Category: data

Google does the right thing, but…

Google is, as I type this, closing down its Chinese site as the first stage of its withdrawal of service from mainland China, in response to numerous attacks on the company’s computers from hackers allegedly connected to the Chinese state and ongoing demands to provide a censored service with which they felt they could not comply. The company claims that Chinese users will still be able to use Google, only through the special Hong Kong website, http://www.google.com.hk, which for historical reasons falls outside the Chinese state’s Internet control regime. Whether this will mean that the site will actually be accessible to Chinese Net users is debateable. Some say they cannot access it already. There are also numerous ‘fake Google’ sites that have sprung up to try to make some fast cash out of the situation.

But there’s more to this of course. Google has been widely reported to have opened its doors to the US National Security Agency (NSA) in order, they say, to solve the hacking issue, but the NSA only get involved in matters of US national security – if Google is essentially saying it is effectively beholden to US intelligence policy and interests, I am not sure that this is a whole lot better than bowing to China. You can be sure as well, that once invited in, the NSA will insinuate themselves into the company. Having a proper official backdoor into Google would make things a lot easier for the NSA, especially in populating its shiny new data warehouse in Utah

UK Parliamentary Committee rejects Government DNA proposals

The House of Commons Home Affairs Select Committee has rejected a key part of the UK government’s new plans for the National DNA Database (NDNAD). The plans came in response to the ruling by the European Court that the NDNAD was being operated contrary to human rights law by keeping the profiles of innocent people indefinitely. The database has been filled largely through the provisions of a very vague and wide-ranging provision that allowed the police to take DNA from anyone arrested for an indictable offence, and to keep it even if they were never even charged (let alone charged and not convicted). The result had been that long-standing prejudices within the police had meant a bias in the databases against young black men, and a rapidly expanding set of profiles of children and the entirely innocent.The NDNAD had also been attacked by the HUman Genetics Commission (the government’s own watchdog) which recommended multiple reforms.

One of the main parts of the government’s response to the European Court ruling was that DNA should be retained for 6 years – the committee has recommended that this be halved to 3 years (we are still talking about the DNA of innocent people here…), and that there should be some proper national system for deciding who gets deleted entirely (at the moment it is at the discretion of Chief Constables of local police forces!). Of course all of these leaves the wider question of fairness and rights undebated. There are only two properly just ways to run a database of this sort. One would be to include only the DNA of those convicted of a crime or suspected in an ongoing investigation. The other would be to include everyone (as the UAE has decided to do). At the moment, the NDNAD is, like most things in Britain, an unaccountable mess of law, customary practice and happenstance that pleases no-one and is also remarkably ineffective for the money and effort put into it. This will only improve slightly even if the select committee’s recommendations are accepted.

European Parliament blocks EU-US data-sharing agreement

In a rare burst of sanity and concern for the rights of EU citizens, the European Parliament has exercised one of its very limited range of powers and blocked an agreement to continue the ability of the US government to access the Swift international bank transfer system. The parliament argued that the agreement, the descendent of a secret arrangement discovered in 2006, which came about in the aftermath of 9/11, paid insufficient attention to privacy. They are right. It doesn’t pay any attention to the safeguarding of citizens’ information rights, it merely confirms the terms of the undemocratic original agreement, one of a surge of such arrangements that were rushed through in the wake of the attacks when no-one was likely to pay much attention to things like human rights. Now, however, in an slightly less charged atmosphere, the Parliament has been able to demand that such rights should be respected in any transparent and accountable agreement. No-one is arguing that data should not be shared where there is a case for it to be shared, but this should not be at the expense of the rights and freedoms of which we are supposedly exemplars.

Voluntary Self-Surveillance

In a nice bit of synchronicity with the ‘Surveillance and Empowerment’ call just issued by Surveillance & Society, there’s a really interesting little piece on the rise of ‘self-tracking’ by Curetogether founder, Alexandra Carmichael, in the latest issue of h+ magazine, an open-access publication from ‘transhumanist’ pioneer, R.U. Sirius.

The piece concentrates on those who have health problems who want to track and share symptoms and other biometric data, but argues that this is a wider interest: “we do it because we love data, or we do it because we have specific things we want to optimize about ourselves.”

There are also some useful links to life-logging and patient data-sharing sites.

