Last Updated: August 2018
Leveraging Technology to Produce Societal Benefits
As technology continues to advance, balancing its benefits against some of its inherent risks to privacy continues to be an issue which confronts us all. What’s true for technology in general is also the case in the realm of public safety. Technological advances have provided significant benefits to those tasked with keeping us safe while at the same time raising appropriate dialogue about how we can leverage those benefits while minimizing unwarranted intrusions on personal privacy.
Several police tools and technologies capture information that is already in public view: license plate readers, video cameras at stoplights and ATMs, combined video/audio surveillance cameras, facial recognition algorithms, etc. Unlike general audio and video surveillance devices, such as the tens of thousands of video cameras deployed in our nation’s cities which monitor general activities, gunshot detection technology is designed to trigger on loud explosive or impulsive sounds that may likely be gunfire and occur only rarely—and that the public already “hears”.
ShotSpotter acoustic sensors are tuned to detect only loud, impulsive sounds. ShotSpotter sensors do not use high gain, directional or other specialized microphones. Human voices do not trigger the sensors. Only when a short, explosive sound is detected – essentially a bang, boom or pop – does the system activate and permit a short snippet of audio to be sent for evaluation by a machine, and in some cases, a human, to determine if it is indeed a gunshot or another sound such as a firecracker or car backfire. Otherwise, the audio will be flushed from the sensor’s buffer and permanently deleted within 72 hours.
When a loud impulsive sound triggers a sensor, it instantly sends summary data about the acoustic event that includes a time stamp, the location of the sensor, sound amplitude and envelope characteristics to the ShotSpotter cloud for analysis. If multiple sensors report an impulsive sound within a narrow time window which are sufficiently loud and mathematically consistent with their having originated at a single location, software algorithms attempt to calculate that origin location. If an accurate location can be determined, an incident is created in a centralized database and audio snippets are retrieved from all triggered sensors. Otherwise, the summary data is immediately discarded.
For the small percentage of impulsive sounds heard by multiple sensors where a location can be calculated, artificial intelligence and statistical techniques are then applied to classify the source of the sound. This machine classification is performed using the summary data and audio snippets collected from the sensors that triggered.
In some cases, the machine classification allows the incident to be immediately filtered out. For example, if the incident is classified as a firework, no further steps need be taken. If the machine classification is ambiguous, audio snippets from all triggered sensors are presented to reviewers for human classification. Audio snippets for all incidents (loud, impulsive sounds that trigger multiple sensors and are believed to be gunshots) are maintained in the ShotSpotter cloud, regardless of final classification. In all cases, audio will be deleted from the sensor’s buffer within 72 hours and overwritten.
In those cases in which an explosive triggering acoustic event is detected and located, the brief audio snippets are sent to ShotSpotter’s Incident Review Center (IRC) for analysis and alert qualification by highly trained experts in gunshot acoustics. Within seconds, ShotSpotter’s IRC sends those qualified gunfire alerts directly to a dispatch center, PSAP, patrol officers or other agencies for an effective, coordinated response. The gunfire alerts that the ShotSpotter system delivers to our police agency clients provide a digital record of violent gun crimes in progress, including minimally brief snippets of audio recordings of those crimes. For any given illegal gunfire incident, that snippet can only contain a few seconds of audio before the first shot and after the last shot. The purpose of these short seconds of audio on either end of the gunshots is to allow a human reviewing in the incident to clearly tell when the shooting starts and stops, including judges and juries during possible future criminal proceedings.
No Live Audio Streaming
As mentioned above, the entire system is intentionally designed not to allow live streaming of any sort. There is no “listen” button available to law enforcement, or to the staff of our Incident Review Center, except the buttons which replay the specific few seconds of incident audio surrounding an impulse noise determined to likely have originated from an explosive source.
Policy and Security Minutiae
If you are still with us, here are some additional details:
All servers and software used to process, store and protect data are managed and maintained by ShotSpotter. Police agencies subscribe to the hosted service on an annual basis, radically streamlining the cost and complexity of using gunfire alert and analysis to enhance awareness, response and community safety. ShotSpotter owns these data and does not release to anyone other than the customers under contract and according to the terms of that contract, thus further ensuring the safety and security of the data. Customers do not have administrative access to our servers, software, sensors, or any other means to circumvent ShotSpotter’s security and privacy measures.
ShotSpotter has taken appropriate security approaches to prevent anyone or any entity from gaining unauthorized access to our systems including our processors, networks or sensors. In addition to the fact that the system is designed not to permit live streaming audio, even if an intruder were to take control of our data center and network, they could not “make” a sensor deployed in the field stream audio. It simply isn’t possible: the sensors operate on a proprietary protocol and intentionally do not contain code which permits them to stream audio. Asymmetric key encryption is used to control access to sensors, and ShotSpotter employees are required to use dual-factor authentication to gain access to most critical systems.
In the event that the ShotSpotter system fails to detect an incident, it is ShotSpotter’s policy only to respond to requests for incident data or audio related to specific, verified gunfire incidents. In no event does incident audio extend beyond 2 seconds before and 4 seconds after an incident.
In addition to all of these technical and security measures taken to protect privacy and prevent misuse, ShotSpotter has adopted a human resources policy to ensure that employees and contractors adhere to our privacy policies.
In the end, we believe that the privacy of our citizens and the community and social benefits of decreased gun violence are not at odds with each other. Our ultimate goal is to ensure that both are satisfied. We believe we have taken all reasonable and necessary precautions to assure a robust and strong privacy posture. We will continue to review, revise—and strengthen if necessary—these policies.