data – Page 9 – ubisurv

EU Telecommunications Directive in effect

From today, private lives in the UK will be a little less private, as EU Directive 2006/24/EC becomes part of national law.

Traffic data on e-mail, website visits and Internet telephone calls now have to be recorded and retained by Internet Service Providers (ISPs). Specifically, the Directive mandates the retention of: the source of a communication; the destination of a communication; the date, time and duration of a communication; the type of communication; the type and identity of the communication device; and the location of mobile communication equipment.

This is coming into force despite the fact that many countries and ISPs still object to the directive. It has to be said that many ISPs are objecting on grounds of cost rather than any ethical reason. German courts are yet to determine the constitutionality of the directive and Sweden is not going to implement it at all.

As with many of these kinds of laws, it was rushed through on a wave of emotion after a particular ‘trigger event’ – in this case, the 7/7 bombings in London in 2005. There was a whole lot of devious practice in the Council of Ministers to get it passed too – if the Directive had been considered as a policing and security matter, it would still have needed unanimity, which means that the objections of Germany and Sweden would have vetoed the Directive. Instead, it was reclassified as ‘commercial’ on the grounds that it was about the regulation of corporations, and commerical matters need only a majority vote. How convenient…

The Home Office in Britain says our rights are safe because of RIPA, which is hardly cause for rejoicing. My main concerns, apart from the fact that this is yet another moment in the gradual erosion of private life, are that:

1. police access will rapidly become routine rather than specific, and this could be extended to many other public authorities – the original drafts of the Communications Bill would have extended the right of access to such data to all RIPA-empowered organisations (which includes most public authorities);

2. the data will be used illicitly by ISP employees for criminal purposes (remember that most identity thefts are inside jobs) – the records will be a blackmailers delight;

3. there will more ‘losses’ of this data by ISPs and others who have access to it. Remember the accidental revelation of user data by AOL in the USA?

A quarter of UK databases break privacy laws

This is massively important because it is based not simply on a financial, political or even an ethical position, but on the database projects’ respect for existing law. They are simply illegal…

A new report for the Joseph Rowntree Reform Trust by a very credible largely Foundation for Information Policy Research (FIPR) team that combines engineers, lawyers, software developers, and political scientists, has concluded that a quarter of the UK public-sector databases are illegal under human rights or data protection law. It also looks at UK involvement in some European database projects and finds all of them questionable too.

The report rates the 46 databases on a traffic light system – green, amber, red – and argues that those rated ‘red’, in particular the National Identity Register and the Communications Database, and are simply unreformable and should be scrapped. This is massively important because it is based not simply on a financial, political or even an ethical position, but on the database projects’ respect for existing law. They are simply illegal, and not just massively expensive, morally questionable or politically undesirable. In fact, a quarter of all the databases were found to contravene the law and more than half were ‘problematic’ (i.e. open to challenge in court) . All of those rated ‘amber’ (29 databases) the authors argue, should be subject to independent review.

There are a number of other major recommendations, including the reassertion of the necessity and proportionality tests contained in DP law, citizens should anonymous rights to access data, more open procurement of systems, and better training processes for civil servants. The most important and radical measures proposed, and entirely correctly in my view, are those concerning the location of data and the whole nature of UK IT development. For the former, the report recommends that the default location for sensitive personal data should be local, with national systems kept to a minimum – this appears to be rather like the ‘information clearing house’ system as opposed to central databases, that we proposed in our Report on the Surveillance Society, but better worded and justified! In the latter case, the authors simply note that fewer than 30% of government IT projects succeed at a cost of 16Bn GBP per annum and that there should never be a general and aimless government IT program, rather there should only ever be specific projects for clearly defined and justified (proportional and necessary) aims.