(thanks to BoingBoing for the link to h+)

UK Home Secretary posts response to HGC Report

The UK Home Secretary, Alan Johnson, has posted a comment piece on The Guardian website as a response to the Human Genetics Commission Report on the UK police National DNA Database (NDNAD). It basically says, there’s a long history of balancing security and liberty, we’ve got it right and we won’t be changing anything – all padded out with a lot of nothing. Johnson seems like a decent person (unlike many recent holders of this office) and it seems a shame that he’s reduced to producing this substandard waffle in defence of the indefensible. I do wonder what it would take to convince this government, which is now clearly on its last legs, that they were wrong about anything…

UK DNA Database Criticised by Report

The UK’s DNA database, already under fire by the European Court of Human Right for retaining samples and data from innocent people, has now been lambasted in a report by the government’s own genetics watchdog. The Human Genetics Commission.

The report, called Nothing to Hide, Nothing to Fear? contains a numbers of serious criticisms, most notably the finding that police forces around Britain are routinely arresting people simply in order to obtain their DNA. Almost a million innocent people, including many children, are now on the database, and the ECHR ruling has finally prompted the government to make some minor concessions, such as keeping the DNA of innocent people for 6 years as opposed to 12, but there appears to have been no fundamental change in police practice, nor any change in the instructions given to local forces on best practice.

It’s main recommendations are:

  1. that there should be a parliamentary debate about the recording of what it calls ‘unconvicted’ people;
  2. that because the purpose of the database has shifted over time, there should be constraints set out in new primary legislation;
  3. that “robust evidence of the ‘forensic utility’ of the database should be produced to justify the resource cost and interference with individual privacy it represents”; and,
  4. that there should be an independent oversight board and appeals board to consider removal of profiles; and transparency over data and other issues.

These are all laudable,  but I really start to question their judgement in using the term ‘unconvicted people’. British law has always worked on the principle of ‘innocent until proven guilty’. People are therefore ‘innocent’ until they have a conviction. The term ‘unconvicted’ seems to imply that innocence is no longer an assumption, and that the working hypothesis is that everyone is either guilty or not yet (therefore, potentially) guilty. This is what results from the normalisation of surveillance in everyday life, and it’s one thing we warned most strongly against in our own Report on the Surveillance Society back in 2006. When even critical reports start using language that reflects the worldview of the people they are criticising, you have to be concerned.

Calling people ‘unconvicted’ and not ‘innocent’ matters.

Everyday prejudices mean Canadians end up on watchlists

Another great audit report from the Office of the Privacy Commissioner here in Canada, investigating the Financial Transactions and Reports Analysis Centre of Canada (Fintrac) has just been released. Fintrac, created in 2001 in the Proceeds of Crime (Money Laundering) and Terrorist Financing Act and now with even more extended powers, operates a databases which is supposed to contain details of those suspected of supporting terrorism or money laundering (often on behalf of major criminal and terrorist groups).

However, there is a good story in The Globe and Mail today which leads on the most worrying aspect identified by the audit, which is that in many cases, the Fintrac database is massively overreliant on unsubstantiated suspicions from low-level functionaries in banks, insurance firms and credit agencies. Some of these ‘suspicions’ were clearly simple prejudice as they appeared to be based entirely on ethnicity. Part of the problem is that there are no clear guidelines as to what constitutes a reasonable suspicion in the legislation.

But being put on the database can have serious consequences, firstly because of the potential penalties involved (up to $2m CAN fines and 5-years imprisonment) and secondly, because the information in the Fintrac database can be accessed by Canadian Security Intelligence Service (CSIS), the Royal Canadian Mounted Police  (the RCMP – Canada’s FBI) or shared with overseas police and intelligence services. In the latter case, as we already know, mounting errors can result in innocent people being subject to ever more harsh treatment including being excluded from countries, placed on no-fly lists or even the UN1267 ‘known terrorists and affiliates’ list, as well as, in the worst cases, opening them up to extraordinary rendition, imprisonment and torture.

Jennifer Stoddart, the current Privacy Commissioner, has a well-deserved reputation getting positive changes made, so let’s hope she can persuade Fintrac to get this sorted out pretty soon.

