Tuesday, November 5, 2019

Facial Recognition in Minnesota

Below are my comments which I have submitted to the LCC subcommitee on Data Practices for their hearing on Thursday, November 7, 2019.

I will not be able to attend the meeting of the LCC subcommittee on Data Practices, but I wish to make brief comments and direct members to information.

A number of years ago I read about new technology being used at the 2001 Superbowl in Tampa, Florida.  As thousands of fans entered the stadium, cameras with 'facial recognition' were being tested secretly.  News reports later told about it. Ever since I have been involved in following the technology and its implications.

The state of Minnesota is involved with facial recognition technology.  First, with digitization of millions of driver license photos with facial recognition standards.  Same is with the booking and arrest photos that the Bureau of Criminal Apprehension collects in the Minnesota Repository of Arrest Photos know as MRAP.  Both of these actions have happened within the last decade.

Comparison with photos (recognition purposes) has happened with these state databases in two significant ways. There has been an active use of the drivers license photo base in dealing with fraud (Minn statute 256.01 subdivision 18d and e) in the human services area.  MRAP has been used by law enforcement agencies in the past. I have done data requests with the Department of Public Safety on this topic which has given me information about their programs.

The MRAP program has increasingly over the years NOT been used for the purpose of comparing photos with facial recognition.  In conversations with officials I've been told they are looking at new software.

Tony Webster did a data request to Hennepin County Sheriff covering biometrics and the use of it which facial recognition is a part of.  What Mr. Webster discovered was that Hennepin County Sheriff Rich Stanek was in midst of researching and implementing facial recognition without policymakers and public knowledge.  Mr. Webster did a story on this: "Hennepin County Sheriff circumvents state to expand facial recognition database"   Link: https://tonywebster.com/2016/06/hennepin-sheriff-facial-recognition/


Facial recognition technology challenges First and Fourth Amendment principles to their core.  Nothing new as Minnesota policymakers have discovered with avalanche of new technology such as Stingray, license plate readers, for example.  There are no restrictions or regulations in Minnesota with use and deployment of this particular technology.   A recent paper entitled,  "Facial Recognition and the Fourth Amendment" by Andrew Guthrie Ferguson gives some insight on implications of this new technology. https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3473423

Racial bias in use of facial recognition is being discussed across the country by policymakers, law enforcement, and the public.  In the City of Detroit debate is happening per the New York Times - "As cameras track Detroit's residents, debate ensues over racial bias https://www.nytimes.com/2019/07/08/us/detroit-facial-recognition-cameras.html 

The Center on Privacy and Technology at Georgetown University (Washington DC) has done research on facial recognition.  It focused on states use of facial recognition and extensive research on the topic in their study - "The Perpetual Line-Up: Unregulated Police Recognition in America"  You find attached to this email the report and profile of Minnesota.  The report is long, but has recommendations for legislatures and Congress.  This is the link to those recommendations: https://www.perpetuallineup.org/recommendations

The Center recently released two additional reports:



The United States House of Representatives had a hearing on facial recognition this past summer.   One of the pieces of research done was by the General Accounting Office in a report entitled: "Face Recognition Technology"  The report deals with the federal government initiative of having a a connected database of photos among the states that can be used for facial recognition.  A number of states have agreed to this with the federal government, some have banned used of drivers license photos, other states have current laws restricting use of of drivers license photos.  The report is attached.

This is the first time that a body of the Minnesota Legislature is taking up the topic of facial recognition on it's own without being intertwined with other initiatives.  Today's meeting is not to be one of reaching what the law to be, but the beginning of discussion with the public as to what the law should be.

It takes time and examination to answer the serious questions this new technology challenges us with.

I wish to thank Clare Garvie (Center on Privacy and Technology at Georgetown University) and Freddy Martinez (Open the Government) for providing information that was used in this comment.

Feel free to contact me for any questions or want more information.

Rich Neumeister

Attachments which I sent to the subcommittee are below.

