legal – Bredemarket

When is a Law Enforcement Camera a Surveillance Tool?

Here’s another instance where I take an old post and completely contradict it. Flying against the flock, as it were.

But before I launch into the topic of this post, I want to share a video that Daniel Solove originally shared. The video was originally created by Apple to emphasize the privacy features of its Safari browser. Just the Safari browser, not anything else like, say, where your car is.

The title of the video just coincidentally happens to be “Flock.”

And now for something completely different.

When is a Law Enforcement Camera a Law Enforcement Camera?

You may remember my March post “When is a Law Enforcement Camera a Law Enforcement Camera?” The post concluded as follows:

“Basically, Flock Safety is controversial, and some people are going to oppose ANYTHING they do. Even when Flock Safety technology protects people from dangerous drivers.

“My view is that if a camera is used by a law enforcement agency, and there is no law prohibiting the law enforcement agency from using a camera for a particular purpose, then the agency can use the camera. There appears to be no such law in Georgia, so I’m not bent out of shape over this.

“What are your thoughts? Is this a privacy violation?”

Comments, we get comments

I received a comment on the March post that felt my “particular purpose” comment ignored the fact that the cameras can be used for other purposes…and ARE being used for other purposes. Without a search warrant. Here are a few excerpts from the comment:

“Every single one of these cameras takes images of every vehicle passing by on public roadways, even ones that are not owned or driven by a suspected criminal or the vehicle itself being suspected of being involved any crime. From there the images are processed by AI software logging the vehicles description and license plate number, along with the location of every one of the cameras that captured the same vehicle passing by along with a date and time of each passing, then that data is logged into a searchable database that can be searched by law enforcement up to 30 days (less or more in some places) without needing a search warrant signed by a judge….They can just search for anyone’s vehicles data regardless if there’s probable cause or not to do so.

“Law enforcement require a warrant prior to putting a GPS on someone’s vehicle, they are required to get a warrant before getting a persons cell phone ping and gps data from a mobile phone service company, but these systems are trying to be a loophole and pass any warrant requirements but provide the same type of private data that the other techniques require a search warrant for.”

The only comment I’ll offer is that it’s wise to make a distinction between how the cameras should be used and how the cameras are potentially used. Assuming that a law enforcement officer can search the database without a warrant, I believe that the officer should have probable cause to do so. The officer should not use a Flock database to stalk a romantic interest.

“In March, for instance, an officer resigned from the Milwaukee Police Department after allegedly using the department’s network of ALPRs to track his romantic partner and one of the partner’s exes nearly 180 times over a two-month period. His misconduct surfaced only after his victims looked up their license plate numbers on HaveIBeenFlocked.com, which collects Flock audit data that some local governments have made publicly available. MPD subsequently revoked most officers’ access to the Flock database.”

And so I ask you, again. What are your thoughts? Is this a privacy violation?

And if you need help writing about privacy…

I know a guy.

Stop losing prospects! Use Bredemarket content for tech marketers

Now We’re Talking About Emojis

Summer Christine Duffield of New York has filed a lawsuit against the Walt Disney Company and related entities regarding alleged privacy violations at Disney’s California theme parks. I’m not sure whether she’s basing it on California law or something else, because the only cited cause of action in the summary of the filing is 28 U.S.C. § 1332 oc Diversity-Other Contract, which basically says that federal courts can handle civil cases over $75,000. Duffield is asking for millions.

At the Disney parks, some entrance lanes use facial recognition. Others do not.

In Biometric Update’s summary, it sounds like an EMOJI is at issue.

“The confusion here is in an emoji or graphic that Disney has used to indicate lanes for which facial recognition will not be used. The graphic shows a face with a slash through it – like no smoking, but for biometric data collection. However, the distinction is minor enough to cause confusion on its own, and Disney has not helped its case by failing to put, on its privacy notice, a working emoji; as it stands, customers may be forgiven for not understanding the difference between the two lanes, which Disney suggests are labeled identically.”

So much for emojis being straightforward. They can be interpreted in many ways. In the picture with this post, Google Gemini thought that the Disney symbol meant something entirely different.

