Blindspin 2: How to do science by dumpster-diving

When a project has a zero budget, everything has to be hacked and improvised, typically with duct tape. The data collection system for project Blindspin is a good example. (For a project description, see “Does it make sense to ride a bike with your eyes shut”)

If we had a budget, we would be looking for a high-end mobile data logger with millisecond accuracy. Since we don’t, we would very much prefer to use smartphone that someone has thrown away. And it seems we can.

The basic requirement is not very complex. Our system will consist of a pair of electronic goggles which are normally opaque, but which the cyclist can turn transparent by pressing a switch. We need to record the time of the keypress, hopefully with millisecond accuracy. We also need to collect GPS location information, so that we can determine the path the cyclist drove while blinded.

There are GPS data logger apps galore for Android. We found that the AndroSensor software is almost perfect. It collects GPS location, accelerometer information, and all other sensor data at resolutions of up to 50 milliseconds. The only problem is how to input information about the key presses. There is no sensor channel for that.

However, we realized that AndroSensor can record the ambient sound level in dB. So we decided to use the audio channel to store button data. In the simplest case, button down (vision occluded) is a loud noise, button up is a quiet noise.

A major problem is that AndroSensor (and most other software we looked at) always uses the phone’s own microphone, even when a line in is used. Thus, it is necessary to input the noise directly into the external microphone.

For a pre-test, we came up with a somewhat rubegoldbergish approach, but one that works. To generate the noise, we used an aviation scanner that has a reasonably large tangent button. The scanner’s autogain means that if there are no aviation transmissions, there is no sound output. However, if the tangent button is pressed, the noise is heard. The gain can be set so that the difference in noise levels is tens of dB.

To eliminate outside noise, the speaker was attached to the phone’s microphone with  Blu-Tack (sinitarra), and the whole thing covered with more Blu-Tack. Thus, the microphone hears almost no external sounds at all. When the tangent is pressed, it hears the noise from the scanner, at tens of decibels.
Blog_medium
The speaker is buried within the mass of Blu-Tack and pressed directly onto the phone’s microphone.

The whole system was attached to the bike handlebars with zip ties. Several different setups were used; the one in the picture below is operated by the index finger. A simpler way was to mount the scanner facing the other way and below the handlebar, so that it could be operated by the thumb.

 

Blog_Bikepic

 

The ergonomics of the system are horrible. However, at this stage it is simply needed to demonstrate the data collection method. Subject A tested it on a straight road and a curved one. Whenever A closed his eyes, he pressed down on the tangent. Whenever he opened them, he let go of the tangent.

The image below is the first data ever produced in this project. The red blue line is the speed given by AndroSensor. The red lines are the dB levels.When the red line is above 60 dB, the eyes were closed and the tangent was pressed, and thus the scanner outputted noise directly into the phone’s microphone.
Plot1

 

We have collected more data from subject A, but will not release data yet. Why? It is not ready yet, but even more importantly we don’t want to skew the results that the volunteers might get. Such ignorance is almost always desired in human research (with the exception of self-testing). The volunteers should have no idea whether it is possible to keep the eyes shut for one second, or for twenty — and they really should not know what we are even looking for at this stage.

For subject A in this particular case, he had a total of 9 occlusions within a 20-second period, with approximately 500-ms eyes-open periods. The occlusion times are between 1 and 2 seconds for this subject for this point on this track for this setup. The occlusion times may be longer in other circumstances… or they may be shorter.

In the final application, we will use a somewhat more complex keypress arrangement, since we will be using an Arduino to control the system. Most likely, we will use a buzzer to create an audible signal about the state of the goggles (loud buzz when goggles opaque, silent when goggles transparent).

The specs of this system are not ideal, but they are actually good enough even for real science. Data are stored at 50-millisecond intervals, but even in simulators, typical intervals are 100 ms. The biggest problem is timing the key press; even if we can get a perfectly sharp rising edge, we will have a 50-millisecond uncertainty in the timing. In practice, it may be even larger if the edges are not completely sharp. We can thus reasonably expect to get a 100-ms time resolution, but not much better. That will be sufficient, as long as we are careful to note it in the analysis.

Of course, this system does have major disadvantages, such as unknown delays in the phone software. We will design a better system if at all possible. But this is a fallback solution, which in the very worst case we can use as the actual solution. Costing zero euros.

See also Blindspin project page.

 

 

GPS: The least malignant form of surveillance?

Finland is debating whether to implement “virtual toll roads” based on GPS positioning of cars. The debate for the most part has been insane, irrational, or both.  It is fair to say that the majority of Finns seem to be against the idea, but then the great majority are against any kind of taxes, or any kind of change for that matter, and especially against anything that in any way touches on the right to drive.

I won’t go into the arguments over whether the tax is needed or not. I am more interested in what the least bad technical choice would be, if the tax were to be put into place.

The most serious and coherent objections (in my opinion) have come from civil-liberties types. They argue that “satellite surveillance” (as it tends to be called, misleadingly) will lead inexorably toward abuse of the data and loss of privacy.

