databases – Page 2

UK pushes forward with online data retention plans

Like Canada, the UK is pushing forward with new plans to force telecommunications companies and ISPs to retain online data, despite opposition from both the industry and ordinary service users. The New Labour govenrment had delayed the plans from last year, faced with the strength of the opposition and launched a ‘consulation’. The consultation apparently still generated 40% opposition, which one would think was enough to tell them that something was wrong. But, as I said last year, “the collection of such traffic data will still go ahead… partly at least because the Americans want it; there is pressure on many countries for this kind of data collection and storage – see for example, the FRA law in Sweden. Networking these databases together with others is a major aim of the FBI’s secretive ‘Server in the Sky’ project.”

However, now the UK plans go further than many other countries’ schemes in this area, as they would cover not only traffic data but also a whole range of data which would not normally have been regarded as traditional communications like social networking activity and even internal online gaming data. This would seem to be in line with US programs that regard the behaviour of – let’t not forget, fantasy – game and virtual world avatars as somehow indicative of real-world tendencies and practices (e.g.: Projects VACE and Reynard), an extremely dubious assumption and one which extends the reach of the state into people’s fantasy and dream lives.

The BBC story mentions an estimated 2Bn GBP (around $3.5 CAN) cost for this – which will no doubt be passed on to service users – but given the immense problems posed by some of this data, I would reckon that this could a massive underestimate, especially if one takes into account the UK state’s history of appallingly-managed computerisation and database-building schemes. The original plans also would have allowed all agencies empowered under the Regulation of Investigatory Powers Act (RIPA) to make use of such data, and the RIPA consultation response from the UK government did contain some indications that some new agencies would be given powers of access, but I am still not sure whether the government will keep the list of agencies as long as it was in last year’s draft Communications Bill.

Europe’s Surveillance State

EU_surveillance — The Open Europe report

I have just got hold of a new report by UK-eurosceptic think-tank, Open Europe, called How the EU is Watching You: the Rise of Europe’s Surveillance State, which whilst it isn’t as startling as the NeoConPanopticon report from the Trilateral Institute and Statewatch, does some to collect some useful information together in one place. Crucially the report points out the same thing as Will Webster and I did in our paper in JCER a couple of months ago, that this isn’t just a case of ‘European’ bad practice being imposed on the UK, but just as much UK bad practice being exported and generalised throughout Europe.

One interesting footnote is how the discourse of opposition and analysis is changing. A few years ago, and still in academia, the idea of the ‘surveillance society’ was the dominant way of describing the situation, but now there is once again an increasing focus on the ‘surveillance state’ or the ‘database state’. This is partly, I think because there are an increasing number of right-libertarian and anti-state or small-state groupings openly opposing increasing surveillance – for example, the new Big Brother Watch in the UK, and they tend to emphasise the state’s role (or in this case, the role of an organisation they regard as an unaccountable superstate). This also reflects the growing opposition from the UK in particular. This is particularly interesting because in the past, the idea of the ‘surveillance state’ was mainly a historical term to do with the development of repressive political policing, especially that involved in colonial counter-insurgency – see, for example, Alfred McCoy’s new book, Policing America’s Empire, on the role of the US occupation of the Philippines in the co-evolution of US and Filipino state surveillance practices – or in the totalitarian regimes of the former Eastern Bloc.

The landscape today is much less obviously one of state control. Indeed one could see these developments as a result of the retreat of the power of the individual state and an attempted reconfiguration of state-power of a new kind at a supranational level. And, this power is crucially dependent, as it has been since the end of WW2 on the private sector. The military-industrial complex is now a security-industrial complex and security is no longer anywhere near being simply state business.

