Samaritans Radar – serious privacy concerns raised

UPDATE: 31 October

It appears Samaritans have silently tweaked their FAQs (so the text near the foot of this post no longer appears). They now say tweets will only be retained by the app for seven (as opposed to thirty) days, and have removed the words saying the app will retain a “Count of flags against a Twitter Users Friends ID”. Joe Ferns said on Twitter that the inclusion of this in the original FAQs was “a throw back to a stage of the development where that was being considered”. Samaritans also say “The only people who will be able to see the alerts, and the tweets flagged in them, are followers who would have received these Tweets in their current feed already”, but this does not absolve them of their data controller status: a controller does not need to access data in order to determine the means by which and the manner in which personal data are being processed, and they are still doing this. Moreover, this changing of the FAQs, with no apparent change to the position that those whose tweets are processed get no fair processing notice whatsoever, makes me more concerned that this app has been released without adequate assessment of its impact on people’s privacy.

END UPDATE

UPDATE: 30 October

Susan Hall has written a brilliant piece expanding on mine below, and she points out that section 12 of the Data Protection Act 1998 in terms allows a data subject to send a notice to a data controller requiring it to ensure no automated decisions are taken by processing their personal data for the purposes of evaluating matters such as their conduct. It seems to me that is precisely what “Samaritans Radar” does. So I’ve sent the following to Samaritans

Dear Samaritans

This is a notice pursuant to section 12 Data Protection Act 1998. Please ensure that no decision is taken by you or on your behalf (for instance by the “Samaritans Radar” app) based solely on the processing by automatic means of my personal data for the purpose of evaluating my conduct.

Thanks, Jon Baines @bainesy1969

I’ll post here about any developments.

END UPDATE

Samaritans have launched a Twitter App “to help identify vulnerable people”. I have only ever had words of praise and awe about Samaritans and their volunteers, but this time I think they may have misjudged the effect, and the potential legal implications of “Samaritans Radar”. Regarding the effect, this post from former volunteer @elphiemcdork is excellent:

How likely are you to tweet about your mental health problems if you know some of your followers would be alerted every time you did? Do you know all your followers? Personally? Are they all friends? What if your stalker was a follower? How would you feel knowing your every 3am mental health crisis tweet was being flagged to people who really don’t have your best interests at heart, to put it mildly? In this respect, this app is dangerous. It is terrifying to think that anyone can monitor your tweets, especially the ones that disclose you may be very vulnerable at that time

As for the legal implications, it seems to be potentially the case that Samaritans are processing sensitive personal data, in circumstances where there may not be a legal basis to do so. And some rather worrying misconceptions have accompanied the app launch. The first and most concerning of these is in the FAQs prepared for the media. In reply to the question “Isn’t there a data privacy issue here? Is Samaritans Radar spying on people?” the following answer is given

All the data used in the app is public, so user privacy is not an issue. Samaritans Radar analyses the Tweets of the people you follow, which are public Tweets. It does not look at private Tweets

The idea that, because something is in the public domain it cannot engage privacy issues is a horribly simplistic one, and if that constitutes the impact assessment undertaken, then serious questions have to be asked. Moreover, it doesn’t begin to consider the data protection considerations: personal data is personal data, whether it’s in the public domain or not. A tweet from an identified tweeter is inescapably the personal data of that person, and, if it is, or appears to be, about the person’s physical or mental health, then it is sensitive personal data, afforded a higher level of protection under the Data Protection Act 1998 (DPA). It would appear that Samaritans, as the legal person who determines the purposes for which, and the manner in which, the personal data are processed (i.e. they have produced an app which identifies a tweet on the basis of words, or sequences of words, and push it to another person) are acting as a data controller. As such, any processing has to be in accordance with their obligation to abide by the data protection principles in Schedule One of the DPA. The first principle says that personal data must be processed fairly and lawfully, and that a condition for processing contained in Schedule Two (and for sensitive personal data Schedule Two and Three) must be met. Looking only at Schedule Three, I struggle to see the condition which permits the app to identify a tweet, decide that it is from a potentially suicidal person and send it as such to a third party. The one condition which might apply, the fifth “The information contained in the personal data has been made public as a result of steps deliberately taken by the data subject” is undercut by the fact that the data in question is not just the public tweet, but the “package” of that tweet with the fact that the app (not the tweeter) has identified it as a potential call for help.

