July 12, 2022

Are all activities monitored in Medellín? - Some necessary questions about security and technology in the city

Ricardo Zapata Lopera

Aviso en espacio público por la presencia del sistema de vigilancia “robocop” de la Alcaldía de Medellín

Notice in public spaces due to the presence of the "robocop" surveillance system of the Medellín City Hall.

When Daniel Quintero became Mayor of Medellín with a techno-optimistic discourse, and his vision of a digitized city was included in the current Development Plan, the city had already been on the path of adopting new technologies for years. Although today they may seem obvious to many, developments such as the intelligent mobility system, the network of security cameras, the early warning system or even the CIVICA city card have cemented the capacity of the Mayor's Office to execute and monitor some services and public policies almost in real time. 

However, until now the implementation of these systems had not raised much debate among the population, except for in the discussions of some specialized audiences. Technological dependence on a few providers, the private operation of most of these systems and their high costs have not generated major friction in public opinion. Rather, the general perception has revolved around their direct benefits, such as being able to view data and videos in real time, the feeling of security they offer or the speed with which certain services reach us. 

The commotion that the city experienced around the data capture of Medellín Me Cuida at the beginning of the pandemic marked a change. Until then, there had not been so much debate around the implementation of a digital program in the Mayor's Office. What changed this time? Three facts could give some clues. First, the balance of political forces changed in the city, and it is the first time in recent decades that a mayor has a relatively low popularity, while facing a more organized and active opposition, despite being a minority in the City Council. Another change lies in the introduction of technologies based on the processing of personal data. Unlike previous systems, today the Mayor's Office wants to exploit to the maximum the technologies of the so-called fourth industrial revolution, which are highly dependent on the data that people produce. They are no longer measuring generic city variables such as air or traffic, but their focus is on individualizing the data, indexing it to a license plate, an ID card, or a biometric profile. And third, there is a greater public sensitivity to privacy. Although there does not seem to be a clear consensus on how much privacy we are willing to give up having certain services, international scandals linked to new technologies have raised caution about the implications for individual autonomy and democracy. 

Even so, today the Mayor's Office effusively presents us with a system like 'Robocop' that has cameras that can monitor any point in the city "with facial recognition, license plate identification, crime prediction, thermal sensors and interactive audio". This shows that its security policy maintains a close link with its conception of a highly digitalized city. But what does a surveillance system of this caliber imply, and can we understand what is happening beyond the advertising and propagandistic version with which these systems are communicated to us? The truth is that the greatest concerns raised by these surveillance systems do not come from what we know is happening, but from what we are not clear about as a society: what capabilities do they have? What information are they collecting? Who is accessing it? Are they performing well against the costs and risks they represent? Approaching security and surveillance in Medellín should be an open topic for both specialists and interested citizens. However, resolving these questions requires considerable work to overcome the halo of opacity and technicalities that normally surrounds them. The problem is that, if we were to resolve them, we would still have to debate whether this is the kind of social contract we want for the city. It is therefore urgent to learn more about the changes brought about by these technologies and to discuss what kind of society we want for the city.

This is how we are watched today in Medellín

How far do the city's surveillance capabilities go? If we start from the information available on the websites of the Secretariat of Security and the Company for Security and Urban Solutions (ESU), it is very difficult to know what the new security and surveillance technologies implemented by Medellín allow us to do. The reports and documents available on these sites respond more to the minimum requirements of information transparency, but do not explain either the strategy or the functioning of the system they are deploying. The information available is neither clear, nor transparent, nor updated.

What the public does see is a trickle of information on social networks, press releases and sporadic reports listing the investments that have been made or sharing eye-catching messages showing technological devices or giving impact figures without much context of the system in which they are immersed. For example, Robocop (or Sistema Inteligente de Monitoreo Integral Móvil, SIMIM, in its more technical terminology) , has been promoted since August.  This system is currently a pilot and is expected to grow to 40 devices constantly moving around the city. The information available about this system only exists in press releases, tweets, and news articles. 

