07 September 2010

I see with my little eye

From Culture Unbound: Journal of Current Cultural Research an article by Kelly Gates on 'The Tampa Smart CCTV Experiment'. [PDF].

Gates indicates that -
In June 2001, a neighborhood in Tampa, Florida called Ybor City became the first urban area in the United States to be fitted with a "Smart CCTV" system. Visio-nics Corporation began a project with the Tampa Police Department to incorpo-rate the company's facial recognition technology (FRT), called FaceIt, into an existing 36-camera CCTV system covering several blocks along two of the main avenues. However, this "smart surveillance" experiment did not go as smoothly as its planners had hoped. After a two-year free trial period, the TPD abandoned the effort to integrate facial recognition with the CCTV system in August 2003, citing its failure to identify a single wanted individual. This essay chronicles the experi-ment with FRT in Ybor City and argues that the project's failure should not be viewed as solely a technical one. Most significantly, the failure of the Ybor City "Smart CCTV" experiment reveals the extent to which new surveillance technol-ogies represent sites of struggle over the extent and limits of police power in ad-vanced liberal democracies.
Her article is complemented by Toby Miller's overview on 'Surveillance: The "Digital Trail of Breadcrumbs"' [PDF] in the same journal.

There is somewhat more bite in articles in 3(1) Identity in the Information Society (2010) ('The Diversity of National E-IDs in Europe: Lessons From Comparative Research').

The introduction by James Backhouse comments that -
When change in eIDs is initiated, rarely is there a completely fresh departure, but instead there is found incrementalism which builds gradually on the previous infrastructure of technology, but also of regulation and cultural norms. Great strides in the adoption of technologies such as the esignature or qualified certificates do not appear to have happened, rather the picture seems still to be of gradually setting in place the groundwork for future more sophisticated applications.

Finland was the first country in the world to introduce an electronic identity card in 1999, but their card has not progressed towards replacing other online authentication devices such as bank ID cards. It serves as a travel document and is intended to aid access to eGovernment services and for electronic signing. Even in states such as Belgium, the relatively strict privacy framework ensures the use of data is not accessible through the eID. Belgium has however achieved complete rollout but still experiences low usage rate for e-government services perhaps because its eID solution offers weaker authentication procedures. Some states, such as Sweden, have worked hard at integrating a market-based initiative within the eID creation and development. Others, such as Denmark, have developed the card largely from health-sector beginnings, with a gestation period of nearly 20 years. Still others, such as Estonia, are seeing ID cards used in connection with e-ticketing and as a partial replacement for driving licences, but interestingly as a support for voting through the Internet. As in other EU states the card is used to aid online tax declaration.

Many European states have developed electronic ID cards with a host of mechanisms for the increased security and protection of personal data. With these cards, authentication requires possession of a physical eID card AND knowledge of a PIN code—hence two-factor authentication. In both Belgium and Spain authentication allows the service provider to check the identity of citizen using the digital certificate on the card by means of the card reader and PIN.

But in Germany authentication is double-sided—the citizen can check the identity of the service provider as well. The service provider must get an access certificate from a federal agency in order to access the eID data on the card. In line with data minimization, the access rights granted only cover the data required for that particular service: say citizen’s name, age or address. The card is also an electronic travel document (e-pass), an alternative to a passport, that holds biometric data including a mandatory photo while fingerprints are optional. Each ID card has a registered serial number but this number cannot be used to identify the holder in any other administrative procedure. The prize for data minimization must go to the Austrian Citizen Card (Burgerkarte) which carries no personal data at all, only a personal link used to produce sector-specific PINs for the respective service in each transaction. In effect, the Austrian system provides technical means against merging citizens’ data from different sectors of government. ...

Two further papers mine the material brought together by these diverse studies focusing on the path dependency questions introduced in the framework and exercising them on selected groups of country cases. One entitled The path dependency of national electronic identities contrasts four national eIDs (Austria, Belgium, Germany and Spain) highlighting the differences between these systems conceived as socio-technical systems with regard to the eID itself, the eID cards as tokens, the authentication processes as well as the procedures for distribution and personalisation, the support provided for installing the technology and any provider-related regulation. ...

A second comparison examines the cases of Denmark, Finland, Estonia and Sweden in order to check the validity of generalisations derived from the first four cases.