Category: data

Transport Surveillance in Brazil (1) SINIAV

One of the items reported on in Privacy International´s assessment of privacy in Brazil was that ¨in November 2006, the Brazilian National Road Traffic Council approved a Resolution adopting a Radio Frequency Identification (RFID) tags in all licensed vehicles across the country.¨ The Conselho Nacional de Trânsito (CONTRAN) is part of the Departemento Nacional de Trânsito (DENATRAN), itself part of the massive new Ministério das Cidades (Ministry of Cities), the product of Lula´s major ministerial reforms designed to shift emphasis and power away from the large rural landowners to the growing numbers of increasingly populous cities.

brazao_siniav1The new scheme is called the Sistema Nacional de Identificação Automática de Veículos (SINIAV, or National System for the Automatic Identification of Vehicles). Basically it will put an RFID-tag in every vehicle license plate, in a gradual process. Much like the new ID scheme for people, SINIAV is based on a unique number. In Annex II, Paragraph 3, the resolution provides a breakdown of exactly what will be contained in the tiny 1024-bit chip as follows. The unique serial number (64), and a manufacturer´s code (32), will be programmed in at the factory, leaving a total of 928 programmable bits. The programmable area contains two main sections. The first contains all the personal and vehicular information: place of registration (32), registration number of seller (32) application ate (16), license plate number (88), chassis number (128), vehicle tax number (RENAVAM) (36), vehicle make and model code (16) and finally 164 bits for ´governmental applications´. The remaining 384 bits are split into 6 blocks for unamed ´private initiatives.´

SINIAV system diagram (DENATRAN)
SINIAV system diagram (DENATRAN)

Privacy International note that there is no more than a mention of conformity to constitutional rules on privacy (of which more later). However there is much more that is of concern here. The resolution claims that the data will be encrypted between plate and reader, but the technical specifications are not given to any level of detail (*though there is more information from the Interministerial Working Group on SINIAV, which I haven´t examined in any detail yet). We all know already how easy it is to clone RFID chips. This scheme is supposed to be about security for drivers, but it could easily result in the same kind of identity fraud and consequent necessity of disproving the assumption of guilt created by automated detection systems for car-drivers as for credit cardholders. Could you always prove that it wasn´t your car which was the gettaway vehicle in a robbery in Saõ Paulo, or you driving it, when your actual car was in a car park in Curitiba? Widespread cloning of chips would also render the whole system valueless to government.

RFID chip
RFID chip

Then there is the question of function creep. The chip has spare capacity, and assigned space for unamed functions, state and private. Brazil already has a system of state toll roads (pay-for-use highways), and these chips could certainly be used as part of an automated charging system. That might be very convenient. However what other functions could be thought up, and how might safeguards be built in? As I have already noted, Brazil has no body for protecting privacy or data/information rights so it would be very easy for new more intrusive functionality to be added.

Combining the problems of a movement towards automated fines or changes, and criminality, another major issue would be the one recently revealed in Italy, where a automated red-light camera system was found to have been fixed in order to generate income from fines for corrupt police and a multitude of others.

The final question of course is whether this will all happen as planned or at all. The system would supposedly be complete by 2011. I know of a trial scheme in Saõ Paulo, but on a quick (and very unscientific) straw poll of people who I encountered today at the university here in Curitiba, there is to be no-one who has an RFID license plate or knows someone who does, and there is practically zero awareness even amongst educated professionals. Like the National ID-card scheme, people just don´t think it will go to plan or timetable. That may however, just reflect a (middle-class) Brazilian view of the abilities of the state.

Still, as the Frost and Sullivan market assessment states, all of this turns Brazil into a ‘highly attractive market for RFID suppliers’ which was probably the main motivation and will be the only real outcome.

