Developing Metrics for Surveillance Impact Assessment

Conducting surveillance impact assessment is the first step to solve the "Who monitors the monitor?" problem. Since the surveillance impacts on different dimensions of privacy and society are always changing, measuring compliance and impact through metrics can ensure the negative consequences are minimized to acceptable levels. To develop metrics systematically for surveillance impact assessment, we follow the top-down process of the Goal/Question/Metric paradigm: 1) establish goals through the social impact model, 2) generate questions through the dimensions of surveillance activities, and 3) develop metrics through the scales of measure. With respect to the three factors of impact magnitude: the strength of sources, the immediacy of sources, and the number of sources, we generate questions concerning surveillance activities: by whom, for whom, why, when, where, of what, and how, and develop metrics with the scales of measure: the nominal scale, the ordinal scale, the interval scale, and the ratio scale. In addition to compliance assessment and impact assessment, the developed metrics have the potential to address the power imbalance problem through sousveillance, which employs surveillance to control and redirect the impact exposures.

[1]  Ayumu Kubota,et al.  Kernel-based Behavior Analysis for Android Malware Detection , 2011, 2011 Seventh International Conference on Computational Intelligence and Security.

[2]  Debra Herrmann,et al.  Complete Guide to Security and Privacy Metrics: Measuring Regulatory Compliance, Operational Resilience, and ROI , 2007 .

[3]  Roger Clarke,et al.  An evaluation of privacy impact assessment guidance documents , 2011 .

[4]  David Wright,et al.  Should privacy impact assessments be mandatory? , 2011, Commun. ACM.

[5]  Yi-Ching Liao,et al.  Resource-Based Event Reconstruction of Digital Crime Scenes , 2014, 2014 IEEE Joint Intelligence and Security Informatics Conference.

[6]  V. Basili Software modeling and measurement: the Goal/Question/Metric paradigm , 1992 .

[7]  David Wright,et al.  Constructing a surveillance impact assessment , 2012, Comput. Law Secur. Rev..

[8]  B. Latané The psychology of social impact. , 1981 .

[9]  S S Stevens,et al.  On the Theory of Scales of Measurement. , 1946, Science.

[10]  Jason Nolan,et al.  Sousveillance: Inventing and Using Wearable Computing Devices for Data Collection in Surveillance Environments. , 2002 .

[11]  Approaches to Impact Assessment , 2014 .

[12]  Vilhelm Verendel,et al.  Quantified security is a weak hypothesis: a critical survey of results and assumptions , 2009, NSPW '09.

[13]  B. Latané,et al.  From private attitude to public opinion: A dynamic theory of social impact. , 1990 .

[14]  Klaus Julisch,et al.  Security compliance: the next frontier in security research , 2009, NSPW '08.

[15]  Katina Michael,et al.  The Emerging Ethics of Humancentric GPS Tracking and Monitoring , 2006, 2006 International Conference on Mobile Business.