in Omniveillance.

Calo also notes that massive outdoor surveillance has a high degree of subjective privacy harm:

Having described the properties of subjective privacy harm, however,

we can now say that the degree of aversion is small—2 out of 10, for

instance. But we do not stop here: we must multiply the degree of aversion

by the extent of surveillance. In the case of massive outdoor surveillance

by closed circuit television camera (“CCTV”) or pervasive aerial

photography, especially where the footage is stored and processed, the

extent of the surveillance is enormous. Thus, the ultimately harm can be

quite large (8 out of 10).149

As I discussed in Omniveillance.

The key to understanding privacy is to understand how a person chooses to change his speech and actions in varying contexts.72 Inherent in each human being is a dichotomy between what society sees of a person and what that person knows about himself.73 In fact, the “the first etymological meaning of the word ‘person’ was ‘mask,’ ” as everyone exists behind a façade.74 Generally, when a person is in public, he feels a cloak of anonymity. When no one is paying attention, people tend to act free and uninhibited.75

People may feel comfortable exhibiting certain behavior in front of one audience when anonymity exists, but not in front of another audience when privacy is lacking. A person may comfortably and freely express himself when he has the perception of anonymity, even if it is in front of a close group of friends because of the tight bonds within a social network,76 because there is less fear that what is said or done can be used against him to harm him. Anonymity allows people to act with fewer inhibitions, as they have the ability to control the risk of damage to their reputation.
The logical converse of this proposition is that when someone feels they are being watched, they tend not to act as free and uninhibited.77 When a person feels that others may be looking, he will generally act differently.78 Persistently recording a person and broadcasting the images out of context chills an individual’s ability to freely express himself. If a person knows, or even is apprehensive that he is being photographed by omniveillance, his behavior will be even further modified because the observation will be indelibly recorded forever.79 Recently, a German study analyzing how surveillance affects a citizen’s behavior found that [p]eople under surveillance behave differently than people who are not monitored—differently than free people.”80 Therefore, understanding the dynamic of people’s perception of anonymity in public is critical for promoting positive uninhibited expressions.

Privacy and free speech can be thought of as two sides of the same coin. They are complementary, rather than competing, interests.81 When properly balanced, they yield optimal results. To further explore this, it is necessary to visualize two extremes. In a world with no privacy protections and unrestricted free speech rights, where everything can be known about everyone, free expression would suffer. A person would not want to express his true thoughts for fear of embarrassment, ridicule, humiliation, or retribution.82 This fear would result in the ultimate chilling of speech.

However, in an alternate universe with absolute privacy rights and no free speech, there would be a similar outcome. A person would not be able to express his true thoughts, and would have to keep all of his emotions to himself. This restraint would also result in the ultimate chilling of speech. Therefore, rather than existing as competing interests, privacy and free speech complement one another when properly balanced to provide a symmetry to optimize people’s desire to express themselves, and at the same time, minimizes any apprehension that such an expression may cause. Without privacy, people do not comfortably speak candidly.83 Without free speech, people cannot speak candidly. For this reason, society should strive to achieve a dynamic equilibrium between free speech and privacy that can promote the optimal level of expression.

Calo also discusses the “notoriously difficult problem of ‘privacy in public”

The approach also furnishes criteria for “sizing” privacy harm and ranking their relative severity. In the case of subjective privacy harms, we can look to the degree of aversion to any observation as distinct from the extent of observation experienced. High degrees of both translate into the greatest harm, but harm is possible if either are very high.146

This insight is useful in describing the notoriously difficult problem of “privacy in public.”147 The law’s approach to privacy in public is monolithic: it generally refuses to see a privacy violation where the observation takes place in public on the theory that people in public have no reasonable expectation of privacy.148 In the absence of a privacy violation, meanwhile, we tend not even to look for privacy harm.

Perhaps focusing on a subjective privacy harm, rather than a privacy injury, to understand privacy in public is a more precise inquiry. This conception of privacy, balancing the “degree of aversion to any observation” to the “extent of observation experienced” somewhat mirrors the privacy tort I proposed:

The right to your digital identity is violated when an individual or organization records and reproduces an image of another without consent using a visual or auditory enhancing device while (1) the party recorded possessed a reasonable expectation of privacy to not be recorded; (2) the matter recorded would be offensive to a reasonable person; (3) the recording is intentionally widely transferred or disseminated through any electronic medium to any electronic format; and (4) the recording is not newsworthy, where a newsworthy recording (4a) has social value, (4b) minimally intrudes into ostensibly private affairs, and (4c) the party that is recorded voluntarily acceded to the position of public notoriety.

Excellent article. Definitely worth a read.

A Senior Google Executive outlined his view of the future of search.

First, Google will never let you forget your wife’s birthday again.