The new SIMIM is different from SISC and SIES-M, the other two security systems that the city already had. For both there is information on the Mayor's Office website, but the information is outdated, in some cases even with logos from the 2012-2015 quadrennium. The SISC (Information System for Security and Coexistence) acts as an observatory, analyzing security indicators, identifying changes and trends, and measuring risks and opportunities to plan specific security policies and projects. It is the information analysis center for directing public policy.

On the other hand, the SIES-M (Integrated Emergency and Security System Medellin) is the system that articulates 12 security agencies, medical emergencies, mobility and disaster prevention and response. This is where the more than 3,000 surveillance cameras and the 123-emergency hotline are located. As part of this system, there are 1,600 body cameras for the police and 2,600 cameras with license plate recognition systems. In a report from the beginning of the year it was said that there were 400 cameras with LPR system (for license plate identification) and 170 with facial recognition, which are in the Atanasio Girardot stadium and some in the subway and the high precision, night vision and heat cameras of the Halcón helicopter. The police also have biometric readers for ID card analysis and criminal record searches during searches. Other subsystems include the link with citizen information such as community alarms, CCTV of merchants and businesses, and digital applications that feed citizen reports to the authorities.

These applications deserve special mention. Seguridad en Línea was the app that originally started to collect anonymous citizen reports and give categorized information to the authorities. The application stopped working, although there is still web content of it on official channels. The previous administration created a new application, called Te Pillé, which allowed anyone to record and send a video of a robbery or other criminal act. It was a solution to the problem of recordings of thefts circulating on social networks that, in court, could hardly be used as evidence against the thieves. This app does not work today either, although it is still advertised on the website of the Mayor's Office , in addition to having a dedicated web page . The ESU today promotes ReportesMed , an app that collects citizen reports of holes, debris, and light damage. It is not an app that meets the same functionalities of the previous ones and does not respond to security issues. In short, the lack of continuity of initiatives and the dispersion of efforts means that the city does not have a solid tool to receive information from citizens on security issues. 

Most of the systems used by the city are composed of relatively standard technologies such as cameras, panic buttons or mobile applications. All of them usually require human labor, either supervising a monitor, activating alarms, or filling out forms. Today, however, this is changing as new technologies are being integrated to automate processes that would be too costly and time-consuming for humans. The cameras that detect license plates and the facial recognition cameras that have begun to be integrated are an example. But the current technological offer can go further by incorporating image analysis and machine learning algorithms that can read camera records and, for example, classify behaviors, profile populations, generate early warnings or suggest the probability of the occurrence of a future event.

And the city seems to be on this path. Edwin Muñoz, manager of ESU, says that they have drones to follow vehicles previously identified with license plate recognition and that can also be profiled by artificial intelligence according to their behavior patterns. These drones can also detect the faces of vehicle occupants to identify them individually. Additionally, they are experimenting with the identification of micro expressions, which allow "playing with the emotionality of people to lead them to a security event". Finally, most likely in response to the high personnel load required to monitor video surveillance cameras, the manager tells in his social networks that artificial intelligence is used to detect sudden changes of situations in the records and generate alerts for the authorities, although he does not say if the ESU is already using it in Medellin. The latter coincides with what El Colombiano reported earlier this year about the $20 billion investment planned for 2021 , which sought, among other things, to apply artificial intelligence to "[improve the] use of cameras", incorporate facial recognition to current cameras and advance in the integration of private cameras into the system.

Technology in the security strategy 

Surveillance technologies are part of the deck of options a city must define in its security policy. In Medellín, possibly due to the popularity of innovation and smart city discourses, investment in technology has not only been large, but is a central part of the political message conveyed by the authorities. After the recent attempted robbery of a gold smelter on Las Vegas Avenue, the ESU released a video seeking to legitimize the city's technology and surveillance system. In it they state that the reaction of the public forces was thanks to the integration of two technologies: a panic button activated by a person from inside the smelter and the network of security cameras with which the criminals who were fleeing were tracked. "The entire system of cameras and 123 of Medellin, which today is the best guarded city in Colombia, has allowed the capture of these criminals," said Mayor Daniel Quintero in an aside. The video concluded by saying that "cases like these confirm the importance of technology in the service of citizen security". Positioning the discourse that relates the positive perception of security with the presence of technology seems to be a constant of the municipal administration.

