Once again, the government is experimenting on the public with new surveillance technology and not bothering to inform them until forced to do so. Boston's police department apparently performed a dry run of its facial recognition software on attendees of a local music festival.
Nobody at either day of last year's debut Boston Calling partied with much expectation of privacy. With an army of media photographers, selfie takers, and videographers recording every angle of the massive concert on Government Center, it was inherently clear that music fans were in the middle of a massive photo opp.While no one expects their public activities to carry an expectation of privacy, there's something a bit disturbing about being scanned and fed into a database maintained by a private contractor and accessible by an unknown number of entities. Then there's the problem with the technology itself which, while improving all the time, is still going to return a fair amount of false positives.
What Boston Calling attendees (and promoters, for that matter) didn't know, however, was that they were all unwitting test subjects for a sophisticated new event monitoring platform. Namely, the city's software and equipment gave authorities a live and detailed birdseye view of concertgoers, pedestrians, and vehicles in the vicinity of City Hall on May 25 and 26 of 2013 (as well as during the two days of a subsequent Boston Calling in September). We're not talking about old school black and white surveillance cameras. More like technology that analyzes every passerby for height, clothing, and skin color.
Dig reporters picked up on a scent leading to correspondence detailing the Boston Calling campaign while searching the deep web for keywords related to surveillance in Boston. Shockingly, these sensitive documents have been left exposed online for more than a year. Among them are memos written by employees of IBM, the outside contractor involved, presenting plans to use "Face Capture" on "every person" at the 2013 concert. Another defines a party of interest "as anyone who walks through the door."'Guilty until proven innocent" remains the mantra of mass surveillance. Here, a "person of interest" is also just an "attendee." They are inseparable until the software has done its sorting, and even then, the non-hit information is held onto for months or years before being discarded.
[M]ore than 50 hours of recordings — samples of which are highlighted herein as examples — remain intact today.Dig gathered up all of this info and confronted the Boston Police Department about its involvement in this project.
Reached for comment about “Face Capture” and intelligent video analysis, a Boston Police Department spokesperson wrote in an email, “BPD was not part of this initiative. We do not and have not used or possess this type of technology.”A normal denial and generally solid… except for one thing.
The Boston Police Department denied having had anything to do with the initiative, but images provided to me by Kenneth Lipp, the journalist who uncovered the files, show Boston police within the monitoring station being instructed on its use by IBM staff.The outing of these documents forced the city to acknowledge its participation.
In response to detailed questions, Kate Norton, the press secretary for Boston Mayor Marty Walsh, wrote in an email to the Dig: “The City of Boston engaged in a pilot program with IBM, testing situational awareness software for two events hosted on City Hall Plaza: Boston Calling in May 2013, and Boston Calling in September 2013. The purpose of the pilot was to evaluate software that could make it easier for the City to host large, public events, looking at challenges such as permitting, basic services, crowd and traffic management, public safety, and citizen engagement through social media and other channels. These were technology demonstrations utilizing pre-existing hardware (cameras) and data storage systems.”The city claims it's not interested in pursuing this sort of surveillance at the moment, finding it to be lacking in "practical value." But it definitely is interested in all the aspects listed above, just not this particular iteration. It also claims it has no policies on hand governing the use of "situational awareness software," but only because it's not currently using any. Anyone want to take bets that the eventual roll out of situational awareness software will be far in advance of any guidance or policies?
Similarly, [Dig's Kenneth Lipp] easily found his way into lightly secured reams of documents that include Boston parking permit info, including drivers’ licenses, addresses, and other data, kept online on unsecured FTP servers.Government entities roll out pervasive surveillance programs, almost exclusively without consulting the public, and expect citizens to trust them with the data -- not only what they share and whom they share it with, but to keep it out of the hands of criminals and terrorists. But Boston (and IBM) have proven here that this trust is wholly undeserved.
“If I were a different kind of actor, a malicious state actor, I could pose a significant threat to the people of Boston because of what I have in the folder.”
Our IP Address: