Skip to main content
European Commission logo
Deutsch Deutsch
CORDIS - Forschungsergebnisse der EU
CORDIS
CORDIS Web 30th anniversary CORDIS Web 30th anniversary
Inhalt archiviert am 2024-06-18

PrivAcy pReserving Infrastructure for Surveillance

Final Report Summary - PARIS (PrivAcy pReserving Infrastructure for Surveillance)

Executive Summary:
PARIS defines and demonstrates a methodological approach for the development of surveillance infrastructure which enforces the right of citizens for privacy, justice and freedom. It takes into account the evolving nature of such rights, e.g. aspects which are acceptable today but which might not be acceptable in the future, and the social and anthropological nature of such rights, e.g. the variation of the perception of such rights. The methodological approach is based on two pillars: first a theoretical framework for balancing surveillance and privacy/data protection which fully integrates the concept of accountability, and second an associated process for the design of surveillance systems which from the start takes into consideration privacy (i.e. privacy-by-design) and accountability (i.e. accountability-by-design).
The theoretical framework has been defined in a generic way and guidelines have been provided to define specialized conceptual frameworks (e.g. for a given country), which are called SALT (Socio-ethicAl Legal Technological) frameworks. Examples of SALT frameworks have been provided. A framework management tool has been developed 1) to allow for the creation and writing of a conceptual framework and 2) to subsequently act as a reference for surveillance system designers. A SALT compliant design process has been be defined such that surveillance and privacy balance according to the specialized framework will be ensured throughout the process.

Two use cases have been demonstrated, one based on video search technology which focuses on archived data, and the other based on biometrics technology which focuses on embedded systems sensor type data. The two use cases use different SALT frameworks. The resulting methodology has been promoted through associations and standardization bodies.

The project met the following objectives:

• Definition of a Socio-ethicAl, Legal and Technical, or SALT, framework for an evolving understanding of the balance between the concept of private (vs. public) in a surveillance system.
• Development of a SALT framework management tool. The tool allows for a digital reference and representation of a SALT framework. It is used by stakeholders as a reference, including the design of surveillance systems. It includes mechanisms for creating and updating a SALT framework.
• Definition of a SALT compliant process for surveillance. It uses a reference SALT framework and integrates process activities and process artefacts for privacy-by-design and accountability-by-design.
• Provide evidence of the value of the SALT Compliant Process for Surveillance in two cases. A laboratory demonstration showq how a surveillance system can be developed using a SALT compliant process for video data lifecycle management based applications and for biometrics based applications

Project Context and Objectives:
The mission of PARIS is to define and demonstrate a methodological approach for the development of surveillance infrastructure which enforces the right of citizens for privacy, justice and freedom and takes into account (1) the evolving nature of such rights, e.g. aspects that are acceptable today might not be acceptable in the future, and the (2) the social and anthropological nature of such rights, e.g. perception of such rights varies.

The methodological approach will be based on two pillars:
• A theoretical framework for balancing surveillance and privacy/data protection, and integrating the concept of accountability.
• An associated process for the design of surveillance systems which takes from the start privacy (i.e. privacy-by-design) and accountability (i.e. accountability-by-design).

The following objectives will be addressed:
• O1: Definition of a Social, Anthropological, Legal and Technical or SALT framework for an evolving understanding of the balance between the concept of private (vs public) in a surveillance system.
• O2: Development of a SALT framework management tool. The tool allows for a digital reference and representation of a SALT framework. It is used by stakeholders as a reference, including for the design of surveillance systems. It includes mechanisms for creating and updating a SALT framework.
• O3: Definition of a SALT compliant process for surveillance. It uses a reference SALT framework and integrates process activities and process artifacts for privacy by design and accountability by design.
• O4: Provide Evidence of the Value of SALT Compliant Process for Surveillance in Two Cases. A laboratory demonstration will show how a surveillance system can be developed using a SALT compliant process for video data lifecycle management based applications and for biometrics based applications

Project Results:
This section explains the results achieved by the project. The results are presented as follows:
• Definition of the SALT Framework
• Tools implementing the SALT Framework
• Definition of a SALT Process
• Demonstrations on two use cases

Definition of the SALT Framework
We define a framework as the collection of concepts and principles that will be used as reference for any subsequent undertaking. These concepts and principles are in general the result of a consensus building between a number of stakeholders with different (possibly conflicting) interests and influences. An example is the conceptual joint framework project in accounting launched in the accounting area. Applied to surveillance systems and privacy, it would mean that legislators, lawyers, citizens, surveillance operators, policy makers, surveillance systems providers can use the same common reference and therefore reach a common understanding on the balance public/private which a surveillance system has to comply with. A SALT framework describes a consistent social, ethical, legal and technical context concerning the balance between privacy and surveillance at a given time. We can define the SALT framework as following:

• The SALT framework will explore the scope of the private and the public in the contemporary Europe.
• The SALT framework describes a consistent social, anthropological, legal context concerning the balance between privacy and surveillance at a given time.
• The SALT framework describes accountability constraints
• The SALT framework describes technical capabilities of surveillance systems in terms of monitoring (e.g. a detection feature) and in terms of combining data (e.g. connecting two surveillance systems) and in terms of accountability (e.g. non forgeable proof that a given surveillance action has been carried out)
• The SALT framework describes the possible interplay and resulting interoperability constraints or features between two different SALT frameworks (e.g. between two countries with different SALT perspectives)

A major result of this work is the creation of a questionnaire related to biometrics. This questionnaire is the base for a PIA (Privacy Impact Assessment). The questionnaire was presented to the community and very well received.

