What does the Australian Privacy Laws say about Smart Glasses?
Image courtesy of Gerald Hartl via the Unsplash License. Available at: https://unsplash.com/photos/yQpSxKF_ELA.
True story. It was annual school’s sports day. I was waiting in anticipation for the gun to go off hoping my daughter would win the race that she had trained so hard for. Just as the pistol was fired, I had my phone adjusted and there I was, filming the race with cinematic perfection. Halfway through, in typical sitcom fashion, I received a call obscuring my view. I fumbled. Needless to say, my daughter won and I, yes, I, missed the race. Devastated, I wondered if fumbling for cameras or phones had become obsolete, and whether there was a need for a device allowing instantaneous capture of sudden and short-lived moments.
A few years and many races later, along come Facebook and Ray-Ban, announcing their launch of smart glasses ‘Ray-Ban Stories’. The glasses, which have been modelled on Ray-Ban’s classic Wayfarer, will allow the wearer to record photos and short videos with a surreptitious touch of the side. Facebook boasts that the glasses will allow immortalisation of special moments. But, as much as these glasses could have saved me from my overwhelming mummy-guilt, what do these devices spell for our increasingly fragile sense of privacy in the legal framework? Let’s explore.
Introduction
The privacy concerns regarding the Ray-Ban Stories mainly centre on third parties and their personal information that may be unwittingly captured, but also relates to the privacy of the users and their own data. This in turn raises concerns whether current privacy laws are ready to receive the invasive technology that these glasses are ultimately offering. Such concerns are particularly pertinent considering the market appetite for smart glasses is only increasing.
That being said, the modern populace is not wholly unfamiliar with an increasingly surveilled society. Due to the ubiquity of phones as recording devices, in addition to widespread use of closed-circuit television systems, security cameras, drones, internet and phone monitoring and geo-location tracking, there is growing awareness within the community of a “network” capable of capturing an individual’s movements.
A sense of privacy is preserved, however, with some existing social understandings. For instance, surveillance systems are understood to be in the name of the greater good, trading off a modicum of privacy for a sense of safety. Importantly, the community relies on perceptible indicators to inform them they may be under surveillance – for instance, walking through the gate of a private property, a “Smile! You’re on Camera” sign in a store, or the obvious cue of holding a phone or a camera up.
Whilst these glasses are far from revolutionary, their release undoubtedly represents a further proliferation and regularisation of covert recording devices and may well constitute a pronounced step further eroding privacy in public life.
Here we consider how much closer this step may bring us to the ambit of Australia’s privacy laws.
What are smart glasses?
The Ray-Ban Stories feature a touch button used to capture a photo or to start a 30-second video recording. Alternatively, users can activate the glasses hands-free through voice commands, such as “Hey Facebook – take a video”.
The glasses also feature a white LED light that flashes when the wearer takes a photo and remains lit throughout recording, and is, according to Facebook, visible from 25 feet away. Whilst there is no independent audio recording function, the glasses do record audio as part of the video function.
There are of course some boundaries to their features. For instance, live streaming is not a function of the glasses. Further, whilst captured photos and footage are stored on the glasses, the files are extracted via the accompanying Facebook View app on the user’s smartphone.
Do privacy laws apply to smart glasses?
The Privacy Act 1988 regulates the collection, use, storage and disclosure of that information in the public and private sector.
However, current Australian law does not prevent an individual, acting in their own capacity, to take photos or footage in a public place without permission, which extends to recording both individuals and a crowd of people.
Therefore, at this point in time, this is the primary extent of the law as it applies to the Ray-Ban Stories, subject to rules imposed by places where the glasses may be worn.
Can you wear Facebook on your face?
The idea of ‘camera glasses’ are not new, forming a key part of the espionage tool-box of fictional spy agents, and with toy gadgets such as necktie spy cameras already available for purchase.
Amnesty Tech, an international collective of advocates, researchers and technologists, have voiced concerns over Ray-Ban’s partnership with Facebook in the release of these glasses. They have indicated that Facebook ‘is a surveillance advertising company whose business relies on exploiting our data and invading our privacy on a vast scale.’ Such concerns inevitably include underlying fears of function creep, in which information collected for one purpose is stored and later used for another.
