Data privacy and access

The CSN project is deploying over a thousand hand-sized seismometer devices in private homes across Pasadena, in order to collect very high resolution ground movement data during earthquakes.  "Shake maps" summarizing highest-motion-measured will be provided in real time to emergency first responder agencies; detailed data will later be made available for scientific use.

The devices contain very sensitive accelerometers, which can detect not only mild earthquakes unnoticed by people, but also structure vibrations induced by normal household activity:  closing doors, walking and other physical activity, appliance usage, etc.  While CSN is interested in the seismology vibrations (and considers the other vibrations "noise" obscuring the desired "signal"), other researchers have shown that it is possible to infer human activity from vibration data.

Data privacy, therefore, is a concern for CSN volunteers, engineers, and managers.

CSN has developed the following model of data collection, analysis, storage, publication and disposal.  CSN believes that this model balances volunteer privacy, community benefit, and worthy science.


What data is collected?

Personal data is collected by CSN only once, when a seismometer is issued to a volunteer.  Vibration data is continuously sampled and stored for several days on the volunteer's PC, but only rarely is vibration data transmitted and then only in limited amounts for a short period.

Personal data

Effective system management requires that volunteers provide CSN with minimal personal data:  first name, phone number, email address, and street address.  Only the email address is "routinely" used, and that only for contact regarding a malfunctioning device or PC.  The other personal data simply provides two forms of additional communication should the (preferred) email method fail; this data is maintained by CSN managers separately from the seismic data, and is never accessible to software developers or scientists using seismic data.

Vibration data

Seismic data must be time stamped and location stamped, both to a fine resolution.  The CSN device is sampled by a volunteer's PCs at 50-250Hz, and the location is determined to 5-15 meters.  The data is stored on the user's PC for up to a week, but only rarely is data transmitted to CSN computers, and then only in two clearly defined circumstances:

  1. The PC application that samples the seismometer also continuously checks the data to see if a ground motion threshold has been exceeded.   If so, an alert is sent to the CSN computers indicating the magnitude of the motion--in essence, a single data point.  In practice, early experience suggests that this occurs roughly daily per volunteer site.  A series of alerts is sent at 10-20 second intervals if strong vibration continues.
  2. The CSN computers continuously correlate alerts received from all volunteer seismometers, and upon receiving a sufficient number of alerts from a geographic cluster, the CSN system will conclude that an earthquake is underway and then request detailed data from each volunteer's PC.  This detailed data will span roughly one hour, beginning several minutes prior to the first alerts, and will include all data collected locally at the volunteer's home during that hour-long interval spanning the earthquake.  Early experience indicates that this may occur weekly.

A small number of CSN participants will be asked to provide continuous (24/7/365) data streams.  This continuous data will be used by developers to devise improved noise filtering techniques for deployment in future CSN volunteer sites.  The continuous data will not be released outside of CSN; those participating in the 24/7/365 portion of the study will not later have access to the data from the seismometers in their homes.

In short, detailed volunteer seismic data is only received by CSN computers when a local earthquake occurs, and then only for a one-hour interval whose timing is determined by the earthquake.  Assuming a weekly event, less than 1% of data collected locally at a volunteer home is ever transmitted to CSN computers.


What will be done with the data transmitted to CSN?

This table summarizes who sees what data:


  Alert data Alert/shake maps
(low res)
 Emergency responder shake map
(high res)
 One hour continuous data
(high res)
 24/7/365 continuous
data
(high res)

 Personal
data
 CSN managers YES YES YES YES YES YES
 CSN developers
 YES YES YES YES YES no
 First responder agencies no YES YES YES no no
Scientists at large (unscreened) no YES YES
(delayed)
 YES
(delayed)
 no no
 General public no YES no no no no

In the above table, the least sensitive data is in the left column (Alert data), increasing in sensitivity towards the right.  The groups who have access to data increase in size and decrease in CSN influence/control from top to bottom.

Alert data and shake maps

The threshold alert data sent by volunteer PCs to CSN computers is used in real time to construct "shake maps" that will be transmitted to first responders within minutes of an earthquake.  These maps will be highly detailed, including the precise location coordinates of each sensor, so that responders can prioritize their resources with the best possible information.  First responders subscribing to our data are expected to include both public agencies (fire departments, police, public health, etc.) and commercial entities (telecom providers, utilities).  Less detailed, low-resolution shake maps also will be made publicly available, in which the seismometer locations are obscured.  Alert maps with obscured device locations are generated in real time and published on the CSN web site for public consumption.

The detailed seismic data from each volunteer will be made available in scientific form within days of an earthquake, using established methods of access to seismic dataset repository archives.  This data will implicitly include precise locations of each seismometer.  Once data is placed in the seismic data repository, CSN has no control over access.


How long does CSN-received data survive?

Personal data will be destroyed when a volunteer withdraws from the project.  Alert data is normally discarded within one day.  One-hour seismic data associated with an earthquake will be archived in perpetuity.  Continuous data ("24/7/365") will be destroyed within one year of collection.


For additional information about this policy, please contact us.

Comments