The Biggest Database in the World

James Bamford has a superb review of the new book by Matthew Aid about the US National Security Agency (NSA) in the New York Review of Books this month. What seems to be causing a stir around the intelligence research (and computing) community is the reference to a report by the MITRE corporation into a the information needs of the NSA in relation to new central NSA data repository being constructed in the deserts of Utah. The report, which is being rather speculative, says that IF the trend for increasing numbers of sensors collecting all kinds of information continues, then the kind of storage capacity required would be in the range of yottabytes by 2015 – as CrunchGear blog points out: there are “a thousand gigabytes in a terabyte, a thousand terabytes in a petabyte, a thousand petabytes in an exabyte, a thousand exabytes in a zettabyte, and a thousand zettabytes in a yottabyte. In other words, a yottabyte is 1,000,000,000,000,000GB.” However CrunchGear misses the ‘ifs’ in the report as some of the comments on the story point out. There is no doubt however, that the NSA will have some technical capabilities that are way beyond what the ordinary commercial market currently provides and it’s probably useless to speculate just how far beyond. Perhaps more important in any case, are the technologies and techniques required to sort such a huge amount of information into usable data and to create meaningful categories and profiles from it – that is where the cutting edge is. The size of storage units is not really even that interesting… The other interesting thing here is the hint of competition within US intelligence that never seems to stop: just a few months back, the FBI was revealed to have its Investigative Data Warehouse (IDW) plan. Data Warehouses or repositories seem to be the current fashion in intelligence: whilst the whole rest of the world moves more towards ‘cloud computing’ and more open systems, they collect it all and lock it down.

Information-rich animals

Iris scanning has been proposed for horse by a company called Global Animal Management (GAM) Inc. As bloodstock is a huge and lucrative business – feeding everything from the private obsessions of the super-rich through the horseracing industry to the dreams of teenage horse-enthusiasts – it is not surprising to see such investment in biometrics. Racehorses were, after all, the first living creatures to be regularly microchipped. Vets seem sceptical about the idea, but surely members of the medical profession would be more enthusiastic about non-invasive replacements for invasive identification techniques like RFID?

Ironically, support for the scepticism comes form GAM’s own website, where a very interesting short video shows just how comprehensive the surveillance of animals through RFID chips has become. RFID chips do not just identify, they carry whole life-cycle information on origins, movements, health and disease and legal compliances. And because of the chips this information is carried with the animal not simply associated with it via a distant database as the result of an occasional scan. The system creates what GAM calls ‘information-rich animals’, which presumably is what makes GAM – and it hopes, its customers – cash-rich too…

(thanks to Aaron Martin, whose reading now seems to include Horse and Hound magazine…)

Canadian Internet Snooping Law

I’ve noted before that there seems to be a concerted push around the world by governments to introduce comprehensive new telecoms surveillance laws that force telecommunications and Internet Service Providers (ISPs) to record, store, and provide access to and/or share with state intelligence agencies, the traffic and/or communications data of their customers (in other words, users like us). What is noticeably here is that there is a particular logic that appears in the arguments of governments who are attempting to persuade their parliaments or people of the need for such laws. This logic that is firstly, circular and self-referential, in that it makes reference to the fact that other governments have passed such laws as if this in itself provides some compelling reason for the law to be passed in their own country. The second part of this is a king of competitive disadvantage arguments that flows from the first argument: if ‘we’ don’t have this law, then somehow we are falling behind in a never openly discussed intelligence-capability race that will hit national technological innovation too.

The media often seem oblivious to what seems obvious, and hence the story on the CTV news site today with reference to Canada’s currently proposed communications law that would allow the Canadian Security and Intelligence Service (CSIS) warrantless access to such the data from Internet and telecoms providers. They consider it to be ‘unexpected’ that the parliamentary Security Intelligence Review Committee has come out in support of the bill. Looking at the reasons why though, they are exactly what one would expect if one has been following the debates around the world and contain exactly the logics I have outlined. The story notes that the committee “points out that governments in the United States and Europe have already passed laws requiring co-operation between security agencies and online service providers” (without, incidentally, pointing out that these remain enormously controversial, or that other governments have abandoned some of their attempts) and later that “intelligence technology… requires continued access to new talent and innovative research.” However they won’t go into details as it is a “very sensitive matter.”

