What a crazy two weeks it’s been in the business of citizen surveillance.
In late May, I was planning a column on facial recognition, after the deeply controversial facial recognition technology (FRT) company Clearview AI was fined £7.5 million by the UK’s Information Commissioner’s Office for scraping 20 billion images off the internet without obtaining permission from UK citizens. That followed a €20 million fine in March from Italy over similar concerns.
Given the increasing hype over what FRT can do – which generally avoids any mention of its problematical aspects, or what it cannot do, despite company claims – I thought it would also be worth checking on the status of the plans to utilise FRT from another controversial company, the Chinese firm Hikvision, in the National Children’s Hospital.
FRT continues to be presented as a wonderful solution, sometimes to problems that hardly even exist. On the latter point, note the children’s hospital, where it is in part supposed to help prevent the kidnapping of babies, an event that is fleetingly rare worldwide. Surveilling every person in a building is a hugely disproportionate preventative measure when other less invasive security approaches are available.
The Irish Council for Civil Liberties (ICCL) highlighted concerns in 2019, and in 2021 presented the hospital as a worrying Irish case study for an annual report from an international network of civil liberties organisations.
Having been redirected twice with my own queries on this issue, I’ve been unable to confirm yet whether the hospital’s plans for FRT still stand.
But then, the Government speedily provided fresh concerns about FRT, with Minister for Justice Helen McEntee last week announcing the planned introduction of FRT to gardaí. Details are few, but she indicated the technology would be utilised to scan photographic, video and CCTV evidence against a database of images of suspects. This would help address a large backlog of evidence needing examination, a task demanding “thousands of hours” of garda manual inspection, she said.
She’ll seek to introduce relevant amendments to the Garda Síochána (Recording Devices) Bill currently passing through the Dáil. This already will allow for garda use of body-worn cameras, automatic number-plate-recognition technologies and third-party CCTV – all controversial globally due to known misuse and identification inaccuracies, even before FRT gets added to the mix.
Flawed identification
Cryptography and security expert and ICCL technology fellow Dr Kris Shrishak told me this announcement raises numerous concerns. For a start, usage examples and studies in the US have shown that FRT “doesn’t work well”. It is particularly poor at correctly identifying women, people of colour, and children. In one now infamous study, the faces of members of the US Congress were run through an FRT programme, which flagged numerous members of colour as “suspicious”.
Shrishak stresses that little is known about the content of FRT databases or how they are used, but once they are compiled they can be merged with detailed profiles of people down to their smallest interactions built from online information. He says that claims that only some special CCTV implementations would incorporate FRT is misleading. Any CCTV footage can be run through FRT afterwards – it isn’t a case of whether FRT is on the front end of the system.
But would FRT, if implemented in compliance with data protection laws and with a clear usage case in mind, be a useful Garda tool for fighting serious crime?
“I haven’t seen any cases where this technology is useful,” he says, noting that targeted training for gardaí is more important and productive and would be the norm in other policing contexts and other forms of evidence-gathering. Policing shouldn’t be “about seizing a lot of data. It’s about understanding the context of what they’re looking for, and then basically, narrowing down.”
Relevancy and context then, rather than giant random databases.
Law and evidence
Two more Irish surveillance stories caught my eye. The first is that the Government is rushing to implement legal changes to make certain types of evidence-gathering lawful, in the wake of convicted murderer Graham Dwyer’s successful challenge to the use of his communications data. Notably, the Government should have done this in 2014, in the wake of the major Court of Justice of the European Union (CJEU) ruling in the Digital Rights Ireland case that actually involved a challenge to, yes, the lawfulness of Irish data-gathering.
The other story? That’s the one about the gardaí objecting to being surveilled by the GPS in garda radios. Many are shutting off the radios or removing the aerials out of fear that management might track what they are doing, even when off-duty.
“More than 80 per cent said they were uneasy about having no control over how management use the GPS data,” according to the story. Nearly 65 per cent “were concerned their radios were collecting too much personal data”, making a majority anxious. “It’s a big brother watching you,” one garda told a study funded by Garda representative bodies.
You really couldn’t make this stuff up.