Chris Horn: GDPR reminds us technology has an impact on our values
EU rolls out new data regime as increasingly intrusive technology is trialled elsewhere
A security sign in a Berlin train station warns passers-by about an automatic face-recognition system. Photograph: Michele Tantussi/Getty Images
I once thought that I was in serious trouble with the German police.
As a young PhD student in the 1980s, I was speaking at a conference on distributed computing systems in Munich. Having delivered my paper, I went out that evening with colleagues to a local beer garden. Later, but not very late, I wandered back to my hotel across an empty main road – as we often do, when it’s safe to do so, in Ireland. I was startled when a police car hurtled up to me, a burly patrolman leapt out and then took my photograph with a Polaroid camera. He did not talk to me nor take my name, but simply roared off as suddenly as he appeared.
It was later explained by a conference organiser than I had obviously jaywalked. I was extremely relieved to board my return flight back to Dublin, fully expecting to be pulled aside at Munich airport passport control.
I was reminded of this incident when reading that police in Orlando, Florida, are now experimenting with face-recognition technology for surveillance in live monitor CCTV feeds. Individuals appearing on CCTV can, in principle, be immediately identified. The city police chief has insisted that the technology is only on trial, and configured only to identify seven specific individuals so as to test the system. Nevertheless, the potential is clearly attractive to law-enforcement authorities.
The actual face-recognition technology being trialled is Amazon’s Rekognition. Amazon developed Rekognition for its first cashier-less convenience store in Seattle. Shoppers can walk into the store, pick up any goods that they want, and just walk out. Amazon sensors and cameras detect goods being taken, identify the shopper concerned and automatically deduct the appropriate amount from their credit card.
As well as in Orlando, Rekognition is also being trialled by police authorities in Oregon. It was reportedly also used by Sky News to identify guests at the recent royal wedding.
Last Friday was “GDPR day”, when the European Union’s General Data Protection Regulation came into force, and many of us were drowned in email requests from long-forgotten organisations to explicitly approve their continued use of our addresses for advertising emails. I was at first amused and then irritated by a well-known Irish aspirant politician who continued to bombard me with pleas to electronically stay in touch even though I had already rejected his GDPR request. How many times does one have to say “No”?
GDPR is successfully forcing politicians, companies and the general public to recognise the value of personal data. The trade-off between personal privacy and law enforcement is a political and philosophical boundary for society. To what extent should authorities have the right to continuously assert control over society, by identifying and sanctioning individuals and groups which are perceived to threaten stability and the public good? Technology clearly can greatly enhance the efficiency and effectiveness of lawful surveillance, but where should the line in the sand lie?
Back in the 1980s, when I had my mugshot taken by a German policeman, would any of us have then been prepared to wear a personal tracking device which continuously and accurately monitors our location? But now, almost 40 years later, we each carry mobile phones which exactly do so.
Many police forces, including the Garda, are trialling or using technology to automatically recognise number plates, and so immediately identity the owner and legal status of any vehicle from camera footage or live CCTV feeds. Are we comfortable that live surveillance of our vehicles should be a legitimate policing tool?
Earlier this month, the gardaí rapidly traced the movement of a car over its previous 24 hours by downloading its satnav historical data. They were then able to target the probable location for the appalling murder of a young woman in south Dublin. Would it ever be acceptable for a future police force to be able to know the location of any vehicle at any time?
In Zhengzhou city in Henan province in China, police forces have been successfully trialling smart sunglasses which, in conjunction with a digital tablet, can instantly flag any individual in a crowd as a “subject of interest”. Last December, a BBC correspondent in Guiyang city in Guizhou province was picked up by police within just seven minutes of his mugshot being flagged by a surveillance system in a trial to demonstrate the power of the technology. Equally, his movements over the prior week were quickly identified by searching back over citywide CCTV footage.
How far can such technology adoption go?
We are familiar, perhaps uncomfortably so, with our credit score. Financial institutions report and can interrogate our creditworthiness in deciding whether or not to advance us further funds.
But scoring of the public can go further. In China, the national government is establishing a nationwide social score, due to be fully operational by the early 2020s. A trial system used throughout Rongcheng city in Shandong province scores each citizen against a baseline of 1,000 points. Points are deducted for infringements, such as driving violations, and are earned by voluntary work or charitable donations.
In other large-scale trials, a low social credit score has reportedly been used to reject attempts to book domestic flights, railway bookings, hotel reservations and school and university enrolments.
Our attitudes to technology change with time. GDPR is a timely reminder to be aware of the impact of technology on our values.