Security Resources

Obscurity and the Impending Video Analytics Debate

user_womanThere was a good article in the Atlantic recently on the subject of privacy, and specifically, how the concept of obscurity is often a better way to think about data in our highly connected world. It primarily addresses the new “Graph Search” that Facebook is rolling out, but there are broader comments that have relevance to physical security professionals.

From the article:

“While many debates over technology and privacy concern obscurity, the term rarely gets used. This is unfortunate, as ‘privacy’ is an over-extended concept. It grabs our attention easily, but is hard to pin down. Sometimes, people talk about privacy when they are worried about confidentiality. Other times they evoke privacy to discuss issues associated with corporate access to personal information. Fortunately, obscurity has a narrower purview.

Obscurity is the idea that when information is hard to obtain or understand, it is, to some degree, safe. Safety, here, doesn’t mean inaccessible. Competent and determined data hunters armed with the right tools can always find a way to get it. Less committed folks, however, experience great effort as a deterrent.”

The article goes on to mention video analytics technologies that are still coming into their own:

“Likewise, claims for ‘privacy in public,’ as occur in discussion over license-plate readers, GPS trackers, and facial recognition technologies, are often pleas for obscurity that get either miscommunicated or misinterpreted as insistence that one’s public interactions should remain secret.”

It is safe to expect legislation restricting the type and use of data collected in public spaces, but opinions vary widely about how the laws will be crafted, enforced, and how well they will hold up under challenge. Consider a few possible use-cases for video analytics and whether they might run afoul of laws designed to protect citizens’ rights:

  • Facial recognition software in retail stores that alerts employees to the presence of a potential shoplifter, based on a database of suspects (previously apprehended or captured on video), developed and stored on the retailer’s private network.
  • As above, but using a database of “suspects” compiled collaboratively with multiple retailers, and shared between them.
  • License plate recognition software placed at the entry/exit of a hotel parking ramp, mall parking lot, or even a neighborhood.

Clearly, these applications could greatly enhance an active security program, improve the quality of evidence, and, over time, create additional deterrence. The problem is that while the “data” has been gathered for years via cameras connected to recording equipment, the ease of use and availability thanks to video analytics changes the conversation. In other words, the level of obscurity is diminishing, which is likely to disturb privacy advocates – especially as the use of the data makes headlines and appears more often in litigation.

Organizations using video analytics today must plot their own course. A previous post referenced proposed FTC facial recognition guidelines – but we’re a long way from adoption. For better or worse, the limits on this technology are likely to be decided in the courts. My hope is that we strike a good balance, allowing careful and effective use that better protects us all. Integrators and end-users can do their part by considering each project from a private citizen’s point of view prior to implementation. Exposing too much data, or using it too aggressively is certain to bring the wrong kind of attention.

More reading on this subject can be found here:

Electronic Privacy Information Center (EPIC)

FTC Guidelines

Face Recognition Homepage