Perpetual Line-Up: Unregulated Police Face Recognition in America


Minnesota profile on Facial Recognition


GAO Report-Face Recognition Technology











Wednesday, July 24, 2019

Minnesotans have no meaningful 4th amendment protections with cops use of drones

There was a meeting today of the Minnesota Legislative Coordinating Commission, subcommittee on Data Practices.  They discussed a proposal to regulate drones used by law enforcement.

In my view, the proposal is anemic and opaque.  Other words, does not give robust accountability in use of drones by law enforcement, gives weak privacy protections for residents of Minnesotan's with their deployment and surveillance use, and transparency of their operations is clouded.

I was not able to be at the meeting, but I provided written commentary.   You will note my analysis is very specific to the proposal.   You can read my comments below, but it's also IMPORTANT to see the draft proposal which is linked above.


Written commentary for July, 24th 2019 meeting of the LCC Subcommittee on Data Practices 

My name is Richard Neumeister.  Since the late 1970's I've been involved with privacy and open government issues on the local, state, and federal level.  I have worked with and helped Minnesota legislators develop public policy on various issues and topics.

Drone regulation 

The Minnesota Legislature has been grappling with drone legislation for the last five years.  I lobbied on the proposals in the first year or two, but since 2016 I've been on the sidelines.

It is my intention to generally lay out my concerns today in written commentary on the suggested draft. SC 5562 can be characterized as an opaque and anemic idea or a robust and accountable suggestion to protect Minnesotans privacy and to keep law enforcement in check in using drones (UAVs).

I believe it tends to be towards the opaque and anemic.

It is important that policymakers and residents get this legislation right to protect Minnesotans privacy and civil liberties.

Search warrant important

It is essential that we not allow this new technology - with enhancements such as thermal imaging, zoom lenses, sensitive microphones, and other tech add-ons to be used without a search warrant.

The draft bill does not make clear whether the proposal updates decades-old Fourth Amendment case law as it applies in aerial surveillance.  Law enforcement has argued there is no Fourth Amendment protections when hovers a UAV over an individual’s property with a camera.  They base that on old court decisions by the US and Minnesota Supreme Courts.

As with the tracking warrant legislation which I was involved with in 2014, the main objective was to overturn old case law and statutory language and to give robust Fourth Amendment protections for Minnesotans with their location data as they used their ‘personal devices’ (cell phones, etc) in their daily lives.

Does this proposal do that?  Does it overturn decades-old case law and allow Minnesotans to have 21st century privacy protections when drones with enhanced technology are used?  There needs to be clarity on this point.  For example, in Ciraolo, a case decided by the US Supreme Court, the court ruled that a person does not have a right to privacy from warrantless aerial surveillance from a plane flying 1000 feet over one’s home and curtilage.  Law enforcement has argued the same with the use of UAVs.

In the bill language, a “law enforcement agency” is defined basically as either a police or sheriff agency. But there are other government entities that enforce rules, regulations, and law.  UAVs can be easily used by those other entities as well, but it appears that the definition excludes them.  For example, licensing, residential, or zoning agencies could use drones for enforcement purposes.  Do not the residents of Minnesota have Fourth Amendment protections in those kind of situations?
 Change to Subdivision 2

In subdivision 2, I believe that the word ‘may’ should be changed to ‘shall’.  To be made clear, the term ‘probable cause’ should also be added.

Problems with Subdivision 3 

Do some of the subdivision 3 exceptions swallow the search warrant protection created in subdivision 2? Very possibly.

Paragraph (a) is a recognized exception to the Fourth Amendment.

The degree of privacy intrusion under paragraph (b) may turn on the enhanced software that a drone mau use in the surveillance and monitoring of a public event.

What is most troubling is paragraph (f), which allows a drone to be ‘borrowed’ by any government agency that wishes to use it.

Let’s say a City wants to see how people are complying with certain rules of what homeowners can have in their backyards.  The local agency requests the use of a drone to hover over backyards (1000 feet up) with enhanced technology to ‘see’ what’s there.  Should not the Fourth Amendment protect the homeowner in this situation?  I believe so.

Subdivision 3 exceptions of (b), (d), (e), and (f) and when data is collected to where it may show a violation of law that evidence should not be used against the subject.  I do not think subdivision 6 does that with the subdivision 3 exceptions.

