academic – Page 12

Flying Down to Rio

I’m off to Rio de Janeiro on Thursday… as most people will be aware, Rio is far a long way from the romantic Hollywood-generated image of sun-kissed decadence. It is perhaps the most extremely divided city in the world. The richest parts have a higher standard of living than almost anywhere else and the poorest parts barely cling to the hillsides and to any kind of an existence. I have been reading Enrique Desmond Arias’ enlightening Drugs and Democracy in Rio de Janeiro (amongst many other books) in preparation, and right on cue, a major drugs war has apparently broken out between trafficking gangs in the Copacabana area…

I am going to be interviewing state and community representatives, and carrying out mapping exercises to assess the state of surveillance and security in several different neighbourhoods of varying social classes. The drug war is making me a little nervous, but in many ways it is an ideal time to be asking the kinds of questions I need to ask. Of course reading a book like Arias’, you tend to get anthropology-envy, but I just have to remember that my study is a very different kind of research. I am still trying to get a feel for the kinds of indicators that would enable us to make serious comparisons between the intensities and forms of surveillance across cultures and nations – and I am still very much at the beginning of the project. Some of these indicators might seem common sense and obvious but some are not, and some may not even be in any way ‘measurable’…

My fantastic temporary Research Assistant is Paola Barreta Leblanc – she has created a mash-up of my current schedule here (it will get more complex!).

Wish me luck!

A quarter of UK databases break privacy laws

This is massively important because it is based not simply on a financial, political or even an ethical position, but on the database projects’ respect for existing law. They are simply illegal…

A new report for the Joseph Rowntree Reform Trust by a very credible largely Foundation for Information Policy Research (FIPR) team that combines engineers, lawyers, software developers, and political scientists, has concluded that a quarter of the UK public-sector databases are illegal under human rights or data protection law. It also looks at UK involvement in some European database projects and finds all of them questionable too.

The report rates the 46 databases on a traffic light system – green, amber, red – and argues that those rated ‘red’, in particular the National Identity Register and the Communications Database, and are simply unreformable and should be scrapped. This is massively important because it is based not simply on a financial, political or even an ethical position, but on the database projects’ respect for existing law. They are simply illegal, and not just massively expensive, morally questionable or politically undesirable. In fact, a quarter of all the databases were found to contravene the law and more than half were ‘problematic’ (i.e. open to challenge in court) . All of those rated ‘amber’ (29 databases) the authors argue, should be subject to independent review.

There are a number of other major recommendations, including the reassertion of the necessity and proportionality tests contained in DP law, citizens should anonymous rights to access data, more open procurement of systems, and better training processes for civil servants. The most important and radical measures proposed, and entirely correctly in my view, are those concerning the location of data and the whole nature of UK IT development. For the former, the report recommends that the default location for sensitive personal data should be local, with national systems kept to a minimum – this appears to be rather like the ‘information clearing house’ system as opposed to central databases, that we proposed in our Report on the Surveillance Society, but better worded and justified! In the latter case, the authors simply note that fewer than 30% of government IT projects succeed at a cost of 16Bn GBP per annum and that there should never be a general and aimless government IT program, rather there should only ever be specific projects for clearly defined and justified (proportional and necessary) aims.

It is an excellent report and probably unanswerable in its logic. Tellingly, The Guardian report contains no response from any government minister…

Global CCTV datamining project revealed

As a result of an annual report on datamining sent to the US Congress by the Office of the Director of National Intelligence, a research project, Video Analysis and Content Extraction (VACE), has been revealed. The program is aiming to produce an computer system that will be able to search and analyse video images, especially “surveillance-camera data from countries other than the United States” to identify “well-established patterns of clearly suspicious behavior.”

Conducted by the Office of Incisive Analysis, part of the Intelligence Advanced Research Projects Activity (IARPA), the program has apparently been running since 2001,and is merely one of several post-9/11 research projects aiming to create advanced dataveillance systems to analyse data from global sources. How the USA would obtain the information is not specified…

One could spend a long time listing all the DARPA and IARPA projects that are running, many of which are speculative and come to nothing. The report also mentions the curious Project Reynard that I have mentioned before, which aims to analyse the behaviours of avatars in online gaming environments with the aim of detecting ‘suspicious behaviours’. Reynard is apparently achieving some successful results, but we have no real idea at what stage VACE is, and the report only states that some elements are being tested with real world data. This implies that there is nowhere near a complete system. Nevertheless the mentality behind these projects is worrying. It is hardly the first time that the USA has tried to create what Paul Edwards called a ‘closed world’ and these utopian projects which effectively try to know the whole world in some way (like ECHELON, or the FBI’s proposed Server in the Sky) are an ongoing US state obsession.

