Boston Police Used Facial Recognition Software To Grab Photos Of Every Person Attending Local Music Festivals
from the can't-fight-terrorism-without-lots-and-lots-of-pictures dept
Once again, the government is experimenting on the public with new surveillance technology and not bothering to inform them until forced to do so. Boston's police department apparently performed a dry run of its facial recognition software on attendees of a local music festival.
Nobody at either day of last year's debut Boston Calling partied with much expectation of privacy. With an army of media photographers, selfie takers, and videographers recording every angle of the massive concert on Government Center, it was inherently clear that music fans were in the middle of a massive photo opp.While no one expects their public activities to carry an expectation of privacy, there's something a bit disturbing about being scanned and fed into a database maintained by a private contractor and accessible by an unknown number of entities. Then there's the problem with the technology itself which, while improving all the time, is still going to return a fair amount of false positives.
What Boston Calling attendees (and promoters, for that matter) didn't know, however, was that they were all unwitting test subjects for a sophisticated new event monitoring platform. Namely, the city's software and equipment gave authorities a live and detailed birdseye view of concertgoers, pedestrians, and vehicles in the vicinity of City Hall on May 25 and 26 of 2013 (as well as during the two days of a subsequent Boston Calling in September). We're not talking about old school black and white surveillance cameras. More like technology that analyzes every passerby for height, clothing, and skin color.
Ultimately, taking several thousand photos with dozens of surveillance cameras is no greater a violation of privacy than a single photographer taking shots of crowd members. The problem here is the cover-up and the carelessness with which the gathered data was (and is) handled.
First, the cover-up. Like many surveillance programs, this uses the assumed lack of an expectation of privacy as its starting point. But this assumption only works one way. The public can only expect a minimum of privacy protections in public, but law enforcement automatically assumes a maximum of secrecy in order to "protect" its investigative techniques.
In this particular situation, careless security dovetails directly into the cover-up. Boston's Dig website came across a ton of data, documents and captured video from this program just laying around the web.
Dig reporters picked up on a scent leading to correspondence detailing the Boston Calling campaign while searching the deep web for keywords related to surveillance in Boston. Shockingly, these sensitive documents have been left exposed online for more than a year. Among them are memos written by employees of IBM, the outside contractor involved, presenting plans to use "Face Capture" on "every person" at the 2013 concert. Another defines a party of interest "as anyone who walks through the door."'Guilty until proven innocent" remains the mantra of mass surveillance. Here, a "person of interest" is also just an "attendee." They are inseparable until the software has done its sorting, and even then, the non-hit information is held onto for months or years before being discarded.
Beyond the documents, there's the captured video, much of which remains online and accessible by the general public.
[M]ore than 50 hours of recordings — samples of which are highlighted herein as examples — remain intact today.Dig gathered up all of this info and confronted the Boston Police Department about its involvement in this project.
Reached for comment about “Face Capture” and intelligent video analysis, a Boston Police Department spokesperson wrote in an email, “BPD was not part of this initiative. We do not and have not used or possess this type of technology.”A normal denial and generally solid… except for one thing.
The Boston Police Department denied having had anything to do with the initiative, but images provided to me by Kenneth Lipp, the journalist who uncovered the files, show Boston police within the monitoring station being instructed on its use by IBM staff.The outing of these documents forced the city to acknowledge its participation.
In response to detailed questions, Kate Norton, the press secretary for Boston Mayor Marty Walsh, wrote in an email to the Dig: “The City of Boston engaged in a pilot program with IBM, testing situational awareness software for two events hosted on City Hall Plaza: Boston Calling in May 2013, and Boston Calling in September 2013. The purpose of the pilot was to evaluate software that could make it easier for the City to host large, public events, looking at challenges such as permitting, basic services, crowd and traffic management, public safety, and citizen engagement through social media and other channels. These were technology demonstrations utilizing pre-existing hardware (cameras) and data storage systems.”The city claims it's not interested in pursuing this sort of surveillance at the moment, finding it to be lacking in "practical value." But it definitely is interested in all the aspects listed above, just not this particular iteration. It also claims it has no policies on hand governing the use of "situational awareness software," but only because it's not currently using any. Anyone want to take bets that the eventual roll out of situational awareness software will be far in advance of any guidance or policies?
Better security is also a must and Boston's -- despite recent events -- seems to be full of holes.
