Category: databases

More details of illegal NSA wiretap program revealed

The Online Jounal has published a piece by ex-NSA operative and perennial thorn in the side of the organisation, Wayne Madsen, which gives far more detail of the system of illegal wiretapping of e-mails, in operation over recent years.

According to Madsen, two NSA programs for text interception are known to exist, one called PINWALE, which mainly targets Russian e-mails, and secondly the STELLAR WIND program, which “was initiated by the George W. Bush administration with the cooperation of major U.S. telecommunications carriers, including AT&T and Verizon.” and “was a major priority of the NSA program”.

Madesen gives details of how PINWALE and there’s little reason to suppose that STELLAR WIND is very different. Basically these programs search a range of ‘metadatabases’, repositories of captured text from millions of people around the world, outside and inside the USA. The search parameters include: “date-time, group, natural language, IP address, sender and recipients, operating system, and other information embedded in the header”.

Madesen claims that both STELLAR WIND and PINWALE “negated both USSID 18 and the Foreign Intelligence Surveillance Act of 1978 [which were introduced following the Church Committee report into illegal operations by the NSA in the 1960s and early 1970s] by permitting NSA analysts to read the e-mails, faxes, and text messages of U.S. persons”

The three metadatabases are called LION HEART, LION ROAR, and LION FUSION and were developed, as with many NSA systems in conjunction with an external contractor, in this case, Booz Allen Hamilton, which Madsen previously revealed was also responsible for FIRSTFRUITS, program used to track the articles, and communications of particular journalists.

There’s more detail in the article, and one other thing is certain. All these exotic codenames will now be history, as all intelligence agencies have a policy of changing them once they are revealed. Journalists still talk about ECHELON as if it exists as an active NSA operation, but that one hasn’t existed under that name for twenty years or more. There are a huge diversity of NSA programs for all kinds of communications interception and sorting. Each component will have its own terminology and many will be temporary parts of a greater whole, which may not even exist by the time they are revealed. At least former insiders like Madsen can keep some track of developments…

An aerial view of the NSA's station at Yakima in Washington State (Cryptome)
An aerial view of the NSA's station at Yakima in Washington State (Cryptome)

Britain is a surveillance society and it must change: detailed anaysis of the Lords Constitution Committee report

This is probably the best parliamentary report on surveillance I have ever read, and if only half of the recommendations are given any attention by the government, then Britain will be a much better place.

It’s 3.00am here in Brazil, and I have just spent the last four hours reading, analyzing and writing about the House of Lords Constitution Committee Report Surveillance: Citizens and the State. My expectations of the work of the committee have generally not been disappointed. This is probably the best parliamentary report on surveillance I have ever read, and if only half of the recommendations are given any attention by the government, then Britain will be a much better place. However it is not only relevant to Britain. The UK seems to have come to be regarded as some kind of model for other democracies to follow in terms of surveillance and security – at least by governments. Reading this report should serve to disabuse others of any notion that Britain is a good example.

Here’s the detailed analysis. It is long and there are no pictures! But this is serious stuff. I have gone through the whole report and thought about all the recommendations. It is worth remembering first of all what the Committee was asked to do. Here are the questions they started out with:

  • Have increased surveillance and data collection by the state fundamentally altered the way it relates to its citizens?
  • What forms of surveillance and data collection might be considered constitutionally proper or improper? Is there a line that should not be crossed? How could it be identified?
  • What effect do public and private sector surveillance and data collection have on a citizen’s liberty and privacy?
  • How have surveillance and data collection altered the nature of citizenship in the 21st century, especially in terms of citizens’ relationship with the state?
  • Is the Data Protection Act 1998 sufficient to protect citizens? Is there a need for additional constitutional protection for citizens in relation to surveillance and the collection of data?

The answers to the first and last questions are, in short ‘yes’ and ‘no’ respectively. Their basic conclusion is that increasing surveillance by the state is the greatest change to the nature of the relationship between state and individual in Britain since the end of the second world war. In opposition to the House of Commons Home Affairs Committee report from last year, and largely in support of our Report on the Surveillance Society form 2006 and that of the Royal Academy of Engineers from 2007, they show that Britain is a surveillance society, and that this must change. They do not go so far as to recommend an Information Act to bring all legislation in this area together, as I have been arguing, but they do advocate significant new legal / constitutional measures to rebalance the state-individual relationship in favour of the individual.

