Another day, another story of surveillance gone wrong. The investigation of the Australian Federal Police (AFP) and its misuse of Auror, a digital surveillance platform collecting and flagging data about criminal suspects, reveals a disturbing pattern of privacy violations.
It’s a tale as old as time. It leaves us wondering if the AFP can responsibly use surveillance technologies, the devices that observe, collect, purchase, or analyse information generated from people’s lives.
The AFP, like many law enforcement agencies, justifies collecting and using this data to ensure community safety. But let’s face it: the lack of objective evidence on the effectiveness of these technologies leaves us questioning their true intentions and the potential for misuse — even if there is a happy ending.
This is where potential issues arise. Somewhere down the line, an overeager officer gets a “bright idea” to use surveillance data for purposes beyond its original intent. Whether it’s tracking down COVID-19 rule breakers or diving into the personal lives of innocent citizens, these efforts often lead to disastrous privacy breaches.
Let’s not forget the regulatory bodies, like the Office of the Australian Information Commissioner (OAIC), which swoop in to investigate, playing the hero. For example, the OAIC, in December 2021, ordered the AFP to strengthen its privacy governance because it uploaded and handled sensitive personal information about victims in a risky way between November 2019 and January 2020. While the OAIC tries to assess the damage and hold the AFP accountable, everyday citizens bear the brunt of the fallout. The underprivileged, already marginalised and vulnerable, are left with increased distrust and heightened stress. This becomes apparent in the significant decline in self-reported victimisation between 2019 and 2022.
But don’t think these privacy violations are limited to the halls of the AFP headquarters. We’ve had our fair share of surveillance dramas here in Portland, Oregon.
During the protests of 2020, some of our very own police officers used their mobile phones to collect personal data from demonstrators, all without their knowledge or consent. The intentional or unintentional disregard for privacy rights only fuelled the fire of public anger and distrust.
Regardless, Portland Police and other city bureaus continue to own surveillance technologies and gather personal data with them. Not surprisingly, residents continue to distrust the police and the city further.
To its credit, Portland took a step off this treacherous path by embracing public engagement, getting those impacted involved, and rebuilding trust as a solution. It knew that a nonchalant shrug or confusion wouldn’t cut it and that it needed to demonstrate an unwavering commitment to transparency about its digital surveillance use.
In response, Portland created a policy in early 2023 mandating a city-wide inventory of any surveillant devices in use or to be procured and the processes with that data. This catalogue needed to be dusted and available by March 31, 2024.
Portland’s Smart City PDX stepped up to coordinate inventory activities, turning to experts with successes in public engagement. Oakland, California, provided a good example, implementing a privacy advisory commission with impressive results. A Canadian youth assembly on digital rights provided another model.
Smart City PDX took this information and thought about how public engagement would work best for it. So, it created virtual events with targeted focus groups emphasising underrepresented groups to co-create the inventory questions.
I talked with one of the focus group participants, O’Nesha Cochran-Dumas, senior director of the Miracles Club, an organisation working with the homeless and those in recovery from drug use in the African-American community. She says: “The disenfranchised opinion matters, and people’s actions must respond.”
As I write this opinion, Smart City PDX is readying a draft specification for the surveillance technology inventory. Once delivered, the inventory will give transparency about data collected by Portland, a step towards better understanding.
The timing could not be more critical. The Portland police obtained unmanned aerial systems (UAS) or drones in April 2023 for a limited pilot program, with the city council’s blessing. While the Portland Police created a dashboard showing drone call data, many questions exist. The inventory, co-created with public engagement, promises to shed some light. Across the globe, Australia must take its journey to get meaningful public participation and technological oversight over its surveillance technology. The AFP and OAIC cannot return to their treadmill of privacy violations and finger-pointing. Public engagement promises Australians a solution, with examples and ideas from which to build.
