Project co-funded by the European Commission within the Seventh Framework Programme (2002-2006)
Restricted to other programme participants (including the Commission Services)
Restricted to a group specified by the consortium (including the Commission Services)
Confidential, only for members of the consortium (including the Commission Services)
Due date of deliverable: 31/05/2011
Actual submission date: 7/6/2011
Start date of project: 1.12.2008 Duration: 36 months
WP02 Professor Tom Sorell
Author(s): Dr. John Guelke UoB
Detection Technology Survey no. 9
This is the ninth of ten surveys and a work in progress. It should not be treated in any way as a ‘final analysis’. The taxonomy of risks and harms employed here is evolving and will not necessarily be the same used for subsequent surveys. Any comments, suggestions, errata or requests for more information should be sent to the author, John Guelke, at firstname.lastname@example.org.
The PRISE project categorises privacy dangers arising from applications of security technology. It conceives basic technologies (e.g. sensor, communications technology) and identifies specific vulnerabilities each suffers from. Thus more complex applications which involve a variety of the above inherit the problems of all: e.g. Machine Readable Travel Documents involve communications technology, sensors, data storage and biometrics.
However, the categorisation departs from those used by industry quite substantially – there is no systematic presentation of the risks posed by the categories of DT as understood by industry. My categorisation of the technologies is written so as to be as continuous with, and user friendly to, industry as is practical.
Note on the Table of Moral Risks
The table introduced in this survey is designed to visualise some of the analysis of the relative risks of detection technology from DETECTER Deliverable D05.2. Each table compares the moral risks incurred by CCTV in public places, full body scanners, substance detectors, covert cameras, bugging, phone monitoring, location tracking, internet monitoring and databases and datamining. There are four tables in total. Three dealing with the three key moral risks identified in D05.2 – intrusion, error and chill – and one final table summarising this information. Necessarily the analysis presented in the tables is simplified but in all cases more detailed argumentation backing up the conclusions reached can be found in paper D05.2.
The table highlights the severity of moral risks taken on the basis of a colour code: green to indicate the least risk, yellow to indicate an intermediate risk, and red to indicate the greatest risk.
In the table on intrusiveness I identify four sources of intrusion: invasions that penetrate the privacy of the home and what I call after deliverable D05.2 ‘home spaces’;1 Invasions that penetrate the zone covering the body;2 invasions into private life;3 and accessibility of information acquired by further agents.
In the table on error I examine four issues affecting each technology’s risk of producing mistakes. First, whether the information acquired is itself prone to false positives/ambiguity. Second, whether sanction against the individual is possible on the basis of errors generated. Third, whether errors can result from the storage of information. Fourth, whether errors can result from a lack of training. In the case of each of these four issues I further consider whether these sources of error raise problems of a particularly significant species of error: discrimination.
A number of Members of the European Parliament complain that assurances that were part of the agreement to share SWIFT banking data with the US are not being upheld. In particular MEPs are unhappy that American insistence on secrecy about various aspects of running the programme are undermining oversight procedures.4
On the 16th of March Viviane Reding gave a speech at the European Parliament to the Privacy Platform. She presents four European legislative developments as protecting individual privacy rights. The so called ‘Right to be Forgotten’, including the right to withdraw one’s consent to have one’s data processed. Second ‘transparency’, entailing the need for citizens to be informed about uses their information is being processed for including use by third parties. Third ‘privacy by default’. Fourth ‘protection regardless of data protection’, requiring that standards governing the processing of information about European citizens apply irrespective of where in the world the actual information processing is physically taking place.5
The European Data Protection Supervisor Peter Hustinx has issued an opinion on the EU’s Passenger Name Record (PNR) proposals. The proposals would make it mandatory for airline carriers to provide member states with PNR information on all passengers, for the purpose of fighting terrorism. Hustinx criticises the proposals as failing to demonstrate the necessity and proportionality of such a blanket system.6