There are 8 chapters of consideration of all of the evidence given, which is treated in a very careful and even-handed way. The Home Office, the police and the Surveillance Commissioners for example, all come in for a telling-off at various points, but at the same time, some of the current government’s initiatives on openness are quite rightly praised (although of course they don’t go far enough in tackling the culture of secrecy that has plagued British government for far too long).

Who comes out of it well? First of all, the Information Commissioner, Richard Thomas and his office (the ICO). This is entirely right. None of this debate would have happened without him and he continues to push the agenda forward in an activist manner that many campaigners should look to as an example. Secondly, the media. The Lords seem to be very aware of the role of investigative journalists in holding the government to account. People are too willing these days to make blanket generalisations about the media as if they were all superficial and obsessed with celebrity. In the case of surveillance, the BBC and The Guardian in particular have done a great job. Thirdly academics and campaigners alike come across as far more informed and sensible about this than the state, which leads the Lords to recommend that the government pay us far more attention. On a personal note, it is a bit disconcerting to see myself, Surveillance Studies Network and other people and organizations with whom I work mentioned (approvingly) quite so much in such an important document…

The Committee place the two values of privacy and freedom as the foundations of its recommendations. The Lords argue that privacy and the restraint of state powers are at the heart of liberty, and that they should be taken into account at all times. There is, I am very pleased to see no mention of ‘trade-offs’ between freedom and security and it seems that they accepted my argument (they do quote me on this) that when claims to protect fundamental freedoms by increasing security are actually eroding those freedoms, the tacit agreement that binds people and state is broken. They stress that all organisations involved in surveillance and date handling need to give far more attention to privacy at all stage, indeed that it should be built in.

There are many individual recommendations.The first concern the Information Commissioner. Basically, the Lords argue that he should be given more extensive powers and more resources, specifically:

  • to have a role in assessing the effect on any new surveillance measure on public trust;
  • to be able to monitor the human rights (Article 8, ECHR) effects of government and private surveillance practices on the public;
  • to be consulted by the government at the earliest stages of policy development – they specifically attack the government for not doing thus far; to extend the ICO’s power of inspection to private companies (again something I am quoted on) – they don’t note that the power of inspection over government departments was only granted in a rush by Gordon Brown following the revelations of disastrous losses of data by various state bodies;
  • to speed up the implementation of the ICO’s new power to fine bodies that break the rule on data protection and freedom of information;
  • to be a statutory consultee on all surveillance and data processing laws and for the ICO to report to Parliament on this;
  • for the government and the ICO to undertake a review of the law governing citizens’ consent to use of their personal data – there is quite a lot of interesting discussion in the body of the report on how consent might operate, and I am very pleased that they haven’t, unlike the government, given up on the importance of consent;
  • for the government to work with the ICO on raising public awareness as it should already be doing but has failed to do;
  • and finally, and this is really important – for the Data Protection Act to be amended to mandate a Privacy Impact Assessments (PIA) “prior to the adoption of any new surveillance, data collection or processing scheme, including new arrangements for data sharing” with a role for the ICO in overseeing these. The government will probably try to ignore this, but this is the most crucial recommendation for future policy.

On the various other commissions – of which there are too many in my opinion – they merely recommend that the Surveillance and Communications Commissioner work together better and seek the advice of the ICO, especially with regard to the misuse of powers under the Regulations of Investigatory Powers Act (RIPA), and that the Investigatory Powers Tribunal stops hiding from the public. These are weak recommendations. Later they are rather more robust about the problems of having too many ineffectual regulators of RIPA, but despite a brief mention, any recommendations regarding the regulation of the Intelligence Services get quietly dropped along the way (not surprisingly). I would have thought that recommending at the very least that the offices of the Surveillance and Communications Commissioners are brought under the control of the ICO, if not completely absorbed into the ICO, would have been a much better long-term move.

They also have a number of other recommendations on the egregious RIPA, firstly that the (inadequate) administrative procedures are reviewed and secondly that the government should think again about the whole business of allowing Local Authorities police powers, and that in any case, these powers” should only be available for the investigation of serious criminal offences which would attract a custodial sentence of at least two years.” In my opinion, this effectively amounts to saying ‘repeal RIPA’ without saying so directly. The use of intense targeted surveillance powers to deal with minor infractions is what a lot of RIPA is all about whether that was the intention or not. It is an ill-thought out and badly worded law, like so many in this area.

