New technology addresses privacy-protected video surveillance

The average citizen, who is not affiliated with any terrorist groups, is captured on camera up to 300 times a day. Video surveillance is everywhere — ATMs, mass transit, hospitals, commercial retail and public spaces.

And the delivery of networked digital cameras is doubling every year. While the technology behind these cameras has become ubiquitous, the problem is it’s privacy invasive — and it’s only going to become more privacy invasive if we don’t do something about it, said Karl Martin, president of KMKP Engineering, at Privacy by Design: The Gold Standard, the 2nd annual conference put on by the Information and Privacy Commissioner of Ontario in Toronto recently.

This was the premise behind research conducted at the University of Toronto, which is now being developed into a commercial product. The proposed solution is fine-grain encryption technology, using secure visual object-based coding, which allows information to be accessible to the operators of the system, while protecting the privacy of Average Joe Citizen.

This addresses the fact that cameras are indiscriminate — they’re essentially dumb devices, and in many cases untrained personnel are hunting through the footage. “Often there are no well-defined policies of who has access to this footage,” says Martin. As a result, we’ve had problems with voyeurism — in China, for example, there have been cases of security personnel zooming in on people for no apparent reason.

This could potentially allow operators to track a person and even create an activity profile.

“It’s a great consumer marketing tool,” he says. “Think of loyalty cards — and you don’t even need their permission.”

The other problem is there’s no commercial tool on the market that can be added to a surveillance system without impeding physical security. Encrypting all video isn’t practical, he says, because security personnel need to access it and monitor it regularly.

Managers would then have to distribute keys to all authorized personnel. But this doesn’t protect against misuse of footage by authorized personnel.”¨”¨ Secure visual object-based coding treats video footage as a collection of objects rather than indiscriminate frames of data. This means private data objects — such as a person’s face — can be automatically encrypted. Object segmentation uses pattern recognition techniques to detect and track faces, bodies or other objects, and object-based coding compresses and stores these objects as separate entities.”¨”¨

“It protects what we need to protect, and leaves what doesn’t need to be protected,” says Martin.

Operators see the background and bodies, but can’t identify them. If an incident occurs, they can get a key to decrypt and access private data, such as an individual’s face. “It gives you fine-grain control to discriminate between private and public information, and normal operation is not hindered,” he says.

“This is different from privacy masking because the data is still available — you just need the key.”

And that, he says, is what’s been missing in the video surveillance world — the ability to mandate privacy controls. The goal, ultimately, is to have this technology embedded directly into cameras, so it would operate on default (and operators wouldn’t have to activate it).

But this would depend on cost. Building capabilities into the endpoint will only serve to drive up the cost of those endpoints, which would be a hindrance to adoption, said James Quin, senior research analyst with Info-Tech Research Group.

“Realistically, he said, the concerns with IP video surveillance are no different than the concerns with non-IP video surveillance. They’re both surveillance technologies, the only difference being the communications infrastructure used to replay the surveillance data and the storage infrastructure used to record it.”