More Chicago cameras?

ArsTechnica had an interesting article today, the SunTimes also reported this story-slightly differently here. What I did find amusing is that the 'red light cameras' are not used to stop (no pun intended) people from running red lights, but instead as a source of revenue. By using the cameras to gather data about an automobile's insurance, the cameras and the system behind it, will query insurance agencies and write appropriate citations. However the SunTimes article also mentioned use of other surveillance cameras around the city to tie into the same system.

Really the reason I bring this story to light is that it ties into the spread of surveillance cameras throughout Chicago, and other major urban areas, and that it seems to be twisting a punishment into a revenue source. Spurred on by a few colleagues I have started to research into public surveillance networks and their effects on privacy. Unfortunately, the US is rather behind in the times in studying this convergence, save a few excellent authors. Possibly because the systems are not as pervasive. Yet camera systems seem to be popping up more frequently in American cities without a real debate or examination these systems have on privacy or concepts of privacy.

It is one thing to expect little privacy in public, but quite another for someone to watch and archive any and every move you make in public then protecting that data from abuse.

The Eyes of Chicago are on YOU

Mayor Daley of Chicago and Ray Orozco, executive director of the city’s Office of Emergency Management and Communications, announced that he would like to see CCTV cover the city.

What might come as a surprise, is my support of this plan. However, I have grave concerns over who has access to the system and retention of video.

As of now it appears only 911 dispatch operators have access to the network currently in place. As the system grows to cover the city, my concern is that other divisions will be granted access to the system and abuses will follow without strict legislation defining limits.

My next concern, peeked by a Facebook posting between Dr. Zimmer and Dr. Walker, both of UW-Milwaukee, relates to saved video. Will video of the system be archived or recorded. I am sure there is already in place an option to record video feeds to assist as evidence in court and review for further clues, if need be. However, will all video feeds be recorded? If so how long will the video remain archived?

In addition will the video be made available through Freedom of Information Act requests, it is after all a publicly created 'document' and as Illinois law says, "…it is declared to be the public policy of the State of Illinois that all persons are entitled to full and complete information regarding the affairs of government […] Such access is necessary to enable the people to fulfill their duties of discussing public issues fully and freely, making informed political judgments and monitoring government to ensure that it is being conducted in the public interest." (5 ILCS 140/1)

It has been many years since Katz v. United States where the "reasonable expectation" of privacy was born. But it is my opinion that an individual, even in public, has an expectation to not be monitored and recorded for their time in public spaces. Simply, I can agree that an expectation of privacy in public is non-existent. This is based partially on the thought that no one would follow all the actions of an individual, but the ability for the State to record the actions of anyone in public from the time they enter the public space until they leave amounts to nothing more than stalking.

Perhaps video surveillance, open to the public, covering all governmental offices is in order. (Slight joke)

Illinois Library Records Confidentiality Act

For one of my classes we were to go through our 'home' state's confidentiality/privacy statutes pertaining to libraries and identify any changes we would like to see made. Originally I was going to analyze Oklahoma's statute, but decided to look into the statute for Illinois. From this exercise I discovered a few changes that I would like to see made to the statute.

First, the statue limits confidentiality to only registration and circulation records in the library. The issue is that patrons use many items and services provided by the library without the resource being circulated. For instance if you were to browse/read through a book without circulating the item, then that would not be considered confidential. Thus some expansion is needed. Especially as the statute does not contain any protections for electronic access to resources. As the statute reads search logs and logs of websites would not be considered confidential and thus would not need a court order for law enforcement personnel to obtain.

Second, the immunity provision given in Section 1(b-5) grants libraries immunity, but sounds as if it also grants law enforcement immunity as well. If a law enforcement officer were to ask for confidential information in a nefarious manner, the statute reads as if it also provides immunity to the law enforcement officer. This is troubling from the standpoint that an officer could abuse their power to obtain information without consequence from this statute.

Overall, the statute seems very well written. With some of the updates that I have made for my class report, I think the statute would fall into line with current thinking on confidentiality in a library.

Palin e-mail hack

ArsTechnica has another good bit of information on the Palin e-mail hacking case. If you are not aware of the newest updates, it is a quick read to catch you up.

Which brings me to my thought of the hour/day. Why is this such a big deal? If this were any other person, the FBI would surely not be 'raiding' an apartment already. Sure she is a governor mired in controversy and a vice-presidential candidate, but why all the hub bub, bub?

Now I can understand that this case might be of concern because she is a governor and there could be some very sensitive information in her e-mail account. However, no one is questioning why she was using an e-mail account other than her state e-mail account. The old cliche of you get what you pay for probably applies in this instance. What if, instead of Yahoo, Palin had been using GMail. Since GMail scans e-mails for advertising purposes (not a jibe at Google) conceivably Google would be going to the fighting ring. *side note: Which would be interesting since Google still has not been charged with copyright violations stemming from digital scanning operations*

This is case is incredibly whimsical in my mind. If this had happened to anyone else there would not be such an urgency to prosecute or rectify the situation. If, instead of Palin, a CEO or other higher up in an organization had use Yahoo for official organizational business they would have been fired by now. Maybe this is another way of showing there are two sets of laws in the US, one for the elite and another set for the rest of us which go unenforced. Most importantly this entire escape shows two things.

First, the US needs to implement better privacy standards for Internet users. When insurance companies are selling anti-identity theft insurance, you know the government has failed to protect 'our' personal information by lack of legislation.

Second, it shows that if you are important enough in some one's eye, the entire resources of the federal government will come to your aid. On a less satirical note, this shows that the tools are present for catching such privacy violations. It remains unclear how willing the government is to prosecute, but my guess is that since this is such a famous case, the defendant will be made very unhappy.

Personally Identifiable Information

Just this week Oklahoma State University announced a security breach (see here). Though these types of breaches seem to be few, the number of people adversely affected by them is quite large. Unfortunately the laws concerning Personally Identifiable Information are obviously quite lax.

One question that I have not been able to answer is why did the parking office need social security numbers? Why had the office not switched over to student ID's?

The sad fact is that most students are trusting, especially of their universities. That the university will protect the information that students must provide for financial aid and in this case too much information needed to obtain a parking permit rarely enters a student's mind. I know that I never cared until I entered my first graduate program.

The privacy laws are wholly inadequate and in need of desperate revision. Organizations that have such privacy breaches need to be dealt with harshly. The loss of information in these cases is not the fault of the person, but the organization. However the person is left to pick up the pieces of the organization's mistakes.

It would be interesting to know if and how Oklahoma State University has dealt with the persons responsible for data security. Were they reprimanded or released? Or is the university now just determined to 'fix' the problem?