The European Commission adopts recommendations on RFID following the completion of a Privacy Impact Assessment. The recommendations call on Member States to explicitly develop a framework for data protection and privacy safeguards in consultation with industry to be submitted for approval by the Article 29 Working Group within the next 12 months.7
A long standing consultative committee of the European Union, the European Economic and Social Committee, issues a critical opinion of the use of full body scanners at airports. They are criticised on the grounds of proportionality, necessity and legality, and the committee insists that passengers should be offered an alternative.8
French Data Protection Authority fines Google Street View a record €100,000.9
The controversial Loppsi 2 law passes Constitutional Court test. The law makes it the responsibility of Internet Service Providers to ensure their customers do not have access to inappropriate content, mandating the blocking of inappropriate sites, and contains provisions to permit law enforcement to use Trojan horses under judicial supervision.10
In the run up to G8 Summit discussions, President Sarkozy publically calls for government regulation of the Internet, insisting that all Internet users ought to be subject to rule of law governing what content they can have access to. His speech refers to music and video piracy, threats to security and the right to private life.11
In a Dutch court case it is found that an individual hacking into another’s WIFI network is not thereby guilty of any crime. Hacking laws apply only in the case of computers, and the judge finds that a router does not meet the criteria.12
Dutch telecom company KPN admits to using deep packet inspection to determine the data traffic of its customers.13
The Czech Republic
The Czech Constitutional Court rules implementation of the Data Retention Directive unconstitutional.14http://www.edri.org/czech-decision-data-retention
The United Kingdom
TalkTalk and BT’s Judicial Review of the Digital Economy Act goes ahead, but the Judge ultimately rules against them, meaning that the legislation obliging providers like TalkTalk and BT to identify users suspected of illegally downloading music will stand.15
The London Metropolitan Police purchase Geotime Security Programme – location tracking surveillance software that collates information from social networking sites, ‘satnavs’, mobiles, Internet protocol network logs and financial transactions.16
The UK is given another year to come into line with European Union law on ‘cookie’ regulation established in May’s Privacy and Communications Directive.17
An Italian court finds Google responsible for its autocorrect search suggestions in the case of a man objecting to the fact that the suggestions link him to allegations of criminality. The Court orders Google to pay him €1500 for the damage to his rights and €2300 in legal fees. It directs Google to filter out libellous search suggestions in the future.18
Austria implements the data retention directive, passing its provisions as laws in parliament.19
More use of facial recognition technology. Many applications now are only relying on this technology to establish that there is a face there, and make a record that can then be examined after the fact. This application is much less morally risky.
Many products coming to market for monitoring of large databases, both for real time scrutiny and retrospective auditing of use. Some making use of automatic triggering of suspicious activity.
Remote access to CCTV feeds, often explicitly for purpose of viewing on mobile devices, now a very widespread feature of new digital video recorders.
New drones coming to market, and cameras being marketed as drone compatible.
More reliance on ‘cloud’ data storage.
People counting an increasingly widespread feature of CCTV.
More cameras marketed as ‘vandal resistant’.
Quorumsoft Alike DR – Emergency data recovery system. Operates via offsite server storage (so called cloud computing) http://www.quorumsoft.com/download/alike-dr-tech-sheet.pdf
Novell Sentinel - Large scale network monitoring service.20 Realtime monitoring of use of the network. Markets itself also as helping the user to demonstrate its compliance with stated security or data protection policy. http://www.novell.com/products/sentinel/active.html
Loglogic Database Security Manager 4.1 – Makes use of Integrated vulnerability scanner with automatically scans for potential weaknesses. Enables monitoring of any changes to values in database both before and after they are implemented. http://www.loglogic.com/news/news-release/2011/february/loglogic-introduces-database-security-manager-41
Nitrosecurity DBM – Database activity monitor, logging access to data and providing automated analysis of the activity. http://www.nitrosecurity.com/SIEM/?LinkServID=0BA6B49E-0C1F-5632-02BD828AB9419BF3
Cambridge Consultants Sprint – Mobile radar based scanner marketed for law enforcement and counter terror operatives. Provides 3D image of objects embedded in walls (such as weapons). http://www.cambridgeconsultants.com/news_pr293.html
