Archive for the 'Philosophy of Privacy' Category

If We Care For Survivors, Surveillance Technologies Must Be Heavily Regulated

By Christopher Sheats

 

In Seattle tomorrow, City Council will be discussing Surveillance Ordinance amendments originally proposed by ACLU of Washington and watered down by the council. The Surveillance Ordinance would be incredibly deficient if we passed these amendments. Of primary concern, there are multiple exemptions that are *crazy* if you were to juxtapose a United Nations privacy report.

Surveillance technology does not include:

(a) technology used to collect data from individuals who knowingly and voluntarily consent to provide, or who do not avail themselves of an opportunity to opt out of providing, such data for use by a City department;

(b) social media sites or news monitoring and news alert services;

(c) a body-worn camera;

(d) a camera installed in or on a police vehicle;

(e) a camera installed in or on any vehicle or along a public right-of-way used to record traffic patterns or traffic violations or to otherwise operate the transportation system safely and efficiently, including in any public right-of-way;

(f) a camera installed on City property for security purposes;

(g) a camera installed solely to protect the physical integrity of City infrastructure, such as Seattle Public Utilities reservoirs; and

(h) routine patches, firmware and software updates, and hardware lifecycle replacements.

In February, I spoke along side ACLU of Washington lawyers, University of Washington lawyers, and a domestic violence survivor at a public hearing in our state capitol to support an ACLU bill limiting Automatic Licence Plate Readers. Domestic violence survivors’ privacy, specifically their physical location privacy, is paramount to them and their families. Further, many survivors are victims to police men and women, making this under-served population a critical voice in discussions concerning surveillance technologies. At the hearing, A women with incredible courage showed up to educate the committee about her and the other 5,000+ Address Confidentiality Program participants. With permission, below is her testimony.

As content on our website is licensed using Creative Commons, please feel free to use share her testimony to further privacy rights.

Madame Chair, and members of the committee,

I am here today to discuss a part of my life so terrifying that, at times, I have actually contemplated writing a horror movie script.

Please forgive me, but by the end, it will make sense to today’s hearing.

I am here as a participant in the Washington State Address Confidentiality Program, ACP for short.

You will never understand, nor will I ever be able to convey the fear and torment that one individual can deliver. His words are still etched in my mind: “No woman is going to tell me, a man, what to do.” When trying to end a relationship, what I got in return was physical abuse and psychological terror. I would see him outside my home, my work, at my children’s school or stalking me in my rear-view mirror.

At times, he would convey to me each and every way or place he could have killed me that day.

I discovered that he had made duplicate keys of both my home and my car. Changing door locks didn’t matter. He still got inside. He was letting me know that he was in control.

My oldest son and I would eventually bobby trap our doors when we left, to more easily determine if he might be inside when we returned.

And though time, our much-loved pet cats disappeared one by one.

I lived through death and kidnapping threats to my children’s lives. I feared for my own life.

And in utter, desperate fear one night, I called a helpline, told them of my situation, and was advised to leave the state immediately. I did. On their advice, I gave my house keys to a friend, told nobody where I was going, put my kids and some clothes in my car, and drove to a state where I was offered protection.

I thank you so very much WA for the ACP. I no longer have to be afraid. It took me months but I no longer have to fear looking in my rear-view mirror.

This is hopefully the end of my desperate story.

But now, I want you to clearly understand one implication of unrestricted ALPR technology
I am here representing a vulnerable part of society, those who live in domestic violence situations. My ex-boyfriend kept telling me that he had connections to the police department, that there was no place to hide.

What if that was true? What if someone like me, couldn’t hide ever?

With unrestricted and retained ALPR data that becomes a real possibility.

I want you to consider the lives of spouses of law enforcement who might be in a domestic violence situation. My tale of torture existed because my stalker knew where I lived. Please protect your citizens, all your citizens, from potential location abuse. Please put restrictions on ALPR data.

