Friday, August 01, 2008

Automated Number Plate Recognition technology

Crimtrac have issued a Request for Information for Automated Number Plate Recognition technology (ANPR) so that the number plates of vehicles could be computer read in images across Australia. Apart from the technical feasibility they are looking at the cost, benefit, legislation needed and privacy issues. The privacy issues of this technology were a main topic of the "You are where you've been", seminar at UNSW 23 July 2008.
ATM ID CrimTrac ANPR 2008/4
Agency Crimtrac
Category 43230000 - Software ...
Publish Date 31-Jul-2008 ...


CrimTrac is an Executive Agency within the Commonwealth Government in the Attorney General’s Portfolio. The agency was established on 1 July 2000, with the aim to „enhance Australian law enforcement with an emphasis on information-based policing facilitated through rapid access to detailed, current and accurate police information.

CrimTrac is currently undertaking a scoping study to develop a report on the strategic national implementation of an Automated Number Plate Recognition (ANPR). The ANPR scoping study aims to fully explore the feasibility of the national deployment of ANPR technology and will canvass aspects such as cost / benefit analysis, legislative and policy frameworks, examination of current and required infrastructure, privacy issues and technical options for the implementation of a national infrastructure model. The scoping study represents an exciting opportunity for Australian law enforcement and road transport departments. This Request for Information (RFI) represents the initial engagement with ANPR technology providers to assist the project team assess industry capability and to move towards procurement steps aiming to establish a panel of providers. ...

From: Automated Number Plate Recognition technology, CrimTrac ANPR 2008/4, 31-Jul-2008

Labels: ,

Thursday, July 24, 2008

Location privacy issues

The University of NSW, UNSW School of Surveying and Spatial Information System and Cyberspace Law and Policy Centre, hosted the seminar "You are where you've been", 23rd July 2008 in Sydney. This had researchers, industry and government people discussing the privacy issues with GPS, mobile phones and tracking via IP addresses. This was an excellent introduction to tracking technologies, the privacy issues with them and the legal and other responses to the issues. Such an event would normally cost thousands of dollars and even the lunch was free! ;-)

Ironically I was late for the seminar as I couldn't find it in the new UNSW Law building, which looks like the fractalated set for the The Cabinet of Dr. Caligari. The building has slanted columns, which are a tripping hazard, and no right angles, making finding your way around difficult (but the main lecture theatre has a wonderful window view and a power point to run your laptop at each seat).

Roger Clarke was giving an introduction to the issues of privacy and location tracking as I arrived. He talked about roles and identities. I wasn't too sure that his distinction between the real and abstract was real. He defined privacy as freedom from interference and can't just be legislated for. He criticized the data protection laws and the federal privacy commissioner (the privacy commissioner of Victoria was present).

Some technologies:

* Handheld: PDAs and mobile phones. He pointed out the iPhone as a key current device. He argued that 3G phone networks allowed better tracking than computer type networks. A computer network can track a person to within a few suburbs, whereas a mobile phone can do it to a few tens of metres. Most phones are used by individuals and so allow tracking the person. He discussed how a phone can be located but left out enhanced GPS which allows tracking of a phone quickly down to mm.

* Vehicles: Automatic number plate recognition (ANPR) can be used to record car number plates and so track the car (M7 Sydney Electronic Toll Road). RIFD tags can also be used to monitor cars, such as those used on motorways (Roger described it as "Passive"). He points out that this is useful for user pays parking, roads and the like. He pointed out that all vehicle details are captured and kept indefinitely not just ones failing to pay for the time they don't pay for. Police are also implementing ANPR for traffic administration and enforcement.

* People: Roger condemned the health department's policy to electronically tag dementia patients.

