Categories: Privacy

Police use of AI-based facial recognition – Privacy threats and opportunities !!

This article describes the issue of Police use of AI-based facial recognition technology, discusses why it poses a problem, describes the methodology of assessment, and proposes a solution 

The CBC reported on March 3[1]  that the federal privacy watchdog in Canada and three of its provincial counterparts will jointly investigate police use of facial-recognition technology supplied by US firm Clearview AI.

Privacy Commissioner Daniel Therrien will be joined in the probe by ombudsmen from British Columbia, Alberta, and Quebec.

Meanwhile, in Ontario, the Information and Privacy Commissioner has requested that any Ontario police service using Clearview AI’s tool stop doing so.[2]

The Privacy Commissioners have acted following media reports raising concerns that the company is collecting and using personal information without consent.

The investigation will check whether the US technology company scrapes photos from the internet without consent. “Clearview can unearth items of personal information — including a person’s name, phone number, address or occupation — based on nothing more than a photo,” reported the CBC.[1] Clearview AI is also under scrutiny in the US, where senators are querying whether its scraping of social media images puts it in violation of online child privacy laws.

In my opinion, there are three factors that could get Clearview AI, and its Canadian clients, in hot water. Here are the issues as I see them:

  1. The first issue: Collecting and aggregating data without consent. Even though the photos may have been procured under contract from social media networks, the linking of database photos to demographic information is a big no-no from an individual privacy perspective. Facebook’s infamous experience with the now-dissolved Cambridge Analytica was another example of data being repurposed. It’s possible that, through “contract engineering” (drafting complex contracts with lots of caveats and conditional clauses), Clearview has gained contractually permissible access to Canadians’ photos. However, linking that data with demographic information would be considered a violation of Twitter and Facebook’s terms of use.
  2.  The second issue: Not providing evidence of a Privacy Impact Assessment. A Privacy Impact Assessment is used to measure the impact of a technology or updated business process on personal privacy. Governments at all levels go through these assessments when new tools are being introduced. It’s reasonable  to expect that Canadian agencies, such as police services, would go through the federal government’s own Harmonized Privacy and Security Assessment before introducing a new technology.
  3. The third issue: Jurisdiction. Transferring data about Canadians into the United States may be a violation of citizens’ privacy, especially if the data contains personal information. Certain provinces, including British Columbia and Nova Scotia, have explicit rules about preventing personal data from going south of the border.

How will Privacy Commissioners decide if this tool is acceptable?

The  R v. Oakes four part test [3] will be used to assess the tool’s impact. This requires considering the “four part test” used by courts and legal advisors to ascertain whether a law or program can justifiably intrude upon privacy rights. The elements of this test: necessity, proportionality, effectiveness, and minimization. All four requirements must be met.

My assessment of the use of Clearview AI’s technology from the Oakes Test perspective:

  1. Necessity: Policing agencies will have no problem proving that looking for and identifying a suspect is necessary. However …
  2. Proportionality: Identifying all individuals, and exposing their identities to a large group of people, is by no means proportional.
  3. Effectiveness: The tool’s massive database might be effective in catching suspects; however, known criminals don’t usually have social media accounts.
  4. Minimality: Mass data capturing and linking doesn’t appear to be a minimalistic approach.

The federal Privacy Commissioner publishes its methodology at this link[4].

Are there any solutions?

Yes, AI-based solutions are available. Here at KI Design, we are developing a vision application that allows policing agencies to watch surveillance videos with everyone blurred out except the person for whom they have surveillance warrant. For more information, reach out to us.

References:

  1. https://www.cbc.ca/news/canada/windsor/windsor-police-clearview-ai-1.5483550
  2. https://www.ipc.on.ca/information-and-privacy-commissioner-of-ontario-statement-on-toronto-police-service-use-of-clearview-ai-technology/
  3. https://scc-csc.lexum.com/scc-csc/scc-csc/en/item/117/index.do
  4. https://www.priv.gc.ca/en/privacy-topics/surveillance/police-and-public-safety/gd_sec_201011/
Categories: Privacy

Open Media: What do you think Lithuania, Estonia, Malta, and the Netherlands have in common?

Defend Border Privacy

This post simply is broadcasting Open Media’s Message. 

What do you think Lithuania, Estonia, Malta, and the Netherlands have in common?

What if I told you they’re in a list of countries whose citizens’ private data receive greater legal protection from the U.S. than Canadians’ data does? 1

We share a lot with our neighbours to the south: we’re the U.S.’s second biggest trading partner, and we share the world’s longest international border. We also share data – lots of it.

Everything from your financial status, to your medical history, your sexual orientation, and even your religious and political beliefs — information that can reveal all these things is frequently shared with the U.S by our own government.

But one thing we don’t have is any serious legal protection for our private, personal data.

Right now, I’m asking you to take action to put an end to this. Stand up and demand that our own government fight for our privacy and security!

Here’s how I know this is going to work.

Just last month, in the wake of an Executive Order from President Trump removing Privacy Act protections from foreigners, we sent an urgent letter of concern to the Office of the Privacy Commissioner.

Not only did he reply to say he shared our concerns that there is “a significant gap in protection of Canadians’ personal information south of the border,” he also wrote directly to three key ministers, calling on them to ask their U.S. counterparts to add Canada to a list of countries that are given significant additional protections under the U.S. Privacy Act.2

Now we need to move urgently to add crucial pressure. Our actions are clearly working, but if we don’t follow through this victory could slip through our fingers.

Add your name to the letter to these key ministers, and show them that there is huge public support behind this call.

The stakes are huge: right now, there are simply zero protections for our personal, sensitive information when it is shared with the U.S.

Canadians have had their personal or professional lives ruined due to information disclosures, despite never having broken the law. Some have faced career limitations, while others have had to deal with travel restrictions.3

And refugees, Muslims, and other vulnerable minorities are more at risk now than ever before.4 These concerns are compounded by the Trump administration’s openness to returning to torture policies.5 It means we could see many more cases like that of Maher Arar.

So please, take a minute to add your voice to this urgent call and help get these vital protections for our most personal information.

Thanks for everything that you do.

Victoria with OpenMedia

P.S. We need sustained pressure alongside long-term campaigning to get desperately-needed privacy protections like these made into law. Another great way to support this work is by making a small monthly contribution. Thanks again!

Footnotes

  1. Judicial redress act of 2015: The United States Department of Justice
  2. Commissioner’s letter to the ministers of Justice, Public Safety and Defence calling for greater protection of Canadians’ privacy rights in the U.S.: Office of the Privacy Commissioner of Canada
  3. ‘No judgment, no discretion’: Police records that ruin innocent lives: The Star
  4. Trump threatens to publicly release private data of immigrants and foreign visitors, ACLU responds: Boingboing
  5. Can Trump Bring Back Torture?: The Atlantic

We are an award-winning network of people and organizations working to safeguard the possibilities of the open Internet. We work toward informed and participatory digital policy.

You can follow us on Twitter, and like us on Facebook.

Categories: Privacy

Laws for Big Data

What would a law about big data say?

After participating with the Privacy Commissioner of Canada’s consultation on consent, and reading about Ontario’s privacy commissioner reflection on the drivers for a legal change.

I tell you that it wont be easy.

I will be writing about this shortly for now, I will simply ask the question.