Without doubt, privacy is an issue we all feel strongly about. We see the growing numbers of TV cameras in the streets. We hear about biometric passports and are warned frequently by the media about the dangers of identity fraud. We know that, on the one hand, advances in surveillance and identity management technology have the potential to provide great benefits. On the other, they also carry the risk of damage and failure, depending on their usage and depending upon their design.
In March of this year, the British Royal Academy of Engineering published a report titled Dilemmas of Privacy and Surveillance. Examining the extent to which we are being required to trade aspects of our personal privacy in exchange for security and convenience, the study makes a comprehensive investigation into the ways in which information technology is used to both monitor and manage our personal identification and information.
It also raises questions for debate, such as: How do we define privacy? How do our privacy rights clash with the need for crime prevention and detection? How much of our personal rights are we willing to compromise for convenience?
At gut level, most of us consider privacy as having the freedom to go about our day to day lives without being monitored; the decisions we make being of our own accord and not the concern of society at large.
Privacy is also often defined as having the right to conduct our personal affairs with anonymity and confidentiality, retaining full use or control over our own personal data.
These beliefs about privacy can – and often do – come into conflict with opposing values, especially our public and legal standards and our need for security. As authors of the report aptly state, “Generally, our desire to be able to engage in our personal affairs without anyone knowing is always offset against our desire for criminals not to have the same opportunity.”
The word ‘surveillance’ immediately elicits criticism and alarm. Yet not all of its aims warrant such a response. Some of the benefits of surveillance include security, better information, monitoring, and learning. The tricky thing about surveillance is that it can work either “for or against authority in the public as well as private sectors.” (“Dilemmas of Privacy and Surveillance”)
Technology has come a long way since the first closed-circuit video camera was installed at a London train station in 1961. Developments made to digital surveillances mean that all film footage can be stored and used indefinitely. With the addition of microphones to many cameras, conversations are easily captured as well.
Increasing developments in facial, voice and gait-recognition technologies will eventually evolve to the point where footage can be searched for individual people in the same way that we find information through search engines on the Internet. One day, authors of the report predict, it will be possible to ‘Google Space time,’ to find the location of a “specified individual at some particular time and date.”
Just as marked improvements have been made to digital technology, so have the intelligences of our surveillance systems. Instead of recording citizens for mere observation, surveillance systems can now make “inferences about a person’s actions and intentions, drawing on stereotypes and profiling methods.” (“Dilemmas of Privacy and Surveillance”)
Who is to guarantee that these images will remain private? Who is to guarantee they will not be altered, misused or manipulated in any way? As private citizens, we have no right to either agree to this or to reject it. In many cases, we simply do not know.
These types of problems need to be considered from an engineering perspective. Just as security features have been incorporated into car design, so should privacy protecting features be incorporated into the design of products, services and systems meant to divulge personal information.
Any program or service can be designed with the intention to protect the privacy of an individual. Consider that passports will start to contain an increasing amount of biometric data. This means that eventually we will be identified on our passports and ID cards by our fingerprints and iris pattern, to start. Eventually biometrics will include our voices and walking gait. It may at some point even incorporate our smell. To be designed so that this data is delivered quickly, RFID chips have been proposed.
These small wireless devices contain data in them that can only be read by remote sensors. Originally used as a means to keep track of livestock, they have been gaining more and more credibility as a means to monitor human activity. In the UK, for example, the Department for Transport is testing car license plates with embedded RFIDs, and e-passports with RFID chips in them have been issued in the UK since the spring of 2006.
One criticism levied against the use of personal identification cards or licenses embedded with RFID chips is that if data is stored in unencrypted form it may be read by a person other than the authorities and then used for identity fraud. RFID readers are available for purchase, and if a person carrying one was close enough to a person who had a passport, they could potentially have access to the information on this passport. Identity fraud will become much harder to prove if our own biometric information is being forged. To ensure that failures like this occur infrequently, the data contained on our ID cards needs to be encrypted with codes that are extremely difficult to break.
Engineers certainly play a large role when it comes to building
in ‘safeguards’ to protect our privacy and identity,
yet how - or if - we design these safeguards will ultimately
be decided by the direction society chooses to go in. Our
beliefs and political concepts about privacy, identity and
trust drive technological development, not the other way
around. The future of our privacy and the protection of our
identities therefore stands at the intersection of technology
and social policy.