It is the particular idea that ‘suspicious patterns of behaviour’ can be identified through constant surveillance and automated analysis, that our behaviour and indeed thoughts are no longer our own business. Because it is thoughts and anticipating action that is the ultimate goal. One can see this, at a finer grain, of programs like Project Hostile Intent, a Department of Homeland Security initiative to analyse ‘microexpressions’, supposedly preconscious facial movements. The EU is not immune from such incredibly intrusive proposals: so-called ‘spy in the cabin’ cameras and microphones in the back of every seat have been proposed by the EU-funded SAFEE project, which is supported by a large consortium of security corporations. The European Commission has already hinted that it might try to ‘require’ airlines to use the system when developed.

No doubt too, because of the close (and largely secret and unaccountable) co-operation of the EU and USA on security issues, all the images and recordings would find their way into these proposes databases and their inhuman agents would check them over to make sure we are all passive, good humans with correct behaviours, expressions and thoughts, whether we are in the real or the virtual world…

Surveillance in Latin America

For the last three days, I’ve been at the Surveillance, Security and Social Control in Latin America symposium, organised by Rodrigo Firmino at PUCPR (with help from Fernanda Bruno, Marta Kanashiro, Nelson Arteaga Botello and myself). The conference was the first to be held on surveillance in Brazil and will be the start of a new network of surveillance researchers in Brazil and more widely across Latin America.

All of the presenters had something interesting to say and I learned a lot from the event, however it is worth noting some individual presentations and sessions that were really insightful. There were great keynotes from David Lyon, Luiz Antonio Machado da Silva and Nelson. Two sessions stood out for me: one on Rhetorics of Crime and Media which had an exceptional central presentation by Paola Barreta Leblanc, a film-maker and currently a student of Fernanda Bruno’s. Her paper (and films) on the way in which we impose narrative onto CCTV images argued cogently that we see CCTV with a (Hollywood) cinema-trained eye and consequently overestimate (or over-interpret) what we are seeing. The other papers in the session were also good, in particular Elena Camargo Shizuno on Brazilian police journal of the 1920s and how they trained the vision of middle and upper-class Brazilians of the time through a combination of reportage, fiction, and advocacy. The session as a whole left me with many new questions and directions of thought.

The other really sparky session was on the last day and was on the Internet and Surveillance. The first paper was from was Marcelo de Luz Batalha on police repression of community and activist networks at the State University of Campinas, which linked nicely into concerns I have been following here on the surveillance of activist networks in the UK. Then there was Hille Koskela’s theoretically sophisticated and searching paper on the Texas-Mexico border webcam system (that I noted back in January) which explored the ways in which this participatory surveillance system both succeeded and failed in inculcating an attitude of patriotic anti-outsider watchfulness and responsibilization of citizens. Finally there was an interesting if not entirely successful film from Renata Marquez and Washington Cancado which used Charles and Ray Eames’ famous Powers of Ten, one of my favourite bits of pop-science ever, as an inspiration for an exploration of the uneven gaze of Google. They provoked some very interesting thoughts on the ‘myopia’ of the new ‘god-like’ view we are afforded through interactive global mapping systems. I think their approach could be very fruitful but it is still missing some key elements – having talked to them, I am convinced they will turn this into something really excellent. I have asked them and Paula to submit their work to Surveillance & Society’s special on Performance, New Media and Surveillance, because I think both are exactly the kind of explorations we are looking for. If Fernanda Bruno’s excellent paper on participatory crime-mapping has been part of this session, it would have been perfect! See Fernanda’s thoughts on the seminar over at her blog – she was also Twittering throughout the event but I’m afraid I just can’t get on with Twitter!

