Protecting Privacy in Surveillance Video While Mining It for Data

Surveillance cameras have proliferated across the globe, raising concerns about privacy that have only deepened as machine-learning tools have now enabled automated video analysis on a massive scale. Now a new security system aims to defend privacy in a way that supports honest analysis of video footage while confounding malicious spying.

There are now “hundreds of millions of surveillance cameras out there across the world,” notes Frank Cangialosi, a computer scientist at MIT and lead author on a study of the system. In the past, these cameras were occasionally monitored manually, if at all, and largely used for security purposes. But steady advances in artificial intelligence have now made it possible for computers to analyze this video data en masse.

There are many applications for automated video analysis of surveillance footage, such as: helping health officials measure the proportion of people wearing masks; letting transportation departments monitor the density and flow of vehicles, pedestrians, and bicycles to figure out where to add sidewalks and bike lanes; and giving businesses better insight into shopping behavior for better planning of promotions. However, such mass surveillance poses the risk of intrusions on privacy at unprecedented scales.

“Video analytics is an exciting potential area, but I think our community also has this huge responsibility to think carefully about how it could be misused and put equal effort towards addressing that,” Cangialosi says.

Attempts to defend privacy against such technology often involve blurring out faces or covering them with black boxes. Those methods can prevent useful analysis of this video, while still not having the intended effect of preserving anonymity.

“So, citizens aren’t going to feel protected, and analysts aren’t going to feel it’s useful enough for them,” Cangialosi says. “It doesn’t satisfy anyone, which is why these approaches aren’t actually widely used in practice. And after thinking about it a bit, we realized that these are fundamental issues, so there’s this need for a totally different approach.”

Now, Cangialosi and his colleagues have developed a new system called Privid that lets analysts examine video for statistical data without revealing personally identifiable information.

“Privid might enable us to actually [make more productive use of] tons of footage from all of the cameras we already have around the world [and do so] in a safe way,” Cangialosi says. “They have tons of coverage and are very versatile, so I think there’s really a lot of potential.”

Privid works by first accepting code from an analyst containing a query that triggers an automatic count of, say, the number of people wearing masks in a video feed and the density of the crowd. The system then breaks that video footage into segments and runs the code on each chunk. Instead of reporting the results back from each segment to the analyst, Privid aggregates the data and adds some noise to it before returning the results. The aim of Privid is to let analysts with honest queries get the details they want, while restricting access to raw surveillance data that would enable malicious actors to gain too much information.

For example, when it comes to a video feed observing multiple city intersections, both an honest and a malicious query might claim to want to count the number of people that pass by each hour. Whereas the well-intentioned query from an urban-planning department might want to count pedestrian numbers to better plan crosswalks, the point of a query from someone with malicious intent might be to track a few specific people by looking out for their faces.

Assuming Privid executes both the anodyne and malicious queries, the addition of a little noise does little to derail the analyst behind the honest query from obtaining the count of passersby as was claimed. That same noise, given how the malicious query was actually looking to identify a few specific people, would have a large, confounding effect on the attempt to misuse the data. Privid can also tell analysts how much error it adds to results, which honest analysts can account for in their research so that they can still detect valuable patterns and trends. [READ MORE]