Privacy Audit & Assessment of ShotSpotter, Inc.’s Gunshot Detection Technology

Overview

In response to concerns over the potential privacy implications of its gunshot detection technology, ShotSpotter Technologies, Inc. (SST) approached the Policing Project to conduct a thorough personal privacy assessment of its product, ShotSpotter. The primary privacy concern we identified with ShotSpotter was the possibility that the technology might capture voices of individuals near its sensors, and could conceivably be used for targeted voice surveillance.

Although ultimately concluding that the risk of voice surveillance was extremely low in practice, we offered SST a variety of recommendations on how to make ShotSpotter even more privacy protective. As detailed in our report, SST has adopted nearly all of our recommendations verbatim, with only slight modifications or qualifications based on how ShotSpotter functions.

The Policing Project undertook this assessment because we believe it is essential that law enforcement and communities they serve understand the costs and benefits of policing technologies like ShotSpotter before acquiring any new technology. Further, we believe it is incumbent on technology providers to take meaningful steps to improve their product’s design and operation to minimize intrusions on civil liberties.


Key Takeaways

1). On our recommendation, SST adopted a wide range of privacy-enhancing recommendations, chief among them that SST:

  1. Substantially reduce the duration of audio stored on ShotSpotter sensors;

  2. Commit to denying requests and challenging subpoenas for sensor audio;

  3. Commit to not sharing specific sensor location; and

  4. Improve internal controls and supervision regarding audio access.

2). In addition to considering ShotSpotter’s personal privacy implications, our report concludes by offering additional guidance regarding data sharing with third parties. Although we do not see this as a personal privacy issue, we believe this is one area where SST can and should refine its approach.

3). We believe this type of open audit and assessment—whether performed by us or by others—should become the norm for companies selling technologies to governments and policing agencies. We hope other policing technology companies will proactively embrace their responsibility in protecting individual liberty.

<