Big Brother is listening as well as watching

Audio surveillance on mass transit systems is all about passenger safety, according to officials. But civil liberties advocates call it a ‘gross violation of privacy.’ And they recently won the debate in New Jersey, where the program on some light-rail lines was shut down

In a world of ubiquitous security cameras, most people know by now that some form of Big Brother – government or private – is watching them. But they are less likely to know that in some areas, he is also listening.

While it is not yet widespread, audio surveillance is increasingly being used on parts of urban mass transit systems.

That is the bad news, in the view of privacy advocates. But the good news is that public awareness can, at least in some cases, curtail it.

This past week, following revelations that New Jersey Transit didn’t have policies governing storage and who had access to data from audio surveillance on some of its light-rail trains, the agency ended the program.

The Associated Press reported in April that NJ Transit had been using audio recording systems on train lines between Trenton and Camden, in Newark and Hudson County.

Dennis Martin, former interim executive director of the agency, told the AP that the goal was to “deter criminal activity” and keep passengers safe.

But he refused to say how the audio data is stored, for how long, who reviewed it and when or how it was destroyed, saying only, “there are laws that govern that and we’re in compliance.”

Critics, including commuter organizations, contended that the recording violated both the First Amendment (free speech) and Fourth Amendment (unreasonable search) rights of passengers.

Nancy Snyder, an agency spokeswoman, said the decision came after an, “internal review that involved weighing security benefits, operational necessities and evolving industry practices.”

Jeanne LoCicero, ACLU-NJ deputy legal director, welcomed the decision to end what she called, “this extreme invasion of privacy."

Of course, New Jersey is not alone, nor is it the first. The Baltimore Sun reported in March that the Maryland Transit Administration (MTA) has used audio recording on some of its mass transit vehicles since 2012. It is now used on 65 percent of buses, and 82 percent of subway trains have audio recording capability, but don’t use it yet, according to the Sun.

And cities in New Hampshire, Connecticut, Michigan, Ohio, Nevada, Oregon and California have either installed systems or moved to procure them, in many cases with funding from the federal Department of Homeland Security (DHS).

Rebecca Herold, CEO of The Privacy Professor, noted that it goes beyond mass transit. She said there were reports a month ago that, “the FBI/government planted audio recorders around San Francisco at bus stops, rocks, trees, lights – wherever there may be people who may be speaking with others about a specific case. They were trying get evidence for a fraud case.”

Rebecca Herold, CEO of The Privacy Professor

rebecca herold

Transit officials say their initiative is all about protecting passengers. But the debate continues about when public safety measures trample citizens’ right to privacy.

Lee Tien, senior staff attorney at the Electronic Freedom Foundation (EFF), said deterrence, “is a reasonable thing, but the hard questions remain.

“Does it actually deter? There’s no point in sacrificing people’s privacy for nothing. What are they doing? Is there any evidence from places that have used it that it helps? Indiscriminate mass surveillance produces a lot of data to process, and we often hear that it’s not analyzed, or that it produces too many crappy leads to chase after.”

Herold agreed. She said terrorists bent on attacking a mass transit system, “will just communicate ahead of time, or figure out a way to communicate that does not get picked up by the audio bugs. They are not effective deterrents to those who want to cause harm.”

Of course, most transit agencies that do audio surveillance post signs notifying riders that it is in use. And some might argue that people cannot expect privacy in public places.

That is the view of David Adler, founder of the Adler Law Group, who said, “as a general rule, one has no expectation of privacy in a public place.”

He also noted that the law governing audio surveillance is, “unsettled, developing and varies by jurisdiction.”

But Tien contends that, “the law has long understood that privacy protects persons, not places. The Supreme Court decision in U.S. v Jones (which held in 2012 that police had conducted a “search” under the Fourth Amendment by using a GPS device to track a suspected drug dealer’s car) moves us in that direction,” he said. “All nine justices essentially found that the cops violated privacy expectations by tracking a car over an extended period of time.”

He added that it is one thing for people to overhear a conversation in a public place, but another thing entirely for anyone – especially the government – to record and save such conversations.

However, in some areas, he agreed that the law is fuzzy. While Title III of the Omnibus Crime Control Act Wiretap Act, generally known as the Wiretap Act, protects oral communications, “such term does not include any electronic communication,” he said.

Herold calls the mass, indiscriminate collection of oral conversations, “a gross violation of privacy.” She said when government authorities, “refuse to answer basic questions about who is getting access to the recordings, how they are being used, and how long they are using them, that raises many privacy red flags.”

There is a wide range of state laws governing the recording of private conversations, but virtually all of them prohibit anyone who is not a party to a conversation to record it, and require at least one participant to consent to the recording.

Tien said transit officials may argue that posting notice that audio surveillance is in use means that anyone who rides those vehicles has consented. “But I don’t think that’s honestly consent,” he said.

There are also political and demographic issues at play. Privacy advocates say conversations involving nothing more threatening than strong opinions on politics, or politicians, could be monitored.

“It’s not just about privacy, it’s about freedom of speech,” Herold said, “Declaring open season on conversations just because they take place in public or communal space will have a chilling effect.”

And Tien noted that the surveillance could disproportionately affect low-income groups, “because of the demographics of public transit ridership, especially on city buses.”

Finally, according to government documents, it also raises security questions. Herold cited a recently released (and redacted) 2007 audit from the Office of the Inspector General (OIG). She said it found that, “surveillance data is not properly safeguarded, and is misused.

“Eavesdropping on all people’s conversations crosses the line; this is not focused on a specific investigation,” she said.

Whatever the legal arguments, privacy advocates were hailing the New Jersey decision this past week, noting that public pressure can improve transparency and, sometimes, even change surveillance.

EFF reported earlier this month on another example – Santa Clara County, which includes much of Silicon Valley, adopted a set of policies imposing more oversight and transparency requirements on mass surveillance of any type.

All agencies, from police to mass transit, will have to get approval from the county Board of Supervisors before even purchasing equipment. They will also have to submit usage policies providing protections for civil rights and civil liberties for board approval and will have to submit annual reports on how the equipment is deployed.

However, another effort, while it made progress, eventually stalled. The Maryland State Senate approved a bill in March that would have allowed audio recording on mass transit buses only in the vicinity of the driver and only if the driver turned the system on during an incident or it was automatically activated during a problem such as sudden braking or a crash. It also would have imposed penalties if the audio tapes were improperly disseminated.

But that bill died at the end of the session when it didn’t get a vote in the House.

Join the CSO newsletter!

Error: Please check your email address.

More about BaltimoreCSOEFFFBIFreedomHudson

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Taylor Armerding

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts

Market Place