BIPA Violations and “Investigative Journalism”

When I saw this statement in Biometric Update’s summary of a a BIPA lawsuit against Google for voiceprint use, I had to laugh.

“NotebookLM Audio Overviews can be used to generate podcasts, directly competing with investigative audio journalism and narration work.”

Invesigative audio journalism?

Have any of the plaintiffs ever HEARD a NotebookLM Audio Overview?

I shared one over a year ago when my LinkedIn profile was used to create the audio overview “Career Detective.” It’s so fawning about my amazing background that it is nowhere near investigative journalism.

Or maybe investigative journalisn is just that bad.

Judge for yourself whether this AI-generated “podcast” would compete with a real investigative podcast:

Chain of Custody Failures Can Destroy Your Legal Case

DNA evidence is well-validated. But if you think DNA is the perfect evidence to present at trial, think again. It may not be.

Yes, DNA evidence is scientifically based and can be presented in court under certain circumstances.

But as Forensic’s Blog points out, two issues may derail the use of DNA and other forensic evidence.

Chain of Custody

What is the “chain of custody”?

It is the DOCUMENTED trail of every person who accessed (“touched, moved, or stored”) a piece of evidence. The documentation is chronological and ideally logged in real time, not hours after the fact.

What could go wrong?

Let’s say that at 1:23 pm, Diana placed a piece of evidence in a locker and locked the locker. Then at 3:53 pm, Denis went to the locker, which was unlocked, and removed the evidence from the locker. Defense attorneys will have a field day with that, and may pressure the judge to state that the evidence is inadmissible because of possible tampering by an unidentified person.

Cross-Contamination

Closely related to the chain of custody is the possibility of cross-contamination. In the case of DNA, this happens when DNA from a crime scene is mixed with another person’s DNA.

I’ve told the story of the mystery female criminal whose DNA was found at crime scenes in three different countries over a decade. The only problem was that the woman’s DNA was found on the burned body of a MAN. Eventually the authorities figured out that the woman worked in a packing center specializing in medical supplies…and that her DNA had contaminated the medical supplies and ended up in the crime scene samples.

How to Minimize Errors

Forensic’s Blog suggests several ways to avoid chain of custody issues and cross-contamination. These include established and enforced procedures for handling, packaging, and labeling data; separating tasks; and establishing zones of exclusion at crime scenes.

In addition to establishment and enforcement, education is essential. (Sorrye.) Not only for the forensic professionals gathering the evidence, but for everyone who deals with the evidence…including biometric vendors and their customers.

If you need assistance in creating educational content for proper evidence handling, Bredemarket can help. Talk to me.

Bredemarket: Services, Process, and Pricing.

How Do Privacy Professionals Feel About the SECURE Data Act?

How should businesses, governments, and individuals treat private data? In the United States, the answer varies from state to state, and even from city to city.

A proposed national solution to the hodgepodge of differing state and local privacy regulations is the so-called SECURE Data Act.

Privacy

But how do privacy professionals feel about it?

I knew that CalPrivacy opposed the bill, so I wanted to see how Daniel Solove regarded it.

“Congress’s latest foray is a new bill called the SECURE Data Act, a piece of garbage cooked up by Republicans as a gift to industry in a climate where the public is deeply concerned about privacy, outraged at the harms tech is causing, and yearning for ways to hold Big Tech accountable.

“I can’t stress enough how awful this bill is. On balance, if passed into law, it will do dramatic harm to privacy. It will leave people less protected than if it didn’t exist. I’d call it more of an anti-privacy law than a privacy law.”

Um…I don’t think Solove likes it.

Preemption

One of the huge issues that privacy advocates have is preemption. To ensure uniform privacy across the United States, the proposed SECURE Data Act preempts any state laws that exceed its protections. Therefore the privacy protections in states such as California, Illinois, and Texas could be revoked.

Of course, this is a classic struggle in state-federal relations. The staunchest states’ rights advocate will suddenly switch sides if they agree with a federal regulation, and vice versa. Citing one example, gay marriage began as a states’ rights issue when only a few states supported it, then became a federal rights issue.