Datawars Conference

There will be a very interesting -looking conference in Amsterdam, 11-12 June, called Datawars: Fighting Terrorism through Data. According to the call for papers, the workshop will be held at the University of Amsterdam in June and will explore the ethical and political implications of the new data-led approach to security, risk and fighting terrorism in Europe. Suggested topics include:

  • Privacy, security and human rights
  • Ethics, responsibility and justice in European data wars
  • Risk, prevention, preemption
  • Data and surveillance
  • Private authorities, states and the European Union
  • Constituting Europe through data

It´s part of a project run by a couple of excellent researchers, Louise Amoore and Marieke de Goede, of the Universities of Durham and Amsterdam respectively (who probably don´t remember but I worked in an tiny attic office opposite them in the Politics Dept at Newcastle for a few months just after my PhD!). I might go as I have been doing some work on attempts to create global databases, called ´From Echelon to Server in the Sky´, but the timing might be awkward (unfortunately I can´t reveal why yet…).

Facebook surveillance

Another great piece in the Ottawa Citizen´s Surveillance series, which is turning out to be probably the best newspaper coverage of the broad sweep of surveillance that I have yet seen.

This time they are talking to Dan Trottier and Val Steeves about the way that social networking technologies, and in particular Facebook, track individuals and groups.

The complete series The Surveillance Society: A Special Citizen Series, runs as follows:

31/01: The rise of the surveillance society

01/01: How surveillance categorizes us

02/02: Social networks and surveillance

03/02: Spying on each other

04/02: The promise and threat of behavioural targeting

05/02: Watching the watchers

Congratulations to reporter, Don Butler, in particular on some excellent work.

Major new report on surveillance out next week

House of Lords
House of Lords

I hear on the grapevine that the British House of Lords’ Constitution Committee Report on Surveillance and Data Sharing will be out next Friday 6th February. The inquiry conducted by the committee has been one of the most thorough of any so far conducted, and certainly promises to be more considered than the rather rushed House of Commons Home Affairs Committee report, A Surveillance Society? from last year. Both reports were ordered largely in response to the Report on the Surveillance Society that Surveillance Studies Network wrote for the UK Information Commissioner in late 2006, and which is still getting coverage around the world (see CCTV in Canada for example). Check the Committee’s website for the report itself and, of course, back here for a review, on Friday.

Brazil as surveillance society? Privacy International´s view (1)

Every year, Privacy International publishes a kind of index of privacy. The methodology is qualitative and has a strong element of subjectivity based on PI´s campaigning objectives (for example my colleague, Minas Samatas, finds their assessment of Greece as the best country in Europe in this regard, ludicrous). There are also problems with the equivalence of the all the different categories, both in terms of whether all the surveillance identified is even ethically ´bad´ anyway, and in the adding up of categories to conclude that you can lump together the USA, UK, Russia and China. However, it remains a good focus for discussion and no-one else does anything similar.

Let´s see what they concluded about Brazil. Brazil ends up in the 3rd worst category overall, with a ´systematic failure to uphold safeguards´. In particular, PI condemned:

  • the role of the courts in weakening constitutional rights of data protection (something I will be coming back to next week);
  • the lack of a privacy law;
  • the lack of habeus data provisions;
  • the lack of a regulatory of personal data and privacy;
  • an overly simplistic test for the legailty of communications interception;
  • the new ID law;
  • recent Youtube censorship;
  • increasing workplace surveillance, which has only been partially addressed by the courts;
  • widepsread private interception of intenet and e-mail traffic;
  • that fact that ISPs are required to keep and hand over traffic data to police;
  • the extensive road transport surveillance using RFID.

However they also noted:

  • the protection of the right to privacy of children under a 1990 law; and
  • the fact that bank records are protected under the constitution, and warrants are required to seize them

I will be going through their country in report in more detail next week and using this as one of the bases for the questions I will ask NGO representatives and parliamentarians in the weeks after wards.

