Last Updated: August 2018
Leveraging Technology to Produce Societal Benefits
As technology continues to advance, balancing its benefits against some of its inherent risks to privacy continues to be an issue which confronts us all. What’s true for technology in general is also the case in the realm of public safety. Technological advances have provided significant benefits to those tasked with keeping us safe while at the same time raising appropriate dialogue about how we can leverage those benefits while minimizing unwarranted intrusions on personal privacy.
Several police tools and technologies capture information that is already in public view: license plate readers, video cameras at stoplights and ATMs, combined video/audio surveillance cameras, facial recognition algorithms, etc. Unlike general audio and video surveillance devices, such as the tens of thousands of video cameras deployed in our nation’s cities which monitor general activities, gunshot detection technology is designed to trigger on loud explosive or impulsive sounds that may likely be gunfire and occur only rarely—and that the public already “hears”.
ShotSpotter acoustic sensors are tuned to detect only loud, impulsive sounds. ShotSpotter sensors do not use high gain, directional or other specialized microphones. Human voices do not trigger the sensors. Only when a short, explosive sound is detected – essentially a bang, boom or pop – does the system activate and permit a short snippet of audio to be sent for evaluation by a machine, and in some cases, a human, to determine if it is indeed a gunshot or another sound such as a firecracker or car backfire. Otherwise, the audio will be flushed from the sensor’s buffer and permanently deleted within 72 hours.
When a loud explosive noise triggers a sensor, it instantly sends summary data about the acoustic event (e.g. time stamp, sensor location, amplitude and envelope characteristics, etc. but explicitly not the audio of the sound itself) to a centralized processor at our ShotSpotter-operated data center. There, if no other sensors trigger (i.e., if only one sensor hears the particular impulse), nothing else happens and no incident is created. If multiple sensors (usually 3 or more) report impulsive noises within a narrow time window which are sufficiently loud and mathematically consistent with their having originated at a single location, software algorithms attempt to calculate that origin location. If an accurate location can be determined, the associated sensors’ data are aggregated (again, without the audio) and an incident is “created” in a centralized database. A second filter then applies artificial intelligence and statistical techniques to attempt to identify what type of sound originated at this location based on the measurements of the sound. In most cases, the parameters of the sound permit the incident to be filtered out, because it is, for example, a pile driver or a jackhammer. In a percentage of cases, the characteristics of the sound are consistent with an explosion (gunfire, firework mortar, firecracker, backfire, etc.). In those cases, and only in those cases, the sensors are permitted to push a small snippet of audio to our data center. Otherwise, the audio will be flushed from the sensor’s buffer and lost permanently. This is an intentional design: an active step must be taken only in the context of an explosive triggering acoustic event, or the audio is erased and overwritten.
In those cases in which an explosive triggering acoustic event is detected and located, the brief audio snippets are sent to ShotSpotter’s Incident Review Center (IRC) for analysis and alert qualification by highly trained experts in gunshot acoustics. Within seconds, ShotSpotter’s IRC sends those qualified gunfire alerts directly to a dispatch center, PSAP, patrol officers or other agencies for an effective, coordinated response. The gunfire alerts that the ShotSpotter system delivers to our police agency clients provide a digital record of violent gun crimes in progress, including minimally brief snippets of audio recordings of those crimes. For any given illegal gunfire incident, that snippet can only contain a few seconds of audio before the first shot and after the last shot. The purpose of these short seconds of audio on either end of the gunshots is to allow a human reviewing in the incident to clearly tell when the shooting starts and stops, including judges and juries during possible future criminal proceedings.
No Live Audio Streaming
As mentioned above, the entire system is intentionally designed not to allow live streaming of any sort. There is no “listen” button available to law enforcement, or to the staff of our Incident Review Center, except the buttons which replay the specific few seconds of incident audio surrounding an impulse noise determined to likely have originated from an explosive source.
Policy and Security Minutiae
If you are still with us, here are some additional details:
All servers and software used to process, store and protect data are managed and maintained by ShotSpotter. Police agencies subscribe to the hosted service on an annual basis, radically streamlining the cost and complexity of using gunfire alert and analysis to enhance awareness, response and community safety. ShotSpotter owns these data and does not release to anyone other than the customers under contract and according to the terms of that contract, thus further ensuring the safety and security of the data. Customers do not have administrative access to our servers, software, sensors, or any other means to circumvent ShotSpotter’s security and privacy measures.
ShotSpotter has taken appropriate security approaches to prevent anyone or any entity from gaining unauthorized access to our systems including our processors, networks or sensors. In addition to the fact that the system is designed not to permit live streaming audio, even if an intruder were to take control of our data center and network, they could not “make” a sensor deployed in the field stream audio. It simply isn’t possible: the sensors operate on a proprietary protocol and intentionally do not contain code which permits them to stream audio. Asymmetric key encryption is used to control access to sensors, and ShotSpotter employees are required to use dual-factor authentication to gain access to most critical systems.
In the event that the ShotSpotter system fails to detect an incident, it is ShotSpotter’s policy only to respond to requests for incident data or audio related to specific, verified gunfire incidents. In no event does incident audio extend beyond 2 seconds before and 4 seconds after an incident.
In addition to all of these technical and security measures taken to protect privacy and prevent misuse, ShotSpotter has adopted a human resources policy to ensure that employees and contractors adhere to our privacy policies.
In the end, we believe that the privacy of our citizens and the community and social benefits of decreased gun violence are not at odds with each other. Our ultimate goal is to ensure that both are satisfied. We believe we have taken all reasonable and necessary precautions to assure a robust and strong privacy posture. We will continue to review, revise—and strengthen if necessary—these policies.