Responsible Data Use Assessment for Public Realm Sensing Pilot with Numina. Overview of the Pilot:

Similar documents
Responsible Data Use Policy Framework

Executive Summary Industry s Responsibility in Promoting Responsible Development and Use:

Pan-Canadian Trust Framework Overview

Distributed Vision System: A Perceptual Information Infrastructure for Robot Navigation

This policy sets out how Legacy Foresight and its Associates will seek to ensure compliance with the legislation.

The 2019 Biometric Technology Rally

White paper. More than face value. Facial Recognition in video surveillance

Fiscal 2007 Environmental Technology Verification Pilot Program Implementation Guidelines

Selecting, Developing and Designing the Visual Content for the Polymer Series

[Definitions of terms that are underlined are found at the end of this document.]

CymbIoT Visual Analytics

2018 Federal Scientists Survey FAQ

This version has been archived. Find the current version at on the Current Documents page. Scientific Working Groups on.

1 SERVICE DESCRIPTION

ARGUING THE SAFETY OF MACHINE LEARNING FOR HIGHLY AUTOMATED DRIVING USING ASSURANCE CASES LYDIA GAUERHOF BOSCH CORPORATE RESEARCH

EYE MOVEMENT STRATEGIES IN NAVIGATIONAL TASKS Austin Ducworth, Melissa Falzetta, Lindsay Hyma, Katie Kimble & James Michalak Group 1

Indoor localization using fingerprinting of ultra-wideband measurements

(EXTENDED DEADLINE OCTOBER 23 RD 2014)

First Components Ltd, Savigny Oddie Ltd, & Datum Engineering Ltd. is pleased to provide the following

The IEEE Global Initiative for Ethical Considerations in Artificial Intelligence and Autonomous Systems. Overview June, 2017

Future Attribute Screening Technology (FAST) Demonstration Laboratory

Our position. ICDPPC declaration on ethics and data protection in artificial intelligence

Ethics Guideline for the Intelligent Information Society

Violent Intent Modeling System

DATA PROTECTION POLICY

E90 Project Proposal. 6 December 2006 Paul Azunre Thomas Murray David Wright

Technologies that will make a difference for Canadian Law Enforcement

This is a preview - click here to buy the full publication

Bluetooth Low Energy Sensing Technology for Proximity Construction Applications

Policy Contents. Policy Information. Purpose and Summary. Scope. Published on Policies and Procedures (

UN-GGIM Future Trends in Geospatial Information Management 1

Licensed Low-Power Radio Apparatus

Chapter 2 Distributed Consensus Estimation of Wireless Sensor Networks

Prospective Teleautonomy For EOD Operations

ICC POSITION ON LEGITIMATE INTERESTS

Protection of Privacy Policy

COMMUNICATIONS POLICY

Artist s Prospectus. Application Active Nov.15, 2018 Application Deadline Feb.15, 2019

Over the 10-year span of this strategy, priorities will be identified under each area of focus through successive annual planning cycles.

FILTERING THE RESULTS OF ZIGBEE DISTANCE MEASUREMENTS WITH RANSAC ALGORITHM

Procedures for the Use of the PointGrey Flea3 FireWire Camera and ImageJ *

Lab/Project Error Control Coding using LDPC Codes and HARQ

Digital Broadcast Radio Predicted On-Air Coverage Southend and Chelmsford Local DAB multiplex

Robust Location Detection in Emergency Sensor Networks. Goals

CRM 230 Module 2 Lecture Notes. Crime Scene Search

IAB Europe Guidance THE DEFINITION OF PERSONAL DATA. IAB Europe GDPR Implementation Working Group WHITE PAPER

PLazeR. a planar laser rangefinder. Robert Ying (ry2242) Derek Xingzhou He (xh2187) Peiqian Li (pl2521) Minh Trang Nguyen (mnn2108)