Tools Implementing the SALT Framework
The SALT Framework is instrumented by tools for creating and updating SALT References. While the overarching purpose of the tool is to allow for a non-ambiguous consistent digital representation of a SALT framework, it is expected that the tool can also be used for (1) tracking the evolutions of a framework in a given perimeter, (2) provides reasoning capabilities on public/private balance in the design, deployment, operation of a surveillance system:

• It includes features for defining a consistent SALT framework that can be used by stakeholders (security operators, privacy defense organisations, application engineers, policy makers, system integrators...).
• It includes features to express accountability
• It includes features for extending a SALT framework (e.g. refining the understanding) or for creating an upgraded version (e.g. defining an evolution) that takes into account SALT related constraints of such evolution.
• It includes features for describing the potential interplay and constraints between two separate SALT frameworks (i.e. interoperability)

At the end, the project has built the following tools:
• A questionnaire tool
• A taxonomy tool
• A repository tool
• A consistency check tool allowing to design correct surveillance systems

Definition of a SALT Process
The project has defined a design process to create and update a surveillance system conforming to a SALT framework. Once a SALT framework is finalized, than a design process can be put in place which ensures by design that a resulting surveillance system conforms to it. It is a privacy-by-design process in that it allows for the definition and enforcement of a set of policy for data processing that conform to a SALT framework. It further includes the production of evidences needed for assurance such as PIAs (Privacy Impacts Assessments). It is an accountability-by-design process in that it allows for the definition and integration of transparency mechanisms for accountability. It further includes the production of evidences (with possibly legal force) for accountability.

Demonstrations on two Use Cases
In order to evaluate the project results, two demonstrators are developed:

• One based on biometrics. Biometrics technologies play an essential role in security systems today because they allow for identifying persons by some intrinsic features rather than by something they could own (e.g. a National identity card) or something they know (e.g. a pincode). For their intrinsic functionality of person’s identification, the privacy technology developed in the project must implement the legal, social and anthropological aspects in the biometrics data life cycle without hindering the interoperability and data exchange across systems and organizational domains. This demonstrator has contributed to the evaluation of the biometric questionnaire and the usage of the SALT process.
• One based on video surveillance. Video surveillance data lifecycle management capability is critical to realize privacy and accountability in the whole video data lifecycle (i.e. capture, store and archive, search and extraction, deletion) in video surveillance systems. Although computer vision technologies are able to mask or replace some of the privacy-related features in video data in capture phase, a certain amount of the original video data will be stored and archived for later search and extraction. Therefore, beside the techniques at the capture phase, privacy and accountability measures for search and extraction, and safe deletion of archived data is a key to enable privacy protection in video surveillance data lifecycle. In addition, technologies that preserve privacy in video archive search should implement the social, anthropological and legal definitions at the technological level, while facilitating the sharing and interoperability of video data across different systems and organizational domains. This demonstrator has mainly contributed to validate all MDE-based tools and the SALT process.

Potential Impact:
Strategic impact
In the following section we use a tabular approach where the column on the left includes excerpts from the FP7 work program and the right column elaborates on PARIS expected impact.

Direct Impact
This section assesses the direct impact of PARIS with respect to topic SEC-2012.6.16-2: Tools and methodologies, definitions and strategies for privacy by design for surveillance technologies, including ICT systems – Capability Project or Coordination and Support Action. We then assess PARIS impact with respect to the work programme expected impact.

PARIS versus SEC-2012.6.16-2 Topic Description
PARIS will define a methodology based on SALT frameworks (social/anthropological/legal/technical) the goal of which is to provide guidelines and rules for such balancing.
PARIS focuses on transparency features in design processes, in particular on accountability-by-design.
PARIS methodology will allow for evolution. PARIS framework management tool (developed in WP3) will allow for updates.
PARIS defines a methodology based on SALT frameworks which are used as reference to design surveillance systems based on a SALT compliant process
PARIS defines SALT compliant processes which follow privacy-by-design and accountability-by-design.

PARIS versus SEC-2012.6.16-2 Expected Impact
PARIS defines SALT Compliant process which include the right level of (1) surveillance, (2) privacy, (3) accountability
This is demonstrated by two use cases (video data life cycle management and biometrics based surveillance).