“There is no reason why search cannot go to that step where it knows that, back in May my wife’s birthday was coming up, I wanted to buy an iPad and being the busy man that I am I walked up to the Apple store on the day of her birthday before we were due to go out for dinner.

“I said ‘can I buy an iPad’ and he looked at me and almost laughed, ‘Sir, you can order one and get it in three weeks’.

“So why can’t this thing tell me that an event is coming up based on the calendar, and why can’t it tell me what I can afford and base what I might want on my search history.

“Why can’t it tell me that my friend [Google's] Matt Cutts has reviewed the iPad, and know that he is my friend because of my social networks, and why can’t it say it needs to be ordered three weeks in advance?

“Why can’t it stop me from having to sleep on the couch.”

With Google, no forgetful husband will ever have to sleep on the couch again. Huzzah! Just don’t forget Google’s birthday!

Google also helps to tell you what you need to buy, and where you can buy it:

“What we have today is these wonderful components; my calendar is on the cloud, my calendar knows that after I am done here today I will have dinner with my family, my calendar also knows my to do list.

“One of the things on my to do list is to buy a cricket bat because my old one is going dry.

“So my calendar knows when I have free time, my [GPS-enabled] phone knows where I am, my to do list has a list of things I need to accomplish and time is expensive.

“On top of that Google local knows the map of this place and it knows where all the sports shops are – so why cant this thing tell me ‘you have 45 minutes free in your agenda, there’s a sports shop 300 metres away go and buy a cricket bat’.

“And by the way ‘get out turn right walk 200 metres turn right 100 metres and it’s there’.

This is nothing new. I discussed this 2 years ago in Omniveillance:

In an interview conducted by the Financial Times, Google CEO Eric Schmidt admitted the company’s future goal is to organize people’s daily lives.139 Specifically, Schmidt augured that one day “users [will] . . . be able to ask the question such as ‘What shall I do tomorrow?’ and ‘What job shall I take?’ ” and Google would be able to answer those questions.140 Udi Manber, Google’s Vice President of Engineering in charge of Google Search, reaffirmed this sentiment, and posited that Google has “to understand as much as we can user intent and give [users] the answer they need.”141 Mr. Schmidt acknowledged that the primary obstacle to this goal is not the technology, but the lack of information Google possesses about people.142 Talking to journalists in London, Mr. Schmidt stated, “We cannot even answer the most basic questions because we don’t know enough about you. That is the most important aspect of Google’s expansion.”143

Source: TechRadadar H/T Gizmodo

Facebook is launching a new feature that will automatically identify faces in photographs users upload. They will not use facial recognition technology to identify the photos–yet. So for the time being, people will still have to tag their friends. But Google Picasa already uses facial recognition technology to identify people. Hang on. Facebook will catch up soon enough.

H/T Engadget

Way back in 2008 in Omniveillance I wrote:

With the advent of photo-sharing Internet sites like Flikr, MySpace, and Facebook, people can now upload photographs and “tag” a specific person’s identity in the photo with metadata, as if they were captioning it in a scrapbook (i.e., John Doe is the third person on the left). Although currently the tagging process must be done manually, new facial recognition such as Google’s Picasa system utilizes artificial intelligence computers to automatically index and tag the subjects of photographs.147 Software like Polar Rose is capable of scanning the entire World Wide Web, matching faces with previously tagged photos based on similarities in biometric features, and automatically tagging the photo with the person’s identity.148 Berners-Lee mentions tagging as one of the key prerequisites to the semantic web.149

Once an image is tagged, these captions can be searched and indexed like any other document on the Internet. As aresult of this emerging image-analysis technology, a search engine like Google can easily correlate a person’s face with his name, contact information, personal preferences, friends, and any of his personal information located on the Internet. In fact, Google’s Director of Product Management, R.J. Pittman, “said that Google is developing visual crawling software that can be used for facial recognition and scene analysis.”150 Applied to Street View, this future technology can be combined with tagging and advanced image search capabilities to identify anyone who is recorded by omniveillance.

Yep.

From The Register:

The Wi-Fi traffic collected by Google’s world-roving Street View cars included passwords and email, according to a report citing a preliminary study from the French data protection authority.

IDG reports that the French National Commission on Computing and Liberty (CNIL) has examined part of the data, after it was turned over by Google. “It’s still too early to say what will happen as a result of this investigation,” CNIL told IDG.

“However, we can already state that [...] Google did indeed record e-mail access passwords [and] extracts of the content of email messages.”

Because Google collected this information for their own purposes, there is no state action. Now imagine the government sought this information. With a subpoena, under the special needs doctrine, the government would now have access to passwords of people around the world.

Way back in 2008 in Omniveillance, I remarked that if Google was permitted to capture so much information, without any constraints, inevitably it would wind up in the hands of the state–at no cost and without the protections government searches usually need to comply with:

Additionally, with a subpoena, the government has ready access to a free surveillance network, further imperiling our civil liberties.

