EU Urges Google on Transparency

EU regulators say Google must revise its privacy policy (The Verge)

The EU is fine with Google’s unified privacy policy acting as a “general guideline” about its operations, but it wants the search giant to return to its old system, which provided specific privacy notices for each Google product. It says these product-specific privacy policies must include “simple and clear explanations” on when, why, and how location, credit card, unique device identifiers (UDIDs), and telephony data is collected, along with information on how users can opt out. It asks that Google adds a specific clause for biometric data where necessary as there is currently no mention of facial recognition in its privacy policy.

UK Surveillance Commissioner Speaks

CCTV Technology has ‘Overtaken Ability to Regulate it’ (Wall Street Journal)

“A tiny camera in a dome with a 360-degree view can capture your face in the crowd, and there are now the algorithms that run in the background. I’ve seen the test reviews that show there’s a high success rate of picking out your face against a database of known faces.”

Research into automatic facial recognition being carried out by the Home Office has reached a 90 per cent success rate, he said, and it was “improving by the day”.

The headline quote comes from this more detailed article from The Independent, and might best be taken as a warning rather than a statement of fact. After all, if meant literally, the statement belongs in a resignation letter.

Surveillance Commissioner Andrew Rennison:

Let’s have a debate – if the public support it, then fine. If the public don’t support it, and we need to increase the regulation, then that’s what we need to do.”

Sounds like Transparency and Consent to me.

India: West Bengal state adopts biometric ID for jobs program

Indian State Spends USD 18.5 mil on ICT in Welfare Scheme (Future Gov) 
ICT = Information and communications technology

On the 7th of September, the West Bengal state government in India confirmed a Rs. 103-crore (US$18.5 million) contract for end-to-end ICT services to streamline the e-governance applications of the Mahatma Gandhi National Rural Employment Guarantee Scheme (MGNREGS) in West Bengal.

MGNREGS, the central government’s flagship social welfare programme, guarantees a minimum of 100 days of employment every year to adult members of rural households who are willing to perform public-service manual labour at minimum wage.

Increasing transparency and efficiency in social programs is important to maintaining their legitimacy amidst allegations of corruption. Biometrics can help and have been deployed successfully to meet identical goals in Andhra Pradesh.

Canada Moving Toward Biometric Visitor Visas

Appeal mechanism needed for biometric visa plan due to imperfect system: report (Winnipeg Free Press)

Saying no biometrics system is perfect, an internal report urges the federal government to create an avenue of appeal for visa applicants who are rejected because of a false fingerprint match. The Conservative government is moving toward using biometrics — such as fingerprints, iris scans and other unique identifiers — to vet all foreigners entering the country.

As a first step, it soon plans to require applicants for a visitor visa, study permit or work permit to submit 10 electronic fingerprints and a photo before they arrive in Canada. The prints will be searched against RCMP databanks. Upon arrival the Canada Border Services Agency will use the data to verify that the visa holder is the same person as the applicant.

The big news is that Canada is going biometric with its travel visas.

The author’s discussion of appeals and privacy, however, seems a bit overwrought.

Any ID management system, whether it has to do with biometrics or not, must include provisions for sussing out mistakes (appeals) and maintaining the security (privacy) of information.

Biometric systems aren’t robots about to take over the Canada Border Services Agency, they’re just another tool for them to use and adding a fingerprint to the visa system will, in all likelihood, reduce the number of mistaken identifications and streamline the existing appeals process.

The article continues…

It [the report] says that in addition to false matches, privacy concerns associated with the use of biometric technologies can also include unauthorized use of the information, discrimination through profiling or surveillance, and retention of the data beyond the length of time needed.

To preserve the privacy rights of applicants, the report also recommends:
— those applying for visas be told what information will be collected and how it will be used;
— there be standards as to how long the fingerprints, photos and biographical details are kept and when they should be destroyed;
— memoranda between Citizenship and Immigration and the RCMP and border services agency be reviewed to determine what additional provisions for privacy and security may be needed.

It’s not entirely clear that “transparency” rather than “privacy” isn’t the proper prism for examining the issues surrounding the information provided by visa applicants.

It’s really nice of Canada to be considerate of the sensitivities of visa applicants, to deal with them in a transparent manner, and take thorough decisions regarding data retention, but if someone wants to visit a country that requires them to procure a visa, privacy (ed. between the applicant and the visa issuing country) doesn’t really enter into it. They either supply the required information or they don’t and those issues come up with or without biometrics.

Get me rewrite.

Very Odd “Facial Recognition” Article at smartplanet.com

Two things jumped out at me while reading San Francisco bars: Buy a drink, become profiled by cameras by Charlie Osborne at smartplanet.com: the scare quotes around forms of the word ‘anonymous’ and a novel formulation of privacy.

The scare quotes are here…

Venturebeat reports that Chicago-based startup Scenetap has combined “anonymous” facial recognition technology in venues with mobile technology so socialites can choose where next to go on a Friday based on their preferences — all provided through cameras in different venues.

…and here…

Scenetap promises the technology collects data “anonymously” and nothing is recorded or stored, and it is based on sophisticated profiling technology to approximate sex and age.

But why the scare quotes? By any definition, what Scenetap does is anonymous. It is specifically designed and marketed to clubs and their patrons as a means for gathering demographic information and that information cannot be traced back to a specific individual because it uses no individual identifier such as a person’s name (or cookie, but we’ll get to that later). To go further and collect personally identifying information would require a real facial recognition system which would be very expensive, require a large investment in training and labor and probably wouldn’t provide a sufficient return on investment (ROI) in a club/bar setting to make the effort worthwhile.

Then there’s the conception of privacy in this passage.

This type of technology is already prevalent online, where customer preferences and habits are tracked — in order to recommend products or pages you may be interested in. As we cannot see the data being collated, it seems less of a privacy issue than knowing that cameras above are observing you — even though the information collected about your online activity is far more vast.

There’s absolutely no equivalence between Scenetap and smartplanet.com. The image below shows that smartplanet.com places two cookies on a visitor’s computer and runs seven programs in the background of which most users would be completely unaware: three for tracking the user; three for connecting to social media; and one to monitor the site’s performance. One of the trackers, Crowd Science, even claims to be able to tell smartplanet.com about users’ interests, preferences, lifestyles, attitudes, opinions and incomes.

Real world demographic analysis tools like Scenetap do no such thing. It’s a dead certainty that smartplanet.com is collecting far more (and far more individualized) data, a fact that is acknowledged at the end of the quote.

Then there’s the part where transparency and privacy are inversely related because “As we cannot see the data being collated, it seems less of a privacy issue than knowing that cameras above are observing you.”

“Out of sight; out of mind” and “what you don’t know can’t hurt you” aren’t theories of privacy one sees many people advancing these days. By this logic, bricks-and-mortar demographics analysis can attain smartplanet.com’s level of respect for individual privacy by collecting vastly more information and using facial recognition technology to track individuals as long as they hide the cameras.

I don’t want this post to come across as grousing about what web sites do. The folks at smartplanet.com are working hard to put food on their family just like the rest of us and people should understand that if they aren’t paying, they aren’t the customer; they’re the product being sold. That’s just the way it is. This is completely uncontroversial to those who operate in the online economy; but let a bricks-and-mortar organization deploy a tool that collects far less information and there’s a tendency for those in the online world to come down with a collective case of the vapors. Physician, heal thyself.

See also:
Retail Marketing Technology Online and In Person
Transparency