Author: David

I'm David Murakami Wood. I'm currently Canada Research Chair at the University of Ottawa. I like reading, cycling, running, and I am slowly coming to the realization of the limits of getting older.

Transport Surveillance in Brazil (1) SINIAV

One of the items reported on in Privacy International´s assessment of privacy in Brazil was that ¨in November 2006, the Brazilian National Road Traffic Council approved a Resolution adopting a Radio Frequency Identification (RFID) tags in all licensed vehicles across the country.¨ The Conselho Nacional de Trânsito (CONTRAN) is part of the Departemento Nacional de Trânsito (DENATRAN), itself part of the massive new Ministério das Cidades (Ministry of Cities), the product of Lula´s major ministerial reforms designed to shift emphasis and power away from the large rural landowners to the growing numbers of increasingly populous cities.

brazao_siniav1The new scheme is called the Sistema Nacional de Identificação Automática de Veículos (SINIAV, or National System for the Automatic Identification of Vehicles). Basically it will put an RFID-tag in every vehicle license plate, in a gradual process. Much like the new ID scheme for people, SINIAV is based on a unique number. In Annex II, Paragraph 3, the resolution provides a breakdown of exactly what will be contained in the tiny 1024-bit chip as follows. The unique serial number (64), and a manufacturer´s code (32), will be programmed in at the factory, leaving a total of 928 programmable bits. The programmable area contains two main sections. The first contains all the personal and vehicular information: place of registration (32), registration number of seller (32) application ate (16), license plate number (88), chassis number (128), vehicle tax number (RENAVAM) (36), vehicle make and model code (16) and finally 164 bits for ´governmental applications´. The remaining 384 bits are split into 6 blocks for unamed ´private initiatives.´

SINIAV system diagram (DENATRAN)
SINIAV system diagram (DENATRAN)

Privacy International note that there is no more than a mention of conformity to constitutional rules on privacy (of which more later). However there is much more that is of concern here. The resolution claims that the data will be encrypted between plate and reader, but the technical specifications are not given to any level of detail (*though there is more information from the Interministerial Working Group on SINIAV, which I haven´t examined in any detail yet). We all know already how easy it is to clone RFID chips. This scheme is supposed to be about security for drivers, but it could easily result in the same kind of identity fraud and consequent necessity of disproving the assumption of guilt created by automated detection systems for car-drivers as for credit cardholders. Could you always prove that it wasn´t your car which was the gettaway vehicle in a robbery in Saõ Paulo, or you driving it, when your actual car was in a car park in Curitiba? Widespread cloning of chips would also render the whole system valueless to government.

RFID chip
RFID chip

Then there is the question of function creep. The chip has spare capacity, and assigned space for unamed functions, state and private. Brazil already has a system of state toll roads (pay-for-use highways), and these chips could certainly be used as part of an automated charging system. That might be very convenient. However what other functions could be thought up, and how might safeguards be built in? As I have already noted, Brazil has no body for protecting privacy or data/information rights so it would be very easy for new more intrusive functionality to be added.

Combining the problems of a movement towards automated fines or changes, and criminality, another major issue would be the one recently revealed in Italy, where a automated red-light camera system was found to have been fixed in order to generate income from fines for corrupt police and a multitude of others.

The final question of course is whether this will all happen as planned or at all. The system would supposedly be complete by 2011. I know of a trial scheme in Saõ Paulo, but on a quick (and very unscientific) straw poll of people who I encountered today at the university here in Curitiba, there is to be no-one who has an RFID license plate or knows someone who does, and there is practically zero awareness even amongst educated professionals. Like the National ID-card scheme, people just don´t think it will go to plan or timetable. That may however, just reflect a (middle-class) Brazilian view of the abilities of the state.

Still, as the Frost and Sullivan market assessment states, all of this turns Brazil into a ‘highly attractive market for RFID suppliers’ which was probably the main motivation and will be the only real outcome.

