Category Archives: Law: Privacy

Bus-based Cameras to Watch Cars

We’re clearly moving towards a tipping point on total traffic surveillance. Here’s SF’s contribution:

Big Brother will be watching you.

Within the next 15 months, every one of Muni’s 819 buses will be outfitted with cameras capable of snapping photos of vehicles illegally travelling or parking in The City’s transit-only lanes. Any car caught on tape will be subject to fines of up to $115.

Since 2008, about 30 Muni buses have been equipped with the cameras. And even though the rollout has been modest so far, the results have been telling, said John Haley, transit director of the San Francisco Municipal Transportation Agency, which operates Muni.

“The cameras have been instrumental in changing driver behavior,” said Haley. “When cars see a bus coming, they get the hell out of the way now.”

Muni expanding camera program to nab drivers in transit-only lanes

Spotted via Slashdot, San Francisco Enlists Bus Cameras For Traffic Law Enforcement.

So both government and private industry (insurance) will be watching us. Parents following kids are next (cellphone based apps already provide a form of this service, but it’s easier to ditch the phone than the car). Then we start monitoring people parked near bars. Eventually we move to predictive models of traffic violation. Then maybe we start modeling other crimes, like drug buys and curb crawling. (Pity it doesn’t work for insider trading.) Meanwhile the huge databases are constructed for use by law enforcement, and discovery in civil suits. Even if all this remains on balance benign in rule-of-law democracies, it invites small-scale abuses.

And in autocracies we can expect large-scale abuses on a grand scale. That’s a serious problem that doesn’t get thought about nearly enough as we build and then export the technologies.

Posted in Law: Privacy | 1 Comment

Another One for the “I Warned You” File (Updated)

TomTom has signed a deal with an insurance company to use its satnav technology to measure driving ability to set premiums.

The satnav specialist said it has teamed up with Motaquote on Fair Pay Insurance – a product that the companies claim rewards ‘good’ drivers with lower premiums, using technology to monitor driver behaviour.

TomTom tech to set driver insurance premiums (spotted via Slashdot.)

Sorry to sound like a broken record here, but I predicted something like this over a decade ago in The Death of Privacy?. That doesn’t mean I have to like it…although in principle this one I hate a little less than some, since at least it’s a private transaction, and in theory you have some choice about whether you sign on for it.

The problem is that the choice to refrain likely won’t last long. Other companies are already doing something similar. See for example Progressive Insurance’s “Snapshot” program that monitors your driving for 30 days in order to figure out your quote. Once this sort of monitoring becomes widespread, those who do not sign up for it will be dumped into the high-risk pool. This seems to be an example of the phenomenon discussed so well by Lior Strahilevitz in Privacy versus Antidiscrimination.


Update (2/10/12): Looks like insurers will be tracking drivers in the UK too:

The AA is set to launch a new insurance policy which uses sat-nav technology to track driver performance.

The firm said the system would allow its better drivers to receive cheaper premiums.

It follows similar efforts by smaller insurers. Larger rival Direct Line has told the BBC it is also piloting its own “black box” scheme.

Posted in Law: Privacy | 1 Comment

Total Traffic Surveillance Systems

Canada is building a total traffic surveillance system based on Automatic Licence Plate Recognition (ALPR):

With ALPR, for $27,000, a police cruiser is mounted with two cameras and software that can read licence plates on both passing and stationary cars. According to the vendors, thousands of plates can be read hourly with 95-98 percent accuracy. These plate numbers are automatically compared for “hits” against ICBC and Canadian Police Information Centre “hot lists” of stolen vehicles; prohibited, unlicensed and uninsured drivers; and missing children. When such “hits” occur, plate photos are automatically stamped with time, date, and GPS coordinates, and stored. The officer will investigate details in the above-mentioned databases directly, and may pull over suspect vehicles.

At least, that’s how the popular story goes ….