Come to Britain and we will fingerprint your kids…

fingerprintLast week I mentioned the approval of the biometric passports scheme by the European Parliament, and that there were several countries that planned to fingerprint children under the age of 12 despite the legal, ethical and technical problems with this.

However, what I didn´t mention is that – surprise, surprise – Britain is one of the countries that does fingerprint kids, and indeed it has already been fingerprinting foreign children resident in Britain as young as 6. As Privacy International´s Gus Hossein argues on The Guardian´s Comment is Free website, the UK government claims that this is only bcause the EU has forced this upon them when in fact it was the UK government that forced the EU into adopting that position in the first place!

Now, as I mentioned, the European Parliament has pushed the age limit upwards, but will this make any difference to the UK Home Office? Given that the Home Office is still ´carefully considering´ its responce to the kicking it received from the European Court of Human Rights over the taking and retention of the DNA of 857,000 children, I wouldn´t bank on it.

Top Ten Problems with UK Information Sharing Proposals

Chris Pounder of Amberhawk information consultants sends me his Top Ten Problems with the British government´s new information-sharing proposals that are to be found buried deep in the Coroners and Justice Bill, where perhaps they thought no-one would notice… these are part of much lengthier and more thorough analysis submitted to the Joint parliamentary Committee on Human Rights (JCHR), which explains why the proposals ignore or conflict with the recommendations of 2008´s Data Sharing Review conducted by Richard Thomas and Mark Walport for the Ministry of Justice itself. These are sumarised by me here, and any errors and omissions are therefore my own:

  1. Lack of scrutiny. There is no provision for the JCHR to scrutinise this (or any other) wide-ranging statutory power which impacts on Article 8 of the European Convention on Human Rights (ECHR), nor any attempt to explain how this provision is consistent with human rights legislation.
  2. The extension of information sharing beyond personal data. The use of “any person” in the Bill means that it applies to information sharing by any public or private body or individual. “Information sharing” powers are not limited to personal data and the person who receives the shared information might be a foreign government or organisation. [for example the FBI´s proposed Server in the Sky]
  3. The “exceptional” may become the routine The Data Sharing Review recommended that the sharing of personal data should be legitimised in exceptional circumstances. However, in the Bill there is instead a legitimation of general information sharing, whenever it falls within a “relevant policy objective” [which is basically anything a Minister decides].
  4. The generality of an Information Sharing Order. There is no limit as to how “person”, “purpose” and “information class” are specified in an Order. There is no explicit requirement for the purpose of the information sharing to be one of those specified in Article 8(2) ECHR.
  5. The prospect of unlimited data sharing from large Government databases. The Bill appears to facilitate data sharing from any Government database without Parliament being explicitly informed of this sharing when an Order is before Parliament. The prohibition in the clause only relates to Part 1 of the Regulation of Investigatory Powers Act (RIPA). By implication, sharing from other national databases (e.g. the national identity register of the ID Cards Act) does not need to be explicitly mentioned in an Order. This means that unlimited data can be shared from these other national databases by means of a general order-making provision.
  6. The exclusion of critical comment on the purpose of the processing. In the Bill, the Information Commissioner is not allowed to comment on whether “the sharing of information enabled by the order is necessary to secure a relevant policy objective”. The effect is to inhibit the Commissioner from commenting on the purpose of the processing, which is the main purpose of the Information Commissioner! Plus, because this applies to more than personal information, much of the proposed sharing is outside his remit.”
  7. The range of the powers. The powers are widely drawn and their application is very broad. There is no explicit provision in the main sharing provisions which would facilitate data subject rights and freedoms (e.g. right to object ; need to obtain consent). Instead, these provisions can “modify” the application of any law (including the Data Protection Act and the Human Rights Act) which will weaken the protection afforded to data subjects.
  8. The lack of transparency. There is no obligation to disclose to the Information Commissioner or Parliament any background document or legal advice about a proposed Information Sharing Order. There is no obligation to answer any formal request for information from the Commissioner. There is no obligation to engage the public on the subject of a draft Information Sharing Order.
  9. The irrelevance of the proposed Code of Practice. There is nothing in these information sharing clauses which expressly states that the sharing of personal data has to be consistent with the proposed non-statutory Code of Practice. The Code is not subject to approval by Parliament; rather, it is subject to approval by the Secretary of State (SoS).There is no provision which sets out what happens if there is a disagreement between SoS and Information Commissioner about the content of a Code. There is no active role for Parliament in relation to the content of a Code.
  10. Orders can be implemented to achieve purely administrative objectives. For example, suppose Ministers are told by civil servants that the problems associated with one of the Government’s big database projects would be resolved if they used criminal convictions from the Police National Computer. The Bill allows the Minister to argue that the sharing was necessary to secure a policy objective, it was proportionate as there was no other way of securing the policy objective (abandoning a large IT project is not an option), and it was in the public interest to secure the policy objective (given the amount of money committed to the project). This means that sharing which could be excessive and disproportionate in terms of Article 8 becomes necessary and proportionate in terms of realising a policy objective.