It is an excellent report and probably unanswerable in its logic. Tellingly, The Guardian report contains no response from any government minister…

Global CCTV datamining project revealed

As a result of an annual report on datamining sent to the US Congress by the Office of the Director of National Intelligence, a research project, Video Analysis and Content Extraction (VACE), has been revealed. The program is aiming to produce an computer system that will be able to search and analyse video images, especially “surveillance-camera data from countries other than the United States” to identify “well-established patterns of clearly suspicious behavior.”

Conducted by the Office of Incisive Analysis, part of the Intelligence Advanced Research Projects Activity (IARPA), the program has apparently been running since 2001,and is merely one of several post-9/11 research projects aiming to create advanced dataveillance systems to analyse data from global sources. How the USA would obtain the information is not specified…

One could spend a long time listing all the DARPA and IARPA projects that are running, many of which are speculative and come to nothing. The report also mentions the curious Project Reynard that I have mentioned before, which aims to analyse the behaviours of avatars in online gaming environments with the aim of detecting ‘suspicious behaviours’. Reynard is apparently achieving some successful results, but we have no real idea at what stage VACE is, and the report only states that some elements are being tested with real world data. This implies that there is nowhere near a complete system. Nevertheless the mentality behind these projects is worrying. It is hardly the first time that the USA has tried to create what Paul Edwards called a ‘closed world’ and these utopian projects which effectively try to know the whole world in some way (like ECHELON, or the FBI’s proposed Server in the Sky) are an ongoing US state obsession.

It is the particular idea that ‘suspicious patterns of behaviour’ can be identified through constant surveillance and automated analysis, that our behaviour and indeed thoughts are no longer our own business. Because it is thoughts and anticipating action that is the ultimate goal. One can see this, at a finer grain, of programs like Project Hostile Intent, a Department of Homeland Security initiative to analyse ‘microexpressions’, supposedly preconscious facial movements. The EU is not immune from such incredibly intrusive proposals: so-called ‘spy in the cabin’ cameras and microphones in the back of every seat have been proposed by the EU-funded SAFEE project, which is supported by a large consortium of security corporations. The European Commission has already hinted that it might try to ‘require’ airlines to use the system when developed.

No doubt too, because of the close (and largely secret and unaccountable) co-operation of the EU and USA on security issues, all the images and recordings would find their way into these proposes databases and their inhuman agents would check them over to make sure we are all passive, good humans with correct behaviours, expressions and thoughts, whether we are in the real or the virtual world…

Incompetence and Surveillance

There is an opinion piece in The Daily Telegraph (UK) today by Alasdair Palmer, which argues that it is the incompetence and human fallibility of the UK government rather than any lack of desire which prevents an Orwellian surveillance state from emerging in the UK. It is hardly new but it’s an attractive argument, one which I have used before and which we used to a certain extent in our Report on the Surveillance Society, and one which draws on the deep well of cynicism about government which has long characterised British politics.

However there are a number of problems with the argument. The first is whether it is really true. A totalitarian society does not have to be competent in the sense of having correct information, in fact one of the central messages of Nineteen Eight-Four is that ‘truth’ is a product of state control in such societies. This was obvious in the case of Stalin’s purges. The accusations made against individuals did not rely on the accuracy of the accusation but on the very fact of accusation, something brought out very strongly in Orlando Figges’ recent book, The Whisperers. In the UK in recent years we have seen some elements of this. It doesn’t matter for example, whether someone really is a terrorist, the word ‘terrorist’ is just redefined in law and practice to encompass that person. New terms are invented to describe quasi-crimes (like anti-social behaviour) which come to have the force of ‘crime’ and become the focus of state surveillance activity. And I have shown how the recent arguments over photography in public places show a genuine totalitarianism in the attempt to define the limits of the collection and interpretation of visual images. It doesn’t matter how competent the state is at carrying out its desires here. The very fact that it defines what is acceptability in this way can create a new ‘normality’ and a ‘chilling effect’ on protest and resistance – which makes such activity even more essential.