Nice 3D Mobile Location Tracking Solution – Mobile device location tracking for devices without GPS. Marketed as enabling wireless network providers comply with American and European requirements to be able to provide latitude and longitude of callers. http://www.nice.com/sites/default/files/gsm_world_100211.pdf
3M Cogent CARIPASS – Voluntary biometric travel card for operation in ten participating Caribbean countries. Registration on ‘white list’ enables passing at automatic border crossing gates with card. Operates on the basis of one facial image and two fingerprints. http://www.caripass.org/
Morpho Ident – Portable (handheld) fingerprint identification system for law enforcement. Provides secure connection to AFIS.21http://www.morphotrak.com/MorphoTrak/MorphoTrak/CJ/MorphoIdent/MorphoIdent_op_123010.pdf
Authentec HP SimplePass 2011 – Fingerprint reader software for HP laptops with fingerprint readers securing various functions. Option to keep files stored on remote servers ‘in the cloud’ restricted by fingerprint. http://www.authentec.com/News/ViewNews/tabid/473/ArticleId/291/AuthenTec-Selected-to-Provide-Identity-Management-Software-for-HP-Notebooks.aspx
Key Source International SonarlocID – Keyboard which automatically locks when it detects the user has moved away from the desk. Option to make the unlock subject to recognised fingerprint. http://www.ksikeyboards.com/includes/download.php?pdf=1&product_id=87
Norbain Suprema X Station – Smart access control system. Access is by RFID cards. The system is also equipped with camera and face recognition software to take photographic record when it recognises that there is a face present thus discouraging people to use other’s cards and ‘swipe in’ on their behalf. http://www.norbain.co.uk/news/ref:N4D63A7EFDEB46/
IView IGWatch – Facial recognition system. Brings up on screen information on the identified person (for example stating that a particular person is banned from the premises). http://www.iviewsystems.com/igwatch
3M Cogent MiY-ID – Biometric multifunction outdorr access control system. Marketed as compatible with PIV,22 CAC23 and TWIC.24http://www.cogentsystems.com/downloads/MiY-ID_PLM_EN_sm.pdf
Panasonic i-PRO Smart WV-SW355 HD and WV-SW352 HD - Vandal resistant dome camera. Video motion detection, programmable to detect movement in specified areas. Privacy masking. Face recognition for the purpose of recognising and recording the on screen presence of human faces. ONVIF compatible. http://panasonic.net/pss/security/products/pdf/WV-SW355-352_2A-069A.pdf
Samsung Techwin SND-3080C – People/object counting dome camera. http://www.samsungtechwin.com/product/file_data/manual/20101215_1_20101130SND-3080C-3080CF_E_2P.pdf
Sony FCB-EX E - Range of colour block cameras, designed for integration into ‘security domes, police vehicles, photo booths, documents stands, and low-vision systems’.
Genetec Omnicast – Internet Protocol Video Surveillance System. Genetec have added a new ‘video trickling’ feature, which enables segments of video to be stored on central servers online.25 This can also be used as a full blown alternative to saving video on site. http://www.genetec.com/Products/Pages/omnicast-overview-en.aspx
Lilin DVR-304 - Digital video recorder http://www.meritlilin.co.uk/generic_62.htm
Plustek NVR Slim240 – Pocket sized Network Video Recorder http://downloads.plustek.com/downloads/english/leaflet/NVR%20Slim240_EN_EA1AE-00200.pdf
Vista ProtosV VPC5-650DN & VPC5-654DN – Cameras with privacy screening (up to 15 programmable ‘privacy zones’) and other analytic features such as motion detection, face detection and detection of scene change (thus triggering alarm if it is moved from its location). http://www.vista-cctv.com/downloads/datasheets/VPC5-65xDN_Datasheet.pdf
FLIR BHS – Series of portable (hand held) thermal imaging cameras for security and law enforcement http://www.flir.com/cvs/eurasia/en/content/?id=36962
Vemotion Vehicle Streaming Unit - System for live streaming of CCTV feeds from vehicle mounted cameras http://www.vemotion.com/about/news/pr2026-vsu.pdf
Toshiba IK-HR2D - Miniature covert Camera http://www.aegis-elec.com/products/toshiba/toshiba-IK-HR2D.html
AnsuR BirdEye Microdrones – Small unmanned aerial vehicles used to monitor “a wide range of circumstances, including crowds, facility perimeters and remote pipelines or power cables”
Aracont Vision AV8185DN – Integrates four day/night cameras http://www.arecontvision.com/uploads/product_images/45Arecont_Vision_AV8185DN_1210pdf.pdf
Honeywell HREP – Digital Video Recorder. Analytic functions such as recording triggered by detection of motion in a specified area. Capable of remote access via web browser. http://www.security.honeywell.com/uk/video/documents/Honeywell-HREP_DS_UK.pdf
Honeywell HRDP H.264 – Digital Video Recorder. Free App enabling remote access via Iphone. http://www.security.honeywell.com/uk/video/products/recorders/em/299574.html
Lilin IPD-112 HD – ONVIF compatible day night dome camera http://directory.securityinfowatch.com/product/10231436/LILIN_IPD-112_HD_DayNight_Mini_Dome_Camera
Lilin CMD-076X4.2P – Dome camera http://www.meritlilin.co.uk/product_259.htm