Similarly, [Dig's Kenneth Lipp] easily found his way into lightly secured reams of documents that include Boston parking permit info, including drivers’ licenses, addresses, and other data, kept online on unsecured FTP servers.Government entities roll out pervasive surveillance programs, almost exclusively without consulting the public, and expect citizens to trust them with the data -- not only what they share and whom they share it with, but to keep it out of the hands of criminals and terrorists. But Boston (and IBM) have proven here that this trust is wholly undeserved.
“If I were a different kind of actor, a malicious state actor, I could pose a significant threat to the people of Boston because of what I have in the folder.”
When the Boston PD lied about its involvement, I'm sure it expected any damning info to be safely secured. Now that it knows that's not true, I wonder if it will be more careful in the future, both with the data it collects on its own as well as its partnerships with third parties.
Unfortunately, as with any mass surveillance, the ease of collecting it all turns everyone into a suspect until proven otherwise. Better targeting and stricter data minimization rules would mitigate this somewhat, but those deploying these programs usually feel it's better to have it all… just in case.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: boston calling, boston police, face recognition, music festival, police
Reader Comments
Subscribe: RSS
View by: Time | Thread
[ link to this | view in chronology ]
Re:
Orwell didn't miss the mark by 30 years... This stuff has been going on for a long time, slowly ramping up to what it is today with the drop in the cost of the technology. Hell, people were saying the same thing in the 80's and early 90's. Orwell just missed the pervasiveness and subtle implementation of the technology to the point that most people didn't realize it until it was already there.
The cost of surveillance cameras and the technology to run them is so low that many residents can purchase the equipment to monitor their own property for significantly less than $500. Used to be the only people with cameras were big businesses, the government, and crime syndicates. You'd be hard pressed to find someone who doesn't have a webcam pointed at their mailbox now...which is surprising that people still do mail-theft any more.
As prices continue to drop, there is more you can do with the technology, and corporations will continue to explore.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Bad things happen.
Society seems to have this idiotic idea that all bad things can totally be prevented, and demand it be done.
Government takes this ball and runs with it, using the memory of the bad thing to get Society to accept it.
More and more of our alleged rights that are supposed to be protected are taken away.
This makes keeping our rights more secure, because we HAVE NONE.
Anyone figured out we are like an abused wife yet?
Perhaps it is time to admit, bad things will happen.
We can not stop every bad thing.
We should stop focusing on the single bad act, but rather what lead to it being possible.
People who are clearly mentally ill are dumped on the streets, because we destroyed the system to help them.
Saving a couple bucks in taxes (which never really stayed in our pockets anyways) set a bomb in motion.
We pour unlimited amounts of cash into programs to keep us safe, that do no such thing. We are not safer because of the TSA, we are in more danger. Gangs of TSA agents rob the public, abuse their power unchecked, we are exposed to untested technology that could have future ramifications because a couple planes were hijacked.
The mission keeps expanding stealing more rights and tax dollars lining the pockets of companies who will make their dreams of a star wars solution happen.
We collect all the data we can get our hands on, and trust that corporations will not sell that information to make a buck. We need to stop believing in Santa and admit the abuse this makes possible outweighs ANY benefit.
They lie to us about what they are doing.
This is trickling down to every level, destroying what little faith we still had in those charged with protecting us, because they lie, cheat, steal with NO repercussions beyond soundbites trying to justify our "betters" actions in violation of the law of the land.
Still more likely to be killed by a cop than a terrorist.
Perhaps we need to look at the definitions we are using, stop acting out of fear, and allow rational thinking back into the room.
[ link to this | view in chronology ]
The coverup is almost always worse than the crime
If they really weren't doing anything wrong here, why lie about it? Why not just tell the public what they were doing and who was involved?
Of course even giving them every benefit of the doubt, even believing, for one second that they have nothing but good intentions, and would not for even a moment consider turning such a system against the public, the fact remains: it does not matter.
Once the system is in place, it will expand in scope. What might be unthinkable today might not be seen as such a few years, or a decade in the future, because after all, 'the infrastructure is already there, why not use it?' And come on now, who could argue against using such a system to track and/or stop terrorists... or criminals... or suspected criminals... or potential criminals...
For systems or programs like this, 'What could it be used for?' is just as, if not more important than 'What it's meant, currently, to be used for', because once they are in place, getting rid of them is all but impossible.
