RE: Ybor City's face recognition cameras claim their first innocent v ictim.
Milliron's photograph was captured in June while he was on a lunch break in Ybor City. He didn't know it at the time, but the Police Department used his photo to demonstrate the system to local news media.
That should violate their policy - if they have one. BIG TIME. Furthermore, use of somebody's picture as background for an article that produces a substantial falsehood about them because of the content of the story = lawsuit, although here I would probably think there was a substantial connection. But the media didn't even take the pic - the police did. I understand the article said he wasn't wanted, but that was still highly suggestive and in bad taste considering the nature of the content. See, e.g. Mertzger v. Dell Pub. Co 207 Misc. 182, 136 N.Y.S.2d 888 (1955)(picture as part of story about gangs falsely portrayed plaintiff as a gang member). Visionics has released a statement in regard to their controversial CCTV facial recognition technology, calling for federal legislation and referencing their "responsible use guidelines." The WIRED story is here: http://www.wired.com/news/privacy/0,1848,45687,00.html (not by Declan)I asked them for their "guidelines" and was directed to their "privacy principles." http://www.visionics.com/newsroom/biometrics/privacy.html ...."In the months to come, the Company will work closely with federal legislators, privacy interest and industry groups to share its knowledge, experience and privacy protection principles pertaining to all applications of face recognition technology. The Company will continue to promote an improved public understanding of the creation, use and control of facial recognition systems and will support public policy that ensures that deployments of facial recognition are conducted in a way that upholds all privacy rights." [...] "Privacy rights" are based on legal doctrines, and not threats identifying activities that are considered privacy-invasive to the average person. The term "privacy rights" is not conducive to societal impact analysis or future technological advances. The International Biometric Industry Association position is that biometrics is "electronic code" and not personal information: http://www.ibia.org/privacy.htm The IBIA has always advocated protective legislation. For an idea of industry sentiment, the IBIA response to one California bill is here: http://www.ibia.org/newslett010606.htm (bill would have required a warrant.) The push for legislation is pre-emptive in nature. Curious to hear from our privacy advocates as to whether or not they have been contacted by Visionics for this initiative. Visionics has come under fire from within the biometrics industry. ~Aimee
Its too bad that they've never caught any criminals using these systems; if they had, they could have used one of those pictures. On Thu, Aug 09, 2001 at 10:55:04AM -0500, Aimee Farr wrote: | > Milliron's photograph was captured in June while he was | > on a lunch break in Ybor City. | > He didn't know it at the time, but the Police Department | > used his photo to demonstrate the system to local news | > media. | | That should violate their policy - if they have one. BIG TIME. As Richard Jewell might ask, "Yeah, so?" Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume
Shostack:
Its too bad that they've never caught any criminals using these systems; if they had, they could have used one of those pictures.
On Thu, Aug 09, 2001 at 10:55:04AM -0500, Aimee Farr wrote: | > Milliron's photograph was captured in June while he was | > on a lunch break in Ybor City. | > He didn't know it at the time, but the Police Department | > used his photo to demonstrate the system to local news | > media. | As Richard Jewell might ask, "Yeah, so?"
Adam
[I'm catching heat on the biometric biggies list now...below some of my comments...] If a background picture is used for an article and it produces a substantial falsehood because of the content of the story, courts have found that the relationship link between the use of a person's identity and the newsworthiness of the story is not satisfied. See, e.g. Metzger v. Dell Pub. Co., 207 Misc 182, 136 N.Y.S.2d 888 (1955) (picture as part of story on gangs, falsely portrayed plaintiff as gang member). However, realize the power of the First Amendment in more modern contexts..... Still, I still consider it in very poor taste. The police are not the media. Due to the concerns here, standards should be at the ceiling -- not the legal floor. Was that a "permissible purpose?" Or was that a secondary purpose the man did not anticipate when he walked past the "Smart CCTV" sign? I would argue that under well-established privacy principles, that was an impermissible use and secondary purpose. I don't think he anticipated being used as a "model." Permissible purpose is the cornerstone of information privacy. Is one permissible purpose not in their operation and use policy? Obviously not. Or, they ignored it. Or, nobody explained it to them. Or, they just didn't care? (Is the media report about how this came about deceptive?) Look, I've got celebrities being subjected to CCTV bounties. I'm seeing rogue surveillance footage on the Net as entertainment. Even wiretap surveillance. Any surveillance policy has to incorporate one permissible purpose. That content should never leave the scope of the security purpose. I don't think a "publicity purpose" qualifies. A subject's image is not marketing material. Furthermore, access to material outside of the security purpose and identified security personnel probably needs to include a subpoena. No, not even for demonstration. Many people would have considered this an incident of "data abuse." At the surface, and based on the media reports (again, suspect) this looks like a gross violation of public trust. ~Aimee
Aimee wrote: The International Biometric Industry Association position is that biometrics is "electronic code" and not personal information: http://www.ibia.org/privacy.htm The IBIA has always advocated protective legislation. For an idea of industry sentiment, the IBIA response to one California bill is here: http://www.ibia.org/newslett010606.htm (bill would have required a warrant.)
