Rendering CCTV (Somewhat) More Transparent

CCTV meets consumerismIn a conversation with Prof. Andrew Clement this summer we got talking about the ever-increasing deployment of CCTV cameras throughout Canada. The conversation was, at least in part, motivated by the massive number of cameras that are being deployed throughout Vancouver with the leadup to the 2010 Olympic games; these cameras were one of the key focuses of the 10th Annual Security and Privacy Conference, where the BC Privacy Commissioner said that he might resign if the surveillance infrastructure is not taken down following the games.

I don’t want to delve into what, in particular, Prof. Clement is thinking of doing surrounding CCTV given that I don’t think he’s publicly announced his intentions. What I will do, however, is outline my own two-pronged approach to rendering CCTV a little more transparent. At the onset, I’ll note that:

  1. My method will rely on technology (augmented reality) that is presently only in the hands of a small minority of the population;
  2. My method is meant to be more and more useful as the years continue (and as the technology becomes increasingly accessible to consumers).

The broad goal is the following: develop a set of norms and processes to categorize different CCTV installations. Having accomplished this task, a framework would be developed for an augmented reality program (here’s a great blog on AR) that could ‘label’ where CCTV installations are and ‘grade’ them based on the already established norms and processes.

There have been regular efforts to try and determine a set of norms to govern CCTV  from academic, business, and government sources. Goold suggests that a ‘partial solution’ might entail setting up an independent regulatory body to oversee camera operators, as well as trying to determine a set of regulations that would identify the operators of the CCTV cameras themselves. A problem that he notes, however, is that it is impractical to identify operators by setting up a camera that lets the watched watch the watchers. Michael et. al. argue that with the development of an ‘uberveillance’,

the sum total of all these types of surveillance and the deliberate integration of an individual’s personal data for the continuous tracking and monitoring of identity and location in real time (Source),

we need to inspire public debate over the possibility of massive integration of surveillance appliances based on their ethico-political consequences. As the authors note,

[t]here need to be adequate and applicable safeguards ‘built-in’ if we are to innovate smartly; we cannot hope to ‘bolt-on’ band-aid solutions on the off chance that things as history has shown, might go wrong. And things normally do go wrong. (Source)

Dr. Ann Cavoukian‘s PETs+ model is intended to ‘bake’ privacy right into the surveillance systems that are being deployed. She argues that “that we move beyond seeing privacy and surveillance technologies as being in zero-sum relationships; it should be possible for these two kinds of technology to happily co-exist.” (Source) Her office has done their best to follow through on this, as demonstrated in their recommendations for surveillance cameras used by public groups in May 2008. They are also looking to ‘bake in’ a kind of surveillance DRM, where images are encrypted and unviewable until the access key is provided.

This is an incredibly miniscule representation of the massive body of literature that addresses CCTV systems and surveillance more broadly (for some additional resources, check out SCAN and Prof. Hier‘s work, as well as my own links on CCTV). I think that it’s enough to demonstrate that there is good work being done to both think about the ethics, implications, and solutions to technological systems that are modifying perceptions of public, semi-public, and private spaces. While Dr. Cavoukian is certainly offering a solution to address cameras in their particularity, I think that it has flaws;

  1. It will only apply to public cameras;
  2. Images are already captured;
  3. Individuals are not necessarily aware of the numbers, or locations, of cameras capturing them;
  4. It fails to self-empower individuals – it is a solution that resides behind the scenes – and thus doesn’t really incite public discourse about the need or usefulness of cameras.

What I want to propose isn’t meant to replace the Commissioner’s solution, so much as augment it (no pun intended). First, we would need to  establish a normative set of guidelines for cameras (e.g. degree of encryption used; data retention periods; operator controlled or automated; whether the device captures audio, video, or both; whether it is point-focused or has 360 degree video/audio capture; is run by public or private bodies; etc). With these norms, a database structure could be created that to offer fixed responses related to each normative condition. An AR program could then be coded for dominant mobile phones that are AR-enabled. When an individual ran the application and swung the phone’s camera around, CCTV locations could be identified with some kind of visual coding to reveal their characteristics. Upon discovering a camera that isn’t in the database, a cell-user could snap a picture of the CCTV apparatus and be given the option of entering information about the installation. Where no information existed about the camera, it would be shown to exist using AR and announce to viewers that its conformity with CCTV norms was ambiguous.

Ideally, a situation would emerge where regulation would be passed (either by government or business) requiring a metacoding of CCTV information whenever a camera was put in place. Even if the metacoding wasn’t in place, I think that the mass identification and geolocation of cameras using AR has the advantages of:

  1. If not starting public debate, at least reminding people of just how prevalent cameras really are in their urban environments;
  2. Link with the Commissioner’s efforts, where government cameras could be seen as (hopefully) conforming with CCTV norms and calling on non-government camera owners to ‘trade up’ their privacy and transparency standards, perhaps by providing some kind of government certification system;
  3. Ease of use – take a picture, pull some drag down boxes, and you’re done.

With regards to point (3), I think that just making the identification and labelling of cameras into some kind of a game would likely suffice to get many cameras ‘on the grid/in the database’. In this, is there still a risk of misidentification/labelling? Yes, and that’s something that I’m not quite sure how to address, just as I’m uncertain how to deal with contestations of conformity to CCTV norms. I do think, however, that by overlaying CCTV installation on the real-world using AR that people might become a bit more aware of the sheer amount of video surveillance they are under each and every day.