Attention Dubliners: We are all being spied on by a little known company on Camden Street… and…
Youssef Sarhan

So I was curious when I found that Orb aren’t actually a company (more specifically, they don’t show up in a search of the CRO’s company register) and I put in an FOI request to the data protection commissioner, who are partially covered by the act, looking for “the administrative records showing how long was spent on these audits, how many people worked on them and what their qualifications were, how much the investigation cost, and other relevant information.”

The response was: “records of this office are
 only accessible under the FOI Act where they concern the general
 administration of this office.”

That’s a little odd. If you’re not tracking man-hours spent on audits as part of the general administration of an office devoted to (in significant part) running audits, then how could you prepare end of year budget figures?
Ah, but then they explained:

“First, for clarity, the statement on the use of digital advertisement
 screens in public spaces was issued by the DPC on 15 May 2017 following
 an assessment process, and not following an investigation or audit
 conducted on a formal or statutory footing.”

In other words, nobody looked at the source code or examined the network traffic from the system. There’s no guarantee that anything more than reading a webpage was done, if even that. So we still have no real idea what the system is doing (though I see from twitter that the cameras have been pulled from the signs…)

The DPC continues:

“For further context, the DPC team takes a multi-disciplinary approach to
 the performance of its tasks and duties. Several staff members are
 involved and collaborate in any one matter on an iterative basis, to
 ensure that a balanced and rigorous assessment is completed. The DPC’s
 outputs are not tracked or recorded in terms of man hours or internal
 costs, but rather on the basis of the outcomes achieved for data

In other words, nobody was in charge, no expertise was needed to do any of the work, no relevant externally defined standards were adhered to, and basically this is how you politely phrase it when the intern got asked to put a page together over her lunch break and you want to make it seem like you actually looked into it.

So we still have no idea what these signs are doing, what information they are gathering and how much they are sending back to Orb or to Quividi.