Exploring privacy in public spaces

What should I expect–as a matter of privacy–in public spaces? The City of Seattle, my home, recently accepted more Department of Homeland Security grant money to expand its existing DHS-funded wireless mesh and surveillance network to include cameras and facial recognition software.

Although I know city officials are trying to use technology to enhance the functionality of the city, there are many privacy-impacting technologies, like our plethora of transportation tracking mechanisms, that make me feel like they want to track my every move. What does it all mean? Is it wrong to feel uneasy about public surveillance?

In this exploratory article, I will apply some critical thought to the issue of personal privacy.

The concept of personal privacy is easily grounded in our idea of a home. A juxtaposition might be spending time in a public space, such as walking down the street or relaxing in a local park. This simple scale of privacy would look like this:

  • relaxing at home (high expectation for privacy)
  • relaxing in a public park (low expectation for privacy)

Fortunately, life is not as simple–or as constant–as living privately at home and hanging out in public. Depending on how you live your life, many circumstances and factors impact your personal privacy. It seems prudent to identify the non-linear constants in order to shape the scope of personal privacy. At a glance, privacy appears to be relative to the expectations of any given culture, and then further defined by any person. Here are a few generalized cases:

  • personal bathroom (high expectation for privacy)
  • intimate actions with another
  • relaxing at home
  • driving a personal vehicle on a public road
  • relaxing in a public park
  • presidential speech
  • pornography (low expectation for privacy)

These cases and their order will not be the same for every person. However, there are several observable and quantifiable constraints that shape these cases that probably will be applicable to many more people, and I will attempt to define these constraints:

  • physical security (PS) – how open to physical touch are you?
  • visible security (VS) – how open to visual inspection are you?
  • time of privilege (ToP) – when (an explicit or implicit range of time) is it okay to impede upon your PS or VS?
  • space of privilege (SoP) – in what physical spaces, or what obstacles, affect your PS and VS?

The role of privilege appears to provide the structure to any given notion of personal privacy. Fundamentally, there appears to always be some aspect of privilege in any circumstance, and every circumstance requires some form or privacy for psychological stability and physical safety. Let’s go a step further by defining and applying a sub-scale:

  • 4: you and only you are allowed (examples: you and only you)
  • 3: one-to-few persons that are explicitly defined as having an explicit purpose, and are allowed only during an explicit amount of time in an explicit amount of space (examples: intimacy with a loved one at home, a visit to the doctor at their office, or a meeting with your lawyer at their office)
  • 2: one-to-many persons, including automated systems, having implicit expectations, may have temporary PS or VS access but still limited in ToP and SoP (examples: attending a music concert, shopping at the mall, or dancing with friends at a club)
  • 1: anybody, including automated systems, has full PS or TS access, but still limited in ToP and SoP (examples: performing on stage, recording yourself for a YouTube video, Tweeting publicly)

There doesn’t appear to be any measurement that does not have a basic expectation of personal privacy due to the requirements of “time of privilege” and “space of privilege”. As intelligent and reactionary individuals, our expectations of privacy are extremely dynamic and are always based on the outcome of our expected actions, particularly where we are and why we are there. Once we end any given action, in any given space, our privacy expectations will vary depending on what we expect is next. Applied:

  • personal bathroom: PS-4, VS-4
  • intimate actions with another: PS-3, VS-3
  • relaxing at home: PS-3, VS-3
  • driving a personal vehicle on a public road: PS-4, VS-2
  • relaxing in a public park: PS-4, VS-2
  • presidential speech: PS-3, VS-1
  • pornography: PS-3, VS-1

With these cases, it is apparent that physical security has a certain priority over visual security, probably because people are generally more careful with what they allow people to physically do with them (risk of injury) versus what people are allowed to see. Again, this is relative to where certain people are and for how long certain people are there.

Privilege

A special advantage, immunity, permission, right, or benefit granted to or enjoyed by an individual, class, or caste.

