Towards a Trustworthy Privacy in Pervasive Video Surveillance Systems Antoni Mart´ ınez-Ballest´ e ∗ , Hatem A. Rashwan ∗ , Dom` enec Puig ∗ and Antonia Paniza Fullana † ∗ Department of Computer Engineering and Maths, Universitat Rovira i Virgili, Tarragona, Spain {antoni.martinez,domenec.puig}@urv.cat, hatem.rashwan@ieee.org † Department of Civil Law, Universitat de les Illes Balears, Palma, Spain antonia.paniza@uib.es Abstract—The consideration of security and privacy is a linchpin of the social acceptance of pervasive technology. This paper paves the way to the development of trustworthy pervasive video surveillance systems, by emphasizing the need to properly combine different aspects that current systems do not manage. In particular, in this paper we propose the combination of the following issues into a common framework: proper people identification mainly based on computer vision techniques, content protection not only by using convenient cryptographic techniques, but also law enforcement and user cooperation in order to get feedback with regard to the whole video surveillance system. Furthermore, an analysis focused on the current computer vision techniques used for people identification is presented. Finally, a score to measure the trust offered by video surveil- lance systems is proposed. I. I NTRODUCTION In the last years, the enormous advance of Information and Communication Technologies (ICT) has paved the way to a solid Information Society: on the one hand, a plethora of services are offered throughout Internet; on the other, millions of users are continuously pouring tons of information (pictures, videos, opinions, etc.), using a variety of devices. The information is stored in servers which are interconnected and, hence, accessible from any point of the Internet. Moreover, computer scientists have developed techniques of information gathering and analysis. Hence, data are analyzed as they circulate and, consequently, a huge quantity of knowledge is generated. Despite of all the advantages clearly offered by ICT, pervasive computation and connection of ubiquitous com- puting devices (computers, smartphones, RFID readers, video cameras, etc.) may transform Information Society into a Dataveillance Society [1], [2]. As stated in the Universal Declaration of Human Rights [3], “No one shall be subjected to arbitrary interference with his privacy”. Moreover, the European Convention on Human Rights [4], states that “There shall be no interference by a public authority with the exercise of this right”. A. Privacy in Video Surveillance Pervasive video surveillance systems inherently jeopar- dize the privacy of people: identities and activities can be easily retrieved from pictures and videos. Certainly, people permits being surveilled in the name of security: homeland Fig. 1. An example video surveillance scenario. security, prevention of crime, etc. However, people dislike being monitored during their everyday activities. In the last decade, video surveillance has evolved from CCTV being monitored by authorized people to complex and intercon- nected pervasive video cameras, whose recorded content is streamed over a network, processed and datamined so as to extract knowledge. This fact facilitates the profiling of citizens and favors the “Big Brother” effect. Figure 1 presents an example video surveillance sce- nario. It consists of two cameras placed in a corridor. These cameras record digital video and perform some pre- processing (e.g. decrease frame rate, lossy compression of video). This video is sent to an Information System: a set of computers capable of storing, analyzing and granting access to the data. This video is handled by a Video Processing Module: on the one hand, the Identification sub- module detects faces with the aim of identifying people moving through the corridor. On the other, the Content Protection sub-module blurs the detected faces in order to preserve the privacy of the identified people. To that end, the video stream is analyzed to find Regions of Interest (ROIs, e.g. faces), which are tracked in time into records, corresponding to a single object (i.e. person). These records are analyzed to determine the identity of the object (i.e. The Second IEEE International Workshop on Social Implications of Pervasive Computing 2012, Lugano (23 March 2012) 978-1-4244-9529-0/12/$31.00 ©2012 IEEE 914