Helen Versey, Victorian Privacy Commissioner on "Location Privacy : Privacy regulator's perspective": She pointed out the value as well as the problems of location technology. But then argued how privacy is one of the fundamental human rights. CrimTrac might undermine state privacy legislation with federal law. The commissioner claimed that Victoria has few cameras and ANPR is at an early stage. However, the traffic authority has an extensive network of cameras to monitor traffic. This network could be easily interfaced to an ANPR system to record all number plates detected on all cameras all the time.

One question I had was the effect that open access to government information would have for privacy. There is a Victorian Parliament inquiry into open access. On the face of it, government providing information about what it is doing is a good thing. But how do you check for private information?

Rob Nicholls "Hic et nunc: Provision of location based services to law enforcement agencies": Looked at federal legislation. He argued that the Telecommunications, Privacy and Spam Acts worked well together. Telcos fall within the privacy principles and so location services are likely to fall within this. A 2007 telco act amendment explicitly identifies location information from mobiles as private.

Rob invited questions so I asked how much of an obligation there was on the telco to ensure their system protects privacy. He said that there was a strong obligation, as directors were likely to go to jail. The example I and in mind was when Vodafone Greece's system was hacked allowing phones to be bugged.

Rob argued that "active" location services imply the customer gives consent to have their location known. The example given was to request the location of the nearest ATM. He argued that this requires the customer to provide their location. This is not strictly true. A system could provide the location to a third party who found the nearest ATM. Also only an approximate location could be given. The phone could then be sent a list of near ATMs and the system could pick the nearest. This might actually be a more useful service for the user, as they could select from the range of nearby ATMs.

Ron then moved on to location based information and law enforcement. He argued that Australia has moved away from international norms for privacy. It took me a while to work out that this was a criticism. Australian law allows law enforcement access to vaguely defined "telecommunications data", which essentially includes everything except the actual call, email or file content. The request can come from a public servant, a judge is not needed. This includes ISPs as well as telcos. Carriers are required to be able to intercept the data if a warrant is issued.

I asked if the requests which senior public servants make for metadta have to be in a particular form. Rob said this could be something like a fax with a scanned signature. So I could imagine a system where the requests are sent semi-automatically, allowing one person to issue thousands of requests a day.

Lyn Moore: Location Privacy: Telstra's Perspective: Customers must opt in to location services and can change the services they subscribe to. A WAP gateway is used to interface to service providers suing the location information. The service providers have to agree to privacy conditions for use of the location information. OMA Mobile Location Service standards are used for implementation. OMA MLP and OMA Location Privacy Checking Protocol. The telephone number is mapped to a userid. A location id is used to identify the location. Details are only stored for 20 minutes. In this way it is claimed that the service provider therefore does not know where you are. This was a refreshingly straightforward presentation (unlike usual Telstra ones).

I asked if the service provider could use a cookie to identify the subscriber and then match that with their position. The reply was that this is prohibited under the the service provider conditions.

David Vaile, Google Street View: Need to look at street view in relation to other Google services. Google have been reluctant to engage on privacy issues, apart from asserting they were trying to not be evil. Google being US based as a different view of privacy to most of the world. Local Google staff have more understanding of Australian/European issues.

Matt Duckham: Obfuscation: Location privacy protection through spatial information hiding: Discussed how the technology works and how locations can be made approximate to protect privacy while providing services.

Dan Svantesson: Geoidentification - " A serious threat to your location privacy on the Internet?": A very approximate geo-location, to country, based on IP address is used by major web providers. This is used to limit access to content for licensing reasons, target advertising or content. Even at this level there are implications for privacy. The Antipiratbyran case (Sweden 2006) suggests that court will consider IP addresses are personal information. Go-location tests suggest country level accuracy at 99.9% and at state level of 95%. But these are US figures and it might be a lot harder for other countries. A French Yahoo auction case suggested an accuracy of 70%. Anonomisers can be used to hide the IP address of users. GeoBytes are an Australian based geo-location provider.