Previously, I commented that No2ID were overstating their case that this proposal was the greatest threat to information rights after the ID Register. After reading Chris´s analysis, I think they might be underestimating its importance. The creation of a generalised and weakly accountable ability for the state to share information of any kind with any one they wish, is a far greater threat than the creation of any single database, however extensive. I disagree with their views on the Data Sharing Review, but No2ID’s data sharing site still has the best summary of proposals and action people can take…

Brazil as Surveillance Society? (1) Bolsa Família

The claim that Brazil is a surveillance society, or at least uses surveillance in the same fundamental organising way as the UK or Japan does, is based on the bureaucracy of identification around entitlement and taxation, rather than policing and security.

My previous post on the subject of whether Brazil was a surveillance society put one side of an argument I am having with myself and colleagues here: that the use surveillance in Brazil is fundamentally based on individual (and indeed commodified and largely class-based) security, rather than surveillance as fundamental social organising principle (as one might legitimately claim is the case in Britain). Now, I deliberately overstated my case and, even as I was posting, my argument was being contradicted by colleagues in the same room!

So here´s the counter-argument – or at least a significant adjustment to the argument. In most nation-states, entering into a relationship with the state involves forms of surveillance by the state of the person. This relationship is more or less voluntary depending on the state and on the subject of the relationship. In most advanced liberal democracies, the nature of surveillance is based on the nature of citizenship, particularly:

  1. the ability of citizens to establish claims to entitlement, the most fundamental to most being a recourse to the law (to protect person and property), secondly the ability to case a vote, and more something that is generally more recent in most states, the right to some kind of support from the state (educational, medical, or financial);
  2. the ability of the state to acquire funds from citizens through direct or indirect taxation, to support the entitlements of citizens, and to maintain order.

I am not going to consider law and order, or indeed electoral systems, here but rather I will concentrate on the way that surveillance operates in an area I had previously begun to consider: the bureaucracy of identification around state-citizen relations particularly in the areas of entitlement and taxation. The claim that Brazil is a surveillance society, or at least uses surveillance in the same fundamental organising way as the UK or Japan does, is based on this rather than policing and security.

There are two broad aspects: on the one side, taxation, and on the other, entitlement. I´ll deal first with the latter (which I know less about at the moment), in particular in the form of Lula´s Programa Bolsa Família (PBF, or Family Grant Program), one of the cornerstones of the socially progressive politics of the current Brazilian government. The PBF provides a very simple, small but direct payment to families with children, for each child, provided that the children go to school and have medical check-ups.