Another example is the federal drive to eliminate the U.S. Department of Education. This has not happened yet. And it never will, once the powers that be realize that its elimination will allow blue states to teach whatever they want.

Secure

But let’s go back to the title of the bill, the SECURE Data Act. Upon seeing the title, the average voter would assume that the bill secures our individual privacy rights.

But the privacy advocates believe that the bill actually secures the right of entities to do what they want with our personally identifiable information, with minimal restrictions.

I think the bill’s title may have been written by Eric Arthur Blair.

(Image by Google Gemini. Sorry, Ontario Canada; Gemini may make mistakes.)

ACE-V and the Innovatrics ABIS (and other ABIS)

Let’s revisit analysis, comparison, evaluation, and verification.

You may recall my post about a collection of judicial decisions, one of which included the following:

“The term “scientific” to describe his opinion “arguably verged on suggesting that the ACE-V process is more scientific than warranted,” and there was one instance in which Dolan testified without using the term “opinion.” The court concludes that there was no error because, “viewed as a whole,” his testimony was largely expressed in terms of an “opinion” and his testimony did not claim that the ACE-V process was infallible or absolutely certain.”

For those who aren’t familiar with the acronym ACE-V, here is how the U.S. National Institute of Standards and Technology defines it:

“The friction ridge examination process is commonly referred to as ACE‐V: Analysis, Comparison, Evaluation, and Verification.

“Analysis: An initial information‐gathering phase in which the examiner studies the unknown print to assess the quality and quantity of discriminating detail present. The examiner considers information such as substrate, development method, various levels of ridge detail, and pressure distortions. A separate analysis then occurs with the exemplar.

“Comparison: The side‐by‐side observation of the friction ridge detail in the two impressions to determine the agreement or disagreement in the details

“Evaluation: The examiner assesses the agreement or disagreement of the information observed during Analysis and Comparison and forms a conclusion.

“Verification: In some agencies is a review of an examiner’s conclusions with knowledge of those conclusions; in other agencies, it is an independent re‐examination by a second examiner who does not know the outcome of the first examination.”

To make things easier for latent examiners, some automated biometric identification system (ABIS) software packages incorporate ACE-V either as a separate module or as an integrated part of their workflow. I know that IDEMIA and Thales include it, and it appears that CSIpix, Eviscan, Noblis, and ROC also include it.

But I’m going to talk about Innovatrics in this post.

“Innovatrics is expanding ACE-V capabilities in ABIS for Criminal Investigation with new features that help forensic teams manage examinations more clearly, support different review models, and keep unresolved latent evidence active as investigations move forward….

“ACE-V is widely used in forensic work, but the way it is applied can vary across agencies, regions, and countries, often shaped by local legislative requirements. Some agencies require clear separation between roles, while others rely on smaller teams with a more flexible way of dividing work. Innovatrics is shaping the workflow to support different use cases and agency ACE-V policies, from small teams to large departments, without forcing agencies to change the established workflows they already rely on.”

More here.

Jurisdictional Privacy and Consent

Where are you?

Who are you?

The answers to these questions affect if or how you obtain consent to use one’s personally identifiable information, or PII.

Privacy regulations can change when you cross country or even city lines, and they can also change depending on who you are: an individual, a business, or a government agency.

How?

On one extreme, some entities in some jurisdictions don’t need to obtain consent at all. For example, the General Data Protection Regulation (GDPR) doesn’t require consent to perform an anti-money laundering (AML) check, since this is a legal obligation.

On the other extreme, some entities in some jurisdictions must obtain express written consent. If I am a homeowner in Schaumburg, Illinois, and I use a doorbell camera to identify friends or foes approaching my door, the Biometric Information Privacy Act (BIPA) prohibits me from capturing their biometrics without their consent, and lets them sue me if I do it anyway.

Before you collect PII, check the laws in your jurisdiction first.

Oh, and check the laws in other jurisdictions in case they try to enforce their laws in your jurisdiction.

By the way: if you’re a software or hardware vendor, don’t assume that you bear no responsibility and that only your customer does.

You must educate your customers.