When reviews subdivision 3 exceptions, one will note that there are different documentation standards among the paragraphs, or none at all.. It is important for the public to know when a UAV is used.  This needs to be reviewed to insure responsibility and answerability to the public.

Subdivision 4

There should be some discussion about subdivision 4.  I have some ideas for additional language for accountability and transparency,

I recommend that language in paragraph (d) should be changed from ‘may’ to ‘shall’.  I also recommend that language be added to cover ‘enhance’ technology, so that the latter part of the sentence may read ‘with facial recognition or other bio-metric-matching, and enhanced technologies unless……’  This change would provide Minnesotans with robust 21st century privacy protections.

Subdivision 5 

I need to review subdivision 5 closely over the next month or so.  It needs to be clear on what is public and what is not.  I am interested to see what currently would be public and what would not become available to the public if this language was passed.

Subdivisions 9  

I am concerned about subdivision 9.  The language in subdivision 9 mirrors language from the tracking warrant statute.

The concerns I have with paragraphs (c) and (d) in particular: Paragraph (c) allows a prosecutor to request that data not be filed.  In paragraph (d), it is specific that only upon the commencement of a criminal proceeding, the warrant application and supporting material must be filed.  But what if there is no commencement of any criminal proceeding?  How in that situation does the warrant and supporting data ever become public?  I believe this is happening with a number of tracking warrants.  What is the trigger to make sure that in these circumstances the search warrant data is eventually public?

Final comment

Minnesotan's should be able to live in security and freedom from surveillance that is not justified.  The proposed bill does not provide robust protection against surveillance techniques enhanced by technology. Abstruse advances enable law enforcement and government to go beyond our expectations without many times public and policymakers making the rules with which they should abide by. 

Over my four decades of involvement with privacy matters, it has been law enforcement that is the institution that wishes to make their own rules, have the least accountability, and be hush-hush on what they may be doing that compromises our privacy.  There is a balance that needs to happen.  I will continue to strive for that and I have done so in the past.

Please contact me if there are any questions with what I have shared with you or want specific ideas to ensure that the drone proposal is one that manners the respect of our civil liberties.

Sunday, January 6, 2019

Free workshop in Chanhassen on how to get government info

On Wednesday, January 30, 2019, Saint Paul-based non-profit Public Record Media (PRM) will host a free Freedom of Information (FOI) workshop at the Chanhassen Library (Carver County) in Chanhassen, Minnesota. The event will run from 6:30pm-8:00pm. The library is located at 7711 Kerber Blvd. in Chanhassen, Minnesota.

The workshop will explore how members of the public can use the Minnesota's Data Practices Act to obtain government records on a wide range of issues - from property records, to police reports, to school board plans and government budgets. The presentation will feature comments by Rich Neumeister, a long-time record requester and open government advocate.

PRM is hosting this January event in light of the City of Victoria being in the news last week on a recent decision by the Minnesota Commissioner of Administration that says the mayor of Victoria's Facebook content is not considered government data.  The opinion causes questions if social media communications of public officials are government data and are accessible to the public.

The event is free to the public. Participants are encouraged to bring ideas for their own public record requests.  

Wednesday, May 16, 2018

Hurried, tacky, and sloppy way to revoke health privacy protections at Legislature

Voiding Minnesota's strong health data privacy protections with an amendment by Representative Zerwas to SF 3019 on the House floor tomorrow (Thursday May 17th) is foolish and senseless.

Of all the votes in the Minnesota Legislature on privacy this session, this is the ONE the public needs and legislators need to pay attention too.  The amendment slays Minnesotan's robust right to consent where your most sensitive health data shall go.  The proposal is poorly designed and done in a hustled way by business and health industry interests.

The attempt by the author is to do away with one of the best health data privacy protection/rights in the country and replace it with parts of the HIPAA regulations.  Important to understand the premise, that HIPAA, a federal regulation sets a minimum floor of privacy protections and rights, but allows states to be more protective of your information or provides you with more rights.