Of course these requirements in themselves involve forms of surveillance, through the monitoring of school attendance by children – for which there is a particular sub-program of the PBF called Projeto Presença (Project Presence) with its own reporting systems – and epidemiology and surveillance of nutrition through the Ministério de Saúde (Ministry of Health). However underlying the entitlement is massive compulsory collection of personal information through the Cadastro Único para Programas Sociais (CadÚnico, or Single Register for Social Programs), set up by Lula´s first administration to unify the previous multiple, often contradictory and difficult to administer number of social programs. This is, of course a database system, which as the CadÚnico website states, ¨funciona como um instrumento de identificação e caracterização socioeconômica das famílias brasileiras¨ (¨functions as an means of identification and socioeconomic caracterization of Brazilian families¨). Like most Brazilian state financial systems, CadÚnico is operated through the federal bank, the Caixa Econômica Federal (CAIXA). The CadÚnico database is founded on ¨um número de identificação social (NIS) de caráter único, pessoal e intransferível¨ (¨a unique, personal and non-transferable Social Identification Number or NIS¨). I am unclear yet how this NIS will relate to the new unique identification system for all citizens.

The PBF Card
The PBF Card

Entitlement is demonstrated with (yet another!) card, the patriotic yellow and green Cartão PBF. Like the CPF card, this is a magnetic strip card rather than a smart card, and is required for all transactions involving the PBF. Also like the CPF, but unlike many other forms of Brazilian ID, it has nothing more than the name of the recipient and the CadÚnico number printed on it. In this case the recipient is generally the mother of the children being claimed for, a progressive and practical measure shared with other family entitlement programs in Brazil.

Happy smiling PBF cardholders!
Happy smiling PBF cardholders!

The PBF card in itself may not be enough to claim as you would still need at least the Registro Geral (national ID) card to prove that you are the named holder of the PBF card. The card itself may be simply designed to generate a sense of inclusion, as the pictures of happy smiling PBF cardholders on the government websites show consistently emphasise, although of course, like so many other markers of entitlement to state support, it could also become a stigma.

The information collection to prove entitlement is quite extensive, and here I have translated roughly from the website:

  • house characteristics (number of rooms; construction type; water, sewerage and garbage systems);
  • family composition (number of members, dependents like children, the elderly, those with physical handicaps);
  • identification and civil documents of each family member;
  • educational qualification of each family member;
  • professional qualifications and employment situation;
  • income; and
  • family outgoing (rent, transport, food and others).

Although PBF is a Federal program, the information is collected at the level of individual municipalities, and there is thus the potential for errors, differences in collection methods, delays and so on to hamper the correct distribution of the money. So each municipality is required to have a committee called the Instância de Controle Social (Social Control Authority) which, whilst it may sound sinister to anglophone ears, actually refers to the control of civil society over the way that the government carries out its social programs. This is also quite a lot of information of the most personal kind and whilst, unlike in many countries there is no central authority of Commissioner for Data Protection in Brazil, there is particularly for PDF, an Observatório de Boas Práticas na Gestão do Programa Bolsa Família (Observatory for Best Practice in the Management of the PBF), which has a whole raft of measures to safeguard and protect the data, correct errors etc (what has been called habeus data principles). Effectively, this is a case of knowing exactly quis custodis ipsos custodes!

Now of course, such a large database of information about the most vulnerable people in society has the potential to be misused by a less progressive or even fascist government. Marxist analysis of early welfare systems has tended to colour our views of such programs as being solely about the management of labour on behalf of capital and the control of the working classes by the state to prevent them from more revolutionary action. For more recent times in Surveillance Studies, John Gilliom´s book, Overseers of the Poor, showed how much Federal assistance programs in the USA could impact negatively upon the lives of claimants, particularly women, in the Appalachian region, and revealed the everyday forms of resistance and adaptation that such women used to make the programs function better for them. I will have to examine more detailed anthropological studies of the PBF to see whether similar things are true of the Brazilian program. I don´t want to get too much into the effectiveness of this program now, although I am trying to examine the correlation of the PBF with apparently declining crime rates in Brazilian cities, but it is worth noting that the World Bank rates it as one of the most successful ways of dealing with extreme poverty in the world. As a general observation, it does seem that only those who object to redistributive policies full stop (or just dislike Lula himself) or those who think it does not go far enough, have any serious complaint about the PBF. But there is far more to consider here…