Why isn't automated video surveillance considered biometric? Isn't the point of biometric identification to reduce personally-identifiable features into a code which can be easily stored and referenced computationally? And if so, this video surveillance system, with its automated face recognition software, should be considered a form of biometric identification. Further, if the category "personal information" isn't just about medical history, financial records, etc., shouldn't it include photographs and video and voice? Obviously the IBIA demonstrating naivety when it says biometrics are simply "electronic code" and not personal information. (which reminds me of a speaker at biotech 2001 who advocated the sharing of all mri and xray images to futher research into computational biology -- as for privacy "we'll figure it out later".) The rest of the privacy policies of the IBIA (http://www.ibia.org/privacy.htm) are horribly off the mark as well. What about the concept of individual rights to provide/not provide data; insure that the $7/hour rent-a-cop is monitored to make sure he isn't using data illegally; insure data won't be used in applications/research not already agreed-to in advance by the individual; individual right to not have biometric information collected in the first place or even opt out of existing databases, etc. etc.? phillip
pz wrote:
Why isn't automated video surveillance considered biometric? Isn't the point of biometric identification to reduce personally-identifiable features into a code which can be easily stored and referenced computationally? And if so, this video surveillance system, with its automated face recognition software, should be considered a form of biometric identification.
It is biometric.
Further, if the category "personal information" isn't just about medical history, financial records, etc., shouldn't it include photographs and video and voice?
It should. Realize the IBIA has been very responsible, in comparison to other industries. They had some problems with the CA bill, but left a lot of the safeguards. The industry wants to see safeguards - but yes, they serve their own interests. Go look at the IBIA membership - where are the privacy advocate positions? They do have some noted advisors. They offer a membership for end-users but it is more expensive than one of their lower-tier vendors. I see the reasons for it, common in many industry associations. However, I wish more of them (specifically, the IBIA and the SIA - Security Industry Association) would establish formal advisory relationships with privacy advocacy groups. I advocate a *new* privacy advocacy group for security-privacy and surveillance.
Obviously the IBIA demonstrating naivety when it says biometrics are simply "electronic code" and not personal information.
:)
(which reminds me of a speaker at biotech 2001 who advocated the sharing of all mri and xray images to futher research into computational biology -- as for privacy "we'll figure it out later".)
That's a big medical privacy issue. Interesting cases on that. First Monday just had an interesting paper on blind research infomediaries...I was trying to turn it into something we had talked about privately...go over there an look....didn't look like it would work.
The rest of the privacy policies of the IBIA (http://www.ibia.org/privacy.htm) are horribly off the mark as well. What about the concept of individual rights to provide/not provide data; insure that the $7/hour rent-a-cop is monitored to make sure he isn't using data illegally; insure data won't be used in applications/research not already agreed-to in advance by the individual; individual right to not have biometric information collected in the first place or even opt out of existing databases, etc. etc.?
Ah, fair information code of practice - yes, indeed. However, security-privacy is a unique juncture. I argue that they should incorporate more of these standards. I don't like their principles approach. Show me exemplar guidelines that are comprehensive in nature. Show me a accountability. HYPO: -deleted as to too sensitive and cypherpunk-provoking- Sent to you privately. HYPO: Are we moving to a biometric crypto-passphrase? Good/bad? Why? HYPO: No hypo, but I just heard something about ANONYMOUS biometric digital cash. How the hell do you do that? ~Aimee
participants (3)
-
Adam Shostack -
Aimee Farr -
Phillip H. Zakas