… the Privacy Commissioner described the ALPR program to parliament as “general and ubiquitous surveillance, without adequate safeguards,” …

… the categories of people that generate alerts or “hits” in the ALPR system, alongside car thieves and child kidnappers, are much broader than has ever been disclosed publicly. And information on these people’s movements is being retained in a database for two or more years. For example, though you may not be stopped, your car is a “hit” and its movements are tracked and recorded if you’re on parole or probation or, in some cases, you’ve simply been accused of breaking a criminal law, federal or provincial statute, or municipal bylaw. You’re also a hit if you ever attended court to establish legal custody of your child, if you’ve ever had an incident due to a mental health problem which police attended, or if you’ve been linked to someone under investigation. The list of hit categories continues through three more pages, and a fourth page that the RCMP completely redacted.

Meanwhile, according to the Privacy Impact Assessment, the RCMP is also keeping records for three months on the whereabouts of everybody else’s cars, too—this is called “non-hit” data.

I predicted something like this over a decade ago in The Death of Privacy?, but that doesn’t mean I have to like it.

I wanted to write that undoubtedly we’ll be doing this here very soon. But in fact it seems we’re already using Automatic License Plate Reader/Recognitiontechnology in many parts of the US.

(Canadian article spotted via Slashdot.)

Posted in Civil Liberties, Law: Privacy | 3 Comments

A Different View of the New Google Privacy Policies

I thought this post on the Google privacy changes by the uber libertarian technophile Technology Liberation Front was interesting, given that so much of what one reads is of the TIME TO FREAK OUT variety.

Key bits:

Although we have yet to see it play out in practice, this likely means that if you use Google services, the videos you play on YouTube may automatically be posted to your Google+ page. If you’ve logged an appointment in your Google calendar, Google may correlate the appointment time with your current location and local traffic conditions and send you an email advising you that you risk being late.

At the same time, if you’ve called in sick with the intention of going fishing, that visit to the nearby state park might show up your Google+ page, too.

The policy, however, will not include Google’s search engine, Google’s Chrome web browser, Google Wallet or Google Books.

arguable is the operative word. There indeed may be enough significant user backlash that Google backs off. In the last six months we’ve seen at least two instances of rapid market correction–Netflix’s decision not to go through with structurally separating mail and online video rental accounts and Bank of America’s reversal of its plan to charge online banking fees. Both occurred before the government could step in a provide its own (and no doubt clumsy) remedy.

Then again, there’s a significant body of research that suggests that, in spite of their own complaints, users may opt to accept greater benefits and convenience in exchange for more disclosure about their habits. With this mind, it will serve consumers best if companies like Google are allowed to experiment with the privacy paradox to find where actual boundaries are, rather than hamstringing potential innovation by pre-emptively and blindly setting them.

Posted in Internet, Law: Privacy | Leave a comment

The Fixer (of Broken Security)

Nice profile of Christopher Soghoian in WIRED, entitled “The Pest Who Shames Companies Into Fixing Security Flaws”.

I’ve run into Chris at a few conferences, and read a good bit of his stuff, and I think he’s every bit as good as this profile makes him sound.

Posted in Cryptography, Law: Privacy | Leave a comment

New Paper on the Regulation of Online Anonymity

I’ve posted a first draft of my new paper, Lessons Learned Too Well, on SSRN. The paper, which is about the regulation of online anonymity, was written for a conference being held next later this week to celebrate the 10th anniversary of the Oxford Internet Institute, A Decade in Internet Time: Symposium on the Dynamics of the Internet and Society.

I’m the sort of person who prefers to post only more polished drafts — this one has a couple holes I know about and no doubt many I don’t know about too. But the symposium organizers asked us to post our papers on SSRN, and so there it is.

Comments very welcome, either below or in email.

I’m leaving for the UK tomorrow in order to give myself a bit of time to recover from jet lag before it begins, this being my first solo international journey since all my medical excitement. Posting may be light for a few days.

Below I post the introduction, which I thinks gives you some idea of what it’s all about:
Continue reading

Posted in Internet, Law: Internet Law, Law: Privacy, Talks & Conferences, Writings | Leave a comment

Thought for the Day: August 5, 2011

The privacy commons is shrinking fast.

Eventually, it will work. You’ll be able to wear a camera that will automatically recognize someone walking towards you, and a microphone that will automatically tell you who that person is and maybe something about them. None of the technologies required to make this work are hard, it’s just a matter of getting the error rate down low enough for it to be a useful system.

Schneier on Security: Developments in Facial Recognition

Posted in Law: Privacy | 1 Comment