Other memorable papers included Danilo Doneda’s on the new Brazilian ID system, which sparked our post-conference considerations on where to go with this new network, which will probably be a project on Identification, Citizenship and Surveillance in Latin America. Nelson Arteaga Botello has already generously agreed to host the next symposium on this theme in Mexico City next March! Fernando Rogerio Jardim gave a passionate paper on the the SINIAV vehicle tracking pilot in Sao Paulo and I was most impressed with the careful Gavin Smith-style CCTV control-room ethnography by one of Rodrigo Firmino’s students, Elisa Trevisan, and Marta Kanashiro and Andre Lemos both gave insightful presentations too – I’ve already come to expect both care and insight from Marta in the short time that I’ve known her. I hope we’ll be able to work more closely together in the future. Let’s see…

The event as a whole was a great start for the study of surveillance in Latin America, despite the disappointing lack of Spanish-language interest. This is just the beginning, and the new networks of scholars here will grow. I was just happy to be there a the start and play a small role. As for my keynote, I took the opportunity to do something a bit different and instead of doing my usual tech-centred stuff, I gave a talk on the emotional response to surveillance and how this might form the basis for reconstructing (anti-)surveillance ethics and politics. I have no idea whether it really worked or what people got out of it…

Surveillance, Security and Social Control in Latin America symposium

This week I will be mostly preparing for and attending this symposium which we (Rodrigo Firmino, Fernanda Bruno, Nelson Arteaga Botello and myself) have been organising. Today that means looking after our main keynote speaker, David Lyon…

We have a great set of papers and around 100 people coming mainly from Brazil. This does mean that I will not be posting a lot here, although I will try to note any really interesting papers and presentations.

How many cameras are there in Britain?

The truth is that no-one knows exactly how many cameras there are in Britain or indeed in any country in the world

I’ve been having an interesting little private exchange with a David Aaronovitch of The Times newspaper, who seems to think he has uncovered a terrible conspiracy… and I think I am about to be accused (tomorrow) of being ‘cavalier’ with the truth and of misleading the public. Interestingly enough this is going to be in the same newspaper that was the only one that tried to rubbish the Information Commissioner back in 2006 when we published our Report on the Surveillance Society and indeed were actively lobbying against his reappointment. I suppose someone has to argue the establishment case…

What David has been e-mailing me about is the validity of figures concerning the number of CCTV cameras in Britain that journalists have been happily spreading about for the last ten years. These figures are the ‘4.2million CCTV cameras in Britain’, and the ‘person can be captured on 300 different cameras in a day.’ He seems to think that it is an urgent matter of national importance if these old figures aren’t ‘accurate’ or apply to the average person. Well, they were and are purely indicative – they aren’t ‘accurate’ and never were, and the latter one doesn’t apply to a typical Briton and neither Clive Norris, whose figures they are, nor myself, nor any other credible surveillance studies academic that I know, has ever claimed that they are and do.

The first figure derives from what Professor Norris openly described as a ‘guesstimate’ in his working paper with Mike McCahill on CCTV in London that was done for the EU’s UrbanEye project. Based on a casual count of cameras in one small neighbourhood in London in around 2000 (not the City of London where cameras were much more concentrated even then) it aimed to get a very loose handle on the scale of the spread of CCTV in Britain. The police at the time claimed that the real figure was in hundreds of thousands, but they were only talking about public cameras, and they had just as little idea of the extent of CCTV.

The other figure that of 300 cameras a day came from a little fictional vignette that Professor Norris and Dr Gary Armstrong wrote for their book, The Maximum Surveillance Society, which came out back in 1999. It was simply designed to illustrate how many cameras a person could possibly be caught be in any one day. I was thinking it would actually be very hard for this to be that likely even now, except perhaps in the very core of global cities like London, but then there are over 300 cameras on the university campus where I am currently, and I haven’t even started on all the private cameras, the public cameras in the city, the traffic cameras, the cameras in the buses, banks, shops, cafes, restaurants, bars, in the hotel etc. etc. I would estimate that I am caught by around 100 cameras when I am out and about here and this isn’t even a city that considers itself to be particularly ‘under surveillance.’