The Lords recognize this deficiency in detail and specificity and argue as a general point, following the Human Rights Committee, that “the Government’s powers should be set out in primary legislation.” Crucially they also note that the government has not seemed very concerned with what happens after legislation is passed or how it works. They recommend the formation of a new Joint Committee in parliament on surveillance and data powers that would have post-legislative scrutiny as one of its key functions.

There are several measures concerning particular technologies. Their coverage of technologies of surveillance and data-collections is not too bad. I gave a seminar to the Committee on the range of surveillance technologies before they started their hearings, and I was beginning to despair at the levels of knowledge – “can they really do that?” was a common cry – and yet here they consider everything from CCTV to ubiquitous computing / ambient intelligence. There are still major deficiencies however. Although they take my point that government needs to get ahead of the technological game in order to regulate effectively, they still have not. They don’t recommend anything specific about the use of scanners in public places, location tracking, about the increasing dependence on RFID, or about the new flexibility, mobility, decrease in size and bodily intrusiveness of surveillance technologies and what this means for regulation. Mind you that is all in our report to the ICO that inspired all this (see Paragraph 4!)

They recommend that:

  • the Government comply fully with the recent ruling from the European Court of Human Rights that DNA profiles of innocent people are no longer kept indefinitely on the National DNA Database (NDNAD) – they also rule out a complete national database on both liberty and cost grounds, and argue that there should be a single, clear law governing the NDNAD and better transparency all-round.
  • On CCTV, they recommend more research on “the effectiveness of CCTV in preventing, detecting and investigating crime”, and more importantly that the government finally put CCTV on a proper statutory basis, with clear regulations, and systems of complaint and redress.
  • The report is at its weakest on the proposed new National Identity Register (NIR) and ID card. No2ID will not be happy, as all that they say is that “the Government’s development of identification systems should give priority to citizen-oriented considerations.” This is practically meaningless.Considering that this is the Constitution Committee report, and that the NIR and ID card are at the heart of how the government sees the information relationship between state and individual, this is also an unacceptable and compromised omission. No doubt it is evidence of a key area of disagreement amongst members, but the Chair should have banged some heads together on this one!
  • Although it is treated as a legislative measure, the Lords recommend mandatory encryption of personal data “in some circumstances.” This should have been stronger – bear in mind that most of the data lost by the state over the last few years was not encrypted
  • They also recommend that the government incorporate ‘design solutions’ in particular Privacy-Enhancing Technologies (PETs) in all new schemes. This is good as a minimum – we have to make sure that the government doesn’t use PETs as a way of claiming to have dealt with the problem – ooh, look: technology!

In other general measures for the whole of government, the Lords return to their central themes, specifically:

  • that Government should instruct government agencies and private organisations involved in surveillance and data use on compliance with Article 8 ECHR and in particular the legal meanings of necessity and proportionality. They also recommend legal aid should be available for challenges under Article 8.
  • a system of judicial oversight for surveillance carried out by public authorities, with compensation “to those subject to unlawful surveillance by the police, intelligence services, or other public bodies” acting under RIPA. This would be a severe blow the ad-hoc and effectively extra-legal expansion of surveillance powers under the present government. It would be great if it happens, but I am not going to hold my breath until it does…
  • increasing the stature and power of the data protection minister
  • lots of general blah about improving safeguards and restrictions on data handling and implementing standards and training, and education, to improve public confidence. But the thing is, public confidence isn’t really the main issue. Public confidence is low because the government and its private sector contractors have been time and again demonstrated to be incompetent.
  • there are also several paragraphs of recommendations which basically amount to saying ‘listen to the public’ and particularly, pay attention to pressure groups and research in this area because they know what they are talking about. They are right, you know – we do! They also want more research to get better information on public opinion in this area. We can do that too!

Despite this slight degeneration into well-meaning generality at the end, and despite the glaring hole when it comes to the NIR and ID cards, the principles advocated by this report, if implemented, would transform the direction of government in Britain. Many of the individual recommendations are things that I and others have been arguing for, for some time.

So what was the government’s first response? Well, the thoroughly useless Home Secretary, Jacqui Smith, according to the BBC has “rejected claims of a surveillance society as “not for one moment” true and called for “common sense” guidelines on CCTV and DNA.” When she has read the report she will realize that such guidelines are right in front of her – indeed, she got ‘common sense’ from the European Court on the DNA database some time ago and her department still does not know what to do with it!