The reliance on “all the data used in the app is public, so user privacy is not an issue” has carried through in messages sent on twitter by Samaritans Director of Policy, Research and Development, Joe Ferns, in response to people raising concerns, such as

existing Twitter search means anyone can search tweets unless you have set to private. #SamaritansRadar is like an automated search

Again, this misses the point that it is not just “anyone” doing a search on twitter, it is an app in Samaritans name which specifically identifies (in an automated way) certain tweets as of concern, and pushes them to third parties. Even more concerning was Mr Ferns’ response to someone asking if there was a way to opt out of having their tweets scanned by the app software:

if you use Twitter settings to mark your tweets private #SamaritansRadar will not see them

What he is actually suggesting there is that to avoid what some people clearly feel are intrusive actions they should lock their account and make it private. And, of course, going back to @elphiemcdork’s points, it is hard to avoid the conclusion that those who will do this might be some of the most vulnerable people.

A further concern is raised (one which confirms the data controller point above) about retention and reuse of data. The media FAQ states

Where will all the data be stored? Will it be secure? The data we will store is as follows:
• Twitter User ID – a unique ID that is associated with a Twitter account
• All Twitter User Friends ID’s – The same as above but for all the users friends that they
follow
• Any flagged Tweets – This is the data associated with the Tweet, we will store the raw
data for the Tweet as well
• Count of flags against a Twitter Users Friends ID – We store a count of flags against an
individual User
• To prevent the Database growing exponentially we will remove flagged Tweets that are
older than 30 days.

So it appears that Samaritans will be amassing data on unwitting twitter users, and in effect profiling them. This sort of data is terrifically sensitive, and no indication is given regarding the location of this data, and security measures in place to protect it.

The Information Commissioner’s Office recently produced some good guidance for app developers on Privacy in Mobile Apps. The guidance commends the use of Privacy Impact Assessments when developing apps. I would be interested to know if one was undertaken for Samaritans Radar, and, if so, how it dealt with the serious concerns that have been raised by many people since its launch.

This post was amended to take into account the observations in the comments by Susan Hall, to whom I give thanks. I have also since seen a number of excellent blog posts dealing with wider concerns. I commend, in particular, this by Adrian Short and this by @latentexistence

 

 

33 Comments

Filed under consent, Data Protection, Information Commissioner, Privacy, social media

33 responses to “Samaritans Radar – serious privacy concerns raised

  1. I looked on the website for the app and this press release gives worrying details on data retention: http://www.samaritans.org/sites/default/files/kcfinder/branches/branch-96/files/FAQs%20for%20Radar%20-%20EXTERNAL.pdf: See under the heading “Where will all the data be stored? Will it be secure?”

    It’s a frankly terrible idea in my opinion and I can’t see what the DPA justification can be.

  2. I notice, of course, that they don’t answer the question “where” and “will it be secure”, either.
    It occurs to me that they can’t be set up for subject access requests, either.

  3. An extra point: here is the Data Protection registrations for The Samaritans (I’ve not looked at individual branches).
    http://ico.org.uk/ESDWebPages/DoSearch?reg=63972

    It does not appear to me at first sight that either the processing of the data in question or its transfer as set out in the FAQs is covered by that registration.

  4. Good intentions are no substitute for risk management and legal compliance, and the blasé argument that ‘it’s all public so we’re entitled’ is nonsense. The Information Commissioner will run a mile from criticising a charity, so unless someone sues them, this ill-thought-out and arrogant wheeze will trundle along happily until the data is lost or stolen. Given the apparent unwillingness to look at privacy properly, this may come sooner rather than later.