The truth is that no-one knows exactly how many cameras there are in Britain or indeed in any country in the world. We deliberately used words like ‘may’ or ‘can be’ in reference to these figures in our Report on the Surveillance Society because they are so rough, so inaccurate – and we were quite clear that this was not in any case a report about CCTV; if anything we tried to downplay CCTV and get to other technologies and techniques, such as dataveillance and RFID, and more importantly the way connections and links are being made, and boundaries blurred. ‘Millions’ may be about as accurate as we can guess for the UK. But does it matter if there are 1 million, 4.2 million or 10 million? Not hugely. It matters as one crude indicator of a surveillance society, but even then, the number of cameras is a very crude measure and more cameras does not necessarily mean more comprehensive coverage or better pictures, or more ‘control’. For example, would it be worse or better if I was only seen by one camera in a day, but that camera was there all the time and I was constantly being assessed on my performance (as for example is the case with many workers in call centres)? The Guardian today seems to understand this – in its report on the high-tech control room in Westminster, it clearly states that ‘no-one knows’ how many cameras there are (before quoting some even more made-up figure than ours!).

I know the media likes its easy numbers, but an old saying about not being able to see the wood for the trees comes to mind… As a researcher, I am more interested in characteristics of the wood than the specific number of trees. Now if there were no trees at all or very few, that would matter. And in my current comparative project it has some importance as one of the many indicators of what constitutes a surveillance society that I am looking into. So in a couple of year’s time I may have more of an idea of from any cameras there really are in Britain. One of the things I am trying to do during my current project is develop better ways of assessing ‘how much surveillance’ there is, and what it means. Because that is the important issue – meaning. Does it matter if there were 1/6 or 1/7 or 1/8 of the population of the former East Germany who were recruited as informers? You’ll find all those as educated guesses in the literature. What matters was that there was a culture of informing that pervaded every action. It was a society that became increasingly based on deception and distrust.

The key questions with CCTV are:

first of all, why are there any cameras, and particular any cameras in public space, at all? Surely there was a line crossed when the first use of CCTV occurred. What was the reasoning?
why did CCTV spread so quickly to so many places, and was so little contested?
why is CCTV now considered so ‘normal’ in Britain?
connected to this, why do the myths of CCTV’s effectiveness continue to be spread when all of the evidence shows a small and very limited impact on crime?
what kind of a society does pervasive CCTV create? what are the social effects? what kind of social and cultural responses are there?

etc.

Unfortunately the media doesn’t seem to like depth or uncertainty. Maybe that was our real mistake – to overestimate the intelligence of the media. I have asked them for a right of reply – I am more than happy to debate the issue in public. Let’s see if that happens…

Convention on Modern Liberty

The largest ever British meeting of people against the surveillance society took place in London yesterday. The Convention on Modern Liberty site has (unedited) transcripts of some of the speeches an debates including author, Phillip Pullman’s excellent keynote. The Guardian/Observer website also has a strongly supportive report and there is an editorial in the The Observer, which argues that “whether by complacency, arrogance or cynical design, the government has erected an edifice of legal constraint to liberty that would suit the methods and aims of a despot.”

It was a shame that I couldn’t be there but I like to think I played some small part in the process that has led here, and will hopefully this campaign will continue to go on to forcing a retreat by the state from its illiberal course. This meeting is merely the beginning of the convention…

At the Departamento de Policia Federal

Both human rights advocates and the police seem to be strongly in favour of the new RIC system as a means of social inclusion and to replace the chaotic and corrupt identification system based in individual Brazilian states at present, which allows anyone with any other form of ID to get a state Registro Geral card in each different state.

Departemento de Policia Federal, Brasilia — Departamento de Policia Federal, Brasilia

I have just come back from a very productive interview with Romulo Berredo, from the Director-General’s office at the Departamento de Policia Federal (DPF), who are the Brazilian equivalent of the FBI. There was a lot covered and I couldn’t hope to reproduce it all here. There were however a number of immediately interesting aspects.

The first was more evidence that the whole basis on which identity cards and database issues are being considered here is entirely different from the UK. Now I know this represents a police, and a state, view, but so far, both Brazilian human rights advocates and the police seem to be strongly in favour of the new Registro de Identidade Civil (RIC) system. This is both as a means of social inclusion and to replace the chaotic and corrupt identification system based in individual Brazilian states at present, which allows anyone with any other form of ID to get a state Registro Geral card in each different state. It is fairly easy to acquire 27 different identities in Brazil at present. And identification is important here. The great fear that many people seem to have – indeed it was called a ‘cultural’ characteristic by Berredo – is not the use of identification by the state as a form of control or intrusion but as a guarantee against the anonymity that would allow abuses by the state or indeed by other malicious persons. It provides a metaphysical and material kind of certainty and stability. The legacy of the last dictatorship was not so much an East German-style nightmare of knowledge and order but of corrupt and arbitrary rule.