When Facebook knows you better than you know yourself
Facebook has, to an extent, attempted to pre-empt fears by clarifying the data collection functions of the Ray-Ban Stories.
According to Facebook, the glasses will only collect data necessary for them to function as intended, such as storing the user’s email address and password for logging into the Facebook View app. The glasses will be an "ads-free experience”, and the contents of the captures transferred to the app would not be used for personalising adverts.
However, concerns have been raised over the efficacy of such backstops. As is well-established, when users engage with Facebook in certain ways such as following a page or liking a post, this information is used to personalise user experience such as the sorts of advertisements the user sees. According to a disclaimer that appears when setting up the Facebook View app, merely using the glasses creates data that Facebook can use to improve and personalise consumer experiences.
Whilst this data-sharing can be opted out of, it is enabled by default. In other words, the Ray-Ban Stories are nonetheless a device inherently capable of data collection.
According to Facebook, the photos and video extracted from the glasses will include metadata such as the time the files were captured and that it was taken with the glasses. By default, the voice commands are also stored in the glasses as transcripts which will be accessible by trained reviewers. Concerns have been raised regarding the inevitability for speech to be occasionally captured even when the assistant activation commands, such as “Hey Siri”, are not used. In one instance, a user reported that despite intentionally using voice commands only twice, there were already four transcripts saved in her Facebook View app.
Privacy issues for third parties
The main privacy concerns are for those on the other side of the glasses.
As briefly discussed above, there are currently no explicit regulations on the use of these glasses, particularly limitations on their use in more sensitive locations such as change rooms. This is to say nothing of the particular concerns in the ease by which children may be recorded.
In lieu of such limitations, lawyers may consider advising clients to include smart glasses in the terms and conditions regulating venues and locations where people congregate. Think venues and retail stores, art galleries and restaurants or other hospitality establishments.
Whilst the Ray-Ban Stories, as sunglasses, are ostensibly limited to their use outdoors (and would appear rather conspicuous if used indoors), there is no reason why the recording function will not eventually extend to use in prescription glasses.
Consider the Google Glass, a similar smart glasses device albeit featuring a LED display screen and overall less inconspicuous than the Ray-Ban Stories’ Wayfarer design. After its release, the Google Glass was reportedly banned from many public places including sports arenas, hospitals, and strip clubs, as well as many dining establishments displaying signs telling patrons using the Google Glass were not welcome.
For example, in 2013, the Seattle restaurant ‘5 Point Café’ was one of the first to ban the use of the Google Glass. In another example, the Google Glass was banned inside movie theatres as part of an anti-theft policy by the Motion Picture Association of America and the National Association of Theatre Owners.
Facebook’s user guidelines - Are they a toothless tiger?
Facebook has further sought to address anticipated privacy concerns for third parties through a series of user guidelines, which are explained in detail when the Facebook View app is first set up. [1] The guidelines include the following:
· Respect people’s preferences. Not everyone loves a photo op. Stop recording if anyone expresses that they would rather not be in a photo or video.
· Power off in private places. Turn off your glasses in certain spaces like the doctor’s office, locker room, public bathroom, or place of worship.
· Let that capture LED light shine. Show others how the capture LED works so they know when you're recording. Tampering with this light is against our terms of service.
· Be a good community member. Obey the law. Don’t use your glasses to engage in harmful activities like harassment, infringing on privacy rights, or capturing sensitive information like pin codes.
However, the ease by which these unenforceable guidelines can be circumvented likely does little to mitigate corrosion of the comfort the community expects to enjoy in public life.
Spy Glasses?
One reporter described the glasses as “barely perceptible spy glasses” with the appearance of regular sunglasses, especially as she was easily able to cover the light when taking photos and videos. Another reported that the discreetness of the light was an issue even without nefarious intent, and revealed she easily recorded over 20 people in a public park without their knowledge as the uncovered light was difficult to see at a distance.
Issues with the recording light’s subtlety appears unanimous. Some advocacy groups Facebook consulted with on privacy-related issues during the development of the glasses have agreed the light should be more prominent.
