A different question, the same discipline
Alongside the work on memory, a second question had been forming: can a system help recognise a developing dangerous situation in a crowded public space early enough to matter — without becoming an instrument of surveillance?
The two halves of that sentence are usually treated as a trade-off. Most of our work in early 2025 went into refusing the trade-off, by fixing the constraints before choosing any method.
The constraints come first
We started from what the system must not do, and treated that list as architecture rather than policy:
- No biometric identification of individuals.
- No real-time tracking of people, and no persistent tracking pipelines.
- No predictive policing in the sense the EU AI Act prohibits.
- No classification of political assemblies as anomalies — a protection we consider non-negotiable.
- No deterministic labels on people — only calibrated, probabilistic signals about the dynamics of a collective.
These are not features added at the end for compliance. If you accept them at the start, they rule out entire classes of method, which is the point. A design that could identify a face but is configured not to is a different — and weaker — guarantee than a design that works on movement and crowd dynamics and never represents a face at all.
Working with collective dynamics, not identities
What remains, once identities are off the table, is the behaviour of the crowd as a whole: motion, density, the way a collective reacts to something before individuals consciously do. The research question is whether structurally distinctive patterns in that collective signal can be detected and calibrated, without ever resolving down to a person.
One organising idea from this period is a model that distinguishes roles by their statistical signature in collective motion rather than by identity — for example, separating a source of disturbance from the people moving to help. Protecting helpers — making sure a system never mistakes assistance for threat — became an explicit objective of the design, not a side effect.
Why state it publicly, this early
We are describing a research direction, not a deployed product, and we think the constraints deserve to be on the record before any result exists. A safety method whose civil-liberties properties are bolted on afterwards tends to lose them under pressure. Stated first, in public, they become something a future partner — a university, a public body, an ethics reviewer — can hold us to.
The legal frame we work within (GDPR Article 89 for research, the EU AI Act for high-risk classification) is not an obstacle to route around. For this kind of research it is closer to a specification. The work that followed was an attempt to honour it precisely.