It is this latter legacy which also drives the divisions between the different police forces in Brazil. The states-based Policia Militar (Military Police) and Policia Civil are both tainted in different ways by associations with authoritarian rule, and the former particularly with extra-legal execution and torture, and they continue to be regarded with caution, suspicion or even hatred by many Brazilians. The other police forces are also suspicious of the growing role of the DPF, which is often seen in terms of a power struggle not rational subsidiarity. Ironically then it is the states-based police forces that are dragging their heels over plans to create the kinds of national databases of criminal information that the UK has, and not for any libertarian reasons. In fact the DPF seem far more concerned with protecting human rights and defending the idea of citizenship, and because they are tasked with anti-corruption investigations have even arrested Senators and Judges, something unheard of even ten years ago. Of course those very same Senators and Judges are now fighting back, in a manner rather similar to Berlusconi in Italy, trying to alter the law to give immunities and protections. For example, handcuffing of arrested suspects was always normal until it happened to a Senator arrested for corruption. The Senate suddenly became interested in the ‘human rights’ of arrested suspects and passed a law limiting the use of handcuffs! Corruption at every level is still an enormous problem here, though Berredo argued that it was largely associated with those who had retained power from the years of the dictatorship.

The concentration on inclusion and joining-up government where it is clearly much needed does however lead to some gaps in thinking. The creation of new databases brings with it new duties and new potential problems of data-handling. As the privacy and data-protection law expert, Danilo Doneda, pointed out to me the other day, Brazil is in an almost unique position in not having any kind of regulator for privacy and information / data rights. He argued it was because the authorities just don’t see the need. Berredo confirmed this. He claimed that the DPF were trusted by the public – and relative to other police forces, that is certainly true! – and that they had to carry out their duties appropriately or they would lose that trust. It sounds nice, but it isn’t a good-enough (or legally-sound) basis for the protection of data-rights.

It all confirmed once again that Brazil is not yet a surveillance society – the state does not yet have the capabilities. There is no national database of fingerprints (even for convicted criminals) for example. But as Berredo said, it is moving in that direction. He was keen that there should be be limits. I liked the fact that he used this word. ‘Limits’ is a word that I found that the neither the UK government nor the European Commission seem to like, and they seem very unwilling to say what limits might be. However Berredo was quite clear that a technologically-driven surveillance future in which individuals could be tracked – he used the example of Google Latitude – was not one which he wanted to see. He recognised that he was both a policemen (at work) and a private citizen (at home) and that he, as much as anyone else, valued his privacy.

(Thank-you very much to Delegado Romulo Barredo of the DPF, for his openness, time and patience, and also to Agent Alessandre Reis, for his help)

Bar talk

Brazil can’t really be called a surveillance society… talk of surveillance is just science fiction. It doesn’t mean anything to the people at the bar.

Back at the bar last night I got talking with the regulars – in the limited way I can manage to in Portuguese – about all sorts of things particularly the upcoming carnival – I’m invited – and the football: Brazil beat Italy yesterday in a friendly match. But it was how these ordinary guys – one is a factory worker, one works in an office, and another runs his own one-man business that seems to do anything and everything to do with IT – talked about fear and danger, security and safety, in the city that really interested me. We got talking about where they lived, and the centre of Sao Paulo and how they felt in each place. I told them what I had been advised about not going out at night here, and despite the fact that we were all out at night, Milton, the IT guy, a chunky black man in his 40s, agreed that this wasn’t bad advice for the centre. The area, he said, was full of thieves and drug-addicts, and whilst anyone would be safe amongst friends (and here he gestured expansively to include me and practically everyone else at the bar), even he wouldn’t want to spend much time alone. Milton is from out east – he’s a Corinthians fan; the centre-west is Palmeiras territory, and the red Metro line goes from one to the other – and in his own neighbourhood he says he doesn’t have much to worry about, although of course he has security. Everyone has security. You have to. Joao, the fat, slightly lugubrious office worker, nods in silent agreement.