Private Sector Data Losses

People often concentrate rather too much on abuses by the state of personal data. But private sector organisations are certainly no better. One key example was made public this week, when the new UK Information Commissioner, Christopher Graham, announced that he would be prosecuting a major mobile phone company (he is not saying which one yet*) for selling personal information which it held on customers. The trade in personal information is a very difficult thing to regulate: telecoms companies will deny up front that they ever do anything like this, but yet we know it happens frequently in every jurisdiction, in both management-sanctioned and illicit forms; and practically, of course, once the information is ‘out there’, it cannot be recalled. So, no-one should feel safe just because they have ticked (or unticked) that little box under all that often indeciferable text about what a company might do with your data. I hope that whatever firm this is, it gets hits where it will hurt most, on its bottom line.

*Update: T-Mobile have now confirmed that they are the company responsible.

UK pushes forward with online data retention plans

Like Canada, the UK is pushing forward with new plans to force telecommunications companies and ISPs to retain online data, despite opposition from both the industry and ordinary service users. The New Labour govenrment had delayed the plans from last year, faced with the strength of the opposition and launched a ‘consulation’. The consultation apparently still generated 40% opposition, which one would think was enough to tell them that something was wrong. But, as I said last year, “the collection of such traffic data will still go ahead… partly at least because the Americans want it; there is pressure on many countries for this kind of data collection and storage – see for example, the FRA law in Sweden. Networking these databases together with others is a major aim of the FBI’s secretive ‘Server in the Sky’ project.”

However, now the UK plans go further than many other countries’ schemes in this area, as they would cover not only traffic data but also a whole range of data which would not normally have been regarded as  traditional communications like social networking activity and even internal online gaming data. This would seem to be in line with US programs that regard the behaviour of – let’t not forget, fantasy – game and virtual world avatars as somehow indicative of real-world tendencies and practices (e.g.: Projects VACE and Reynard), an extremely dubious assumption and one which extends the reach of the state into people’s fantasy and dream lives.

The BBC story mentions an estimated 2Bn GBP (around $3.5 CAN) cost for this – which will no doubt be passed on to service users – but given the immense problems posed by some of this data, I would reckon that this could a massive underestimate, especially if one takes into account the UK state’s history of appallingly-managed computerisation and database-building schemes. The original plans also would have allowed all agencies empowered under the Regulation of Investigatory Powers Act (RIPA) to make use of such data, and the RIPA consultation response from the UK government did contain some indications that some new agencies would be given powers of access, but I am still not sure whether the government will keep the list of agencies as long as it was in last year’s draft Communications Bill.

Europe’s Surveillance State

EU_surveillance
The Open Europe report

I have just got hold of a new report by UK-eurosceptic think-tank, Open Europe, called How the EU is Watching You: the Rise of Europe’s Surveillance State, which whilst it isn’t as startling as the NeoConPanopticon report from the Trilateral Institute and Statewatch, does some to collect some useful information together in one place. Crucially the report points out the same thing as Will Webster and I did in our paper in JCER a couple of months ago, that this isn’t just a case of ‘European’ bad practice being imposed on the UK, but just as much UK bad practice being exported and generalised throughout Europe.

One interesting footnote is how the discourse of opposition and analysis is changing. A few years ago, and still in academia, the idea of the ‘surveillance society’ was the dominant way of describing the situation, but now there is once again an increasing focus on the ‘surveillance state’ or the ‘database state’.  This is partly, I think because there are an increasing number of right-libertarian and anti-state or small-state groupings openly opposing increasing surveillance – for example, the new Big Brother Watch in the UK, and they tend to emphasise the state’s role (or in this case, the role of an organisation they regard as an unaccountable superstate). This also reflects the growing opposition from the UK in particular. This is particularly interesting because in the past, the idea of the ‘surveillance state’ was mainly a historical term to do with the development of repressive political policing, especially that involved in colonial counter-insurgency – see, for example, Alfred McCoy’s new book, Policing America’s Empire, on the role of the US occupation of the Philippines in the co-evolution of US and Filipino state surveillance practices – or in the totalitarian regimes of the former Eastern Bloc.

The landscape today is much less obviously one of state control. Indeed one could see these developments as a result of the retreat of the power of the individual state and an attempted reconfiguration of state-power of a new kind at a supranational level. And, this power is crucially dependent, as it has been since the end of WW2 on the private sector. The military-industrial complex is now a security-industrial complex and security is no longer anywhere near being simply state business.