  5. Pingback: Samaritans Radar and Twitter’s Public Problem | A Latent Existence

  6. Pingback: An Email To The Samaritans Detailing My Concerns About Samaritans Radar | Sarah Myles

  7. Reblogged this on Dr Suzanne Conboy-Hill: real world, virtual world, tech, & health and commented:
    I first heard about SamaritansRadar yesterday (October 29th) – that it was an app, and that its function was to help identify someone, a friend, who was feeling vulnerable. Then I began to hear more concerning comment about the way in which it was being applied and how the algorithm underpinning it could not manage sarcasm. Funny? Not really; I thought it probably couldn’t handle exerpts from professional papers or books, discussion amongst professionals,, for instance, about suicide and depression, and also, more amusingly, the tweets my fiction writing friends often put out to publicise their books or stories.

  8. Pingback: The Samaritans and the Panopticon Society | hundhaus

  9. Pingback: the Samaritans Radar app | aLUKEonLIFE

  10. Pingback: A helping hand? | Raishimi33

  11. Pingback: Killing with kindness | Sometimes, it's just a cigar

  12. Kathryn

    Good point about writers’ publicity tweets. I was very confused when a new FB friend seemed to be posting psychotic rants… turned out, when I PM’d, that she was posting as a fictional character as part of a performance art thing. I’d hate to be her if the police showed up, or concerned relatives, over a piece of fiction.

    Saying it’s OK because the tweets are public is like saying you can eavesdrop on people on the sidewalk or subway in a way they can’t detect and notify people what they’re saying, completely without context.

    • No, it’s like skipping the World Series and watching the highlights on the news that someone compiled together.
      It’s a public performance that is available for anyone who wants to view it. Instead of sitting through several hours of boredom (or sifting through hours of BS about what someone is eating/watching/f*cking), you’ll letting someone else do that for you.

      Not that I don’t see the abuse potential in this, but screaming that it’s a privacy issue to have something that screens data for certain keywords that you deliberately published to the world is just…. ridiculous.

      • I’m guessing you came here from Slashdot, and, forgive my speculation, but I’m also guessing you’re US-based. European data protection law grew up in large part from concerns about the state and organisations being able to use computer processing power to perform operations on data (even apparently innocuous data) way beyond what was humanly capable. This risked (still does) interference with people’s rights: this app monitors tweets, processes them with an automated algorithm, which selects tweets if they contain the right keywords, pushes this information to a third party, and then retains the tweet and may match it with others from the same person. All without the subject of this being aware.

        Under European law this is a potential interference with people’s rights. The position may well be different in the US.

  13. Pingback: Samaritans Radar is a crude tool for flagging suicide risks – but it will save lives | AllDigitalNews.com

  14. Pingback: Reasons to stay under the #SamaritansRadar | Valery North - Writer

  15. Pingback: Connecting Minds Network :: Samaritans Radar is a crude tool for flagging suicide risks – but it will save lives

  16. Joe Tesh

    What? You people don’t understand how this works. It searches through PUBLIC Twitter feeds. PUBLIC Twitter feeds are, um, PUBLIC. There is no privacy here. This is Twitter. You use Twitter and are concerned about privacy???

    • Dear Mr Tesh
      I am writing to inform you on behalf of a leading anger management organisation that your use of caps and multiple punctuation marks in commenting on public internet posts has triggered an algorithm suggesting that you are potentially at risk for anger and stress related conditions. Confidential email alerts confirming this assessment and giving recommendations for action have been sent to all users who have signed up to monitor your anger and punctuation issues. Have a nice day.

      Kind regards

      Jennybot

      • Joe Tesh

        Susan, that is fine. My post was placed on a PUBLIC website. You can process it, forward it, do whatever you want with it.

        Have a nice day.

    • Hi Joe – did you read my piece? The issue is not just the searching through public feeds: it’s the processing of the tweets by an automated algorithm, which selects tweets if they contain the right keywords, pushes this information to a third party, and then retains the tweet and may match it with others from the same person. All without the subject of this being aware

      • Joe Tesh

        Do you understand how any kind of search works on the Web? Like Google? It processes information (web pages, tweets, etc) using an automated algorithm, and selects information if they contain the right keywords and pushes the information to a third party, and then retains the search and also matches with other searches from the same person.

        Are you really being serious here? You really need to learn how information is processed. I realize that most people don’t understand how technology works, but you need to learn if you are going to be concerned about this.

        This app searches PUBLIC twitter feeds.