Communicating the results of the surveillance system is another of the authorities' priorities. Cases are not rare in which they highlight how tracking, recordings, and identification technology influence arrests, as happened with a gang dedicated to carjacking, armed robbery and kidnapping for ransom at the beginning of November. In the midst of this trickle of information, emotional and with little context, the ESU says that thanks to SIES-M, 443 thefts were identified, leading to the capture of 158 people; 524 fights were intervened, resulting in 476 sharp weapons seized and 436 people detained; 286 drug dealers were visualized, leading to the capture of 40 people; and 172 events of people carrying drugs were recorded, leaving 99 people captured. Although it is not stated when these figures correspond to, nor are they contextualized with the overall figures of arrests, intervention in fights and others, they seem to coincide with the balance of the first half of 2021 presented by the Mayor's Office of Medellin. 

But, then, are surveillance technologies really useful? The only available research on the impact of the cameras in Medellín found that they do have a deterrent effect on the commission of crimes. Using data from January 2012 to July 2015, researchers estimated that nearly 670 violent and property crimes were deterred. In that period the city installed 448 new cameras costing about US$4,480,000, reaching 831 by mid-2015. That meant that, on average, the city invested US$6,686 in cameras to prevent an additional crime. While it is difficult to estimate the full social cost of a crime in Medellín, the study suggests that the investment would be worthwhile because these crimes involve loss of life and property and greater use of state capacities (police, judicial and administrative) to arrest and prosecute offenders.

However, these results need to be evaluated in a broader context. A recent report by the Edgelands Institute, an organization that studies the increasing digitization of security in cities and explores models of urban coexistence, suggested that "surveillance cameras and panic buttons do not work to stop more structural crimes, such as extortion or drug trafficking". No one wants to live in a city where they can be robbed, however, the security problems experienced by people in Medellín and the Aburrá Valley are much larger and more complex. For example, a report referenced by Edgelands found that "as state intervention in the neighborhoods where the combos live and operate increases, so does their authority to maintain control of their territory. 

Andrés Preciado, researcher at the Center for Political Analysis of EAFIT and undersecretary in the Secretariat of Security and Coexistence of the Mayor's Office of Medellín between 2016 and 2017, wondered whether, after the city has invested in almost all available technologies, we are still willing to bear the high costs of maintenance and replacement that they require to solve mainly part of our security problems, namely those related to theft and protection of property.

There is, therefore, a question about the feasibility of these systems and another about their relevance. Regarding the former, Edgelands found that the policies that support these systems "may lack a complete and thorough implementation plan that prioritizes the necessary structure over the years, leaving the expensive tools without the funds or human capital needed to maintain, repair or update the system". Additionally, more work is needed on impact assessment, and how management evaluates, measures, and makes necessary modifications to the technology strategies being implemented. It has been seen that cameras can indeed serve to deter crime, but what about the evaluation of other technologies, especially the newer ones that have more obvious risks to privacy and democracy? And vis-à-vis relevance, while they may "work in the short term to reduce the number of crimes in heavily patrolled or policed areas, they do not [address] the root causes related to why people commit crimes in the first place”. That is, having them may help for some things, but shouldn't their high financial and operational cost, along with the risks they pose to privacy and liberty, lead us to invest those resources in more structural solutions? The answer is not simple because, more than a technical or economic answer, it requires a broad social dialogue on the social contract we want to build.