Datawars Conference

There will be a very interesting -looking conference in Amsterdam, 11-12 June, called Datawars: Fighting Terrorism through Data. According to the call for papers, the workshop will be held at the University of Amsterdam in June and will explore the ethical and political implications of the new data-led approach to security, risk and fighting terrorism in Europe. Suggested topics include:

  • Privacy, security and human rights
  • Ethics, responsibility and justice in European data wars
  • Risk, prevention, preemption
  • Data and surveillance
  • Private authorities, states and the European Union
  • Constituting Europe through data

It´s part of a project run by a couple of excellent researchers, Louise Amoore and Marieke de Goede, of the Universities of Durham and Amsterdam respectively (who probably don´t remember but I worked in an tiny attic office opposite them in the Politics Dept at Newcastle for a few months just after my PhD!). I might go as I have been doing some work on attempts to create global databases, called ´From Echelon to Server in the Sky´, but the timing might be awkward (unfortunately I can´t reveal why yet…).

Facebook surveillance

Another great piece in the Ottawa Citizen´s Surveillance series, which is turning out to be probably the best newspaper coverage of the broad sweep of surveillance that I have yet seen.

This time they are talking to Dan Trottier and Val Steeves about the way that social networking technologies, and in particular Facebook, track individuals and groups.

The complete series The Surveillance Society: A Special Citizen Series, runs as follows:

31/01: The rise of the surveillance society

01/01: How surveillance categorizes us

02/02: Social networks and surveillance

03/02: Spying on each other

04/02: The promise and threat of behavioural targeting

05/02: Watching the watchers

Congratulations to reporter, Don Butler, in particular on some excellent work.

Corrupting automated surveillance

OK, so automated surveillance systems are always right, aren’t they? I mean, they wouldn’t allow systems to be put into place that didn’t work, would they?

Image from t-redspeed system (KRIA)
Image from t-redspeed system (KRIA)

That was probably the attitude of many Italians who were supposedly caught jumping red lights by a new T-redspeed looped-camera system manufactured by KRIA. However, the BBC is reporting today that the system had been rigged by shortening the traffic light sequence, and that hundreds of officials were involved in the scam that earned them a great deal of money.

Now, the advocates of automated surveillance will say that there was nothing wrong with the technology itself, and that may be true in this case, but technologies exist within social systems and, unless you try to remove people altogether or by developing heuristic systems – both of which have their own ethical and practical problems – then these kind of things are always going to happen. It’s something those involved in assessing technologies for public use should think about, but in this case it seems they had thought about it, and their only thought was how much cash they could make…

Major new report on surveillance out next week

House of Lords
House of Lords

I hear on the grapevine that the British House of Lords’ Constitution Committee Report on Surveillance and Data Sharing will be out next Friday 6th February. The inquiry conducted by the committee has been one of the most thorough of any so far conducted, and certainly promises to be more considered than the rather rushed House of Commons Home Affairs Committee report, A Surveillance Society? from last year. Both reports were ordered largely in response to the Report on the Surveillance Society that Surveillance Studies Network wrote for the UK Information Commissioner in late 2006, and which is still getting coverage around the world (see CCTV in Canada for example). Check the Committee’s website for the report itself and, of course, back here for a review, on Friday.

Digital Britain to be just like Digital Brazil?

There has been a serious global push for several years now by corporate content creators to hobble the Internet, and turn it into something more like television.

Time to catch up on a story that I missed this week. Boingboing reported the release of the UK government’s consultation document on Digital Britain. I had a eerie feeling of deja vu because the proposals are just like parts of Senator Azeredo’s bill that is halfway through the legislative process here in Brazil. Effectively it regards the Internet as some kind of untamed zone which must be brought under state control through a Rights Agency and ISPs acting increasingly as surveillance agents over the activities of their users, in this case particularly with regard to file-sharing.

The similarity is not surprising. There has been a serious global push for several years now by corporate content creators to hobble the Internet, and turn it into something more like television. The fact that the Digital Britain plan is filed under ‘broadcasting’ on the government’s website says quite a lot about the lack of tech savvy of state regulators in this area. What governments, in listening only to the corporate argument, don’t appear to realise is that we are actually collectively and autonomously coming up with better ways of ‘regulation’ of content through initiatives like Creative Commons and so on.

As in Brazil, where a serious netizen counter-plan is now emerging, with parliamentary support, there needs to be some serious organisation in Britain to present the alternatives to destroying the Internet and all is messy, unruly creativity. The Open Rights Group are trying to do this – let’s get behind them and make this more than just a few tech-savvy usual suspects.

CCTV in Canada

News from Queen’s University’s Surveillance Project that the Surveillance Camera Awareness Network (SCAN), a stellar group of Canadian Surveillance Studies scholars, has released the first phase of its report on Camera Surveillance in Canada.