The second problem is the idea that incompetence protects us. It didn’t in Soviet Russia and it doesn’t today. The government’s uselessness in handling data harms people. The loss and leakage of private personal information can lead to real effects on people’s lives: information theft, fraud and so on. The loss of trust in those who control information also has knock-on effects on those organisations that genuinely rely on personal information to provide essential services and care: education, health services, social work etc. A loss of trust caused by failed repression leads to a generalised loss of trust in government and in other people: it damages social trust. It is perhaps because British people have such a low level of social trust anyway that we expect things to fail.

The third problem relies on the first two and is the idea that state incompetence is enough to protect us. Of course it isn’t. Cynicism is no basis for thinking of, and creating, a better society. Do we want to live in a society where our only protection is the fact that state is structurally or contingently unable to create a totalitarian situation even though it continues to try? I certainly don’t. The emergence of surveillance societies, competent or otherwise, requires the imagination of alternatives – including greater democracy, accountability, transparency, and regulation and control of both state and corporate organisations in our favour – and political action to demand and create those alternatives.

A faith in failure is simply a form of nihilism.

UK police spying on activists… again

The Met are unlikely to care. They are not generally known for their respect for the political rights of British citizens…

The Guardian has posted another worrying story (and an interesting video) on the routine police surveillance of environmental activists, most of whom have no connection to any criminal behaviour. The Metropolitan police, who have always been in the forefront of efforts to try to portray political activists as actual or potential criminals, is collecting storing and sharing information, including many private personal details, on activists using Crimint, the national criminal intelligence system. The data includes activists “seen on a regular basis” as well as less frequent activists, regardless of arrests or convictions, their names, political associations and photographs. This information is being shared between police forces to build up more complete portraits of political activity nationwide.

The human rights group, Liberty, is challenging this data collection and sharing on the grounds that it breaches Article 8 of the European Convention on Human Rights. My view is that it almost certainly does, and that the Met are unlikely to care. They are not generally known for their respect for the political rights of British citizens indeed one of their original purposes was to crack down on political dissent back in the Nineteenth Century and they have always maintained this role. They operate the National Extremism Tactical Coordination Unit (NETCU) which is also involve in spreading disinformation on political activists and their HQ at New Scotland Yard will apparently host the new privately-run ACPO Confidential Intelligence Unit (CIU).

I have had my own personal experience of the Met’s way of dealing with activists and it is certainly not in any way respectful of anyone’s rights. It urgently needs to be brought under some proper control and accountability, and hopefully being found guilty of breaching Article 8 of the ECHR, if it happens, will be a good start.

‘Blacklisting’ firm shut down by ICO

For some time, I’ve been concerned about the little-discussed practice of ‘blacklisting’, the creation and sale of databases of workers thought to be troublemakers, radicals or union activists. Last year, I noted the failed attempt by the British government to legitimise this activity with the creation of the National Dismissal Register, and connected this to earlier surveillance of workers through the Economic League. See this more recent post where I summarised the story in a slightly different context.

But the Economic League, set up after WW1 and finally closed in 1993, had several offshoots. Now, as reported in most of the British press, one of them has been closed down by the UK Information Commissioner’s Office (ICO). ‘The Consulting Association’, a firm based in Droitwich, Worcestershire had apparently been operating for 15 years selling confidential information on construction workers to all the major building companies. According to the BBC, 3,213 workers’ names were contained on the list and were categorised by political affiliations and union activity etc.

Not surprisingly the firm was owned and run by one Ian Kerr, who was previously involved in the Economic League and who still seems to think he was doing nothing wrong, despite his past, and despite the fact that he had previously denied even the existence of this database. But he, along with all the clients named by the report, including Amec, Taylor Woodrow, Laing O’Rourke and Balfour Beatty and many others – there is a full list on the Guardian site – were breaking the Data Protection Act by illegally keeping and trading in personal information. We’ll see whether the big building firms get away with it; most likely they will simply claim that that they didn’t know the data was illegally acquired and traded.