Civil liberties in Britain

In February, the Convention on Modern Liberty will be taking place in cities across the UK and online. Unfortunately I will still be in Brazil and there are no listed events in Newcastle, which is a great shame – I would certainly have been organising some. This is an issue that tends to cross party lines and unite people of all political persuasions, so I hope as many people as possible in the UK get involved…

The Guardian newspaper´s Comment is Free site also has a special section set up for the event called Liberty Central. Surveillance Studies Network and Surveillance & Society were supposed to be listed there (they contacted us), but they aren´t yet…

New UK government attack on information rights

… a blatant attempt to gut the already inadequate safeguards in the Data Protection Act…

Time for some news from back home in Airstrip One… I’ve argued since our Report on the Surveillance Society came out back in 2006, that two of the biggest problems with information rights in Britain are:

  1. the lack of any constitutional protection for personal information and the consequent contingency of any laws on data protection; and
  2. the apparent belief on the part of the state that it has information rights over the personal information of citizens (or subjects, in reality).

Thus the state can demand information for the ID card scheme under threat of fines or even imprisonment, yet it is entirely the individual’s fault if information is incorrect.

Now, the ever-vigilant NO2ID campaign has noticed something that few others have, that hidden in a new criminal justice bill, the Coroners and Justice Bill is a measure to amend the Data Protection Act to enable government ministers to issue so-called ‘Information Sharing Orders’.

The clause (152, in Part 8, if you’re interested) reads as follows:

152 Information sharing

(1) After section 50 of the Data Protection Act 1998 (c. 29) insert—

“Part 5A Information Sharing

50A Power to enable information sharing

(1) Subject to the following provisions of this Part, a designated authority may by order (an “information-sharing order”) enable any person to share information which consists of or includes personal data.

(2) For the purposes of this Part—

“designated authority” means—

(a) an appropriate Minister,

(b) the Scottish Ministers,

(c) the Welsh Ministers, or

(d) a Northern Ireland department;

“appropriate Minister” means—

(a) the Secretary of State,

(b) the Treasury, or

(c) any other Minister in charge of a government department.

(3) For the purposes of this Part a person shares information if the person—

(a) discloses the information by transmission, dissemination or otherwise making it available, or

(b) consults or uses the information for a purpose other than the purpose for which the information was obtained.

(4) A designated authority may make an information-sharing order only if it is entitled to make the order by virtue of section 50C and it is satisfied—

(a) that the sharing of information enabled by the order is necessary to secure a relevant policy objective,

(b) that the effect of the provision made by the order is proportionate to that policy objective, and

(c) that the provision made by the order strikes a fair balance between the public interest and the interests of any person affected by it.

(5) An information-sharing order must—

(a) specify the person, or class of persons, enabled to share the information;

(b) specify the purposes for which the information may be shared;

(c) specify the information, or describe the class of information, that may be shared.

(6) An information-sharing order may not enable any sharing of information which (in the absence of any provision made by the order)”

Whilst this is not necessarily “as grave a threat to privacy as the entire ID Scheme” as NO2ID claim, the clause is written so broadly (a characteristic of New Labour’s approach to legislating) that it could mean that a Minister with the will could authorise any kind of personal information from any source to be used for as yet unspecified purposes for which it was never intended to be used. It is a blatant attempt to gut the already inadequate safeguards in the Data Protection Act, albeit in particular (ill-defined) instances and at Ministerial level, rather than a blanket provision applying to almost all public authorities (like say, the Regulation of Investigatory Powers Act(RIPA) which enabled local authorities to spy on people for tiny suspected infractions).

However, we shouldn’t allow the precedent to be set at any level…

Check the No2ID site for what you can do to stop this clause.