M.G. Michael: A research note on ethics in the emerging age of Überveillance: MG was suffering from jet lag and so this was not the best presentation of the day. He showed some advertisement and news report videos about surveillance, which would have suited an industry conference more than a scholarly seminar. He emphasized the term "Uberveillance", but without explaining it . Later I found he had authored several works on Uberveillance. With this and other material in the presentation MG seems to have assumed the audience would be familiar with the work. This was a problem for me, and I suspect others in the audience from diverse backgrounds. As a result there is a risk of such a presentation appearing to be shallow MG needed spend some time on the background of his previous work, to provide context.

Otherwise there is a danger of such presentations looking like one by an impersonator I once attended at the IFIP conference dinner. The comedian had been supplied with a set of ICT buzz words and names of industry people to mention. For several minutes they were able to fool a room full of ICT experts that they were an industry expert. Since then I have been wary of any presentation with too many glib terms:
The Congress dinner, held in Parliament House in Canberra, was one of the week's highlights. The speaker, introduced as Dr. Lawrence Tibbs, Associate Director for Technology and advisor to the President and Vice-President of the U.S., gave a lively and very humorous talk. He addressed the audience as, "Ladies, gentlemen, and Australians." He stated, "You can tell an American IT expert ... but you can't tell him much." Although most of the attendees were amused, some were upset or surprised at his lack of diplomacy. After his talk, which had some thoughtful moments, he removed his hairpiece and revealed himself as Mr. Campbell McComas, a professional comedian, who fooled virtually everyone in the audience.

From: IFIP NEWSLETTER, IFIP December 1996
Usman Iqbal: Privacy-aware telematics technologies - GPS enabled insurance and social issues: Usman presented an interesting and well researched presentation about the privacy issues of insurance. The idea is that the car insurance company would charge based on how far you drove and where you drove (tried by Norwich Union with a system called PAYD). The more km traveled and the more dangerous the road, the more the insurance costs. The catch is that this requires the insurance company to be provided with location information for the car. Usman carried out research using a GPS device in a student's car and then seeing what inferences could be drawn. He then looked at if it would be possible to design a system which do not reveal location to the insurance company. The solution proposed was to have the insurance calculation carried out by a computer in the car.

The example given considered the number of km driven on different roads. Would a simpler system which just reports what suburb the car is usually parked in do just as well? Car insurance companies use the suburb already for measuring location.

This suggests an interesting possibility to take into account insurance cost when planning a trip. This could be by a trip planner (such as Google Maps) or an on-board navigation system plots a route. It might also be amusing to consider having the safety of other drivers on the road taken into account and having the car tell you to avoid dangerous drivers. Also a simpler example would be to apply this to household insurance. It would be very simple to detect when someone is home and use that to determine their home and contents insurance.

It would also be interesting to apply such a system to an individual. Their smart phone could track them and have their personal insurance adjusted accordingly.

Usman also surveyed drivers and found that sports car drivers were prepared to pay more for insurance in return for anonymity. Females were more interested in privacy.

Panel: There was an interesting discussion of EU versus USA developed privacy standards. I asked the panel if they were worried by the rise of China resulting in a downplaying of personal privacy in technical standards. The panel was skeptical of technological determinism.

One question I wanted to ask all the presenters was if privacy only applied to individual natural people. One presenter commented that an IP address might only identify what family was using a computer, not an individual and therefore is not a privacy issue. But do not families and other groups have a right to privacy? Why shouldn't non-natural people, such as a community group, have a right to privacy?

Labels: , ,

Thursday, July 03, 2008

Calculating the Ditigal Dividend

The Department of Broadband, Communications and the Digital Economy has issued a Request for Tender for a consultant to estimate the value of spectrum being freed up by the conversion of Australian TV to digital. However, you would be hard pressed to work that out from the language of the tender, which refers to the commercial value of the potential ‘digital dividend spectrum’.

