Campuses Must Balance Security Technology with Privacy and Civil Rights
A campus adopting any type of new security technology must not only investigate its benefits, but also its vulnerabilities and potential for abuse.
Privacy and civil rights abuse concerns about security technology systems are once again heating up. This time, a broad coalition of groups are having issues with law enforcement’s use of Amazon’s facial recognition software, called Rekognition. In fact, they are so concerned that last week the American Civil Liberties Union (ACLU) demanded Amazon stop selling this product to police.
According to the ACLU, the solution, which Amazon claims can identify and track suspects or persons of interest in real time, “is primed for abuse in the hands of governments, poses a grave threat to communities already unjustly targeted in the current political climate, and undermines public trust in Amazon.”
But are these concerns warranted?
The Washington County Sheriff’s Office in Oregon has been using the facial recognition technology for more than a year now. Its public information officer told CNN that “During that time, [we] have been transparent and forthcoming so the local public knows what it is, and equally importantly, what it is not… A facial recognition match alone, no matter the percentage match, does not establish probable cause to arrest a suspect. The Sheriff’s Office does not use the technology for mass and/or real time surveillance. In fact, state law and our policy prohibits it for such use.”
So, in the case of Washington County, the privacy and civil rights abuse potential has been addressed, at least to some extent.
But the ACLU and other civil rights advocates do have legitimate cause for concern because there really is the potential for misuse. Nicole Ozer, who is the technology and civil liberties director for the ACLU of California rightly expressed concern that facial recognition could track protesters, target immigrants and spy on entire neighborhoods.
Truth be told, any technology or software that collects data of any type (GPS coordinates, personal information, images, etc.) comes with risks. We only need to look to the recent abuse of Facebook data as an example.
Keep in mind that fears about privacy and civil rights abuses relating to security technology are nothing new. Back in the early 2000s when I was an editor with CS’ sister publication Security Sales & Integration, we regularly encountered these issues, particularly with video surveillance systems.
Traditionally, one way concerns about security cameras have been addressed was for organizations to create appropriate, mandatory requirements, policies, procedures and algorithms so that the cameras couldn’t be used for things like peering into dorm windows, racial profiling or looking down women’s blouses. Additionally, limits were placed on who had access to the cameras and who could have access to the images after they were shot.
The same common sense rules apply to today’s new technologies. The challenge we have now, however, is that we don’t fully understand the risks associated with each, as well what needs to be done to mitigate those risks.
That’s why it’s so important for a hospital, school or university adopting any type of new technology to not only investigate its benefits, but also its vulnerabilities and potential for misuse. Once this is done, administrators must create policies and procedures so the technology will be used appropriately. Much like the Washington County example I described at the beginning of this article, campus public safety officials and administrators must also be fully transparent with their campus communities and the general public on how the technologies they adopt will and won’t be used.
Campuses can’t let these types of technologies get away from them, or worse, use them inappropriately for things like racial profiling, tracking protestors, etc. Doing so puts them at risk of lawsuits and bad press, not to mention the fact that it would be immoral. Any campus, government entity or organization that knowingly lets its security technology be misused deserves all of the litigation, bad PR and moral condemnation it’s bound to get when the abuse is discovered.
Additionally, our local, state and federal legislators must pass laws that ensure whatever security, public safety or emergency management system that’s adopted isn’t misused.
Fortunately for educational and healthcare campuses, some privacy protections are already in place. For healthcare facilities, the applicable privacy law would be the Health Insurance Portability and Accountability Act (HIPAA).
For K-12 and higher education institutions, the National Center for Educational Statistics offers this guidance on the use of surveillance cameras as it relates to the Family Educational Rights and Privacy Act (FERPA), which, I suspect, would also apply to facial recognition:
School cameras are typically placed in areas that do not infringe on students’ right to privacy, such as classrooms, hallways, common areas, and building perimeters. However, recent reports of cameras in bathrooms have sparked a debate over the appropriate balance between student privacy rights and the need for school security. While FERPA does not specifically address, this issue, school systems should have a surveillance camera policy outlining the rights and responsibilities of students, teachers, administrators, and other school staff. As a best practice, the policy should include the following:
- a clear statement of appropriate reasons for using surveillance cameras;
- the role and responsibilities of individuals with access to the cameras;
- who will have access to any footage;
- how long will any footage be kept and how will it be destroyed; and
- a consent provision.
For FERPA purposes, surveillance videotapes (or other media) with information about a specific student are considered education records if they are kept and maintained by the school system. If the school’s law enforcement unit controls the cameras/videos and it is doing the surveillance for safety reasons, the ensuing videos would be considered law enforcement, rather than education, records. As soon as school officials use them for discipline purposes, however, the tapes become education records and are subject to FERPA requirements.
Security technology can and does play a critical role in keeping campuses safe. That said, the devil is in the details in how it is applied. As campus protection professionals, we must always listen to our better angels.