Mel Domehawk – Wireless dome camera ‘ideally suited for street furniture deployment’. http://www.melsecuresystems.co.uk/domehawk-mobile-surveillance-cameras
Samsung Techwin SNV-7080 – Network camera with video motion detection, face detection and privacy masking. ONVIF compatible. Stream remotely viewable over a browser. http://www.samsungtechwin.com/product/file_data/manual/20110420_0_UserManual-SNV-7080-ENGLISH_Web-0418.pdf
Keeneo Safezone - Video analytics software. Capable of tracking individuals, detecting abandoned luggage, detecting objects ‘moving in the wrong direction’, trespassing, loitering, ‘tailgating’ and ‘suspicious civilian activities in public areas’ http://www.keeneo.com/Products/SafeZone.aspx
March Networks Command – Internet protocol video management system. ONVIF compatible. Web browser accessible. http://www.marchnetworks.com/Files/MN_CommandBrochure_EN_05-11.pdf
Axis P5544 - Dome camera. Supports two way audio and audio ‘triggering’ by unusual noise. http://www.axis.com/corporate/press/releases/viewstory.php?case_id=1154
FLIR Scout – Hand held thermal imaging camera aimed at home market. http://www.flir.com/cvs/americas/en/personalvision/products/scout/
Armstrong Optical Dualcam - Dual thermal and optical camera mounted on point/tilt unit. http://www.imveurope.com/products/product_details.php?product_id=1378
Previously Surveyed Products
Secura Systems Mobile Video Unit - Stand-alone container equipped with pneumatic telescopic pole of 6 meters, 230V power connector with inverter, backup power supply with a 1000 Ah battery and cameras and recording equipment. Optional intra red illuminators. Can be equipped with GPRS / UMTS / HSDPA and/ or Wavesight Wireless Transmission products. http://www.securasystems.de/index_en.php?content=mobile&item=p04
OnSSI’s NetDVMS – multi site, multi server, network video recorder and camera management system, with integrated video analytics. http://www.onssi.com/component/option,com_product/Itemid,30/attributes,2/option_id,2/task,attributes/id,1/detail,description/
Redvision RV Dome Camera – Built in infra red illumination http://www.norbain.co.uk/news/ref:N4B1E3AA8A0276/
Pentax Atmospheric Interference Reduction Technology – Enables surveillance cameras to continue working effectively in adverse weather conditions. http://prosecurityzone.com/Customisation/News/Surveillance/Optics_and_components/Surveillance_lens_overcomes_weather_interference.asp
Samsung SID-70 – Day and night dome camera. http://www.samsungtechwin.com/product/pro_view_eng.asp?pro_uid=4753&cat_uid=16&cat_biz=CTV&cat_lev=AC
IndigoVision PTZ 11000 – IP HD dome camera. http://prosecurityzone.com/Customisation/News/Surveillance/Fixed_and_PTZ_dome_cameras/Low_bandwidth_High_Definition_IP_dome_camera.asp
Napco IVR250 – Internet based video recorder. Access to footage via password protected website (actively marketed at security dealers who can maintain control and cut off access in the event of non-payment). http://www.napcosecurity.com/images/web%20pdf/A594_Napco%20iSee-IVT-250.pdf
Samsung iPOLIS Dome Camera Range – Features MPEG-4 and JPEG codecs to enable multiple streaming. http://www.sovereigncctv.co.uk/cat--Samsung-Techwin-IP-Monitoring-home--7.8.9.html
FLIR SR 304 – Long range infra red camera. Can identify human at 2 km. http://www.flir.com/uploadedfiles/Eurasia/MMC/Comm_sec/SS_0020_EN.pdf
Mel Secure Systems Talkback System – Enable user of a CCTV system to communicate via a loudspeaker with the subject. http://prosecurityzone.com/Customisation/News/Alarms/Alarm_signalling_transmission_and_notification/Talkback_system_enables_warnings_to_be_broadcast.asp
Smartvue Network Video Surveillance Systems: An integrated network video system with wireless and wired cameras, network video recorders, and remote access. http://www.kanecomputing.co.uk/smartvue.htm
Genetec – Security Center Unified Security platform: Integrates IP camera network, IP access control and licence plate recognition. http://www.genetec.com/English/Products/Pages/security-center-unified-security-platform.aspx
TSS DVR: Mobile CCTV (mounted on police vehicles) - http://www.tssltd.co.uk/mobile-cctv.html
Agent Vi Analytics: Allows search of CCTV video “by event (e.g. crossing a line, movement) or target parameters, including type (people, vehicle, object), size and color” and performs real time ‘analysis’ which identifies and generates alerts for a variety of user-defined events “relating to people, vehicles and objects” – http://www.agentvi.com/category.aspx?catid=2
Ioimage Ioicam Sc1dn: Integrated system combining IP CCTV cameras (with night vision) with onboard video analytics (for example can Intrusion Detection, Tripwire Crossover, Fence Trespassing and Camera Tampering. The unit can also be easily configured to detect unattended baggage, object removal, loitering and stopped vehicles. ) – http://www.ioimage.com/?p=ProductDetails&ClusterID=1599&ParentID=624&FatherID=775
Smart Witness Journey Recorder: Camera and GPS device for evidence gathering on a vehicle – http://www.smartwitness.com/product/3/vehicle_journey_recorder_with_cctv_camera_and_gps_logging