Just wait till the government figures out all of the information they can get from Google.

From the Financial Times:

Google executives are wrestling over whether to launch controversial facial recognition technology after a barrage of criticism over its privacy policies.

Mr Schmidt said: “Facial recognition is a good example . . . anything we did in that area would be highly, highly planned, discussed and reviewed. When you go through these things, you review your management procedures.”

Facial recognition has the potential to be the next privacy flashpoint. Google already uses the technology in its Picasa photo sharing service. This lets users tag some of the people in their photos and then searches through other albums to suggest other pictures in which the same faces appear.

Privacy campaigners have raised fears that adding facial recognition to Goggles would allow users to track strangers through a photograph, making it into an ideal tool for stalkers and identity fraudsters.

The implications of this technology are startling. If the facial recognition software is somehow applied to Google Street View–although faces are currently blurred–stalkers would be able to locate people on the street anywhere.

Way back in 2008 in Omniveillance, I wrote:

With the advent of photo-sharing Internet sites like Flikr, MySpace, and Facebook, people can now upload photographs and “tag” a specific person’s identity in the photo with metadata, as if they were captioning it in a scrapbook (i.e., John Doe is the third person on the left). Although currently the tagging process must be done manually, new facial recognition such as Google’s Picasa system utilizes artificial intelligence computers to automatically index and tag the subjects of photographs.147 Software like Polar Rose is capable of scanning the entire World Wide Web, matching faces with previously tagged photos based on similarities in biometric features, and automatically tagging the photo with the person’s identity.148 Berners-Lee mentions tagging as one of the key prerequisites to the semantic web.149

Once an image is tagged, these captions can be searched and indexed like any other document on the Internet. As a result of this emerging image-analysis technology, a search engine like Google can easily correlate a person’s face with his name, contact information, personal preferences, friends, and any of his personal information located on the Internet. In fact, Google’s Director of Product Management, R.J. Pittman, “said that Google is developing visual crawling software that can be used for facial recognition and scene analysis.”150 Applied to Street View, this future technology can be combined with tagging and advanced image search capabilities to identify anyone who is recorded by omniveillance.

From New Scientist (H/T Gizmodo):

Now researchers from Microsoft’s labs in Cairo, Egypt, have developed a way to combine the video from multiple phones capturing views of the same scene into larger, more detailed footage to be broadcast live online.

When two or more phones with the software start streaming video, they synchronise their clocks with the server, which then uses timestamps on the footage to align video frames in time. Then image-recognition technology gauges how footage physically overlaps: features such as edges and corners are used to find areas that match, before the images are blended to create a wider view of the scene. The method used and end result are much like those of software that stitches multiple photos of, say, a landscape, into a larger image.

With this technology,  if two or more people start streaming video of an event with their cell phones, Microsoft can stitch together the images, and generate a 360 degree panorama film in real time.

Bhaskar Roy, co-founder of Qik, says this kind of technology has the potential to enhance services like his own. “Think of somewhere where there will be a lot of people capturing video on phones, like a sporting or breaking news event,” he says. “This could bring us closer to experiencing it in 360 degrees from our desk.”

I previously blogged about researchers at Georgia Tech incorporating streaming video into Google Maps.

Putting these technologies together paints a bleak picture for the future. As I wrote in Omniveillance (p.3 40):

Although the current version of Street View is limited to pre-recorded still photographs, future technology will allow real-time streaming video feeds of everything occurring in public. Immersive Media, the company that provides the surveillance apparatus for Google, has not stopped its research at still photographs. Currently in its laboratories it is developing what it calls “Immersive 360° Video” or “Spherical Video.”159 Rather than just taking still shots of specific locations, the technology can record interactive and navigable 360-degree videos.160 This capability allows a user to watch a video from multiple camera angles.161 These omens ominously bear on the value of Street View, and create a scary image of what Google could do. Because there is no viable right to privacy in public, and because Google seeks to create a visual map of the planet, there is nothing preventing Google or any other company from installing such video cameras with tagging capabilities on the rooftops of private business throughout America. This vision of the future poses serious issues and conjures up an Orwellian nightmare.162

In an earlier draft of the Article, I think I mentioned the possibility of cell phone cameras uploading video of public events. I don’t recall why I cut this section out, but in hindsight, it was quite prescient.

From the Mercury News, San Jose police test head-mounted cameras for officers

San Jose police, under fire for interactions with the public that have turned violent, on Friday launched a pilot project equipping officers with head-mounted cameras to record contacts with civilians.
Officers will activate the cameras, about the size of a Bluetooth device and attached by a headband above the ear, every time they respond or make contact with a person. At the end of the officer’s shift, the recording will be downloaded to a central server.

And I wonder what else the government will use the recording devices for.