As I said, if even half of this reported is acted on, Britain’s ways of dealing with surveillance will be transformed. I am not paying much attention to the Conservatives – in opposition you can say anything and they will beat the government with the liberty stick one day and the security stick the next. The question is, are New Labour brave enough to admit that their approach to surveillance has been almost entirely wrong?

We will soon find out.

Transport Surveillance in Brazil (1) SINIAV

One of the items reported on in Privacy International´s assessment of privacy in Brazil was that ¨in November 2006, the Brazilian National Road Traffic Council approved a Resolution adopting a Radio Frequency Identification (RFID) tags in all licensed vehicles across the country.¨ The Conselho Nacional de Trânsito (CONTRAN) is part of the Departemento Nacional de Trânsito (DENATRAN), itself part of the massive new Ministério das Cidades (Ministry of Cities), the product of Lula´s major ministerial reforms designed to shift emphasis and power away from the large rural landowners to the growing numbers of increasingly populous cities.

brazao_siniav1The new scheme is called the Sistema Nacional de Identificação Automática de Veículos (SINIAV, or National System for the Automatic Identification of Vehicles). Basically it will put an RFID-tag in every vehicle license plate, in a gradual process. Much like the new ID scheme for people, SINIAV is based on a unique number. In Annex II, Paragraph 3, the resolution provides a breakdown of exactly what will be contained in the tiny 1024-bit chip as follows. The unique serial number (64), and a manufacturer´s code (32), will be programmed in at the factory, leaving a total of 928 programmable bits. The programmable area contains two main sections. The first contains all the personal and vehicular information: place of registration (32), registration number of seller (32) application ate (16), license plate number (88), chassis number (128), vehicle tax number (RENAVAM) (36), vehicle make and model code (16) and finally 164 bits for ´governmental applications´. The remaining 384 bits are split into 6 blocks for unamed ´private initiatives.´

SINIAV system diagram (DENATRAN)
SINIAV system diagram (DENATRAN)

Privacy International note that there is no more than a mention of conformity to constitutional rules on privacy (of which more later). However there is much more that is of concern here. The resolution claims that the data will be encrypted between plate and reader, but the technical specifications are not given to any level of detail (*though there is more information from the Interministerial Working Group on SINIAV, which I haven´t examined in any detail yet). We all know already how easy it is to clone RFID chips. This scheme is supposed to be about security for drivers, but it could easily result in the same kind of identity fraud and consequent necessity of disproving the assumption of guilt created by automated detection systems for car-drivers as for credit cardholders. Could you always prove that it wasn´t your car which was the gettaway vehicle in a robbery in Saõ Paulo, or you driving it, when your actual car was in a car park in Curitiba? Widespread cloning of chips would also render the whole system valueless to government.

RFID chip
RFID chip

Then there is the question of function creep. The chip has spare capacity, and assigned space for unamed functions, state and private. Brazil already has a system of state toll roads (pay-for-use highways), and these chips could certainly be used as part of an automated charging system. That might be very convenient. However what other functions could be thought up, and how might safeguards be built in? As I have already noted, Brazil has no body for protecting privacy or data/information rights so it would be very easy for new more intrusive functionality to be added.

Combining the problems of a movement towards automated fines or changes, and criminality, another major issue would be the one recently revealed in Italy, where a automated red-light camera system was found to have been fixed in order to generate income from fines for corrupt police and a multitude of others.

The final question of course is whether this will all happen as planned or at all. The system would supposedly be complete by 2011. I know of a trial scheme in Saõ Paulo, but on a quick (and very unscientific) straw poll of people who I encountered today at the university here in Curitiba, there is to be no-one who has an RFID license plate or knows someone who does, and there is practically zero awareness even amongst educated professionals. Like the National ID-card scheme, people just don´t think it will go to plan or timetable. That may however, just reflect a (middle-class) Brazilian view of the abilities of the state.

Still, as the Frost and Sullivan market assessment states, all of this turns Brazil into a ‘highly attractive market for RFID suppliers’ which was probably the main motivation and will be the only real outcome.