When I pressed Representative Zerwas, who is the author of the original bill, and corporate and health industry lobbyists I did not get a coherent and detailed rationale.  What one hears for this  change: will save money and give coordinated care. (questionable)  Also said  the proposal will not damage your health data privacy, because you have the federal government minimum standards to rely on.

But proponents of the amendment are wrong in their surety that adopting HIPAA standards and ditching our state protections will fill the gap of privacy protections. 

Our current law assures you have control where your most sensitive data goes to and for what purpose.  For example, you do not want your mental health data to be seen or sent to the foot doctor, you have that choice and right.  Minnesota law allows you to CONTROL where your health data goes.

Slapping down Minnesota's consent provision jeopardizes your privacy to where your health data can be widely disseminated and be used for purposes without your knowledge and consent.

Who decides where, for what purpose, and to whom your personal health data is used and dispersed, you or the business and health interests?

If the proponents want to ditch Minnesota's consent and privacy protections show how HIPAA  has same robust protection with consent and privacy protection.

Instead, what is proposed on the floor of the House is deletion of about 13 words of our current law and replace it with some twenty words referring to a federal regulation.  The regulation is pages long and I am sure many of the House members have not read and understand.

The regulation with its broad language and definitions encompasses many activities that many people are not familiar with and allows for health data to be strewed about which individuals may want to control and not so easily be strewn about.

There has been no hearing on the Senate side on the original bill or amendment.  In the House only one hearing in a health committee.  The bill has not been heard in the Civil Law and Data Practices Committee.

To be clear, can there be changes to Minnesota law to accommodate concerns and issues, yes, but not in this manner.  Trading this amendment for the loss of our states protections is a bad exchange.  If this proposal along with others can be discussed in a rationale and comprehensive way, it would be better for us.

The place for this rationale and comprehensive discussion is the Legislative Commission on Data Practices and Data Privacy.  With suggestions to be made for January 2019 when the Legislature comes back.  Many questions and issues can be discussed in a way that all parties will get their say.

The commission can explore many questions and issues such as:

How can state law deal with the wishes of an individual patient to not have certain sensitive data be shared with others?

Can coordination of care and individuals right to control where their data goes co-exist within state law?  (Note:  Over the years when issues arose they have been addressed within our state law on health data)

How can penalties and rights for patients be more enhanced on a state level where there are violations of privacy rather than rely on a federal agency?

These are just some examples of points of questions that need  and can be explored.

Minnesota has had a comprehensive health data privacy law which has been recognized nationally.  Why would we want to lower our standards?  Do not think the HIPAA regulations give you a comfortable feeling of reassurance that sensitive health data is a matter between you and your doctor, you'll be duped.  The federal regulations set standards for privacy where health, business, and public interests often prevail over the patients desire for confidentiality.

Do not abrogate Minnesota's privacy/consent provisions in this hasty and sloppy way.

Saturday, March 3, 2018

Will you lose privacy protection and rights with your most sensitive data?

The right of consent, which is a cornerstone of our Minnesota Health Records Act, which gives you the ability to manage your most sensitive health data, to keep it private, where it goes, and what it can be used for is about to be taken away.  By whom?
Out of view from the public, the Minnesota Chamber of Commerce, Minnesota Business Partnership, Minnesota Council of Health Plans, Minnesota Medical Association, Minnesota Hospital Association and some legislators are working hard to do just that. To be substituted by what is known as HIPAA, the federal law.
There has been an enormous push of cunning by special interests at the Capitol to lead some policymakers into an unseeing acceptance by business and health lobbyists assertions that HIPAA will increase their constituent's privacy protections and rights.
Telling to you straight, what the proposed legislation SF 2975 and House companion does is opposite, it guts your right of consent to release of your health records and replaces it with Code of Federal Regulations, title 45, part 164, subpart E. 
SF 2975 by Senator Pratt:

Section 1. 

Minnesota Statutes 2016, section 144.293, subdivision 2, is amended to read:

Subd. 2.

 

Patient consent to release of records.