Indirect Impact
PARIS versus Activity 1.6 Security and Privacy
PARIS is a multidisciplinary cross cutting initiative which includes partners with socio/anthological expertise, legal expertise, technology expertise, process exepertise, privacy and x-by-design expertise
PARIS framework provide the capability to balance publie vs private
PARIS involve SA (Social and ethicAl). Namur is the partners that will address this part.
PARIS plans to disseminate its finding on SALT frameworks
PARIS seeks adoption of the community of SALT frameworks
PARIS will allow for shared understanding of a complex socio-economic challenge of balancing public/private in surveillance systems;
Ethics is addressed by integrating the socio-echical concerns
PARIS will address immediate and medium term issues

PARIS versus Area 10.6.1 Citizens, Media and Security
PARIS conceptual framework will support social and ethical parameters in order to address the needs of the citizens.
Accountability is one the features of the framework and of SALT compliant processes

Promotion of the biometrics questionnaire
Research carried out in the course of PARIS led UNamur to draft a questionnaire for the use of biometrics in the private sector. The questionnaire is destined to decision makers associated to the design and implementation of biometric systems. The draft questionnaire constitutes a preliminary template for the definition of a Privacy Impact Assessment applicable to biometrics. It is concurrent to other initiatives at European and international in the field of privacy impact assessments. The research has mainly be conducted on the basis of the French legislation and European guidance issued by the Working Party 29. The research results and the questionnaire itself constituting a PIA biometric template has been presented on many occasions to various experts and stakeholders detailed below.
First, the biometric PIA template and SALT tools have been promoted to the European Association for Biometrics (EAB). EAB is a non-profit organisation, which gathers a wide range of biometrics stakeholders. EAB's mission is to advance the proper and beneficial use of biometrics in Europe by community building and training and education. It is the intention of EAB to stimulate research and to influence appropriate program developments. UNamur participated to two EAB events in order to promote the research carried out in PARIS. First it participated in the European Association for Biometrics (EAB) Research Project Conference, held in Darmstadt on 7th September 2015. It also participated in a conference jointly organized by IBM and EAB in London on the 19th of October 2015 about “Privacy Preserving in an age of increased surveillance – a biometric perspective”. Both events gathered people from the academic field, European institutions and the biometric industry.
Second, the PIA biometric template has been promoted next to the industry for evaluation and comments. A specific presentation of UNamur’s work regarding biometrics and the PIA biometric template has been submitted for discussion on the 8th of October 2015 to the French company Morpho, which is a major leader company in the field.
Third, the PIA biometric template has also been promoted to Data Protection Authorities, in particular the French DPA CNIL (Commission Nationale Informatique et Libertés) on the 5th of November 2015. Very positive and interesting feedback were provided during this meeting. This also encouraged UNamur and PARIS partners to keep on promoting and disseminating PARIS research results to public authorities.
Fourth, the biometric PIA template has also been discussed with academics for improvement, comments and discussion. Indeed, the research carried out and approach of the questionnaire has been discussed with and supervised by Dr. Els Kindt, member of the PARIS project and well-known legal expert in the field of biometrics. The research results has also been presented to a workshop organized by a French project CAPPRIS in Toulouse on the 14th of October 2015.
The PIA biometric template has also been submitted to an in-house lawyer in a major Belgian company for test. Interesting feedback and discussion allowed to assess the relevance of the tool.
Besides, since PARIS project is extended for two months, certain dissemination and exploitation activities have already been planned for January and February 2016:
• The PIA biometric template will be presented at the annual CPDP (Computers, Privacy and Data Protection) Conference held in January 2016 in Brussels. PARIS project organizes a panel about “Towards agreed practice on Privacy Impact Assessment”.
• A bilateral meeting with David Wright, a well-known specialist in the field of PIA and member of the Advisory Board of PARIS is planned in January in order to discuss PARIS results and potential further exploitation of the questionnaire. However, due to availability issues, this meeting is postponed and is not scheduled yet.
• A publication about PARIS research (“The Principle of proportionality applied to biometrics in France, 10 years of CNIL’s deliberations”) in the peer-reviewed journal Computer Law and Security Review has been published in the course of the first semester 2016.

Finally, beyond the end of PARIS, our intent is to promote the biometric questionnaire next to the “Privacy Impact Assessment Working Group” of the European Association for Biometrics (EAB)

Need for an European Approach
PARIS is contributing to the advent of a methodology for balancing public/private in surveillance systems
• Such systems can span over several jurisdictions
• They are based on ICT systems which need to be standardised at international level
• They rely on standards, regulations and initiatives that are international.
An European approach is consequently needed. The consortium includes 8 partners from 4 European countries.

List of Websites:
http://www.paris-project.org/

Contact point: Antonio Kung (antonio.kung@trialog.com) or Estibaliz Arzoz (estibaliz.arzoz-fernandez@trialog.com)
TRIALOG
25 rue du Général Foy
75008 Paris
France