[ link to this | view in chronology ]
Re: The coverup is almost always worse than the crime
They need to play by the same rules.
Police don't get to use state secrets to hide things, if it is using public funds they need to be forced to be open about it and if they fail to do so the penalty needs to be strict and not overturnable by some arbitrary arbitrator.
If you are unwilling to tell the public what you are doing, that pretty much should be the glowing warning light that you shouldn't be doing it... and if you compound it by lying...
[ link to this | view in chronology ]
Re: The coverup is almost always worse than the crime
Because, deep down, they know that they are doing something wrong.
As someone said, nearly 2000 years ago:
"Men loved the darkness... because their deeds were evil. For every one that doeth evil hateth the light, neither cometh to the light, lest his deeds should be reproved."
[ link to this | view in chronology ]
Re: Re: The coverup is almost always worse than the crime
[ link to this | view in chronology ]
Re: The coverup is almost always worse than the crime
If the answer is "it cannot be abused in anyway" then it's all good, if not you need to implement safety measures (ie: the 3 Powers, the Constitution etc).
[ link to this | view in chronology ]
No greater violation?
I take issue with that - in a world where technology enables the data to be analysed automatically.
The single photographer will at most identify people who were there. The surveillance cameras - combined with modern technology - enable all your movements to be identified and tracked automatically, timestamped etc etc. This IS a bigger violation of privacy.
[ link to this | view in chronology ]
Re: No greater violation?
With one, they can tell where you are at that moment, but not really anything else. With multiple photos, spaced out in time and location, and you can pretty easily track where a person goes and when, based upon location and time data attached to the photos.
[ link to this | view in chronology ]
Re: No greater violation?
[ link to this | view in chronology ]
If I get satisfactory answers to all of those, then I'm ok with this. If the collective answer is "move along citizen." then this is not ok.
[ link to this | view in chronology ]
Re:
Me.
how it is secured
It wasn't, that's how I got it, but MY copy is held securely on a system not connected to the internet and protected by an encrypted drive array.
what the record retention policy is
I intend to keep these records forever, but there is a chance that both my primary and backup systems will fail at some point.
what my options are to have myself removed from them
You are pretty much f***ed if you want to get your information removed.
who has access to them
Just me and anyone that can pay me enough for the information. Your information, in particular, is somewhat worthless (your porn habits are even boring), but if someone had a few bucks, they can have a copy. You may find yourself being included in the data I am selling to the DEA - those guys seem to want everything.
[ link to this | view in chronology ]
Ultimately, taking several thousand photos with dozens of surveillance cameras is no greater a violation of privacy than a single photographer taking shots of crowd members.
-
Really? No different...Tim? The lone Photographer does not send his pics to a back end system that may trigger a SWAT response when your pic wrongly hits on a fugitive.
[ link to this | view in chronology ]
Re: Ultimately, taking several thousand photos with dozens of surveillance cameras is no greater a violation of privacy than a single photographer taking shots of crowd members.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
When we see a guy in a Darth Vader mask, we will know it is you.
- the NSA
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re:
They were spending to much time chasing a guy who died in 1606.
[ link to this | view in chronology ]
very soon the cameras
[ link to this | view in chronology ]
Unless the cameras are used in coordinated fashion to follow you around as you move about the city. Then it becomes like stalking.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
[ link to this | view in chronology ]
The difference
I disagree. I think the difference is enormous, and is can very well be (and likely is) that the widespread, institutional surveillance is a greater violation of privacy than a single photographer.
The invasion would be the same if the single photographer was taking thousands of pictures through dozens of cameras, performing face recognition on them, and entering all that data into a database that is linked with, and shared with, governmental agencies.
The most severe privacy invasions happen in the database, not in the camera.
[ link to this | view in chronology ]
Re: The difference
When ALPRs, private business security systems, surveillance drones, cellphone GPS logs, and FRS systems are linked, a single query to the system wouldn't be returning pictures: it would be returning the frames of a film.
[ link to this | view in chronology ]
Concert video online?
(Does this mean we can now enlist the RIAA in the fight against government surveillance?)
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Except for police body cameras and GPS tracking of squad cars. Because those present serious privacy and financial concerns.
I think there's a word for that...
[ link to this | view in chronology ]
And yet...
[ link to this | view in chronology ]
What's wrong with Boston?
[ link to this | view in chronology ]