And Bredemarket can help you with my content-proposal-analysis services.

CPA

CPA.

(Told you I’d bring this landing page back.)

Why Do We Have Electronic Health Records?

I’ve discussed the electronic health record (EHR) before, and plan to do so again. But before I dive into EHRs and “the A word,” I want to take a look at WHY we have EHRs.

When dinosaurs roamed the earth

In the old days, even within the lifetimes of some of us, there were no ELECTRONIC health records. There were PAPER health records, stored in large file cabinets. If you were lucky, the health records were typed; heaven help you if they were in a doctor’s famously illegible handwriting.

When a relative’s doctor retired in the 20th century, the relative requested their health records and received a huge pile of paper dating back to who knows when. In that form, it was about as useful as the huge file cabinets in which the U.S. Federal Bureau of Investigation used to store its millions of fingerprint cards. And unfortunately, paper health records didn’t have the health equivalent of a “Henry system” to find individual records quickly.

The two purposes of an electronic health record

So now that we have electronic health records, why do we have them?

To make life easier for the doctor? Of course not.
To make life easier for the patient? Definitely not.

Electronic health records have evolved to serve two OTHER parties.

First, electronic health records serve the billers

I can’t speak to countries other than my own, but in the United States the health “system” is a mishmash of multiple parties. For example, when I had a colonoscopy a few years ago, the following entities were somehow involved:

The doctor who performed the colonoscopy.
The facility where the doctor performed the colonoscopy.
The anaesthesiologist who assisted with the colonoscopy.
My insurance company.
My former company (via COBRA) who provided me with the insurance.
And probably a half dozen other entities that I missed who somehow got a cut.

So this one procedure created one, or perhaps multiple, electronic health records (perhaps even with pictures) describing every chargeable thing that could be itemized during my time in the facility. All with the proper billing codes (Current Procedural Terminology or CPT codes) and the like, so that every entity can pay what they’re supposed to pay. And if a particular thing wasn’t covered by insurance, then I had to pay it.

The most important thing is to get the billing codes right…never mind how hard it is to ENTER all the billing codes.

But the good news is that when electronic health records systems integrate with medical billing systems, the process is kinda sorta streamlined:

“By integrating EHR and billing software, healthcare providers can automate various aspects of the billing workflow, resulting in increased efficiency, reduced manual work, and other tangible benefits.”

Second, electronic health records serve the lawyers and regulators

But it’s not only the billers who need information.

To practice medicine in the State of California, you have to perform a colonoscopy in accordance with medically approved procedures. And you have to document that you did so.

If I had died on the operating table during my colonoscopy, then a number of private and government entities would have a keen interest in what was performed during the colonoscopy. And the electronic health record would be one of the main sources of information about what happened, and perhaps what went wrong. And who was responsible. The doctor? The facility? The anaesthesiologist? Someone else?

But even when things don’t go spectacularly wrong, there are laws and regulations that mandate EHR use.

“The “EHR mandate” refers to the federal requirement for eligible healthcare providers to adopt and use certified EHR technology. Primarily affecting providers who accept Medicare, participation in MIPS and the Promoting Interoperability program requires CEHRT to avoid negative payment adjustments, which effectively necessitates EHR use.”

The result

So now the medical field has these wonderful EHRs that comply with billing requirements and legal requirements.

But are they easy to use? Forbes covered this.

“For instance, emergency medicine physicians at one health system must click 14 times to order Tylenol—that’s a lot. Yet, those at another health system using the same EHR must click 61 times!”

And that’s just for Tylenol. I’m sure it’s a lot worse for the camera that looked at my colon.

It could have been worse, because many Americans are not healthy.

“[O]ur patients have increasingly complex health needs. More than 40% of American adults have at least two chronic conditions, one-third take at least three medications, and one-fifth suffer from mental illness.”

Put these and other things together, and EHRs have become (as I said before) “a pain in a particular body part.”