I tell them I’d quite like to talk to some women. This prompts laughter and a lot of nudging and punching of arms: of course you do, don’t we all? No, no, I mean I’m interested in what women think about all this – what about her? I ask, gesturing to a handsome black women probably about the same age as Milton. Carla? No, you don’t want to talk to her. Not without paying. Open your eyes! (he makes an eye-opening signal with his right hand). Of course I could see that Carla wasn’t just here for fun. And that’s exactly why I wanted to talk to her. She agreed with the guys about the danger, but added that it was much worse for her, not because she was working nights, but because she was black. Being a black woman in Brazil is not good. Everyone, she said, pinching the skin of her forearm, just sees the colour of your skin. especially if you are on your own. With her white friend, people don’t care. I told her that some people think that Brazil isn’t racist or dangerous for black people. She laughed and not in a happy way. Those people didn’t know her life. I asked her if Lula had changed things – it is something I try to ask everyone at some point – in particular with the Programa Bolsa Familia since Carla had told me she has three kids, one grown up and two still at home. She shook her head. No. Nothing. Nothing has changed. It may be pessimistic or cynical but it’s what everyone seems to be thinking apart from the government and the World Bank.

All this bar talk might be casual and fueled by beer (and it is often difficult to understand exactly what people are saying) but it is a useful corrective to the formal interviews and other research I am doing here. It also tends to add to my growing certainty that Brazil can’t really be called a surveillance society at all in terms of how people experience their lives and relationships with the state. Talk of surveillance is just science fiction. It doesn’t mean anything to the people at the bar. The reality is all about danger (not risk in the bland sociological terminology, but actual danger) and security.

(All the names in this piece have been changed…)

Britain is a surveillance society and it must change: detailed anaysis of the Lords Constitution Committee report

This is probably the best parliamentary report on surveillance I have ever read, and if only half of the recommendations are given any attention by the government, then Britain will be a much better place.

It’s 3.00am here in Brazil, and I have just spent the last four hours reading, analyzing and writing about the House of Lords Constitution Committee Report Surveillance: Citizens and the State. My expectations of the work of the committee have generally not been disappointed. This is probably the best parliamentary report on surveillance I have ever read, and if only half of the recommendations are given any attention by the government, then Britain will be a much better place. However it is not only relevant to Britain. The UK seems to have come to be regarded as some kind of model for other democracies to follow in terms of surveillance and security – at least by governments. Reading this report should serve to disabuse others of any notion that Britain is a good example.

Here’s the detailed analysis. It is long and there are no pictures! But this is serious stuff. I have gone through the whole report and thought about all the recommendations. It is worth remembering first of all what the Committee was asked to do. Here are the questions they started out with:

Have increased surveillance and data collection by the state fundamentally altered the way it relates to its citizens?
What forms of surveillance and data collection might be considered constitutionally proper or improper? Is there a line that should not be crossed? How could it be identified?
What effect do public and private sector surveillance and data collection have on a citizen’s liberty and privacy?
How have surveillance and data collection altered the nature of citizenship in the 21st century, especially in terms of citizens’ relationship with the state?
Is the Data Protection Act 1998 sufficient to protect citizens? Is there a need for additional constitutional protection for citizens in relation to surveillance and the collection of data?

The answers to the first and last questions are, in short ‘yes’ and ‘no’ respectively. Their basic conclusion is that increasing surveillance by the state is the greatest change to the nature of the relationship between state and individual in Britain since the end of the second world war. In opposition to the House of Commons Home Affairs Committee report from last year, and largely in support of our Report on the Surveillance Society form 2006 and that of the Royal Academy of Engineers from 2007, they show that Britain is a surveillance society, and that this must change. They do not go so far as to recommend an Information Act to bring all legislation in this area together, as I have been arguing, but they do advocate significant new legal / constitutional measures to rebalance the state-individual relationship in favour of the individual.

There are 8 chapters of consideration of all of the evidence given, which is treated in a very careful and even-handed way. The Home Office, the police and the Surveillance Commissioners for example, all come in for a telling-off at various points, but at the same time, some of the current government’s initiatives on openness are quite rightly praised (although of course they don’t go far enough in tackling the culture of secrecy that has plagued British government for far too long).