Society has helped shape my understanding about sex, in that the act is very special and should always be protected. It is an event that is so sensitive that it requires physical exclusivity with that person. The complex nature of privacy requires the notion of privilege, an extremely important requirement in order to have an intimate relationship with another individual. Ordinarily, my partner should have cost me a great deal of time and energy to develop trust and understanding. Through relationship building, my partner and I are able to take part in acts with each other that, ideally, no one else in the entire world is supposed to be involved with. That being said, it still only gets a score of 3 for “physical security” and 3 for “visual security”.

Having intimate relations with another person still does not rival the time (ToP) and space (SoP) that I allot myself when I use the bathroom. No one can bother me there. In my bathroom, I can take a shower and be allowed to independently think and relax, be able to utilize the toilet, or be able to calmly take care of myself in front of my mirror. I have explicit privilege to all aspects of myself in this space. This level of privilege is not easily or willingly jeopardized, and is why it gets a score of 4 for “physical security” and 4 for “visual security”.

With these two cases, it is clear to me that the notion of both physical and visual security, shaped by time and space, are inherently important in order to define the context of privacy. Privilege is an expectation set by me that defines the rules for what I am willing to share with others during explicit amounts of time and space, and this all amounts to personalized privacy.

When I am at home, either by myself or shared with my friends and family, privilege is automatically extended to specific people that I have developed specific levels of trust. This trust is not always mutual, but it is trust that I extend to others nonetheless that is based on my expectations.

Considering more moderate situations of privilege, entering the “public sphere” means that I am leaving an explicitly trusted space. Concepts such as “access” and “trust” become more passive, implicit, and dynamic. We withhold more physical access privileges while passively accepting an increase in visual access, meaning that we are willing to give up a certain level of visual security in order to accomplish specific tasks. Basically, in public, we extend access to ourselves more often, but it is not given out as deeply. This is why “driving a vehicle on a public road” and “relaxing in a public park” have the same level of physical security as being alone in your “personal bathroom“, while it has the lower visual security that is exclusive to day-to-day action in the public sphere.

The internet is vastly different

Both private and public aspects of the Internet play critical roles in my life. I use implicitly-public internet mediums everyday in order to access and share information, probably more than most people due to my addiction to Twitter and my desire to stay connected with worldly events. And since I don’t use a cell phone, all of my personal communication with my friends and family are sent and received via digital networks using implicitly-private internet mediums.

Fundamentally, physical security becomes two things online, one of which is the security of my physical location, something that can be exposed either by automated processes such as GPS information, or by me sharing my whereabouts accidentally or on purpose. Physical security considerations also include the general maintenance and storage of information, either “data at rest” (i.e.: databases) or “data in motion” (i.e.: data transfer). Visual security is dramatically different online. The information that I consume and/or share is explicitly or implicitly indicative of my individuality, all of which can not only be seen by a huge amount of people, but it is copied, stored, and later seen by, possibly, a similarly huge amount of people.

Together, physical and visual insecurity, uniquely made possible by the internet, is the permanent exposure of my thoughts. The consequences of sharing information via digital mediums goes beyond anything that our human brains are capable of understanding.

Information security has three requirements for proper care, commonly defined as the “CIA triad“:

  • Confidentiality – Is the information only accessible to the right people?
  • Integrity – Is the information authentic and unchanged?
  • Availability – Is the information always accessible to the right people?

These requirements are deeply entangled with personal privacy and the protection of privilege. If the security of my information is not maintained, then information about me will be at risk for exposure which fundamentally violates my personal privacy. Online privilege can then be determined by explicit access controls that I set which is grounded by a personally determined understanding of consequences when information is exposed to anyone beyond me. The problem with controlling privilege online is that it’s nearly impossible to do.