Surfing the wave of digital transformation

After the attempted robbery of the gold smelter last November 4, a statement by the mayor passed by, possibly because of the normalization we have given to surveillance in the city. Although not all the criminals had been captured at the time of the event, the capture of the rest of those involved was facilitated by the record on cameras that the city has. The mayor stated at the time that there would be "a complete follow-up of what they were doing in the days and weeks prior to the attempted robbery". If the city today claims to have, in addition to cameras, facial recognition and artificial intelligence systems, its ability to monitor the movements of any person is a reality. But to what extent? Only in public spaces or do they have access to private data? Can they do it in an automated and recurrent way or can they only do it in specific cases checking camera by camera? Can they watch anyone? How do they decide who is being watched? Are there protocols to prevent the use of the systems in the identification and harassment of people participating in protests or public events? Can they profile us? What information do they have on each person? Is there a record of all the information collected that can then be used for other purposes? Who can access that information? 

These questions are key when deploying a data-driven surveillance system with capabilities for automation, prediction, or profiling. These are the kinds of questions we have asked ourselves as a society when we have enthusiastically welcomed new digital technologies. In Medellín and Colombia, the discourses of "digital transformation," the "fourth industrial revolution" or even the "collaborative economy" have taken hold with force, especially because they package well a series of products that are sold as a source of greater efficiency. Meanwhile, discussions of their social and political implications are often marginalized or caricatured. In some countries, these discussions have gained momentum and states have begun to take drastic measures such as banning facial recognition or recognizing the labor rights of workers on some platforms. In Medellin, will we have to wait for a scandal to break out before a good implementation of surveillance technologies?

The new digital technologies had great force and social support in the first decade of the 21st century with vague but striking promises such as the connection of communities, the reduction of social distances, the possibility of easily coordinating collective actions, the management of things in real time or the creation of new economies. By the middle of the last decade the world was learning that this new paradigm had its murky side. Edward Snowden's revelations showed that there were backdoors that allowed the U.S. government to monitor virtually any human being connected to mainstream platforms. With the Cambridge Analytica scandal we realized the implications of business models based on massive data capture on almost every aspect of our behavior. By massively violating our privacy and finding ways to modify our behaviors, not only an individual right is violated, but democracy is put at risk because people's autonomy is called into question. Many other cases have shown us that the deployment of algorithms and automated decision making in our daily lives and in the State has high risks of discrimination, exclusion, violation of autonomy or, simply, of uselessness, as happened with the Predpol crime prediction system in Montevideo, Uruguay, which was discontinued when it was found that other methods already used by the local police were just as effective.

But it seems that in Colombia the realistic view has only reached certain specialized audiences. On the contrary, thanks to the lower costs of most of these technologies and to an explicit plan of the big suppliers to conquer the markets of developing countries, today digital transformation is sold to us as an urgent and pressing need. This is how the Medellin Metro implements its digital civic while closing physical recharge stations, excluding many people who do not have smartphones or simply do not want to download one more app. This is also how the national government creates CoronApp and collects a large amount of data from millions of people without offering clarity about their uses, access, or security guarantees. And so also the big cities of the country create high-capacity security and surveillance systems without us as a society knowing exactly how they can affect us. In Bogotá, the Centro de Comando, Control, Comunicaciones y Computación (C4) is testing a system capable of identifying criminal gangs and their behavior through statistical analysis and video and audio recognition. The system would allow investigators to track criminals by filtering certain characteristics among live and historical data collected through 6,000 video surveillance cameras and voice records of emergency calls.

Models based on massive data capture have already been highly questioned for their lack of clarity about the terms and conditions under which they use the information; for the opacity about who accesses the collected data; for the indiscriminate use of algorithms to process data and make decisions; for the additional burden they impose on users to acquire new devices, run more processes and burden the maintenance of their digital identities; and for the possibility of reproducing biases and errors thanks to the automation of faulty processes. That possibility to put together the pieces of our identity that we are sprinkling in many spaces violates what is known as contextual integrity. Not everything that happens in the public space is public, convertible into data, available to be monitored and used for our identification and profiling. Our privacy can be violated by linking pieces that belong to different spheres of our lives, even when they occur in public spaces. Despite all this, the discourse of surveillance is still alive in our city and our authorities. "Big data is like digital crumbs that we generate day by day. Data derived from calls, card payments, online interactions, app usage and others. This geo-coded data, allows us to reduce crime and influence behaviors to reduce crime," said the ESU manager. Predicting behaviors and anticipating crime. To be able to identify those patterns and behaviors and to be able to block them in time. These all sound like very appealing promises, but, in practice, how can they be distinguished from the massive collection of data to exercise control over a social phenomenon or people?