      • Yes I do understand. A search engine is, when processing personal data, a data controller, and has attendant obligations under data protection law (Case C‑131/12 Google Spain v Costeja Gonzalez).

        I’m guessing you came here from Slashdot, and, forgive my speculation, but I’m also guessing you’re US-based. European data protection law grew up in large part from concerns about the state and organisations being able to use computer processing power to perform operations on data (even apparently innocuous data) way beyond what was humanly capable. This risked (still does) interference with people’s rights: this app monitors tweets, processes them with an automated algorithm, which selects tweets if they contain the right keywords, pushes this information to a third party, and then retains the tweet and may match it with others from the same person. All without the subject of this being aware.

        Under European law this is a potential interference with people’s rights. The position may well be different in the US.

  17. Pingback: Three reflections on the #SamaritansRadar app | Co-producing digital mental health

  18. @1000kindsofrain

    I’ve now had chance to skim the FAQ. And I think the technology is being oversold. This is a service that emails out “interesting” tweets, much like Twitter itself does. It’s annoying that if I delete a tweet, it lingers for 30 days, but otherwise my content is accessible through Twitter so I don’t see an issue with the Samaritans holding onto the raw tweets. I’m also sceptical a stalker would delegate to an app: my brief experience is it’s an obsession and they follow your every tweet, but maybe I’m being naive.

    My real concern is the service is labelling people based on the results of a crude program rather than an evaluation by a mental health professional. This debunk of Facebook experimenting on your news feed will give you an idea of the current limits of the technology. It’s basically looking for a few suspect keywords. And although I’m sure it will improve, it will label plenty of people who aren’t suicidal as suicidal (false positives). [I drafted this last night, and this morning I read a media report suggesting only 10 out of 258 accounts flagged in first day were actually suicidal.] So the worst case is the database leaks and people who don’t understand the technology start taking it as gospel. (And the database will leak because every database ends up leaking.)

    But I think the Samaritans have done us a service by bringing the issues into the open. Marketers and recruiters are slurping your social media and using similar tools to evaluate you. They will spot the same patterns. So we need to discuss what we can and can’t do with the patterns we see in people’s social data. But if we convince the Samaritans to can the service, all we’ll have done is moved the rug over the dirt.

    Anyway while I wouldn’t sign up for it, I can’t be bothered to unlist myself.

    (Aside: if I’m depressed, I will ignore anything nice you say to me if I think you’re saying it because a computer told you to. But, again, that’s overstating what the service does.)

  19. Frank Lee

    For the love of dog, you Europeans seriously need to get a grip.

    If you had your way (in the aggregate), you’d pretty much stop all technological progress. There’s a reason why the top tech companies — providing value to the world — are NOT based in Europe; they’d be sued out of existence.

    PUBLIC info. That the processing and retention of this should be illegal is just gobsmackingly insane. Citing the Google Spain case, if anything, solidifies the absurdity of the European position; the right to be forgotten… are you going to, say, lobotomize or euthanize people with photographic memories?

    Now, granted, the Samaritan app was poorly crafted and just ill-designed in general. Perhaps stupidly misguided, even. But truly harmful? Worth regulating out of existence? Seriously?

    Yes, yes, I know there’s some pretty awful stuff that happened in European history. Your charming Stasi was collecting gobs of data and using it for unspeakably awful things. But perhaps you should focus on banning terrible actions vs. the mere *collection* of information.

    You’d probably ban companies like 23-and-Me, making it impossible for individuals to gain insight into their personal health information because, ZOMG, data collection and retention!

    –smacking head against wall–

  20. Pingback: Open thread: #SamaritansRadar, Amazon diversity, Facebook research | Open thread: #SamaritansRadar, Amazon diversity, Facebook research | Social Dashboard

  21. Pingback: #SamaritansRadar | Welcome to Shoebox Castle!

  22. Pingback: Samaritans cannot deny being data controller for #samaritansradar | informationrightsandwrongs

  23. Pingback: Samaritans RADAR monitor tweets - EDRi

  24. Pingback: So farewell then #samaritansradar… | informationrightsandwrongs

  25. Pingback: ICO: Samaritans Radar failed to comply with Data Protection Act | informationrightsandwrongs

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s