Internet-based social networking is extremely popular. Over time, my social profiles require me to make a copy of my highlights, my achievements, my problems, my story; all of these unique and interesting things about me that help distinguish me, all of these things that prior to the internet only existed on a one-on-one basis with a very select amount of people. With internet-based social networking, my persistent profiles are not only available for everyone to see 24/7, but the companies that I entrust my story with can make a copy, can sell a copy, or can hand a copy over to anyone it thinks is justified. The real-time stories about my life, how I think, what I hate, who I love–the deeper notions of my individuality are brought out when I converse with people that I explicitly trust or want to trust. The companies that I have to trust when I want to connect with people get a permanent copy–a permanent version of me.

For the internet to work for me, I have to provide it something that goes dramatically beyond what I’m used to giving out. I have to give the internet my thoughts, and it’s not as simple as it sounds. The internet gets a copy of what I think, when I think it, how I think it, and worst of all, anyone who can see my thoughts and the meta-information about my thoughts gets to write it all down, permanently, for their own personal records. Fundamentally, I have to forfeit the security of my thoughts in order to use the internet.

Offline, a very controlled amount of people are able to have a copy of my thoughts. The probability of being able to maintain the control of my thoughts is vastly improved when I know that once I say something or share my feelings–shaped by an emotionally connecting expression–I don’t have to worry about those things being misused or mishandled.

When I make a status update online, write a comment, or send a message, people don’t get an emotionally connecting expression. People don’t get to simply remember what I say or how I say it. People–potentially many more than intended–can save it, can come back to it at any time in the future, and can think about it in new and unexpected ways because the state of that information will not change even though people do.

Surveillance

Close observation of a person or group, especially one under suspicion.

Surveillance is fundamentally a combination of search and seizure. When it comes to internet, telecommunications, or audio and video surveillance, you can not search something unless you seize it first. Spying is the act of looking at people and the information that they create that was not explicitly intended to be shared. In order to spy on people, other people have to compromise the confidentiality of me or my things. A compromise of confidentiality means a compromise in personal security. Surveillance should never be tolerated by a society if performed outside of the scope of explicit criminal inquiry.

Like the majority of commonly-privileged Americans, I do not actively perceive physically or visually violating search or seizure of my person or property in such a way that negatively affects my life. However, Edward Snowden has brought to light many facts that show that our government is actively violating my first and fourth amendment rights. This situation is the most pervasive example that any of us in our entire lives will ever indirectly experience. This situation is exactly why my rights are written down on the documents that founded this country, because the people that directly experienced persecution from Brittan in the 1700’s attempted to proactively protect the citizens of this country. This situation must be fixed in order to avert the slippery-slope conditions that make a tyranny possible.

I think that there is a clear difference between being watched given any particular activity, the recording of that activity, and further its long-term retention. Storing specific information about where I am, what I am doing, and with whom I am doing something with is a far more potentially damaging act than simply watching me and forgetting about me.

Conclusion

What does is mean when Seattle’s government takes money from a federal government grant program that came to be following a major terrorist attack? Has Seattle’s government lost its ability to keep the peace, or does it simply, fundamentally, not trust its citizenry? If Seattle’s government continues with the installation of cameras and facial recognition software, it is a demonstration of illegitimacy. Mass surveillance is terrorism, because it concisely says to the public, “You are the enemy.”

The circumstances of your life determine your privileges. Privacy is something that you always have and that you have to work to keep in order to protect your privileges, especially in public spaces where your security carries greater risk. If you have to request privacy from someone who inherently doesn’t care about you, then you have already been stripped of your privileges and you should reject this completely because you should not forfeit your identity, your intentions, or your thoughts so willingly. The exception to this is when you commit a crime, something defined by society as being counterproductive to a stable society. You are innocent until proven guilty because implicit trust is fundamental to a stable society. Your identity and your thoughts are what allow you to exist as an individual. The large majority of people want to do the good and right thing in any social context. Just because a small amount of society chooses to do the opposite does not justify the compromise everyone’s individuality and the devolution of a stable society.