COGNITIVE MODEL OF MOBILE ROBOT WORKSPACE

Integrated Vision and Sound Localization

Aimetis Outdoor Object Tracker. 2.0 User Guide

SAUDI ARABIAN STANDARDS ORGANIZATION (SASO) TECHNICAL DIRECTIVE PART ONE: STANDARDIZATION AND RELATED ACTIVITIES GENERAL VOCABULARY

CircumSpect TM 360 Degree Label Verification and Inspection Technology

QUALITY CONTROL INSTRUCTIONS

Specifications for Post-Earthquake Precise Levelling and GNSS Survey. Version 1.0 National Geodetic Office

Robust Positioning for Urban Traffic

This Privacy Policy describes the types of personal information SF Express Co., Ltd. and

1. Redistributions of documents, or parts of documents, must retain the SWGIT cover page containing the disclaimer.

Imagine Bothell Comprehensive Plan

DIVISION 1 - GENERAL REQUIREMENTS SECTION SUBMITTALS

Green/Blue Metrics Meeting June 20, 2017 Summary

Next-generation automotive image processing with ARM Mali-C71

Digi-Wave Technology Williams Sound Digi-Wave White Paper

Eyedentify MMR SDK. Technical sheet. Version Eyedea Recognition, s.r.o.

MANAGING HUMAN-CENTERED DESIGN ARTIFACTS IN DISTRIBUTED DEVELOPMENT ENVIRONMENT WITH KNOWLEDGE STORAGE

AUTOMATED INSPECTION SYSTEM OF ELECTRIC MOTOR STATOR AND ROTOR SHEETS

Smart Dublin SBIR. Small Business Innovation Research. Smart, low cost innovative solutions to tackle challenges in the four Dublin Local Authorities

Australian Census 2016 and Privacy Impact Assessment (PIA)

Art Display Policy SUBJECT: Policy No: Date: October 17, Revision Date: October Number of Pages: 7

Exploiting the RGB Intensity Values to Implement a Novel Dynamic Steganography Scheme

A New Capability for Crash Site Documentation

Brief Operation Manual for Imaging on BX61W1

THE RELATIVE IMPORTANCE OF PICTORIAL AND NONPICTORIAL DISTANCE CUES FOR DRIVER VISION. Michael J. Flannagan Michael Sivak Julie K.

DEPARTMENT OF PUBLIC SAFETY DIVISION OF FIRE COLUMBUS, OHIO. SOP Revision Social Media Digital Imagery

Israel Railways No Fault Liability Renewal The Implementation of New Technological Safety Devices at Level Crossings. Amos Gellert, Nataly Kats

million people connected to wastewater systems Water million people supplied with water Waste

SECTION PHOTOGRAPHIC DOCUMENTATION

Receiver Obstacle Railway Transmitter Road Figure 1: Existing obstacle-detecting system (light-interrupting type). Millimetre-wave-based System In ord

Introduction. Vehicle Suppliers Depend on a Global Network

Classification of Road Images for Lane Detection

TxDOT Project : Evaluation of Pavement Rutting and Distress Measurements

Camera Setup and Field Recommendations

Automotive Audio. The 48 th AES International Conference. Munich, Germany September 21 23, 2012

WHAT CLICKS? THE MUSEUM DIRECTORY

Striving for Excellence. Ark Oval Primary Academy

Digital Broadcast Radio Predicted On-Air Coverage Herts Beds and Bucks Local DAB Multiplex

Industrial Engineering Prof. D. K. Dwivedi Department of Mechanical and Industrial Engineering Indian Institute of Technology, Roorkee

Societal and Ethical Challenges in the Era of Big Data: Exploring the emerging issues and opportunities of big data management and analytics

CAPACITIES FOR TECHNOLOGY TRANSFER

Face Detection DVR includes one or more channel with face detection algorithm. It

INTEL INNOVATION GENERATION

4/9/2015. Simple Graphics and Image Processing. Simple Graphics. Overview of Turtle Graphics (continued) Overview of Turtle Graphics

μscope Microscopy Software

Detection and Tracking of the Vanishing Point on a Horizon for Automotive Applications