 
A provider, or a person who receives a health records from a provider, may not release a patient's health records to a person without:

(1) a signed and dated consent from the patient or the patient's legally authorized representative authorizing the release;

(2) specific authorization in law, which includes Code of Federal Regulations, title 45, part 164, subpart E, for those entities and individuals subject to Code of Federal Regulations, title 45, part 164, subpart E; or

(3) a representation from a provider that holds a signed and dated consent from the patient authorizing the release.

My understanding is that Representative Zerwas will be the House author.
This new language, underlined, (CFR, title 45, part 164, subpart E) gives right of access to your health data to many more players that are known as covered entities and business associates without your consent and specific knowledge.  The proposal allows for more wider dissemination and access of your health data to institutions and government.
You may ask yourself, why does Mr. Neumeister care.  I have been around a long time, since late 70's, through the 2010's at the Minnesota Legislature. Have dealt with special interests at the Legislature, helped policymakers build our strong privacy protection and rights and defend those rights and protections, and will call out organizations such as those I mention in the 2nd paragraph of this post who try to do things that are not right to Minnesotans and done with slight of hand.
I still remember one of the biggest fights of my non-paid career at the Legislature.  I fought over two years to where we as Minnesotans could get access to our medical records and get copies of them. (1986-1987 sessions)  The Minnesota health industry with such notables as the Minnesota Hospital Association and Minnesota Medical Association opposed that simple right.  The same mindset it appears they have today.
Are there fixes that can be made in this area of law?  Yes, but not done in a "Damn the torpedoes, full speed ahead" mentality that pillage the protections and rights we now have in our state law.
HIPAA sets a floor of standards of how health records are to be handled, but allows states to be more protective of your information or provides you with greater rights.  This is what Minnesota law does
Do not expect HIPAA to give you comfortable feeling of reassurance that sensitive medical data is a matter between you and your doctor, you will be deluded.  The federal regulations as proposed in this bill and others that I have seen set standards for privacy and rights where health industry, business, and government interests often prevail over the patients desire for confidentiality.  And this should NOT be.
Contact your legislator!

Tuesday, February 27, 2018

Off to Woodbury to talk transparency and accountability



On March 22, 2018, Saint Paul-based non-profit Public Record Media (PRM) will host a free Freedom of Information (FOI) workshop at the R.H. Stafford Library in Woodbury, Minnesota. The event will will run from 6:30pm-8:00pm.  The R.H. Stafford Library is located at 8595 Central Park Place in Woodbury, Minnesota 55125.
Seating is limited.  RSVP by calling Public Record Media at 651-556-1381, and leaving a message with your name and contact information.
The workshop will explore how members of the public can use Minnesota's Data Practices Act to obtain government records.  Each year - in conjunction with long-time data advocate Rich Neumeister - PRM hosts FOI workshops across the state, with the aim of training people about how to use the state's data access laws for research, education, and fostering government accountability. 
PRM is hosting its March event in Woodbury in light of the city's recent appeal to the Minnesota Legislature to make changes to the Data Practices Act - including eliminating the laws' long-standing provision that allows the public to inspect data at no cost.  Under current law, public requesters have the option to review data at government agencies for free, as opposed to paying for copies of data.
The event is free to the public. Participants are encouraged to bring ideas for their own public record requests.  
Public Record Media is a Minnesota-based non-profit organization that conducts public record-centered publication, legal work, and education. 

Monday, September 11, 2017

Minnesota law enforcement held accountable with use of Tasers?

This evening I did a program on how to use the Minnesota Government Data Practices Act to gain access to body camera video.  In the discussion there was a question asked, if a Taser or an energy-conducted weapon is used to stun or subdue a person is that video public?

Under current Minnesota law (13.825) substantial bodily harm is a standard that is used to allow public access to body camera video.  Therefore I made a request to the City Of Minneapolis as follows:

"Dear Mr. Carl:

Pursuant to the Minnesota Government Data Practices Act, I wish to review and inspect all government data documenting use of tasers (energy conducted weapons-ECW) by the Minneapolis Police Department from 2015 through July, 2017.  The request to review and inspect all government data would include, but not limited to, any body camera footage or documentation specific to the use of the ECW.

Any questions do not hesitate to call or contact me.

Regards,

Rich Neumeister"

We will see what happens.