Who comes out of it well? First of all, the Information Commissioner, Richard Thomas and his office (the ICO). This is entirely right. None of this debate would have happened without him and he continues to push the agenda forward in an activist manner that many campaigners should look to as an example. Secondly, the media. The Lords seem to be very aware of the role of investigative journalists in holding the government to account. People are too willing these days to make blanket generalisations about the media as if they were all superficial and obsessed with celebrity. In the case of surveillance, the BBC and The Guardian in particular have done a great job. Thirdly academics and campaigners alike come across as far more informed and sensible about this than the state, which leads the Lords to recommend that the government pay us far more attention. On a personal note, it is a bit disconcerting to see myself, Surveillance Studies Network and other people and organizations with whom I work mentioned (approvingly) quite so much in such an important document…

The Committee place the two values of privacy and freedom as the foundations of its recommendations. The Lords argue that privacy and the restraint of state powers are at the heart of liberty, and that they should be taken into account at all times. There is, I am very pleased to see no mention of ‘trade-offs’ between freedom and security and it seems that they accepted my argument (they do quote me on this) that when claims to protect fundamental freedoms by increasing security are actually eroding those freedoms, the tacit agreement that binds people and state is broken. They stress that all organisations involved in surveillance and date handling need to give far more attention to privacy at all stage, indeed that it should be built in.

There are many individual recommendations.The first concern the Information Commissioner. Basically, the Lords argue that he should be given more extensive powers and more resources, specifically:

to have a role in assessing the effect on any new surveillance measure on public trust;
to be able to monitor the human rights (Article 8, ECHR) effects of government and private surveillance practices on the public;
to be consulted by the government at the earliest stages of policy development – they specifically attack the government for not doing thus far; to extend the ICO’s power of inspection to private companies (again something I am quoted on) – they don’t note that the power of inspection over government departments was only granted in a rush by Gordon Brown following the revelations of disastrous losses of data by various state bodies;
to speed up the implementation of the ICO’s new power to fine bodies that break the rule on data protection and freedom of information;
to be a statutory consultee on all surveillance and data processing laws and for the ICO to report to Parliament on this;
for the government and the ICO to undertake a review of the law governing citizens’ consent to use of their personal data – there is quite a lot of interesting discussion in the body of the report on how consent might operate, and I am very pleased that they haven’t, unlike the government, given up on the importance of consent;
for the government to work with the ICO on raising public awareness as it should already be doing but has failed to do;
and finally, and this is really important – for the Data Protection Act to be amended to mandate a Privacy Impact Assessments (PIA) “prior to the adoption of any new surveillance, data collection or processing scheme, including new arrangements for data sharing” with a role for the ICO in overseeing these. The government will probably try to ignore this, but this is the most crucial recommendation for future policy.

On the various other commissions – of which there are too many in my opinion – they merely recommend that the Surveillance and Communications Commissioner work together better and seek the advice of the ICO, especially with regard to the misuse of powers under the Regulations of Investigatory Powers Act (RIPA), and that the Investigatory Powers Tribunal stops hiding from the public. These are weak recommendations. Later they are rather more robust about the problems of having too many ineffectual regulators of RIPA, but despite a brief mention, any recommendations regarding the regulation of the Intelligence Services get quietly dropped along the way (not surprisingly). I would have thought that recommending at the very least that the offices of the Surveillance and Communications Commissioners are brought under the control of the ICO, if not completely absorbed into the ICO, would have been a much better long-term move.

They also have a number of other recommendations on the egregious RIPA, firstly that the (inadequate) administrative procedures are reviewed and secondly that the government should think again about the whole business of allowing Local Authorities police powers, and that in any case, these powers” should only be available for the investigation of serious criminal offences which would attract a custodial sentence of at least two years.” In my opinion, this effectively amounts to saying ‘repeal RIPA’ without saying so directly. The use of intense targeted surveillance powers to deal with minor infractions is what a lot of RIPA is all about whether that was the intention or not. It is an ill-thought out and badly worded law, like so many in this area.

The Lords recognize this deficiency in detail and specificity and argue as a general point, following the Human Rights Committee, that “the Government’s powers should be set out in primary legislation.” Crucially they also note that the government has not seemed very concerned with what happens after legislation is passed or how it works. They recommend the formation of a new Joint Committee in parliament on surveillance and data powers that would have post-legislative scrutiny as one of its key functions.

