US Congress debates online data protection

The US House of Representatives will finally get to debate whether online advertising which tracks the browsing habits of users is a violation of privacy and needs to be controlled. A bill introduced by Rep. Rick Boucher of Virginia will be propsing an opt-out regime that gives users information about the uses to which their data will be put, and allows them to refuse to be enroled. At present many such services work entirely unannounced, placing cookies on users’ hard drives and using other tracking and datamining techniques, and without any way in which a user can say ‘no’. Of course, we have yet to see the results of the inveitable industry scare-stories and hard-lobbying on the what will be proposed, let alone pased. But the proposal itself is particularly significant because so far the US has so far always bowed to business interests on online privacy and data protection, and if this bill is pased, it is a sign that what EFF-founder, Howard Rhiengold, long ago called the ‘electronic frontier’ might start to acquire a little more law and order in favour of ordinary people.

Tokyo Brandscaping and the SuiPo system

Brandscaping is a term used in marketing to describe the metaphorical landscape of brands (either for a particular brand, company or sector), however it is also being used by some researchers, including me, to describe the way in which brands are being infiltrated into urban landscapes, with the ultimate aim of being ‘inhabitable’ perhaps even 24/7 (see for example Disney’s move into urban development with Celebration in Florida).

Contemporary brandscaping makes use of new ambient intelligence, pervasive or ubiquitous computing technologies (‘ubicomp’) and ubiquitous wireless communications to create a landscape in which the consumer is targeted with specific messages directing them to certain consumption patterns. Such communication cans of course be two-way and provide corporations with valuable and very personal data on consumption patterns. As I’ve argued in many presentations over the last few years, ubicomp is necessarily also ubiquitous surveillance (what I call ‘ubisurv’ – hence the name of this blog!) because to work it requires locatability and addressability. Japan, and Tokyo in particular, has been the site for a number of cutting edge experiments in this regard, including the ‘Tokyo Ubiquitous Technology Project’ which embedded 1000 RFID tags which can communicate with RFID-enabled keitai (mobile phones) in upscale Ginza as well as several other pilot schemes around Ueno Park and Shinjuku.

TUTP is not all about marketing surveillance however, part of the scheme has involved ‘Universal Design’ (UD) principles, with one experiment to embed chips in the yellow tactile tiles designed to help guide sight- and mobility-impaired people around the city so that useful access information could be passed through specially-enabled walking sticks. I’m very interested in such experiments as they indicate an alternative direction for ubicomp environments which are about genuinely enabling people who are currently disabled by social and architectural norms, and creating a richer sensory landscape. They show that both surveillance and ‘scary’ technology like RFID chips can be humanised.

Unfortunately in our consumer-capitalist world (and Tokyo is the exemplary city of hyper-consumption), marketing and building brandscapes tends to take priority over enabling the excluded and the disadvantaged. But there are different ways of doing this too, which can be more or less intrusive and consensual. The other day I was talking about the growth in functionality of the Suica smart travel card system. Suica-enabled keitai can now, be used buying all sorts of things and since 2006 there have been a growing number of ‘SuiPo’ (short for ‘Suica Poster’) sites, Suica-enabled advertising hoardings that will, on demand send information to your mobile e-mail address with on particular advertising in which you are interested if you pass your Suica card or phone over a scanner placed next to the poster (see photos below)

The difference between SuiPo and the Ginza RFID scheme however is that it with SuiPo is that it is the consumer who makes the choice whether to activate any particular poster’s additional information system. In this sense it is a development of the i-Mode system in which many keitai can read information from special barcodes embdedded in magazine advertisements. It doesn’t automatically call your phone every time you pass an enabled poster, once you have signed up. Not as high-tech but slightly more consensual. However this will, of course, lead to the accumulation of a lot of data on consumption interests. This potentially generates a massive consumer surveillance tool, because it can be linked up travel patterns (your registered Suica card sends information back on where you go – I was wrong about the absolute differences between London’s Oyster and Tokyo’s Suica systems the other day) and information about consumption.

So will this potential become reality? The page on privacy and data protection on the SuiPo website (as usual the link is hidden away at the bottom of the front page!), is pretty standard stuff except for the legitimate purposes for which the data can be used once you sign up. They are, for those who don’t read Japanese, for:

  1. Sending the specific requested information to you;
  2. Improving services;
  3. Data processing and analysis;
  4. JR East’s promotional marketing; and
  5. JR East customer questionnaires.

