This blog post was originally published at Intel’s website. It is reprinted here with the permission of Intel.
These days cameras are ubiquitous – in our smart phones, our cars, homes, and around our cities. And opportunities for computer vision are endless, extending across robotics, retail, healthcare, transportation, and even sustainable agriculture.
Computer vision offers tremendous benefits in terms of safety, security, convenience and efficiency. When I am at the airport, I love knowing that I am protected by digital surveillance systems, and these same systems can protect retailers from theft.
But with all of these cameras collecting our images in an always-connected, digital world, how can we manage the benefits with the risks to our privacy? The image data captured from multiple cameras is not the cause for concern, but the algorithms for processing, analyzing, and understanding of those images should be explored to preserve consumer privacy.
As a consumer, what are my options to limit my image data from being shared?
Consumer Privacy Option #1: Hide
Here’s one way to react: I’ll prevent images from being taken; I’ll stop the image at the source; I’ll cover the cameras on my PC, phone and car with little pieces of tape.
I’ll revert to using cameras that are not connected in any way—think Polaroid—that way I never have to worry about computer vision algorithms misusing my image.
Consumer Privacy Option #2: Localize
Okay, hiding is too extreme, so I’ll keep all of my privacy controls at the edge, or on my device. I’ll take images with my mobile phone, but I won’t upload them to the cloud; that includes sharing on social media and network backup—but what if I lose my photos?
When shopping, I’ll leave my phone in my car and I’ll pay with cash. Those retailers won’t recognize me, so I won’t receive their ads later related to those shoes I just purchased. But what if I miss an urgent call while I’m without my phone?
I have a similar problem if I install security cameras, and I make certain that the data never leaves the devices. Unfortunately, that invites memory and storage problems and also means no connection to security services; no ability to see my package delivery from my mobile app. What happened to all that security, safety and convenience?
Consumer Privacy Option #3: Trust
Maybe I should simply trust the cloud. I’ll connect my phone, my PC, my home, my car, and all of my social media so that my life becomes one long, live, video stream. I’ll leave the design of my data privacy in the hands of government regulators and the plethora of hardware and software developers.
That is what the vast majority of consumers are doing today, at their peril.
Consumer Privacy Option #4: Privacy-by-Design
There is a better way. We don’t have to choose between convenience and privacy. We can have both if we do the work required.
The Onus is on the Developer
Every computer vision solution should undergo a plethora of privacy design decisions. The same hardware and software technology that enables the proliferation of image data—and makes some consumers feel vulnerable—can allow consumers to determine their own privacy terms without going to extremes. Developers must think about how their technology should be used.
For example, image data and image classification algorithms in face recognition solutions can enhance safety, security and convenience, but they also can cause discrimination, copyright infringement and identity theft. So when we design computer vision solutions, we must consider how to give consumers control over their personal data.
In some simple cases, system designers could choose low-resolution image or depth sensors that don’t enable identifying people. In more complex cases, a smart camera can implement policies about what to record, versus a “dumb” camera that automatically uploads video to the cloud. Some companies use detection algorithms to avoid capturing images of people, thus preserving consumers’ privacy.
With so many hardware and software developers involved, how can we guarantee the integrity of privacy by design at the system level? How can we be certain that the consumer maintains data control?
Let’s look at some of the system-level design decisions for a typical computer vision solution. A developer will design or select hardware at the edge to capture and process images. Then develop an algorithm for understanding that image data. Throughout the system design, many design decisions are made, and each could have a unique impact on privacy. Some examples include:
- Types of sensors to use and the image resolution for those sensors
- What image data and metadata gets stored on the device? In cloud? For how long?
- Who can access the image data?
- Where does it make sense to leverage hardware-optimized library functions such as OpenCV*?
- When to integrate the deployment of deep learning models for face detection, pedestrian detection, etc.?
- Where will custom code be required, and what can be adapted from the open source community?
- Where can I add services and/or features by calling cloud APIs?
Guardrails and Accountability
Here is my guidance to hardware and software engineers, data scientists and developers in the computer vision ecosystem: the best way to make consumers trust you is to design solutions that allow consumers to define their own terms for data privacy. Imagine a world where computer vision solutions with 24×7 edge-to-cloud connectivity are never anonymous: consumer privacy is guaranteed through proper solution design, but developer privacy is not.
What if we created full traceability and accountability for every component, subcomponent, and piece of data that contributes to the full visual computing solution? That includes every part of hardware and software whether at the edge or the cloud. We would know where the visual computing system breaks down or causes bias or inaccuracies, and we would know the engineer, data scientist or developer responsible for the understanding or misunderstanding.
Whether the solution is a digital surveillance system, a smart power grid, a drone for agriculture, a smart city or home, or an autonomous vehicle, the full system and all of its components would be fully traceable. We could have trusted combinations of hardware and software components that guarantee a particular level of reliability, safety and security—with or without formal regulation.
Solutions should employ trustworthy practices and ingredients at all levels of the stack, from edge to cloud, so that no matter what computer vision “recipe” is used, consumers can control the use of their data. Here are some ways developers can foster trust:
- Explain what is happening in plain language
- Create legal accountability for proper use through end-user license agreements
- Expose your software application protocol, APIs and other interfaces—never create a black box
- Open source your code so the community can turn off negative uses
- Enforce traceability with ledgers
The technologies that fuel computer vision solutions can also enhance privacy—if developers choose to use them that way, and if all of us make privacy a priority. It’s not only in the consumer’s interest, it’s also the pragmatic interest of businesses and governments.
As technology leaders and developers, it is our responsibility to include privacy by design in our computer vision solutions, across hardware and software, from edge to cloud.
Charlotte Dryden
Visual Computing Developer Solutions Group, Intel Corporation