There are several measures concerning particular technologies. Their coverage of technologies of surveillance and data-collections is not too bad. I gave a seminar to the Committee on the range of surveillance technologies before they started their hearings, and I was beginning to despair at the levels of knowledge – “can they really do that?” was a common cry – and yet here they consider everything from CCTV to ubiquitous computing / ambient intelligence. There are still major deficiencies however. Although they take my point that government needs to get ahead of the technological game in order to regulate effectively, they still have not. They don’t recommend anything specific about the use of scanners in public places, location tracking, about the increasing dependence on RFID, or about the new flexibility, mobility, decrease in size and bodily intrusiveness of surveillance technologies and what this means for regulation. Mind you that is all in our report to the ICO that inspired all this (see Paragraph 4!)

They recommend that:

the Government comply fully with the recent ruling from the European Court of Human Rights that DNA profiles of innocent people are no longer kept indefinitely on the National DNA Database (NDNAD) – they also rule out a complete national database on both liberty and cost grounds, and argue that there should be a single, clear law governing the NDNAD and better transparency all-round.
On CCTV, they recommend more research on “the effectiveness of CCTV in preventing, detecting and investigating crime”, and more importantly that the government finally put CCTV on a proper statutory basis, with clear regulations, and systems of complaint and redress.
The report is at its weakest on the proposed new National Identity Register (NIR) and ID card. No2ID will not be happy, as all that they say is that “the Government’s development of identification systems should give priority to citizen-oriented considerations.” This is practically meaningless.Considering that this is the Constitution Committee report, and that the NIR and ID card are at the heart of how the government sees the information relationship between state and individual, this is also an unacceptable and compromised omission. No doubt it is evidence of a key area of disagreement amongst members, but the Chair should have banged some heads together on this one!
Although it is treated as a legislative measure, the Lords recommend mandatory encryption of personal data “in some circumstances.” This should have been stronger – bear in mind that most of the data lost by the state over the last few years was not encrypted
They also recommend that the government incorporate ‘design solutions’ in particular Privacy-Enhancing Technologies (PETs) in all new schemes. This is good as a minimum – we have to make sure that the government doesn’t use PETs as a way of claiming to have dealt with the problem – ooh, look: technology!

In other general measures for the whole of government, the Lords return to their central themes, specifically:

that Government should instruct government agencies and private organisations involved in surveillance and data use on compliance with Article 8 ECHR and in particular the legal meanings of necessity and proportionality. They also recommend legal aid should be available for challenges under Article 8.
a system of judicial oversight for surveillance carried out by public authorities, with compensation “to those subject to unlawful surveillance by the police, intelligence services, or other public bodies” acting under RIPA. This would be a severe blow the ad-hoc and effectively extra-legal expansion of surveillance powers under the present government. It would be great if it happens, but I am not going to hold my breath until it does…
increasing the stature and power of the data protection minister
lots of general blah about improving safeguards and restrictions on data handling and implementing standards and training, and education, to improve public confidence. But the thing is, public confidence isn’t really the main issue. Public confidence is low because the government and its private sector contractors have been time and again demonstrated to be incompetent.
there are also several paragraphs of recommendations which basically amount to saying ‘listen to the public’ and particularly, pay attention to pressure groups and research in this area because they know what they are talking about. They are right, you know – we do! They also want more research to get better information on public opinion in this area. We can do that too!

Despite this slight degeneration into well-meaning generality at the end, and despite the glaring hole when it comes to the NIR and ID cards, the principles advocated by this report, if implemented, would transform the direction of government in Britain. Many of the individual recommendations are things that I and others have been arguing for, for some time.

So what was the government’s first response? Well, the thoroughly useless Home Secretary, Jacqui Smith, according to the BBC has “rejected claims of a surveillance society as “not for one moment” true and called for “common sense” guidelines on CCTV and DNA.” When she has read the report she will realize that such guidelines are right in front of her – indeed, she got ‘common sense’ from the European Court on the DNA database some time ago and her department still does not know what to do with it!

As I said, if even half of this reported is acted on, Britain’s ways of dealing with surveillance will be transformed. I am not paying much attention to the Conservatives – in opposition you can say anything and they will beat the government with the liberty stick one day and the security stick the next. The question is, are New Labour brave enough to admit that their approach to surveillance has been almost entirely wrong?

We will soon find out.