This has many potential uses for both good and bad. It basically takes the old concept of secret tracking devices and tries to make them into security commodities for everyone to enjoy.
Personally, I just wish it was small enough to put on a dog or cat collar. I know the authors claim it is supposed to help with property theft investigations and recovery. I see a far larger market and demand for surveillance and mischief. I searched the site and found zero mention of privacy controls or protection.
In an ACM SenSys 2010 paper, we present AutoWitness, a system to deter, detect, and track personal property theft, improve historically dismal stolen property recovery rates, and disrupt stolen property distribution networks. A property owner embeds a small tag inside the asset to be protected, where the tag lies dormant until it detects vehicular movement.
More to the point, from a market perspective, if we accept the commodity of electronics as a general argument then an encryption and backup/restore strategy is far simpler and less costly than tracking, capturing and recovering stolen electronics.
When someone grabs your iPhone and makes a run for it you will probably have a better piece of mind with encryption and recent backups than with trying to chase and detain the attacker. As someone at the RSA Conference said after he left his phone accidentally in a Taxi “even if I could get it back it would probably be bricked”.
Information is not really that much safer with the AutoWitness control option. It adds marginal value versus other controls and can actually introduce new risks. As an inexpensive device to monitor someone, on the other hand, it provides a *new* source of information — can add significant value at a lower cost than with other controls.
Nonetheless, just like a lot of the other forensics and investigation tools, I bet this will continue to be marketed as a disaster recovery solution.
Hey Davi. I am one of the researchers and developers of the AutoWitness project. I see your concerns about privacy and misuse of technology. First I would like to say that such issues were and are of great concern to every member of the team. In fact, it was Santosh Kumar, our PI, who instilled in me a great understanding of the need for developers of any technology to give privacy and security the utmost concern – something I was rather lax about before joining the team.
I believe though, in all honesty and with utmost respect, that you have clearly missed the essence of the AutoWitness system. Let me, if you will, clarify this, and hopefully a discussion which is enlightening to both us and others will ensue.
The AutoWitness project was started in attempt to address a large problem in the Memphis metro area – burglary. Coupled with the alarming rate of home break-ins in the city is an unfortunately low rate of recovery and an even lower rate of capture of burglars. That being said, the goal of AutoWitness is not to track devices, it is to catch and deter burglars. When the Memphis Police Department approached our lab and asked if we could attempt to come up with anything, they told us that the most common items stolen from homes were electronic appliances such as televisions, video game systems, audio equipment, and computers. Aside from that, 4-wheeler vehicles were also high on the list.
Keep in mind also that AutoWitness is currently in research and development, not in a marketing phase. The system is designed to operate WITHOUT user interaction. So cell phones and laptops are largely already out of the picture – they must be regularly charged, i.e. user interaction.
The module is therefore designed to remain in a low-power state such that it can maintain it’s energy supply for months, or even years. In the event that enough motion is provided to wake the unit, it then enters a theft-classification phase to determine if it has actually been stolen.
Theft classification is based on the signatures of VEHICULAR movement. Therefore, it is intended for items which are not typically carried on-person and likely taken in cars – again eliminating cell phones and laptops. Given this and the commonly stolen items I listed above, you can already see that data backup and encryption is simply not applicable to the application domain. It is not an information security issue. It is a location and recovery issue.
Moving along, the tracking itself is again based on motion signatures of VEHICULAR movement, and relies on a map-matching system which is confined to the topology of the road network. Therefore, uses such as tracking lost pets or spying on people on foot are nullified – the motion signatures of walking or bicycling are far different than those of vehicles accelerating, stoping, and turning. So this system is confined to movement along the roads.
In it’s current and only state, AutoWitness does not do real-time movement tracking. It requires the object to reach a final destination and stop moving before it can initiate the map-matching and tracking phase. This again is not useful for live tracking and spying on anyone as they move about. It is, however, useful for law enforcement to see where items have ended up, and attempt to prosecute the perpetrators of burglary.