Major new report on surveillance out next week

House of Lords
House of Lords

I hear on the grapevine that the British House of Lords’ Constitution Committee Report on Surveillance and Data Sharing will be out next Friday 6th February. The inquiry conducted by the committee has been one of the most thorough of any so far conducted, and certainly promises to be more considered than the rather rushed House of Commons Home Affairs Committee report, A Surveillance Society? from last year. Both reports were ordered largely in response to the Report on the Surveillance Society that Surveillance Studies Network wrote for the UK Information Commissioner in late 2006, and which is still getting coverage around the world (see CCTV in Canada for example). Check the Committee’s website for the report itself and, of course, back here for a review, on Friday.

Come to Britain and we will fingerprint your kids…

fingerprintLast week I mentioned the approval of the biometric passports scheme by the European Parliament, and that there were several countries that planned to fingerprint children under the age of 12 despite the legal, ethical and technical problems with this.

However, what I didn´t mention is that – surprise, surprise – Britain is one of the countries that does fingerprint kids, and indeed it has already been fingerprinting foreign children resident in Britain as young as 6. As Privacy International´s Gus Hossein argues on The Guardian´s Comment is Free website, the UK government claims that this is only bcause the EU has forced this upon them when in fact it was the UK government that forced the EU into adopting that position in the first place!

Now, as I mentioned, the European Parliament has pushed the age limit upwards, but will this make any difference to the UK Home Office? Given that the Home Office is still ´carefully considering´ its responce to the kicking it received from the European Court of Human Rights over the taking and retention of the DNA of 857,000 children, I wouldn´t bank on it.

Top Ten Problems with UK Information Sharing Proposals

Chris Pounder of Amberhawk information consultants sends me his Top Ten Problems with the British government´s new information-sharing proposals that are to be found buried deep in the Coroners and Justice Bill, where perhaps they thought no-one would notice… these are part of much lengthier and more thorough analysis submitted to the Joint parliamentary Committee on Human Rights (JCHR), which explains why the proposals ignore or conflict with the recommendations of 2008´s Data Sharing Review conducted by Richard Thomas and Mark Walport for the Ministry of Justice itself. These are sumarised by me here, and any errors and omissions are therefore my own:

  1. Lack of scrutiny. There is no provision for the JCHR to scrutinise this (or any other) wide-ranging statutory power which impacts on Article 8 of the European Convention on Human Rights (ECHR), nor any attempt to explain how this provision is consistent with human rights legislation.
  2. The extension of information sharing beyond personal data. The use of “any person” in the Bill means that it applies to information sharing by any public or private body or individual. “Information sharing” powers are not limited to personal data and the person who receives the shared information might be a foreign government or organisation. [for example the FBI´s proposed Server in the Sky]
  3. The “exceptional” may become the routine The Data Sharing Review recommended that the sharing of personal data should be legitimised in exceptional circumstances. However, in the Bill there is instead a legitimation of general information sharing, whenever it falls within a “relevant policy objective” [which is basically anything a Minister decides].
  4. The generality of an Information Sharing Order. There is no limit as to how “person”, “purpose” and “information class” are specified in an Order. There is no explicit requirement for the purpose of the information sharing to be one of those specified in Article 8(2) ECHR.
  5. The prospect of unlimited data sharing from large Government databases. The Bill appears to facilitate data sharing from any Government database without Parliament being explicitly informed of this sharing when an Order is before Parliament. The prohibition in the clause only relates to Part 1 of the Regulation of Investigatory Powers Act (RIPA). By implication, sharing from other national databases (e.g. the national identity register of the ID Cards Act) does not need to be explicitly mentioned in an Order. This means that unlimited data can be shared from these other national databases by means of a general order-making provision.
  6. The exclusion of critical comment on the purpose of the processing. In the Bill, the Information Commissioner is not allowed to comment on whether “the sharing of information enabled by the order is necessary to secure a relevant policy objective”. The effect is to inhibit the Commissioner from commenting on the purpose of the processing, which is the main purpose of the Information Commissioner! Plus, because this applies to more than personal information, much of the proposed sharing is outside his remit.”
  7. The range of the powers. The powers are widely drawn and their application is very broad. There is no explicit provision in the main sharing provisions which would facilitate data subject rights and freedoms (e.g. right to object ; need to obtain consent). Instead, these provisions can “modify” the application of any law (including the Data Protection Act and the Human Rights Act) which will weaken the protection afforded to data subjects.
  8. The lack of transparency. There is no obligation to disclose to the Information Commissioner or Parliament any background document or legal advice about a proposed Information Sharing Order. There is no obligation to answer any formal request for information from the Commissioner. There is no obligation to engage the public on the subject of a draft Information Sharing Order.
  9. The irrelevance of the proposed Code of Practice. There is nothing in these information sharing clauses which expressly states that the sharing of personal data has to be consistent with the proposed non-statutory Code of Practice. The Code is not subject to approval by Parliament; rather, it is subject to approval by the Secretary of State (SoS).There is no provision which sets out what happens if there is a disagreement between SoS and Information Commissioner about the content of a Code. There is no active role for Parliament in relation to the content of a Code.
  10. Orders can be implemented to achieve purely administrative objectives. For example, suppose Ministers are told by civil servants that the problems associated with one of the Government’s big database projects would be resolved if they used criminal convictions from the Police National Computer. The Bill allows the Minister to argue that the sharing was necessary to secure a policy objective, it was proportionate as there was no other way of securing the policy objective (abandoning a large IT project is not an option), and it was in the public interest to secure the policy objective (given the amount of money committed to the project). This means that sharing which could be excessive and disproportionate in terms of Article 8 becomes necessary and proportionate in terms of realising a policy objective.