And absent from this debate as usual is the fact that this is not just a question of ‘national security’ if you set up these systems, you feed the US National Security Agency too. Canadian intelligence is still bound by agreements made after WW2, particularly the CANUSA agreement on Signals Intelligence (SIGINT), later incorporated into the UKUSA structure. And as we all know, right now, the USA does not always have the same strategic interests as Canada (the issue of arctic sovereignty is just one example). If this bill is passed, it’s a license for US spies, not just Canadian ones.

UK police still adding innocent people’s DNA to database

Research in the UK has shown that police forces in Britain are continuing to add the DNA – and incidentally the fingerprints, although this is never mentioned – of innocent people to the DNA database despite the European Court of Human Rights ruling that it was illegal (and the government’s promise to accept the ruling). According to The Guardian newspaper today, 90,000 innocent people have been added to the National DNA database (NDNAD) since a the court ruling and the Association of Chief Police Officers (ACPO) – incidentally, a private organisation – is still telling chief constables to continue with this collection. On the other hand the process of removing individual profiles has been painfully slow: only 611 DNA profiles of innocent people have been removed, and all as a result of individual challenges in court. It seems that the police are determined to drag their feet as long as possible and, in fact, break the law quite openly. Hardly a good example…

UAE plans DNA database of entire population

Police in the United Kingdom have recently been forced by the European Court of Human Rights to scale back their increasingly large National DNA Database (NDNAD), which previously potentially included DNA profiles of anyone arrested by the police, whether charged with any offence or not. This at least shows that there is some recourse to law and and a higher authority that will protect the rights of citizens against the extension of state power… in reasonably democratic Europe at least.

However authoritarian regimes need have no such concerns. The Persian Gulf state of the United Arab Emirates (UAE) has decided that it is to create a national DNA database of the entire resident population. According to The National newspaper, this will not even need any kind of debate or even new legislation. They estimate that this will take up to 10 years if population growth is factored in.The paper claims this will be the world’s first such comprehensive database, but this is only partly true. Iceland, Sweden and Estonia have all set up comprehensive DNA databases run by their health services. But the UAE’s certainly appears to be the first attempts at a comprehensive law enforcement DNA database.

DNA pioneer, Sir Alec Jeffrys, has his doubts of course. But learned critique, or opposition or overt resistance are probably all largely irrelevant to the UAE government. However, if there is to be a roadblock, it may be the economy: the UAE’s population is made up to a great extent of temporary foreign workers of all skill levels and occupation types, and the economy depends largely on the willingness of such workers to continue to come to the UAE. Whilst those at the bottom may feel they have little choice, those at the top may decide that such a policy would make the difference between them coming to and investing in the UAE, or not. The second article claims that ‘visitors’ will be exempt, but not ‘residents’. How this plays out remains to be seen. I have no doubt that the UAE will give in to the pressure of global wealth and find some way of exempting rich foreign residents, whilst making absolutely sure that poor immigrant workers are the first to be sampled.

Gordon Brown stalls on UK ID cards issue

Despite the news stories saying that he had made a significant announcement on ID cards, the British Prime Minister, Gordon Brown, said absolutely nothing new interesting on the subject in his speech on future Labour policy yesterday. As Henry Porter comments on The Guardian website, whilst his announcement that ID cards would not be compulsory in the (increasingly unlikely) event of another Labour term was greeted with enthusiasm by the party faithful, this is not any kind of change in policy and nothing concrete was said about the National Identity Register (i.e.: the database, the important bit!). While the Conservative Party may be limited and rather disingenuous in their apparent opposition to the ‘surveillance state’, Labour appears to be merely self-congratulatory and complacent.

Reclaim your data!

A new campaign launches on the 1st October in Europe to reclaim your data from the European police authorities.

Now in Europe, national police databases systems, the Schengen Information System (SIS) on immigration and border control, the files of Europol and more, are planned to be integrated following the Prüm Treaty and the so-called ‘Stockholm Programme’ (now in preparation for European Council vote in December this year).