The analysis being asked for is very limited, in that it only looks at the financial return the government would receive. The consultant is not asked to look at the contribution the spectrum could make to the Australian economy or its value to the community in terms of culture, education or improved health. Radio spectrum is one of those public goods, where it can be very difficult for a commercial entity to capture all of the financial benefits of its use. As a result the government will likely no allocate the spectrum to its best use if it uses financial return as the sole criterion for selecting the use for the spectrum. The value of services to the community which might be created should also be considered.

The Department requires a Consultant to undertake a desktop analysis to estimate the commercial value of the potential ‘digital dividend spectrum’ for a specified range of scenarios.

The analysis should use relevant international and Australian comparisons of value and circumstances, particularly the relevant policy environments relating to the major services that are likely to use the spectrum. Commercial value means the amount of money buyers may pay to purchase the spectrum when it becomes available.

The successful tenderer is to also undertake a desktop analysis of the financial return to the Australian Government of maintaining existing spectrum arrangements for the broadcasting services bands assuming a continuation of the present policy settings that govern the key uses of this spectrum. The analysis should use relevant data on current and projected broadcasting industry revenue to identify trends over time and any potential financial impact on Government revenue...

From: Digital Dividend Technical Consultancy - Stage 2, Section 59.1 "The Services", Statement of Requirement, Department of Broadband, Communications and the Digital Economy, Request for Tender DCON/08/64, 2-Jul-2008

Labels: , , ,

Tuesday, June 24, 2008

Wireless Local Positioning Systems

NICTA are hosting a seminar on Wireless Local Positioning Systems by Reza Zekavat, from Michigan Technological University, 26 June 2008 in Canberra:

Wireless Local Positioning Systems
Reza Zekavat (Michigan Technological University)

DATE: 2008-06-26
TIME: 13:00:00 - 14:00:00
LOCATION: NICTA - 7 London Circuit

Wireless systems capable of positioning mobiles remotely in complex mobile environments have emerging applications in homeland security, law enforcement, defense command and control, multi-robot coordination, and traffic alert such as vehicle-to-vehicle and vehicle-to-pedestrian collision avoidance. These systems promise to dramatically reduce the society's vulnerabilities to catastrophic events and improve the quality of life. The talk presents a novel wireless local positioning system (WLPS) recently patented by Michigan Tech University (MTU).

The proposed WLPS has two main components: 1) a base station deployed in a mobile (e.g., vehicles, robots or handhelds) that serves as a Dynamic Base Station (DBS); and 2) a transponder (TRX) installed in wireless mobile handhelds, robots and vehicles that act as Active Targets. Unique identification (ID) codes are assigned to each TRX. DBS transmits periodic ID request (IDR) signals in its coverage area. Transponders reply to IDR signals as soon as they detect them. Depending on applications, each mobile in the coverage field may be equipped with only DBS, only TRX, or both. Such a framework offers attractive features: (i) high probability-of-detection performance via active as opposed to passive targets, (ii) low-cost TRX made of simple transceivers, and, (iii) infrastructure-less operation via dynamic as opposed to static base stations.

Dr. Seyed A. (Reza) Zekavat received his B.S. degree from Shiraz University, Iran, in 1989, M.S. degree from Sharif University of Technology, Iran, in 1993, and Ph.D. from Colorado State University, Fort Collins, Colorado in 2002. He has over 10 years of teaching and research experience both in the United States and abroad. He has published more than 75 journal and conference papers, and has co-authored two books and invited chapters published by Kluwer Academic Publishers and Springer. His research interests are in wireless communications at the physical layer, dynamic spectrum allocation methods, radar theory, blind separation and beam forming techniques, feature extraction, and Curriculum Development. His current research is supported by the National Science Foundation and many Other Agencies through several active grants totaling over $1,500,000. He is also an active technical program committee member for several IEEE international conferences. At Michigan Tech, he has founded two research laboratories on wireless systems, and is currently principal advisor for several PhD students.

Labels: , , ,