Previously, I commented that No2ID were overstating their case that this proposal was the greatest threat to information rights after the ID Register. After reading Chris´s analysis, I think they might be underestimating its importance. The creation of a generalised and weakly accountable ability for the state to share information of any kind with any one they wish, is a far greater threat than the creation of any single database, however extensive. I disagree with their views on the Data Sharing Review, but No2ID’s data sharing site still has the best summary of proposals and action people can take…

Brazil as Surveillance Society? (1) Bolsa Família

The claim that Brazil is a surveillance society, or at least uses surveillance in the same fundamental organising way as the UK or Japan does, is based on the bureaucracy of identification around entitlement and taxation, rather than policing and security.

My previous post on the subject of whether Brazil was a surveillance society put one side of an argument I am having with myself and colleagues here: that the use surveillance in Brazil is fundamentally based on individual (and indeed commodified and largely class-based) security, rather than surveillance as fundamental social organising principle (as one might legitimately claim is the case in Britain). Now, I deliberately overstated my case and, even as I was posting, my argument was being contradicted by colleagues in the same room!

So here´s the counter-argument – or at least a significant adjustment to the argument. In most nation-states, entering into a relationship with the state involves forms of surveillance by the state of the person. This relationship is more or less voluntary depending on the state and on the subject of the relationship. In most advanced liberal democracies, the nature of surveillance is based on the nature of citizenship, particularly:

  1. the ability of citizens to establish claims to entitlement, the most fundamental to most being a recourse to the law (to protect person and property), secondly the ability to case a vote, and more something that is generally more recent in most states, the right to some kind of support from the state (educational, medical, or financial);
  2. the ability of the state to acquire funds from citizens through direct or indirect taxation, to support the entitlements of citizens, and to maintain order.

I am not going to consider law and order, or indeed electoral systems, here but rather I will concentrate on the way that surveillance operates in an area I had previously begun to consider: the bureaucracy of identification around state-citizen relations particularly in the areas of entitlement and taxation. The claim that Brazil is a surveillance society, or at least uses surveillance in the same fundamental organising way as the UK or Japan does, is based on this rather than policing and security.

There are two broad aspects: on the one side, taxation, and on the other, entitlement. I´ll deal first with the latter (which I know less about at the moment), in particular in the form of Lula´s Programa Bolsa Família (PBF, or Family Grant Program), one of the cornerstones of the socially progressive politics of the current Brazilian government. The PBF provides a very simple, small but direct payment to families with children, for each child, provided that the children go to school and have medical check-ups.

Of course these requirements in themselves involve forms of surveillance, through the monitoring of school attendance by children – for which there is a particular sub-program of the PBF called Projeto Presença (Project Presence) with its own reporting systems – and epidemiology and surveillance of nutrition through the Ministério de Saúde (Ministry of Health). However underlying the entitlement is massive compulsory collection of personal information through the Cadastro Único para Programas Sociais (CadÚnico, or Single Register for Social Programs), set up by Lula´s first administration to unify the previous multiple, often contradictory and difficult to administer number of social programs. This is, of course a database system, which as the CadÚnico website states, ¨funciona como um instrumento de identificação e caracterização socioeconômica das famílias brasileiras¨ (¨functions as an means of identification and socioeconomic caracterization of Brazilian families¨). Like most Brazilian state financial systems, CadÚnico is operated through the federal bank, the Caixa Econômica Federal (CAIXA). The CadÚnico database is founded on ¨um número de identificação social (NIS) de caráter único, pessoal e intransferível¨ (¨a unique, personal and non-transferable Social Identification Number or NIS¨). I am unclear yet how this NIS will relate to the new unique identification system for all citizens.