I happen to agree with the civil-liberties types. If too much information is collected, it will be abused. However, I also happen to think that those most opposed to GPS monitoring specifically are missing one fundamental technical point. If some type of location-based system is to be used, then GPS positioning may fundamentally be the best (only?) technology for incorporating at least some privacy-enhancing mechanisms.

Why? Because a GPS receiver as such is a passive device. The receiver listens to GPS satellites, and determines where it is; after that, the location information just sits on the device until something is done to it. A GPS receiver only becomes a surveillance tool when it is combined with a transmitter that sends information somewhere else. That information does not need to be real-time location data.

Although popular imagination and the movies paint GPS positioning as something that allows SWAT teams to track down and eliminate any targets they want, it is not fundamentally so. In the end, for this application, authorities simply need to know that the accounts match. If a driver drives for X kilometers on roads with a toll tax of A EUR/km, he must pay A*X EUR in taxes. Likewise, if 100 drivers have driven on a given stretch of road worth B EUR, the authorities need to receive payment of B*100 EUR. If the figures match, there is no need for the authorities to know exactly who has driven where.

This may sound abstract, but in fact it is exactly how old-fashioned cash-based toll roads operated. As long as the number of cars corresponded with the amount of money taken in, there was no need whatsoever to know exactly who had used the road.

Any such privacy is immediately lost if the toll system relies on cameras or electronic forms of identification. The system relies on knowing that car A entered the toll road at time T. As soon as the car is photographed, privacy is lost. Such a system is in place in Stockholm. The cameras record the license plates of the cars; the information goes to central servers, and even if encryption is used, there is nothing the users or anyone else can do to improve privacy. Once the cameras are in place, there is no way to opt out of the system.

A GPS-based toll system can, if so desired, work as a hybrid between these two types of toll.  Some ideas have already been bounced around, although they are still only in the very early phases.

  • A “pre-paid” system of some type would make eminent sense, in that the car’s location never needs to be be made known to the authorities (except for spot checks or other tests to make sure that the system is not being abused).
  • [Edit: Refinement suggested by Rune Tevasvold Aune:  “What if the device in the car was prepaid, and while having a unique ID, not in any way being tied to a person (think browser cookie)? Then it wouldn’t really matter what method of registration is used or what kind of analysis is performed on the data (I imagine accurate tracking might greatly simplify thinks like planning of new roads and calibration of traffic lights). The ID could change every time the device is topped up, or even at shorter intervals.”]
  • A third party can be used to encrypt and anonymize the data, as proposed by Niko Porjo on this same site (Finnish only).
  • Data transmission can be delayed, and data from multiple cars combined and anonymized. Real-time information is not needed for the poll tax system.
  • Separate and independent black boxes can (and probably should) be maintained to verify the movements of the car in unclear situations. These black boxes would need to act in favor of the driver: the information can only be decrypted by the user, when he disagrees with the results given by the authorities.

These systems certainly are not perfect. I agree with the civil-liberties types: there is no way to make this kind of system 100% secure. The authorities (or someone hacking into the system) will always find a way to abuse the system.

However, there is a fundamental axiom of all information security: every system can be broken. It is only possible to make breaking so difficult and expensive that for the most part it is not worth it. The proposals mentioned above would raise the cost and effort of abuse significantly.  A camera-based system is very easy to abuse, as the driver has no way of controlling whether he is photographed.  With a GPS-based system, the driver at least in principle has more control.

The authorities will doubtless do their utmost to minimize the control. In practice, an inoperative device would probably set off some type of alarm. Surveillance of non-compliant cars would certainly take place. Even so, the fact remains that there is still room for negotiation about what information is given out and to whom.

Most importantly, a GPS-based system also leaves room for mass civil disobedience, should the need rise. Destroying a large number of observation cameras would require an organized show of violence. Removing GPS devices from tens of thousands cars, on the other hand, simply requires those people to use a screwdriver. Because the basic measurements are distributed rather than centralized, a GPS-based system is difficult to enforce coercively, if enough people decide to opt out.

This last requirement also shows the limits of what is acceptable. If a GPS device is used as a car lock, so that driving is physically impossible without the device, then the system is unacceptable. (It is of course unacceptable from a safety perspective alone; electronic devices will malfunction, and there must at least be an emergency override capability).

Although I have a personal opinion about the proposed toll tax, it is not relevant here. My point is that if a tax of this type is implemented by force, then a GPS-based system may actually be the least malignant type of surveillance. (To put it cynically, the main open question is whether the system will be implemented in an extremely privacy-hostile way or merely a somewhat privacy-hostile way).

This is however only true if people are aware of the privacy issues, require these features to be built into the design from the very start, and are willing to invest time, money, and R&D work into the effort.  Such R&D work would almost certainly require marketable innovations that the country needs right now, and could actually benefit us.

I am too cynical to expect that this to happen, of course. Like most major Finnish efforts of this scale, we will end up with an ultra-intrusive system that works sporadically at best, is delayed by five years, overruns the original budget by a factor of ten, and in the end has to be scrapped. But the potential is there.

Translate »