EU surveillance research:
Trends in FP7
surveillance projects
by Adriana Homolova and Alice Corona
The main research projects currently financed by the European Union are collected under the Seventh Framework Programme (FP7), covering the years 2007-2013. Within the FP7 'Security’ projects section, 119 declared institutions and companies, from 27 different countries, were involved in a total of 19 projects concerning surveillance cameras. The total cost of these projects is € 94.6 millions, 73% of which covered through European Union funding. [1]
But what exactly is being funded and how? Who’s involved in the projects?
1. Boosting technologies while enhancing privacy?
Surveillance is a sensitive issue, and the European Union is careful in presenting this field of research, continuously stressing the care placed in the ethical issues of security measures. The scope of the 'Security' section of FP7 is “to develop technologies and knowledge needed to ensure the security of citizens from threats such as terrorism and (organised) crime, natural disasters and industrial accidents while respecting fundamental human rights. [...] The respect of privacy and civil liberties is a guiding principle throughout the theme”. [2] Is this actually put into practice?
The 19 surveillance related research programs can be divided into two categories. On one side 10 promoting the technological aspects of surveillance, on the other side 9 investigating the privacy issues related to surveillance. The following network puts them in context.
To put these numbers into perspective, the visualization shows the technology oriented projects (blue dots), privacy oriented projects (green dots) and the countries involved in their research (red dots). The size of the project is determined by the total cost of the project, while the size of the country depends on the number of projects it’s involved in.
The bigger funds placed in technology development - 60% of the total - are comprehensible, as technical innovation requires clearly more money than research on privacy and ethics - something usually carried out through academic theoretical research.
However the impact of a technologically oriented project is different from that of a research on the ethical uses of technologies. While a developed technology is something that is either put into use or set out to be developed further, stand alone recommendations are of no use if not embedded into the technology they aim to control. And certain dynamics in the surveillance programs of FP7 don’t facilitate the connection between technological innovation and privacy protection
The bigger funds placed in technology development - 60% of the total - are comprehensible, as technical innovation requires clearly more money than research on privacy and ethics - something usually carried out through academic theoretical research.
However the impact of a technologically oriented project is different from that of a research on the ethical uses of technologies. While a developed technology is something that is either put into use or set out to be developed further, stand alone recommendations are of no use if not embedded into the technology they aim to control. And certain dynamics in the surveillance programs of FP7 don’t facilitate the connection between technological innovation and privacy protection
2. The separate realms of security research
Although the debate about surveillance cameras is usually presented as a strict dichotomy between security and privacy, the choice is not inherently black or white. Dr. Corien Prins, dean of the Law School of Tilburg and professor in Law and Informatisation, stresses how privacy and security are usually two different realms:
"I mean they don't speak to each other. It's either innovation debate, and security and safety debate, and technicians and huge companies that make money out of all these applications and innovations. [...] [or] the other world is the more academic world that discusses and deliberates privacy issues, which is much more conceptual, vague, and which is a completely different world. And there are not many initiatives to combine both worlds. [...] I think one of the most fruitful initiatives is Privacy Enhancing Technologies"
~ Dr. Corien Prins, interview, 2013 [3]
The two realms could so go hand in hand, as with the concept of PETs (Privacy Enhancing Technologies). These technologies aim to protect the privacy through built-in systems that would reduce the collection of personal data in the surveillance systems and hereby prevent the "unnecessary or unwanted processing of personal data.” [4] One would therefore assume that the path of more “ethical technologies” would be the primary field of investigation for the modern research on surveillance, especially given EU’s stated concerns for privacy protection.