The PBF Card
The PBF Card

Entitlement is demonstrated with (yet another!) card, the patriotic yellow and green Cartão PBF. Like the CPF card, this is a magnetic strip card rather than a smart card, and is required for all transactions involving the PBF. Also like the CPF, but unlike many other forms of Brazilian ID, it has nothing more than the name of the recipient and the CadÚnico number printed on it. In this case the recipient is generally the mother of the children being claimed for, a progressive and practical measure shared with other family entitlement programs in Brazil.

Happy smiling PBF cardholders!
Happy smiling PBF cardholders!

The PBF card in itself may not be enough to claim as you would still need at least the Registro Geral (national ID) card to prove that you are the named holder of the PBF card. The card itself may be simply designed to generate a sense of inclusion, as the pictures of happy smiling PBF cardholders on the government websites show consistently emphasise, although of course, like so many other markers of entitlement to state support, it could also become a stigma.

The information collection to prove entitlement is quite extensive, and here I have translated roughly from the website:

  • house characteristics (number of rooms; construction type; water, sewerage and garbage systems);
  • family composition (number of members, dependents like children, the elderly, those with physical handicaps);
  • identification and civil documents of each family member;
  • educational qualification of each family member;
  • professional qualifications and employment situation;
  • income; and
  • family outgoing (rent, transport, food and others).

Although PBF is a Federal program, the information is collected at the level of individual municipalities, and there is thus the potential for errors, differences in collection methods, delays and so on to hamper the correct distribution of the money. So each municipality is required to have a committee called the Instância de Controle Social (Social Control Authority) which, whilst it may sound sinister to anglophone ears, actually refers to the control of civil society over the way that the government carries out its social programs. This is also quite a lot of information of the most personal kind and whilst, unlike in many countries there is no central authority of Commissioner for Data Protection in Brazil, there is particularly for PDF, an Observatório de Boas Práticas na Gestão do Programa Bolsa Família (Observatory for Best Practice in the Management of the PBF), which has a whole raft of measures to safeguard and protect the data, correct errors etc (what has been called habeus data principles). Effectively, this is a case of knowing exactly quis custodis ipsos custodes!

Now of course, such a large database of information about the most vulnerable people in society has the potential to be misused by a less progressive or even fascist government. Marxist analysis of early welfare systems has tended to colour our views of such programs as being solely about the management of labour on behalf of capital and the control of the working classes by the state to prevent them from more revolutionary action. For more recent times in Surveillance Studies, John Gilliom´s book, Overseers of the Poor, showed how much Federal assistance programs in the USA could impact negatively upon the lives of claimants, particularly women, in the Appalachian region, and revealed the everyday forms of resistance and adaptation that such women used to make the programs function better for them. I will have to examine more detailed anthropological studies of the PBF to see whether similar things are true of the Brazilian program. I don´t want to get too much into the effectiveness of this program now, although I am trying to examine the correlation of the PBF with apparently declining crime rates in Brazilian cities, but it is worth noting that the World Bank rates it as one of the most successful ways of dealing with extreme poverty in the world. As a general observation, it does seem that only those who object to redistributive policies full stop (or just dislike Lula himself) or those who think it does not go far enough, have any serious complaint about the PBF. But there is far more to consider here…

Identity and Identification in Brazil (continued)

…the Brazilian driving licence is a goldmine of personal information…

I spent a little while over the last couple of days examining the actual material identity documents currently required in Brazil. Here are some pictures with a little explanation. There will be a lot more in the final article!

The first is the simplest but in many ways the most important to life-chances. This is the Cadastro de Pessoas Físicas (CPF) (Register of Physical (or Natural) Persons) card (or Taxpayer’s Card).

CPF

‘Pessoas Físicas’ is a a piece of legalese that is draws a distinction between humans and other ‘legal persons’, like corporations or governments. The CPF number is issued to all those who pay tax and is essential if one wants any formal work. The actual document is a blue plastic card like old-style credit cards, which also has a machine readable magnetic strip on the back.