Targeting a Safer World. Public Safety & Security

Active Road Management Assisted by Satellite. ARMAS Phase II

THE METHODOLOGY: STATUS AND OBJECTIVES THE PILOT PROJECT B

Ultrasonic Indoor positioning for umpteen static and mobile devices

CONSENT IN THE TIME OF BIG DATA. Richard Austin February 1, 2017

PROFESSIONAL DEVELOPMENT IN DESIGN THINKING

Locating- and Communication Technologies for Smart Objects

Transcription:

Responsible Data Use Assessment for Public Realm Sensing Pilot with Numina Overview of the Pilot: Sidewalk Labs vision for people-centred mobility - safer and more efficient public spaces - requires a deep understanding of how people, bikes and vehicles move through space relative to each other, as well as in response to other events and changes that occur in the public realm. Sensors using computer vision are among the most cost-effective means of identifying and understanding these flows, and Sidewalk Labs seeks to identify and test privacy-preserving technologies that strive to achieve this. Sidewalk Labs has chosen to test a solution by Numina, a civic tech company, given Numina s development of on-device de-identification and its focus on preserving privacy. As a stand-in for a future street, we are piloting this technology at 307, Sidewalk s Toronto headquarters, to understand flows of people throughout the space and aggregate statistics about time spent looking at exhibits, including outdoor weather mitigation structures, flexible structures, flexible pavers and indoor exhibits. The data will help us iterate on our designs to better achieve their respective goals. Cameras with on-device processing and de-identification can be among the most versatile, privacy-preserving, and cost-effective options for measuring mobility flows. This pilot will allow Sidewalk Labs to test privacy-preserving technology in a small

scale manner to understand whether this is the type of technology that can or should scale to a future mobility system. Privacy and data governance considerations: This pilot will take place in a privately managed office that is often accessible to the public. In this space, low resolution images are being captured momentarily and immediately processed by the Numina sensor. Except for the sample images below, these low-resolution images are not stored or shared and the images are deleted from the sensor as soon as they are processed. These images are de-identified on-device to create non-identifiable pedestrian movement and count data. Sidewalk Labs receives this data in the form of aggregate statistics and insights. In addition, the sensors send one sample low-resolution image at a random time, once per hour, to Numina for calibration and data validation purposes (24 images per day, from among more than 172,000 that are used to create de-identified measurements and which never leave the Numina device). These images are de-identified automatically (through computer blurring) and then transmitted to authorized Numina personnel (and not Sidewalk Labs personnel). These sample images are retained for 30 days by Numina and are only used to calibrate and validate the pedestrian and vehicle movement and count data. (For example, the sample images are used to confirm that the algorithm is correctly classifying pedestrians and vehicles.) Mitigation efforts: De-identification Sidewalk Labs believes in the importance of de-identifying personal information. The plans and protocols for this pilot should result in no personally identifiable images being saved or seen by humans. First, Numina, the manufacturer of the sensor, de-identifies personally identifiable images on-device in real time using the following method: On-board the Numina sensor, the image is processed into a sequence of time stamped two-dimensional coordinates linked by an arbitrary path id number and a class, which specifies if the moving object is a person, bicycle, car, truck, or bus. Numina s algorithm creates boxes around each moving object within the sensor s field of view, classifying into broad categories such as pedestrian, cyclist, car without tracking any personal information. The vast majority of images containing potentially personally identifiable information are not stored on the device or sent to the cloud. One randomly sampled image per hour is transmitted and stored in the cloud by Numina for 30 days for quality assurance (QA) purposes. The QA images are low resolution (less than 1 pixel per cm and of low image quality, JPEG Q=50). To eliminate the possibility that, despite this low resolution, personally identifiable information would be conveyed in the image, Numina applies an 1

object detection and blurring algorithm to remove recognizable features from QA images before they are made available to any agents or employees for validation. Sidewalk Labs never receives any sample images. This visual shows on the left what the sensor sees. This image is de-identified on-device to produce the strings of numbers and letters you see on the right and the words pedestrian to indicate that a pedestrian was seen on a certain path at a certain time. Sidewalk Labs will also not make any attempt to re-identify any of the de-identified data. 2

