Table of Contents
Fetching ...

Privacy of Groups in Dense Street Imagery

Matt Franchi, Hauke Sandhaus, Madiha Zahrah Choksi, Severin Engelmann, Wendy Ju, Helen Nissenbaum

TL;DR

Dense Street Imagery (DSI) enables real-time urban sensing, but traditional anonymization fails to protect group privacy. This paper conducts a penetration test on 25,232,608 NYC dashcam images to show how AI vision models can infer group membership despite de-identification. Using Contextual Integrity (CI) as an analytical lens, it defines a typology of identifiable groups and demonstrates concrete privacy harms, including targeted enforcement and employment risks. It concludes with policy and technical recommendations, including dataset-use approvals and context-aware obfuscation tools, to safeguard group privacy while preserving DSI's utility.

Abstract

Spatially and temporally dense street imagery (DSI) datasets have grown unbounded. In 2024, individual companies possessed around 3 trillion unique images of public streets. DSI data streams are only set to grow as companies like Lyft and Waymo use DSI to train autonomous vehicle algorithms and analyze collisions. Academic researchers leverage DSI to explore novel approaches to urban analysis. Despite good-faith efforts by DSI providers to protect individual privacy through blurring faces and license plates, these measures fail to address broader privacy concerns. In this work, we find that increased data density and advancements in artificial intelligence enable harmful group membership inferences from supposedly anonymized data. We perform a penetration test to demonstrate how easily sensitive group affiliations can be inferred from obfuscated pedestrians in 25,232,608 dashcam images taken in New York City. We develop a typology of identifiable groups within DSI and analyze privacy implications through the lens of contextual integrity. Finally, we discuss actionable recommendations for researchers working with data from DSI providers.

Privacy of Groups in Dense Street Imagery

TL;DR

Dense Street Imagery (DSI) enables real-time urban sensing, but traditional anonymization fails to protect group privacy. This paper conducts a penetration test on 25,232,608 NYC dashcam images to show how AI vision models can infer group membership despite de-identification. Using Contextual Integrity (CI) as an analytical lens, it defines a typology of identifiable groups and demonstrates concrete privacy harms, including targeted enforcement and employment risks. It concludes with policy and technical recommendations, including dataset-use approvals and context-aware obfuscation tools, to safeguard group privacy while preserving DSI's utility.

Abstract

Spatially and temporally dense street imagery (DSI) datasets have grown unbounded. In 2024, individual companies possessed around 3 trillion unique images of public streets. DSI data streams are only set to grow as companies like Lyft and Waymo use DSI to train autonomous vehicle algorithms and analyze collisions. Academic researchers leverage DSI to explore novel approaches to urban analysis. Despite good-faith efforts by DSI providers to protect individual privacy through blurring faces and license plates, these measures fail to address broader privacy concerns. In this work, we find that increased data density and advancements in artificial intelligence enable harmful group membership inferences from supposedly anonymized data. We perform a penetration test to demonstrate how easily sensitive group affiliations can be inferred from obfuscated pedestrians in 25,232,608 dashcam images taken in New York City. We develop a typology of identifiable groups within DSI and analyze privacy implications through the lens of contextual integrity. Finally, we discuss actionable recommendations for researchers working with data from DSI providers.
Paper Structure (37 sections, 7 figures, 4 tables)

This paper contains 37 sections, 7 figures, 4 tables.

Figures (7)

  • Figure 1: A map showing reported vending violations against food truck detections in Jackson Heights, Queens. For higher precision, we choose a confidence threshold of 0.7, which yields a precision of 0.90 and a recall of 0.50 on the test set.
  • Figure 2: Using zero-shot image retrieval, we queried Cambrian for the prompt "Is there a bike rider with a box on their back in this image?". An authority may readily use this to create a strategic map for deployment zones optimal for monitoring food delivery worker hotspots, as depicted. The computed hotspots correspond to the average 'lunch rush' period (10AM-2PM) and can be easily computed over each day within our dataset. From a ground-truth annotation of 500 random positive detections, we estimate precision at 0.70.
  • Figure 3: Contextual Integrity Analysis of a DSI Information Flow. Changing a single parameter in an information flow can transform it from appropriate (green, $\curvearrowright$) to inappropriate (red, $\curvearrowright$). Contextual integrity requires evaluating fully specified information flows to avoid ambiguous cases (blue, $\curvearrowright$).
  • Figure S1: An example of a DSI image processed by Nexar's current pedestrian obfuscation algorithm, showing that pedestrians' entire bodies and faces are obscured by a blurred rectangular box. While individual identities are rendered nearly impossible to infer, environmental cues still allow for the inference of the scene being a farmer's market.
  • Figure S2: An example of group membership inference, even under full-body pedestrian obfuscation. Due to the high-visibility vest worn by this NYPD traffic officer, a group membership inference can be made solely from neon-green color, black pants, and situation on the corner of a traffic intersection.
  • ...and 2 more figures