The number is also required for many other government transactions, and it is, apparently a major disaster if you lose the card, or if for some reason, your CPF number is rescinded (which can happen if you don’t pay tax in Brazil for more than a year, for example if you are abroad, without explanation). Many people who live in the favelas, and who are involved in the shadow economy do not have a CPF, which is a severe obstacle to social inclusion.

The second document is the Registro Geral (General Registry) (ID) card, a double-sided piece of thick paper, just larger than a credit card. It is oriented vertically at the front and horizontally at the back.

RG card

As I noted in the first post I made on this subject, the RG card cross-references the CPF and also birth certification (it lists the full names of both mother and father and city and state of origin). This card is the one that is being replaced by the new RIC smartcard ID system.

Finally, we have the Carteira Nacional de Habilitação, the driving licence which, despite its name, is issued at state rather than national-level. The colour and format differs from state-to-state, however they all have pretty much the same level of information (a lot!) and cross-identification with other forms of ID. This one is from Paraná, which is a paper usually folded in half horizontally. It is specifically forbidden to laminate it.

RNDH

The Brazilian driving licence is a goldmine of personal information. Partly this is because the licence had been intended to be a unifying piece of identification (a practice typical of ‘autocentric’ cultures!), containing all the information on both the CPF card and the RG card, and more. This will now not be the case following the issuing of the new RIC cards, so it will be interesting to see if the quantity of information on these licences will be reduced or, if not, what the justification will be for having this much visible personal information on one paper document.

The new Brazilian ID system

The new Brazilian ID-card
The new Brazilian ID-card (from Renato Siqueira's Conversa Digital)

There are more details of the new Brazilian ID card and system on Renato Siqueira’s Conversa Digital blog, including some informative images and photos. It seems that far from eliminating the various different numbers currently used, this new system will merely create a kind of overlay. And, not only that, but the CPF, RG and electoral number will be printed on the back. Unless every single transaction will actually require the taking of fingerprints or the verification of photos, this card will be even more of a convenient source of personal information to thieves and fraudsters than ever before. Plus the chip technology is the same standard format that has proved to easy to clone and access illicitly elsewhere…

Identity and Identification in Brazil

My host and colleague here at PUCPR, Rodrigo Firmino, and I are working on a small bit of research and a paper for The Second Multidisciplinary Workshop on Identity in the Information Society (IDIS 09), at the the London School of Economics, on June 9th this year.

Our paper is based around a case of identity theft, which is endemic in Brazil, which we use to open up the laws, practices and technologies of identification here. One thing that is already clear is that Brazil is a highly bureaucratic state – for example, the forms you need to fill in just to get a mobile phone are incredible in their detail – yet the forms of identification which one needs for every transaction with the state and many private organisations too, are highly insecure.

One example is that every personal cheque has printed on it not only the usual information (bank name and address, bank sort code, account holder name and account number), but also has the 11-digit Cadastro de Pessoas Fisicas (CPF) (a taxpayer’s card) number and the 9-digit Registro Geral (RG) (the national ID card) number. This must be a utter joy to fraudsters and identity thieves!

What’s more, all these are not just numbers in a database somewhere but physical documents in their own right, and on each there is a lot of this cross-identification: the CPF card also has the name and date of birth, the CPF number is ubiquitous, appearing also on the RG card and the driving licence. The latter has its own 11-digit registration number, but also has the RG number, name, and place and date of birth. What is even more interesting is that the RG card not only contains a photo and a thumbprint (the state database contains prints of all 10 fingers and thumbs), but also the names of both parents. This means it can be related more easily to the birth certificate. It reminds me a little of the Japanese system which still prioritises the family above the individual in some ways, but there is no actual equivalent of the koseki, the Japanese family register.

Now, in the name of security and “para integrar os bancos de dados de diversos órgãos dos sistemas de identificação do Brasil” (to inegrate the databases of the diverse organisations of identification systems in Brazil), the Ministry of Justice is proposing to merge some of these – the RG, CPF, Driving Licence and Electoria Regisirtation, into a new, smart, Registro de Identidade Civil (RIC) card based on a unique number. Whilst this will have many of the same problems as new smart ID systems everywhere else, at the very least it might stop Brazilian citizens carrying around multiple documents that list almost everything thieves and fraudsters need and can access without any sophisticated equipment. The process is due to start now, and run until 2017, so we will be taking a look at this as it proceeds.

I’ll put some pictures up with explanations later today…