The network of the FP7 surveillance projects and the institutions involved in them however tells a different story.
technology oriented projects (blue dots), privacy oriented projects (green dots) and the institutions involved in their research (orange dots)
The privacy projects are interlinked more densely, suggesting that the same institutions conduct similar research (either successively or simultaneously). Moreover, technologically oriented projects only seldom share participating institutions with the privacy oriented ones. The FP7 'Security' projects statement that “society relevant research issues will also be, as far as possible, integrated in technology projects” [2] does not seem to have worked out in the case of the surveillance systems projects. The only exception in this case is the privacy oriented VIDEOSENSE, a project that explicitly states that one of its goals is to “foster [...] sustainable relationships between existing national research groups.” [5]. Even if some of the technology development projects involve privacy research, they are not working together with simultaneously executed privacy oriented projects within the FP7 programs. How can one expect the implementation of PETs, if institutions investigating privacy issues are not more systematically involved in the research about technologies?
Furthermore, while many of privacy oriented projects deal with “smart surveillance” and “the state of art” of various aspects of surveillance as technology and law, not each technologically oriented project concerns itself with the questions of privacy protection.
Furthermore, while many of privacy oriented projects deal with “smart surveillance” and “the state of art” of various aspects of surveillance as technology and law, not each technologically oriented project concerns itself with the questions of privacy protection.
3. Technologies without ethical constraints
The technology oriented research in surveillance funded by the EU is focused mostly on frameworks and system architecture solutions. These include mainly intelligent video surveillance, data storage solutions and video analysis tools. Other projects target the development of sophisticated (radio, magnetic, seismic, acoustic, ...) sensors, behavioural analysis and also, for example, methods to trace the movement of an individual throughout the network of surveillance cameras. [6]
Quite a few of these projects were designed for and are tested as airport security solutions and they often mention the threats of terrorism as a part of the project motivation.
Alarmingly, a prevailing number of these projects is not concerned about possible privacy implications of the technology they are developing. Out of the ten technology oriented projects, only three address the importances of privacy protection by design, for example by means of automatic removal of unnecessary footage (evaluated by an artificial intelligence) or cryptography. This implies also differences in terms of fundings, as can be seen in the following graph.
4. Privacy research in circles
On the other hand privacy centred projects, while being almost the same in number, have all not only very similar aims, but they also use a very limited variety of methods. Most of them aim to develop a decision support system, or a formal criteria, or a framework for ethical surveillance by analyzing the current state of art of technology and law, and a few of them conduct international surveys. In fact some of the projects are extremely alike, as for example RESPECT [7] and SMART [8].
The core of the project summaries - around 500 words out of 900 (RESPECT) and 600 (SMART) is the same text, and their goals also are essentially the same. Even if RESPECT claims to build on top of SMART, both of the projects share most of the participating institutions and their combined costs are nearly € 8.5 million, something that (if combined) would make them the most expensive privacy oriented project.
The privacy oriented projects are not only conducted by the same institutions, but they also have similar goals and methods. So, while the presence of such projects indicates the need to create a debate around ethical approaches to surveillance, it is still open to interpretation whether this has been done in the most efficient way.
5. EU funded research and the private sector
Most of the institutions involved into the projects are either universities, or research centres, but they include also ministries and private companies. The highest number of project a single actor participates is 3. Institutions participating in three projects include five universities, the German Fraunhofer Society but also a British multinational defence company BAE Systems. Each of them is active in at least one privacy oriented programs, except BAE Systems, which participates exclusively in technology oriented projects.
BAE Systems is the Europe’s largest military contractor. Its US unit recently won a US military fixed-price contract for "Insensitive Munitions Explosives" worth 781 million dollars. [9] Since 2003, it’s also been a target of long-running corruption allegations:
“[In] 2010 BAE admitted to false accounting and making misleading statements, and agreed to pay out almost £300m in penalties in the US and the UK. The company ran a global money-laundering system: a network of secret cash payments amounting to billions of pounds that went on for years with the connivance of the British government. Authorities repeatedly let the company off the hook.”