John Breyault, the Vice President for one such group, suggested the glasses contain a sensor that would disable the glasses if the light was obscured, or to tweak the design so that the glasses did not appear to be merely a normal pair of Ray-Ban wayfarers.
Whilst Facebook clearly states tampering of the light is against their terms of service, this will do very little to inhibit such behaviours. Taping over computer webcams, for instance, has become increasingly common. Even Facebook CEO Mark Zuckerberg is known to cover his webcam to protect against remote access by potential hackers.
The Importance of the Physical Cue
It can be argued that privacy in the public sphere is already eroded by the substantial amount of surveillance that is achieved through the network of CCTV, security cameras, locating tracking systems and phone-use.
However, whilst the introduction of a device capable of capturing others in public is not in itself a new concern, a device that removes well-understood cues associated with potential surveillance is. Due to the inherent subtle nature of the design – the key selling-point of the glasses is the ease of use – there is no need to scamper for retrieval of a phone or camera.
The glasses are used with an easily missed touch of the side, and can even be used via hands-free voice activation, compared to the noticeable holding and angling of a camera or phone. This in turn may lead to increased circumstances in which individuals are both unaware they are being recorded and what that information will be used for.
The future of smart glasses
Facebook has made no secret of the technological potential of the Ray-Ban glasses, with Zuckerberg describing them as a ‘journey towards full augmented reality glasses’.
As a stepping stone, it is necessary to contemplate the future evolution of the glasses and the privacy concerns associated with the layering of more sophisticated technology.
Consider, for example, Facebook’s Project Aria. Project Aria is a research device which are similarly worn like glasses, and capture the user’s video, audio, as well as eye-tracking and location information. Whilst the Project Aria is advertised as a non-consumer product and reserved for Facebook employees alone, the sorts of technology used in Project Area nonetheless raises direct concerns about the path ahead of the Ray-Ban glasses.
Augmented reality glasses, such as Project Aria, can be used to capture biometric data of wearers. This data can in turn be used to identify patterns of user behaviour and exploit these patterns in a way that is difficult for the user to perceived and resist and can cause great damage if the data is leaked.
The Metaverse
Facebook plans for augmented reality glasses to form a key component of its so-called ‘metaverse’ – that is, an immersive virtual environment that blends the digital and physical space which can be used for work, shopping and social gatherings.
Zuckerberg himself has explained that advertisements, and indeed personalisation of those advertisements through data collection, ‘will probably be a meaningful part of the metaverse too.’
In 2020, New-York based company Vuzix debuted the ‘iFalcon Face Control Mobile’ which brings facial recognition technology to AR as a solution for various industries, including the police force, security professionals, border patrol, first responders and even banking.
Advertised as a consumer product, the function of the glasses is circumscribed in that they are designed to recognise specific suspects, offenders or missing persons.
Whilst such functions are not available with the Ray-Ban glasses, the layering of such technology and the associated privacy ramifications are without a doubt on the horizon.
What can we take away?
Knee-jerk concerns over technological advancements are nothing new.
People reportedly ‘panicked’ over the potential loss of privacy when Kodak released its first hand-held camera in 1888.
Fast forward to today, whilst its acknowledged that the Ray-Ban glasses use existing technology, smart glasses undoubtedly represent a great leap from common and traditional uses of technology that the community is both educated about and familiar with.
However, as much of the marketing and commentary surrounding the glasses centres on it, it is important we do not fall victim to the boiling frog syndrome. It is necessary to consider how such devices, often bearing the quickly germinating root of more advanced technology, will affect the privacy we have come to expect in our daily lives.
Incremental erosion, wherein no one intrusion appears substantial on its own, is erosion, nonetheless.
The role of privacy law
Privacy law needs establish firm boundaries to protect people from the complete erosion of their privacy. When contemplating these boundaries, a balance needs to be struck between the competing interests of an individual’s privacy and freedom of expression and the overall common good.
Unless restrictions are at the very least contemplated, it is difficult to anticipate a safe way forward. As technology journalist Tove Marks said:
‘the answer doesn’t lie with going back to the days without this technology, but in proceeding forward with caution’.
This Article was written by Sharon Givoni and Fiona Ng
Σχόλια