So that’s the problem with EHRs. Later I’ll look at the solutions, including:

(Because I’m the biometric product marketing expert) tying an EHR to a person
The companies working on improving EHRs with you-know-what

Oklahoma Consumer Data Privacy Act…For Now

Yet another state has passed its own data privacy law, with the Oklahoma Consumer Data Privacy Act signed last month and taking effect in 2027. The key particulars:

“OKDPA grants consumers a set of rights…including rights of access, deletion, correction, and portability, and rights to opt-out of targeted advertising, sale, or profiling “in furtherance of a decision that produces a legal or similarly significant effect concerning the consumer.””

As for enforcement:

“Enforcement authority rests with the Oklahoma Attorney General.The bill includes a mandatory 30-day cure period, which does not sunset. The law imposes civil penalties of up to $7,500 per violation.”

As of now, between 19 and 22 states have privacy laws, depending upon how you count.

Some aren’t counting Florida because of its limited scope. It only applies to companies with over $1 billion in revenue.

Some aren’t counting Illinois because BIPA only applies to biometrics.

Some aren’t counting Oklahoma yet because it’s so new.

But we can agree that many states have privacy laws.

For now

And if some have their way, they will all disappear, to be replaced by a single uniform federal law. However, the level of preemption of state laws is an issue of discussion. The Future of Privacy Forum has addressed preemption here.

And if you need to write about privacy, biometric or otherwise, Bredemarket can help. Click below to book a free meeting with me.

Stop losing prospects! Use Bredemarket content for tech marketers

Content for tech marketers.

Here is a video about my services.

Bredemarket: Services, Process, and Pricing.

When is a Law Enforcement Camera a Law Enforcement Camera?

Many years ago I was driving on Holt Boulevard in Montclair, California, preparing to make a left turn on Central. I followed the vehicle behind me and made my left turn…only then noticing that the left turn light was now red.

As the registered owner of the vehicle I was driving, I received an email from the city of Montclair a few days later. Because this is when Montclair was using cameras for traffic enforcement.

Off to traffic school.

Montclair doesn’t use traffic cameras any more, but all sorts of cameras are owned by, or accessible to, law enforcement agencies.

But how should they be used?

404 Media reported that the Georgia State Patrol accesses Flock cameras, for the intended purpose of gathering information for serious crimes. But what happens when the camera captures something not serious?

“Georgia State Patrol used its system of Flock automated license plate reader (ALPR) surveillance cameras to issue a ticket to a motorcyclist who was allegedly looking at his cell phone while riding, according to a copy of the citation obtained by 404 Media….The incident happened December 26 in Coffee County, Georgia. The ticket lists the offense as ‘Holding/supporting wireless telecommunications device,’ and includes the note ‘CAPTURED ON FLOCK CAMERA 31 MM 1 HOLDING PHONE IN LEFT HAND.’”

The man went to court and the ticket was dropped, but 404 Media is still outraged that the ticket was issued in the first place. Not because of Georgia’s policies, but because of other policies.

“Many police departments go out of their way to tell community members that Flock cameras are not used for traffic enforcement. For example, the City of Glenwood Springs, Colorado, states in a FAQ that “GSPD [Glenwood Springs Police Department] does not use Flock cameras for traffic enforcement, parking enforcement, or minor code violations.” El Paso, Texas, tells residents “these are not traffic enforcement cameras. They do not issue tickets, do not monitor speed, and do not generate revenue. They are investigative tools used after crimes occur.” Lynwood, Washington tells residents “these cameras will not be used for traffic infractions, immigration enforcement, or monitoring First Amendment-protected expressive activity” (Flock cameras have now been used for all of these purposes, as we have reported.)”

You will recall that I addressed another Flock Safety case, in which a citizen made public records requests from two Washington state jurisdictions. The jurisdictions said that they didn’t have the data; Flock Safety did. Flock Safety said that it had deleted the data.

Basically, Flock Safety is controversial, and some people are going to oppose ANYTHING they do. Even when Flock Safety technology protects people from dangerous drivers.

My view is that if a camera is used by a law enforcement agency, and there is no law prohibiting the law enforcement agency from using a camera for a particular purpose, then the agency can use the camera. There appears to be no such law in Georgia, so I’m not bent out of shape over this.

What are your thoughts? Is this a privacy violation?