Purposes 2 and 3 pretty much allow JR to do anything it likes with the data once you have signed up, and there is no statement as to what can or cannot be done with data once it has been ‘mined’ – analysed and transformed into more useful to the company or other organisations (corporate or state) which might want to buy or access such knowledge. ‘Ubisurv’ indeed…

Google: ‘give us data or you could die!’

I’ve been keeping a bit of an eye on the way that online systems are being used to map disease spread, including by Google. What I didn’t anticipate is that Google would use this as a kind of emotional blackmail to persuade governments to allow them as much data as they like for as long as possible.

Arguing against the European Commission’s proposal that Google should have to delete personal data after 6 months, Larry Page claims that to do so would be “in direct conflict with being able to map pandemics” and that without this the “more likely we all are to die.”

Google talk a lot of sense sometimes –  I was very impressed with their Privacy counsel, Richard Fleischer, at a meeting I was at the other week – and in many ways they are now an intimate part of the daily lives of millions of people, but this kind of overwrought emotionalism does them no favours and belies their moto, ‘don’t be evil’.

(again, thanks to Seda Gurses for finding this)

FBI data warehouse revealed by EFF

Tenacious FoI and ‘institutional discovery’ work both in and out of the US courts by the Electronic Frontier Foundation has resulted in the FBI releasing lots of information about its enormous dataveillance program, based around the Investigative Data Warehouse (IDW). 

The clear and comprehensible report is available from EFF here, but the basic messages are that:

  •  the FBI now has a data warehouse with over a billion unique documents or seven times as many as are contained in the Library of Congress;
  • it is using content management and datamining software to connect, cross-reference and analyse data from over fifty previously separate datasets included in the warehouse. These include, by the way, both the entire US-VISIT database, the No-Fly list and other controversial post-9/11 systems.
  • The IDW will be used for both link and pattern analysis using technology connected to the Foreign Terrorist Tracking Task Force (FTTTF) prgram, in other words Knowledge Disovery in Databases (KDD) software, which will through connecting people, groups and places, will generate entirely ‘new’ data and project links forward in time as predictions.

EFF conclude that datamining is the future for the IDW. This is true, but I would also say that it was the past and is the present too. Datamining is not new for the US intelligence services, indeed many of the techniques we now call datamining were developed by the National Security Agency (NSA). There would be no point in the FBI just warehousing vast numbers of documents without techniques for analysing and connecting them. KDD may well be more recent for the FBI and this phildickian ‘pre-crime’ is most certainly the future in more ways than one…

There is a lot that interests me here (and indeed, I am currently trying to write a piece about the socio-techncial history of these massive intelligence data analysis systems), but one issue is whether this complex operation will ‘work’ or whether it will throw up so many random and worthless ‘connections’ (the ‘six-degrees of Kevin Bacon’ syndrome) that it will actually slow-down or damage actual investigations into real criminal activities. That all depends on the architecture of the system, and that is something we know little about, although there are a few hints in the EFF report…

(thanks to Rosamunde van Brakel for the link)

Phorm philling

UK satirical magazine, Private Eye, this week brings the ludicrous Stop Phoul Play website to my attention. This is a corporate spin site devoted entirely to defending BT’s underhand and intrusive ‘Phorm’ online advertising technology against what it calls ‘privacy pirates’ who they claim are either being paid or pushed to damage BT.

Those listed as ‘piracy pirates’ include the excellent investigative IT journal, The Register, the Open Rights Group and the brilliant Foundation for Information Policy Research (FIPR), along with numerous bloggers and contributors to web forums. Now, it may be that some other corporations with rival technologies would like Phorm to fail, just as Microsoft probably enjoys it a great deal every time Google takes a PR hit (or vice-versa), but to suggest that everyone who make a criticism of Phorm is secretly part of some conspiracy against BT is frankly, either stupid paranoid.

And there are very good reasons for being critical of Phorm in the trojan-like manner of its operation and the way in which it has been tested without the consent of users. As Private Eye also reminds us, Phorm has landed the UK government in legal trouble with the EU. It hardly needs a conspiracy to make people justifiably annoyed.

This is one of the weirder exercises in PR I have seen, not least because its paranoia and promotion of conspiracies can only be damaging to BT. Thus it is no surprise to find that, according to the The Register, that it is the product of the fevered imagination of Patrick Robertson, whose previous clients include the lovely General Pinochet and former Tory MP and convicted liar, Jonathan Aitkin. So go take a look at Stop Phoul Play (while it still exists…) – it really is quite insane.