The report shows that public space CCTV is still relatively rare in Canada, with only 14 cities having implemented it. It argues that despite the lack of evidence for any effectiveness, and the absence of proper informed consent to schemes, the vast majority of the public support cameras largely on the basis of an ill-defined hope that they ‘work’.

My view is that the conditions for a British-style expansion would seem to be in place, were it not for the very different and much more activist role of Privacy Commissioners, informed by research like this, in questioning the need for CCTV. Let’s hope Britain’s role as an experimental surveillance guinea pig for the world will at least teach people elsewhere something…

The authors also mentioned that there is a surveillance series in the Ottawa Citizen that began Wednesday January 29. It features many surveillance studies academics from SCAN and more, and the first piece is really very good.

As another part of the series, the Citizen has adapted the 2016 scenarios that Kirstie Ball and I wrote for the Report on the Surveillance Society for the ICO back in 2006. They have pushed a load of things together so that it doesn’t quite makes sense, but never mind…

Who killed Bambi?

Google Street View seems to be the surveillance system we currently love to hate, and now those horrible, nasty people only gone and have killed a baby deer. How can Google possibly top this? Perhaps only if Larry Page was captured on camera punching some cute fluffy kittens…

googlebambi
The Daily What preserves the evidence - they have now been removed from Street View

The ironic thing is that the incident was uncovered by viewing Google Street View. Don’t people have better things to do? The more you discover about participatory surveillance or synopticism, the more you realise that the answer is probably not… which is exactly the urge (or lack of it) that Google Street View taps into: the terminal ennui of spectacular consumer capitalism. Sometimes, it’s not Foucault or Kafka or Orwell we should be reading but J.G. Ballard

Brazil as surveillance society? Privacy International´s view (1)

Every year, Privacy International publishes a kind of index of privacy. The methodology is qualitative and has a strong element of subjectivity based on PI´s campaigning objectives (for example my colleague, Minas Samatas, finds their assessment of Greece as the best country in Europe in this regard, ludicrous). There are also problems with the equivalence of the all the different categories, both in terms of whether all the surveillance identified is even ethically ´bad´ anyway, and in the adding up of categories to conclude that you can lump together the USA, UK, Russia and China. However, it remains a good focus for discussion and no-one else does anything similar.

Let´s see what they concluded about Brazil. Brazil ends up in the 3rd worst category overall, with a ´systematic failure to uphold safeguards´. In particular, PI condemned:

  • the role of the courts in weakening constitutional rights of data protection (something I will be coming back to next week);
  • the lack of a privacy law;
  • the lack of habeus data provisions;
  • the lack of a regulatory of personal data and privacy;
  • an overly simplistic test for the legailty of communications interception;
  • the new ID law;
  • recent Youtube censorship;
  • increasing workplace surveillance, which has only been partially addressed by the courts;
  • widepsread private interception of intenet and e-mail traffic;
  • that fact that ISPs are required to keep and hand over traffic data to police;
  • the extensive road transport surveillance using RFID.

However they also noted:

  • the protection of the right to privacy of children under a 1990 law; and
  • the fact that bank records are protected under the constitution, and warrants are required to seize them

I will be going through their country in report in more detail next week and using this as one of the bases for the questions I will ask NGO representatives and parliamentarians in the weeks after wards.

Come to Britain and we will fingerprint your kids…

fingerprintLast week I mentioned the approval of the biometric passports scheme by the European Parliament, and that there were several countries that planned to fingerprint children under the age of 12 despite the legal, ethical and technical problems with this.

However, what I didn´t mention is that – surprise, surprise – Britain is one of the countries that does fingerprint kids, and indeed it has already been fingerprinting foreign children resident in Britain as young as 6. As Privacy International´s Gus Hossein argues on The Guardian´s Comment is Free website, the UK government claims that this is only bcause the EU has forced this upon them when in fact it was the UK government that forced the EU into adopting that position in the first place!

Now, as I mentioned, the European Parliament has pushed the age limit upwards, but will this make any difference to the UK Home Office? Given that the Home Office is still ´carefully considering´ its responce to the kicking it received from the European Court of Human Rights over the taking and retention of the DNA of 857,000 children, I wouldn´t bank on it.