Necessary questions

Many questions arise when learning about the social and political dimensions that a surveillance system with the capacity to identify, track and profile the population may have. As has been said, there is, in principle, a problem of opacity and lack of clarity about the ethical criteria guiding the operation of such an instrument. Questions have also been raised about their impact: what is their cost, beyond the financial, and what is their benefit? Is the potential of the available systems being fully utilized? Are some populations more likely to be monitored than others? How much impact do they have on young people, the inhabitants of more vulnerable areas, those who frequent certain places or those who engage in certain practices in public spaces? For example, people who frequent more public spaces, and especially places like downtown, would be more likely to be surveilled and profiled than someone who frequents more private spaces, such as a shopping mall. 

There is also a necessary questioning of the implementation and proper use of public resources. A proper digital government policy should guide the implementation of technological systems. If technology becomes a strategic piece to deliver public services, we need a structure of regulatory, institutional, and technical guarantees to build and sustain trust in digital systems. On the one hand, a question arises about the capacity of the public sector to sustain a system that gives so much power: are there adequate technical and institutional capacities to maintain, repair and upgrade existing systems? How much sovereignty does the city have over the data collection and analysis technologies they use? What agreements exist with the private parties involved in this process? On the other hand, there are questions about how different data sources are integrated: what is the scope of the smart city policy in terms of centralizing city data? Is safety-related information contrasted with information collected on mobility in the Metro and in SIMM (Medellin's Intelligent Mobility System) and the new CITRA (Integrated Traffic and Transport Information Center)? What information is shared with and received from national authorities? What role do the municipalities of Valle de Aburrá play? What capacities, resources, and data are shared with them?

For years, many social groups have been reiterating the message of shifting the focus from security to coexistence. But how to operationalize coexistence in a security policy? This has been one of the big questions of public policy makers in the city. Has it been easier to focus the policy on control and surveillance? It would seem that it does provide quicker returns, but, knowing the new scope of the system, is society in agreement with the government's vigilance in this way? Or, on the contrary, can technologies be used more for the promotion of citizen coexistence? Would a focus on citizen coexistence make a different use of digital technologies? How much will we be willing to invest in technology to achieve what we want? What do we want? The leading indicator of the city's security policy has been the homicide rate, however, after a drastic decrease since the 1990s, today close to 50% of the population of Medellin does not feel safe. Defining what we want from the security policy remains key and difficult.

What can we do then? From the local government, it is key that within its digital government policy, human rights guidelines are incorporated. This would guarantee citizens a minimum of conditions and guarantees with the deployment of powerful and risky technological systems. Getting started is relatively easy as there are instruments such as Colombia's Artificial Intelligence Ethical Framework and an extensive list of international principles and guidelines that can be used as a reference. These set out principles such as transparency, explanation, accountability, inclusiveness, among others, along with tools (e.g., algorithm auditing, intelligent explanation, risk definition and management, internal codes of conduct) to ensure good compliance. There are also networks of cities such as Cities for Digital Rights that promote public policies at the city level based on digital rights. If the will is there, this task is today a 'low handle' for local government. 

Beyond the small technical fixes, the reorganization of some processes and a comprehensive culture of accountability from the authorities, who should be questioned is the society itself. The appearance of these invasive technologies as a short-term response to security problems does not occur in a vacuum, nor is it an act of authoritarianism by the Mayor's Office. They are also legitimized by a society that prioritizes control and order over freedom. The society of the Aburrá Valley must question itself about what kind of city it wants to build. Can we change the relationship we have with new technologies? Our vision until today has been focused on consuming the latest developments to sustain the image of an intelligent, innovative, and digitized city. Can we focus first on defining our most important problems and then on getting the technological tools to help us solve them? Not to belabor the point, we really need to have a conversation about all of this.