If you are concerned about market-available devices which can be used to maliciously track people, then your greatest concern should be smart phones, which nowadays have a combination of GPS as well as cell tower and wifi-network localization, enabling the device or person carrying it (which most people DO carry their cell phones with them mosto f the time) to be pinpointed with accuracy down to less than 1 meter. In addition, these devices are typically always connected to the internet and often populated with software containing code which is not audited by the user. Furthermore, t smart phones have CPU speeds in the hundreds of megahertz or even gigahertz, some even have dual core CPU’s, along with gigabytes of memory and storage. Therefore it is not only possible but feasible (and already happening) for users to unintentionally download malicious software or for the phones to be compromised by attacks and backdoor discoveries, and then be tracked, monitored, etc. by a device they opt to have and carry, with enough processing power and memory to carry out heavy functions and store data such as records of movement, audio and video recordings, photographs, key logging and records of web browsing, email snooping, and so on and so forth, all without the user ever knowing. I should mention here that AutoWitness prototypes have CPU with only a hundred or so mhz, and only a few hundred kilobytes of volatile memory.
All of this is to say, politely, that I think your argument here really holds no water, and I suspect that you did not read the research paper regarding AutoWitness which was accepted and published in the selective ACM Sensys 2010 conference. if you have any questions, remarks, or rebuttals, please feel free to respond on here or email me personally. It is the intention of myself and the other team members of this project to inform and enlighten the public and to work only to better society.
Thank you.
Daniel, thanks for the thoughtful comment and interesting claims. I’d be happy to discuss. I found many questionable points. Here are a few examples.
You suggest the police asked for help with a low rate of recovery and capture.
However, the statistics from the police show a long-term significant decline in Memphis burglary related to successful capture. Here’s a good example where they report their primary problems such as light sentences. They do not mention a failure or greater need to apprehend suspects:
Similar data is on the City of Memphis Police page.
But let’s assume for the moment that they have been telling you a different story than to the general public, and they really need to a way to track a stolen item in order to apprehend unknown suspects.
You say that the project is focused on large items, most likely stolen in a vehicle.
But then you suggest that these items have no need for information security.
You really believe computers need no encryption or backup?
I strongly disagree and I know several regulations that disagree with you. I also disagree on all the other items you listed (televisions, video game systems, audio equipment). They too have personal and sensitive data such as logs, identity information/tokens, contacts and photos. I have spent a great deal of time and effort trying to protect users of the electronic devices you described, not least of all because of large storage media options.
Companies that manufacture electronics are increasingly including personalisation options and rich software. It not only is a location issue when electronics go missing; it almost always involves a privacy and security issue.
You also say you have designed the system to only report vehicle movement and infrequently — a specific trigger profile for autos.
I do not consider real-time a requirement for tracking. Tracking can be slow or infrequent. There are many situations where infrequent data points are sufficient. I certainly would not want you to expose any compromising details but the parameters for “stop moving” and “final destination” are a good place to probe. What if a device gets a necessary “movement” signal more than once — multiple “final” destinations?
That is true only if you use a very narrow definition. If someone moves infrequently or the goal is to know only when they have driven and then stopped, your device is useful for tracking and spying.
I noticed many more issues, but I hope that helps clarify some.
Dave, I’m sorry for the late response. I never got a reply notification, so i did not know that you did respond.
You make some good points, but the full picture you describe is still quite off from my perspective.
Firstly, you mentioned crime statistics. Yes, lots of crime in Memphis has reduced in the past couple of years. The most often cited contributing factor to that decline is Operation Blue Crush, which uses a real-time-and-historical-data-driven statistical analysis system (developed in part at the University of Memphis, also) to determine crime “hot spots” and make daily predictions of where types of crimes are most likely to occur, allowing police to allocate resources and manpower to the right areas, more effectively. Furthermore, the system has been expanded to provide visual insight on crime networks, etc. by data mining arrest data and information gathered in investigations, centralizing the myriad bits of information which were traditionally scattered out and isolated from case to case. In addition, thanks to falling prices coupled with increased crime-prevention budget, Memphis has been implementing one of the most advanced metro camera systems in the world, beyond what you hear about in New York or London. Cameras are now placed in many intersections throughout the city, as well as mobile camera towers which have 360 panoramic , high zoom view, image detection and recognition, license plate recognition, etc, audio capabilities for triangulation of sounds, etc,… which are strategically placed through out the city. All of these cameras tie into the blue crush system. On top of that, Memphis has piloted the Skycop program, in which police cruisers are fitted with scanners and cameras which can automatically scan license plates, do recognition, etc, while driving around, and again are networked into the blue crush system.
