How Vumacam’s CCTV system works

[ab-user]

Vuma phase ### complete, as it becomes Big brother. Person Of Interest

If only just the Machine. Wholesale public monitoring will most likely morph into Decima Technologies' Samaritan.

 

[Sinbad]

Vuma phase ### complete, as it becomes Big brother. Person Of Interest

As long as Amy Acker comes along with the system, I'm happy

 

[ab-user]

As long as Amy Acker comes along with the system, I'm happy

All you want is root access!

 

[ToxicBunny]

As long as Amy Acker comes along with the system, I'm happy

For your sins, that will never happen.

 

[Sinbad]

All you want is root access!

All day and all night

 

[Swa]

All you want is root access!

Not sure it includes kink.

 

[milomak]

how companies have access to see this is what i am most interested in

 

[daveza]

I'm surprised that nobody seems to mind this.

 

[genetic]

As long as Amy Acker comes along with the system, I'm happy

If you like your women like you like your biltong...

 

[gah]

I was curious about these. Specifically their privacy policies. On their website they say privacy is their top priority but the privacy policy on the site actually states it only applies to website visitors, but then includes some info about the video footage. It basically only says they are POPI compliant and everyone else should be too.

It isn't clear to me how a camera system owned by a private company and run for profit on a public road can ever be "POPI compliant" or what that even means.

Let's start by being clear that camera footage is personal information. There's plenty of precedent for this: anything the camera records that may reveal your identity would meet the definition of PI in the act. It is arguably even biometric information as unique as your fingerprint, which would make it "special personal information" subject to additional regulation.

Under section 11(1) of POPIA there are six bases for the lawful processing of personal information — the same six that exist in the GDPR in Europe. I would be very interested to see which of the lawful bases Vumatel believe they will be operating under since I cannot see how they can argue any of them:

(a) the data subject or a competent person where the data subject is a child consents to the processing;

They're asking me to trade two rights guaranteed in the constitution: to preserve my right to privacy I must forgo my right to freedom of movement [on public land]; to retain my right of freedom of movement I must forgo my right to privacy. Therefore consent cannot be freely given. It is also not clear how my consent (or lack thereof) is recorded, and how I might exercise the right to withdraw consent.

(b) processing is necessary to carry out actions for the conclusion or performance of a contract to which the data subject is party;

I have no contract with Vumatel that allows them to record me. For this basis to work, Vumatel would have to enter into a contract with every road user (including all the pedestrians).

(c) processing complies with an obligation imposed by law on the responsible party;

To the best of my knowledge, there is nothing in law that compels Vumatel — or any private company — to record my movements on a public road.

(d) processing protects a legitimate interest of the data subject;

POPI seems to be a bit vague on this, but under the GDPR this is known as "vital interests" and the bar for using it as a basis is life-or-death situations. Its certainly true that these cameras may be used for this, but that doesn't make it a legitimate basis for processing: the scale of monitoring is too large, and it is clear it will be used for other purposes (how do they need license plate recognition to protect my life?)

(e) processing is necessary for the proper performance of a public law duty by a public body; or

Vumatel is monetising the data and making it available to other private bodies suggests that they are not operating under a contract from a municipality or law enforcement agency. Even if they were, they then could not share the PI with a third party, and other uses would be in violation of the requirement of collection for a specific purpose.

(f) processing is necessary for pursuing the legitimate interests of the responsible party or of a third party to whom the information is supplied.

"We want to make money" doesn't meet the bar of legitimate interests. In any event, I would argue that forcing me to trade two rights guaranteed in the constitution trumps any potential legitimate interest Vumatel might have in processing my personal information. I suspect that they'd have a hard time arguing other [non-constitutional] rights trump the bill of rights, particularly if they make money from the data.

European regulators have already found that a private individual with cameras on the road which they maintain for their own use can argue legitimate interest, but a private company cannot. That seems to mirror the exemptions under 6(1)(a) of POPIA.


As I see it, they cannot be "POPI compliant" even before we get into the requirements for adequate documentation, notification, security measures, confidentiality, access, or correction; they shouldn't have the data in the first place, so how they store it is irrelevant.

I look forward to POPIA being in force so I can lodge my formal objection.

 

[Sinbad]

Bollocks. Anyone can photograph anyone in public.

We complain about crime and then when someone does something about it we complain about the solution.
I don't want to live on this planet any more

 

[daveza]

Bollocks. Anyone can photograph anyone in public.

Try wearing and old raincoat and take photos of little kids at the playground and see how that works.

 

[ToxicBunny]

Try wearing and old raincoat and take photos of little kids at the playground and see how that works.

Legally there is absolutely nothing wrong with that specifically.

 

[gah]

Bollocks. Anyone can photograph anyone in public.

There is a massive difference between taking a photograph in public and routine camera surveillance that records personal information. Just as there is a difference between routine safety monitoring in the public interest, and a private company monetising your personal information for profit.

There is a reason many dystopian novels begin with citizens giving up their rights to private corporations: whilst they're often far fetched in the extents they take them to, the underlying theme of privacy is something we really should be concerned about.

There's a slippery slope argument to be made here. At what point to Vumatel (and I'm not picking on them specifically) cross the line between acting in your interests by promoting safety and acting purely in their own interests by selling your information? Remembering that ultimately their interests are those of their owners and shareholders.

 

[supersunbird]

They must shut the system down so that we rely on SAPS alone... amirite?

 

[gah]

They must shut the system down so that we rely on SAPS alone... amirite?

I suspect that is the letter of the law once POPIA comes into force, albeit with SAPS being a placeholder for all law enforcement, including metro police, etc.

One compromise might be that they become completely open and transparent about all aspects of what they're doing, including the nature of the commercial relationships with they have with other parties. Ideally by spinning this off as a separate not-for-profit that has ring-fenced operations. If you're going to claim this is in the public interest, then the entirety of the operation must be open to scrutiny and oversight.

AFAIK, POPIA would then allow them to approach the regulator for a specific exemption under section 37— and the regulator to impose the conditions on that exemption.

My concern is people hiding behind the claim of "POPI compliance" without any substantive evidence that they're actually doing so (where's the documentation explaining their basis for processing? or who they share your data with?), and without appropriate checks and balances.

 

[Slootvreter]

They must shut the system down so that we rely on SAPS alone... amirite?

Yeah just wait until someone attacks your wife and daughter then they'll want all the footage and evidence they can get.

 

[supersunbird]

Yeah just wait until someone attacks their wife and daughter then they'll want all the footage and evidence they can get.

Then it will be all '"F POPI"

 

[Swa]

Bollocks. Anyone can photograph anyone in public.

We complain about crime and then when someone does something about it we complain about the solution.
I don't want to live on this planet any more

You forgot the non commercial part. By contracting with third parties they already made it clear this is commercial. That requires a permit which are only given per period and instance and not permanently. This actually falls outside of the realm of recording and more into surveillance so it isn't even covered by the common law on public recordings.

Yeah just wait until someone attacks your wife and daughter then they'll want all the footage and evidence they can get.

Suppose that happened what are you going to do about it? There's no mention how the footage can be used by law enforcement or the public. If there was it may not be so bad but without guaranteed public access it's all one sided. That only opens it up to potential abuse. We already know transit heists are an inside job and soon house burglaries may be too.

 

[eg2505]

wonder what will happen if the system gets hacked, as it can happen,

selling access to criminals? pay X for subscription, and connect that way?