~ Andrew Feinstein, The Guardian, 2012 [10]
The main challenges of TASS, ADABTS and MOSAIC, the three projects that BAE Systems participates in, include behaviour recognition techniques and their implementation in a framework of a targeted surveillance system that is optimized for commercially available low cost hardware. [11] These are ought to be deployed in surveillance systems in order to automatically detect potentially security sensitive behaviour. However, even when aiming to develop complex solutions, neither one of these projects addresses the questions of privacy issues. Systems like these have already been in use in the USA and their algorithms are not only programmed to notice sudden movements, but they are for example able to recognize that a person is carrying a gun. [12] Not implementing a mechanism for privacy protection of the observed subjects can therefore potentially form a ground for not only privacy breaches, but more serious effects if landing in the wrong hands. And such risk is all too real: there is, for example, evidence of British surveillance technology being used in repressive regimes and dictatorships. [13] As the report from a privacy oriented project DETECTOR states:
“Security technology developers [present at] our meetings sometimes acknowledged that surveillance equipment they were selling could be misused by governments; yet they had no policy restricting sales to such governments; and indeed were under some pressure to maximize sales. [...] Without restrictions on exports of these and other technologies, the EU may be unwittingly undermining human rights policies promoted through diplomatic channels”.
~ Tom Sorell, Lessons learned document, 2011 [14]
6. A "slow slight change" ?
The debate between security and privacy still seems a burning issue. While there are options in studying and researching a more ethical compromise between the two, interests of institutions and companies are not always directed in doing so effectively, even inside the privacy attentive European Union. This seems to happen in the FP7 projects, but also arises from broader investigations of the European Union security agenda:
"Despite world-leading legal frameworks and great potential for innovation, the security agenda is over-riding some of the basic principles of the Union."
~ Privacy International, European Privacy and Human rights [15]
However there are reasons to be hopeful for future improvements, especially due to the possible effects of pressures from society and consumers. This is why further vigilance, debate and information among civil society can be a leading force in boosting an ethical approach in a field as controversial as that of security and surveillance.
"Privacy is slowly seen as something that nature conservation was years ago, an issue that you could use in your marketing. I do see over the years a slow slight change. I do see that there's more recognition among big companies: they recognize that there's a certain tipping point, and if they are not aware of privacy, in the end, being instrumental in this tipping point, that society at large or consumers are reluctant in accepting certain technologies that invade privacy or at least give people consumers the feeling that their privacy is invaded".
~ Dr. Corien Prins, interview, 2013 [3]
Sources
[1] FP7 projects database.
[2] FP7 'Security' homepage.
[3] From interview with Prof. dr. Corien Prins, 27 March 2013
[4] van Blarkom, G.W.; Borking, J.J.; Olk, J.G.E. (2003). Handbook of Privacy and Privacy-Enhancing Technologies.
[5] VIDEOSENSE Project Description.
[6] SUBITO Project.
[7] RESPECT work plan and methodology
[8] SMART work plan and methodology
[9] BAE Systems wins $781 mln U.S. Army munitions contract
[10] The Saudi-GPT deal inquiry must not be another whitewash
[11] Official websites of TASS, ADABTS and MOSAIC.
[12] RNC Fortified by Behavior-Recognizing Cameras.
[13] Privacy International, Privacy International commences legal action against British government for failure to control exports of surveillance technologies.
[14] DETECTOR Lessons Learned Document.
[15] Privacy International, European Union and Human Rights, 2010.
[2] FP7 'Security' homepage.
[3] From interview with Prof. dr. Corien Prins, 27 March 2013
[4] van Blarkom, G.W.; Borking, J.J.; Olk, J.G.E. (2003). Handbook of Privacy and Privacy-Enhancing Technologies.
[5] VIDEOSENSE Project Description.
[6] SUBITO Project.
[7] RESPECT work plan and methodology
[8] SMART work plan and methodology
[9] BAE Systems wins $781 mln U.S. Army munitions contract
[10] The Saudi-GPT deal inquiry must not be another whitewash
[11] Official websites of TASS, ADABTS and MOSAIC.
[12] RNC Fortified by Behavior-Recognizing Cameras.
[13] Privacy International, Privacy International commences legal action against British government for failure to control exports of surveillance technologies.
[14] DETECTOR Lessons Learned Document.
[15] Privacy International, European Union and Human Rights, 2010.