All of this data and information is monitored 24/7 at the Blue Crush Real Time Crime Data Center, where several agents continuously watch several screens with video feeds, data feeds, etc, and piece it together while coordinating police efforts. I’m not making this stuff up nor exaggerating, in fact, I’m UNDERSTATING. See the links below:
http://www.skycopvideo.com/assets/1399/skycop_lpr_pictures_028.jpg
http://www.skycopvideo.com/assets/1399/skycop_roof_unit_with_radar_5.jpg
http://www.skycopvideo.com/assets/1399/mesh_camera_downtown_memphis_02.jpg
http://www.skycopvideo.com/assets/1399/crime_center_picture.jpg
http://www.skycopvideo.com/assets/1399/skycop_tss.jpg
http://www.skycopvideo.com/bluescityonbluecrush
http://gicoaches.com/whats-the-real-driving-force-behind-blue-crush-in-memphis/
“The RTCC Video Surveillance system will monitor:
Gunshot Detection Cameras
Fixed License Plate Recognition Cameras
Critical Infrastructure
TDOT cameras on the Interstate System
Special Events
Criminal Activity
The RTCC will be capable of monitoring other disparate video surveillance systems such as:
City Facilities
Libraries
City Schools
County Schools
Parking Garages
University of Memphis and other local colleges”
http://mpdacademy.com/criminology.php
For anyone concerned about privacy, I suggest you read thoroughly into Operation Blue Crush. We’re talking about VIDEO TRACKING EVERYONE throughout the city, 24/7…
And I’ll submit that, for any major city, there is ALWAYS a gap between what the police state publicly, and what they know and do behind-the-scenes.
That aside, just because numbers have reduced does not in any way indicate that burglary is not a tremendous problem for the city, which it is. Just ask the 12,000+ people whose homes are burglarized each year. And what that data doesn’t tell you is all the number of unreported burglaries. Apathy of crime and lack of reporting is another huge problem for the city. Many residents simply feel that it is a waste of time, more trouble than its worth, etc, and many citizens prefer not to deal with the police at all. Research the socioeconomic status of Memphis, the race relations, the problems in the memphis justice system, etc. and get an understanding for how the city truly is, and you will see that this is not just “outlier cases”; it’s actually quite common.
Now, your point about data on electronic devices is pretty valid. However, it is on the users of those devices, and the manufacturers, to implement proper security measures and to adhere to the regulations and such you speak of. That is beyond the scope or interest of our project. it was not to encrypt or protect data, nor recover data. It was to track stolen physical objects to the locations they end up, in order to catch the thieves.
Now you made a point about a tracking from location to location, which is quite fair as that is more or less the intended function of the unit. Sure, in the right hands, one could do that – but our system depends on back-end servers to do the intensive computations required to do the tracking – from signal processing, filtering, approximation, statistical analysis, geo-matching, etc. No small sensor device or mobile phone is capable of doing the computations in feasible time, especially when considering the compounded cost of doing it for multiple units. Again, this project was for law enforcement, and it was research – it was not a finalized product and there was no intention of ever making the end-to-end system available publicly.
Any technology can be used beyond its intended function, for good or bad. if one wants to see where another infrequently (or frequently) travels toward, he can go to the store and buy readily available GPS units, cell-signal triangulation units, etc etc… he could follow the person and use his own eyes even… there are many ways, and I don’t think our project breaks any boundaries, in that regard, to allow others to spy in a way they can’t more easily do with existing, off the shelf products already – the ones found in our very insecure cell phone, for instance.
I’m really not trying to circumvent the need for data protection – I agree with that 110%. I’m just trying to emphasize that the goal of this project was outside of that scope.
In simple terms, we set out to make something that could track with accuracy comparable to GPS, without the energy requirements or line-of-sight dependencies that GPS has. The use case, as presented by Memphis Police, was to recover items that are commonly stolen from homes and attempt to locate the assailant – just like lojack. I don’t know of one encryption method that does anything like that, nor do I know of any way to track something that doesn’t involve tracking.
Our project doesn’t claim to protect data, protect assets, protect identity, or protect privacy. it was an experiment that we carried out with strong reception in the scientific research community, to use statistical analysis techniques to improve the reliance of inertial navigation – something that has been used in avionics for decades – and use it in a manner to fight crime.