Example of the dashboard with the non-identifying mobility flow data: This is an example of the type of data Sidewalk Labs would receive. Transparency Sidewalk Labs believes that organizations should provide full transparency on their data collection activities and we demonstrate this by publishing the RDUA and by posting signs to notify visitors of the data collection activity and the use of the sensors. The sensor s field of view is 71 vertically and 91 horizontally. When installed at the recommended height of 4.5 metres (15 feet) high, the range of view is 38.1 metres (125 feet), but the sensor does not reliably capture anything within the first 3 metres (9 feet) of the sensor. Security Numina s sensors encrypt all communication with TLS1.2 using industry standard AES-256 encryption. Only authorized devices can 3

communicate with sensors, and keys are carefully maintained and rotated frequently. This removes pathways for data interception or sensor access by unauthorized third parties. Stakeholder Concerns: Sharing and Access to Data Data will not be shared with any third parties besides Numina, who is administering the data systems for the pilot. Processed, de-identified sensor data may be shared by Sidewalk with design partners to improve the design and structure of the exhibits inside and outside of 307. There is, additionally, an opportunity to share this non-identifying data with the public. This data will not be used for advertising purposes. Numina is obligated by contract to only use the data to fulfill the services for Sidewalk Labs and for quality assurance purposes. Numina shall not share the personal information or random still images with any third party and no effort shall be made or directed to be taken to identify such images. Data Storage The images are not stored on the sensor. The de-identified data (the aggregate statistics and insights) will be stored in the United States for five years. For redundancy reasons, the data must be stored outside of Canada because Amazon Web Services have only one Canadian data center. Using this data center exclusively would leave the service vulnerable to outages at a single site and put the pilot at risk of data loss or service outages. The risk of harm from this data is low since it will not be linked to any individuals or combined with other datasets in a way that could link back to individuals. Sidewalk also plans to make the aggregate data from this pilot publicly accessible. Minimum Technology Used and Data Collected to Meet the Objectives Using computer vision to derive data from images has been prototyped, researched, and tested in both academic and operational contexts. In particular, using sensors to automatically collect data for assessing usership and mobility patterns is understood broadly by practitioners to be more cost-effective than other manual counting efforts. By collecting this data on a pilot basis, Sidewalk Labs, and other stakeholders, can more concretely understand the nature of the data and its potential uses, and therefore, the associated benefits, impacts and risks. For the 307 pilot, the data collected is to help assess the effectiveness of exhibits and installations at our 307 office and workspace, including outdoor weather mitigation structures, flexible pavers and indoor exhibits. The data will benefit Sidewalk Labs and our project partners by helping us measure how people are engaging with the exhibits at 307, which will help to revise our designs to better achieve their respective goals. Other methods of measuring engagement include CommonSpace (a map-based data collection 4

mobile application that makes it easier to record observations of human activities in open spaces) and infrared motion sensors. Sidewalk decided to not use CommonSpace for this purpose because it would require one or two dedicated volunteers to gather this information and this is not feasible for such a prolonged period of measurement. Infrared motion sensors can provide information on how many people are in a space and where they are going in a general sense. However, to effectively measure engagement, it is helpful to know the paths of where people are going in the exhibit spaces. Furthermore, Sidewalk believes that sensors that collect personal information should de-identify on-device. By piloting the Numina sensors in a controlled, private environment, this testing can take place in a way that minimizes potential risks so we can assess whether this is a type of sensor that is appropriate to scale to the public realm. Decision : Sidewalk Labs approved this pilot because it meets the beneficial purpose of improving mobility and enhancing a people-first public realm, while mitigating against the potential privacy concerns with a robust de-identification process. A new RDUA will be completed if the parameters of the pilot change. For example, if a new sensor is added that collects data outside of Sidewalk s private property or if the purpose for data collection or use changes. 5

2024 © hobbydocbox.com Privacy Policy | Terms of Service | Feedback