2.5 Putting Human Interface Considerations in Context: Safe Cities
Public safety is a team effort. First responders do not work in a silo, but rather, they communicate regularly with dispatch, supervisors, operation centers, and a multitude of others. Additionally, support organizations may receive nonemergency tasks and follow‐ups related to the work of those responding personnel. While the first responder in the field, that same data being leveraged for officer safety and rapid decision making is being reorganized and expanded to support the medium and long‐term goals of the agency. Specifically, frontline supervisors will monitor the duration and amount of resources allocated to ensure continued coverage for this and other potential incidents; commanders will want to immediately recognize and respond to trends; operation centers will coordinate the response of supplemental agencies when required. All of these moving parts will leverage the same pool of data in dramatically different ways. In addition, many of these partners will have a broader picture of an incident, as they have the time and space to ingest more information and make more meaningful connections among the disparate sources. As such, human interfaces built around public safety data must support staff in many positions and at all levels of an organization.
All of the dependencies on data mean that there are real and significant impacts to public safety when that information is wrong. Historically, government has been very good about ensuring there is documentation of incidents, actions, and outcomes; however, the quality of that documentation varies wildly. Data can be incomplete, poorly structured, badly transcribed, or any combination thereof. Any of these deficiencies will inherently flow down to SA and data democratization platforms, where their inaccuracies will distract and delay the efforts of public safety professionals at best or compromise them completely at worst. Separately, with the explosion of IoT sensor platforms, such as gunfire detection, license plate recognition, video analytics, etc., the accuracy and pertinence of real‐time alerts are just as important. For example, acoustic gunfire detection draws attention to shootings faster than any witness phone call. However, if those alerts are frequently inaccurate, the data itself becomes meaningless. False alarms become background noise, and the system is ignored. Worse, responding personnel become distrusting of the data, increasing the risk to their personal safety through complacency. Sensor limitations and bad data will likely slow the advancement of automation and enforce human independence for the foreseeable future.
While legacy data may contain inaccuracies and some sensors themselves may have a high false positive rate, human system interfaces are increasingly becoming smarter gatekeepers. The failings of the underlying technology and information are being counterbalanced through sheer volume. Individual data points may be important within the context of a single event, but it is the aggregation of these elements that build complex trend and pattern of life analyses. Here, individual errors are drowned out, and modern visualization solutions present this intelligence in a human‐readable and actionable format. What started as a method to present real‐time information to a user in order to address a specific incident has grown into an endless parade of data that can be stored indefinitely.
This boundless repository of information brings with it a host of security, policy, and legal concerns. Law enforcement is increasingly becoming augmented through technology, which often evolves faster than the necessary companion legislative changes, privacy guidelines, and security enhancements. Beyond the straightforward need to minimize the exposure of this data outside of its intended distribution, there must be controls within the organization as well, maintaining the concept of “need to know.” Access itself should be routinely audited, reviewed, and revised, with secure mechanisms for data distribution and sharing. Just as important as the technical solutions, policy and procedures set a sturdy foundation for an organization's data security. In addition, having a written policy that has been properly vetted, reviewed, and socialized outside of the organization will express to the general public that the security of what is inherently their data is taken seriously. It also provides a roadmap for how to handle data breaches and inadvertent disclosures. Notably, with such large datasets, bad actors no longer require personally identifiable information (PII), like names or social security numbers. Rather, they can cause significant harm through anonymized sources with techniques such as data reidentification. As such, all data can be vulnerable to targeting and must be treated with as much care as traditional PII.
2.6 Human Interface Considerations for Privacy‐Aware SA
The ability for HSI systems to understand the complex data used to achieve SA, as well as the context of the human operator consuming the information, will reach its apex in the form of minimum viable data presentation. Demands for better protection of PII have evolved over the past decade to include right to PII data ownership and demands on disclosure of PII use and storage. These rights have been codified through legislation including the European Union's General Data Protection Regulation (GDPR),7 California Consumer Privacy Act (CCPA),8 and Illinois Biometric Information Privacy Act (BIPA).9 Though most legislation currently allows for lawful government use, the expectation is that government will adhere to the underlying principles in the performance of its duty.
To illustrate the impact such privacy‐aware requirements have on SA platforms, consider the example of electronic identification (eID) mechanisms such as the mobile driver's license (mDL). Visitors to secure facilities, individuals involved in routine traffic stops, and even patrons to bars have historically been required to present a government‐issued document verifying their name, date of birth, and other PII. Such credentials often violate the principle of minimum viable data as only portions of this information or, more precisely, derivatives of this information are needed to affect the requisite vetting. The root question of the individual accessing the secure facility is whether he or she is authorized to access the site, just as the bouncer is fundamentally concerned with whether or not the individual is of legal age to enter the bar. All other PII contained on the credential is incidental to this core concern and represents an elevated risk to the SA operator – providing them the opportunity to act on information irrelevant to the interaction – and to the information provider by disclosing more PII than necessary to complete the transaction. To mitigate these risks, the Secure Technology Alliance has advocated the widespread adoption of eIDs such as mDLs.10 Such solutions provide the operator the pertinent derivative information – whether or not the person is of legal age – without disclosing the underlying PII (name, date of birth, address, etc.). Such solutions not only have the potential to improve the efficiency of SA operations but also mitigate the risk of excess PII disclosure.
Another manifestation of the requirement of SA platforms to incorporate privacy‐aware concepts in their design and operation comes in the form of demands for greater transparency and auditability. Regulators and privacy advocates are increasingly interested in the means by which public safety organizations achieve SA, concerning themselves not only with the underlying data employed but also with the tools used to analyze and correlate aggregate data sources. Interest in this tooling is only increasing with the proliferation of AI as the determination of relevance and scoring of risk shifts from human operators to machines. The debate around facial recognition epitomizes this concern, as highlighted by Georgetown Law's “The Perpetual Lineup” report.11
The impact such privacy‐aware demands will have on SA platforms is manifold. As minimal viable data presentation capabilities progress, the