New Tech and National Security Law -- Memoto

One of the fun parts of working in the cybersecurity field is that you often come across new technology that is interesting, dismaying, disturbing or just plain cool.  Sometimes the technology is all of those at the same time.  And sometimes, as well, the new technology starts to push the boundaries of law in ways that are interesting to me and, I hope, to Lawfare readers.  Ben and Ken's interest in drones is a good example of that cross current. So today I'm starting a new sort of posting (one that I will continue unless Ben gently tells me not to) in which I highlight some new bit of technology that I've come across that I think will likely pose interesting legal and policy issues in the security space if it becomes a commonplace.  Today, at the suggestion of my friend Mike Montgomery who is Executive Director of CalInnovates (a tech/policy think tank in California), I want to look at Memoto. Memoto is an automatic lifelogging camera.  In other words, the small (1 inch square) camera is something you wear.  As the website says "Memoto camera is a tiny camera and GPS that you clip on and wear. It’s an entirely new kind of digital camera with no controls. Instead, it automatically takes photos as you go. The Memoto app then seamlessly and effortlessly organizes them for you."  Memoto has funding from Kickstarter and is taking pre-orders now.  Your geo-tagged photos will be stored in the cloud for access. So .. let's leave aside the question of why anyone would want to do this at all.  I personally wouldn't but my friend Mike says he will use it to record his daughter as she grows up, so I guess that's a plus value for him.  And I can see other uses (vacation photos without having to bring a camera, for example) that would be pretty neat.  But for now, let's identify some legal questions about how this product might be used and what it might mean:

• Privacy (yours) -- Your data will be stored in the cloud on the Memoto lifelogging cloud service.  Will Memoto be able to access and analyze the geo-tagged photos to, say, sell you products or market your interests to others?  What are the terms of service for the data you upload?  Do you even own it at all?
• Surveillance -- The lifelog of a suspect would be very useful to the government in proving up a crime.   It would also be useful to an innocent civilian in proving up an alibi.  And, if they were available, the lifelog photos of all of the spectators at the Boston Marathon would have been of great value in identifying the bombers.  Under what terms and conditions will the government be allowed to secure access to Memoto's data?  Today, it is likely that access would be by way of subpoena, but there are many who think that too easy a standard to meet for the government to have access to this vast quantity of information.  This question is very much on our minds these days after the GPS case from last term -- United States v. Jones.  The concept of a "mosaic" of information being used to paint a broader picture of an individual is likely the subject of future Constitutional litigation.
• Privacy (mine) -- How about me?  You are wearing a Memoto that is taking pictures all the time of your surroundings -- and that could include pictures of me as I, say, walk past you on the street.  Do I have any interest in not being photographed on the street?  If so, how is that distinct from, say, government operated surveillance cameras?
• Counter-intelligence -- Woe betide the government employee who buys a Memoto.  The trove of data would be a treasure for foreign intelligence services who wanted to target potential recruits.  And your geo-location tag is not something you want widely available if, say, you are a law enforcement officer on a stake-out.  I suspect Memoto will be banned for use by Federal employees.

And then, finally, there is a bit of the "ick" factor.  As Michael Chertoff recently wrote about Google Glass (another ubiquitous surveillance product) this is a bit like having drones flying over every individuals head.  [Full disclosure:  I'm a Senior Advisor at The Chertoff Group.]  As he put it:

Before we get too far down this road of ubiquitous surveillance, real-time upload and comprehensive analytics by cloud providers, we should pause to consider the implications. We need to consider what rights consumers have, and what rights nonparticipant third parties should have.

I think that' exactly right.  On the other hand, if someone wants Memoto to take pictures of their children -- well, that's a good thing isn't it?  As always, the boundaries of technology push the law in strange ways, but they also modify and enhance human behavior.