As the organisers make clear, this does not just concern people convicted of any crime, but all immigrants, political protestors arrested at demonstrations, all the many entirely innocent people included on the UK’s National DNA Database – or any other national police database that includes data on the innocent, etc. What’s more, as a result of pre-existing (and originally secretly negotiated) agreements with the USA, the data will also be shared with the FBI and other US intelligence agencies.

So – first of all, protest! In what ever way you can. And secondly, as the campaign suggests:

“to anyone who would like to know what the police (think they) know about you, or simply to register your dissent, we recommend exercising your right to access your own data by sending a request for information to the relevant police authority in your country. The digest received in response will help to give us an idea of the full extent of police access to citizen data, as well as serving as a starting point for getting your data out of the computer systems, by legal or political means.”

Further details here (in English and German).

German-language document generator for data requests.

UK opposition plans to roll back ‘the surveillance state’

The Conservative Party Shadow Justice Minister, Dominic Grieve has launched a brief report outlining the opposition’s plans to introduce a new attitude to surveillance in the UK, and reverse many of the current Labour government’s policies. And it is mostly good, insofar as it goes. But, it is where it doesn’t go that is the problem.

The main measures include things we already knew, like a pledge to scrap the National Identity Register (NIR) and ID card scheme, and proposals to limit the proliferation of central databases and control the National DNA Database (NDNAD). However the Tories also want to abolish the Contact Point children’s database, restrict Local Government’s rights under the Regulation of Investigatory Powers Act (RIPA), strengthen the powers and functions of the Information Commissioner’s Office (ICO) and require mandatory Privacy Impact Assessment (PIA) for all new legislation or other state proposals.

So far so good – and these are all things I have proposed myself at various times – but there are also some very weak or pointless elements. First of all, the attitude to the private sector is predictably laissez-faire. Though the report includes a long list of the data losses that plagued the Labour government over the last few years, they fail to note how many of them involved private sector contractors or partners. And their only real mention of the private sector is to suggest that the ICO consults with industry on ‘guidelines’ and the possibility of introducing a ‘kitemark’ (a kind of stamp of approval). These are both pretty much worthless and tokenistic efforts. The Tories, as much as Labour, fail to appreciate that contemporary threats to privacy come as much from the private sector as the public. Unfortunately recognising and dealing with this would require a rather more robust attitude to private business than either of the UK’s two main parties are prepared to muster right now. This, I guess, is the reason why the Tories talk about ‘the surveillance state’ as opposed to ‘the surveillance society’ (the term used by ourselves and the ICO).

Secondly, there is no proposal to do anything to control or roll-back the most obvious and intrusive aspect of the UK’s surveillance society, the vast number of CCTV cameras and systems operated by everyone from the police down to housing associations and schools. In fact there is not a single mention of CCTV or public space surveillance in the report. Rather than missing an elephant in the room, this is more like failing to notice a whale in your bathtub…

Finally, there is the suggestion to introduce a right to privacy as part of a ‘British Bill of Rights’. Certainly what privacy means in British law needs to be clarified and strengthened, but actually this could be done through amending the existing Human Rights Act to make it better reflect the European Court’s already published views on the interpretation of Article 8 of the European Directive. Unfortunately, the Tories are stupidly ideologically opposed to doing anything to strengthen the HRA, and in fact their proposed ‘British Bill of Rights’ is a rag-bag collection of populist proposals that will instead replace the most progressive change to British law for some decades.

Finally, there is no mention of any changes to the pernicious Terrorism Act or Counter-Terrorism Act, that have further undermined the presumption of innocence and other longstanding foundations of British citizenship. There’s no mention of previous legislation that restricted traditional freedoms like the Criminal Justice and Public Order Act. In fact, there’s every reason to believe that the Conservative Party will be just as willing to clamp down on such freedoms in the name of the war on terror, or crime, or anti-social behaviour as the Labour Party, and no reason to suppose that they deal honestly with the underlying issues – which would mean, of course, telling people things that they don’t want to hear.

The full report can be found here.