Given the recent history of the National Dismissal Register to set up databases of troublesome workers, it is particularly ironic that minister, Peter Mandelson, is quoted as applauding this action by the ICO in the various reports.

Surveillance to be ‘hardwired’ into British culture?

Labour simply needs to admit that it has been wrong on this and to develop some more credible plans which recognises that real security protects liberties rather than undermining them in the name of security.

Richard Thomas is no longer a lone voice in the top echelons of the British state against the growing culture of surveillance, but he remains the most persistent and hard-hitting critic, not least because of he makes the best possible use of his position as UK Information Commissioner when most government watchdogs are largely toothless.

Now in an interview in The Times newspaper, he has renewed his attack on the government’s data-sharing and surveillance proposals,arguing that we risk “hardwiring surveillance” into the British way of life. He has clearly fully absorbed the report we wrote for him back in 2006, in which we warned of the possibility of a ‘technological lock-in’ and is building on it in a serious and creative way.

Thomas is clear in the interview that government plans are ‘excessive’ and so much so that they ‘risked undermining democracy’. With Thomas now joined in his stance by eminent critics like the House of Lords Constitution Committee, former MI5 chief, Stella Rimington and most recently, former far-from-liberal Home Secretary, David Blunkett, as well as just about all media and academic opinion, it seems difficult to see how the government can continue to claim that its plans are in any way credible. Labour is now obviously isolated, unpopular and wrong on surveillance. This needs more than token gestures like the resignation of the Home Secretary, Jacqui Smith (she has other reasons why she should resign anyway), it needs some real soul-searching and a complete reconsideration of the direction in which the government is heading. Labour simply needs to admit that it has been wrong on this and to develop some more credible plans which recognise that real security protects liberties rather than undermining them in the name of security.

David Blunkett Attacks Surveillance!

I know. Pause. Take a deep breath…

You read it right. The former UK Home Secretary, with a reputation as one of the most authoritarian of recent years (though it is hard to chose in that regard), will condemn the growth of surveillance in a speech at the University of Essex today. He will also, according to Tom Young at VUnet, call for the ID card scheme (which he introduced!) to be scrapped, and for the information-sharing powers that were hidden in the new Coroners and Justice Bill, to be reduced. He also argues that the latter will happen as he knows the Justice Minister, Jack Straw, recognises the problem.

I don’t know whether to laugh or cry. Certainly it is fantastic when a prominent figure like this changes their mind and is prepared to admit that they were wrong, I just wish that sometimes they listened to the arguments against what they were doing when they were in office. In addition, of course Blunkett spent several years after leaving office writing very strong pro-surveillance, pro-ID card pieces for the populist, right-wing tabloid newspaper, The Sun, and is (or was) according to the Register of House of Commons Members Interests, paid £25-30,000 ($35-40,000 US) as the Chair of the International Advisory Committee of Entrust Inc., a company that works on digital certification and Internet surveillance, and which was involved in consortia for the ID card contract. Perhaps they have had enough of him.

But let’s hope he really has had a genuine change of heart.

German Corporations in Trouble over Surveillance

t seems that there is a mood in Germany for much stronger action, and a growing awareness that the country cannot, unlike in the UK at present, or indeed Germany in its own recent past, be allowed to slip into a situation in which surveillance becomes normal…

There is a major ongoing storm in Germany over the behaviour of its major corporations in spying on workers. There is a nice summary news report from the BBC which you can watch here.

The newest scandal emerged in January when it was revealed that the railway company, Deutsche Bahn, had conducted surveillance operations against thousands of its staff, both workers and management, possibly over years. The operations, with names like ‘Squirrel’, involved all kinds of intrusive internal espionage including tracking family members. The company’s aim was apparently to do with corruption and links to other rival corporations but the management have now admitted they went too far.

Internal security was also the reason behind the massive surveillance operations at Deutsche Telekom, the communications giant, possibly dating back to 2000. Here journalists and managers were targeted by a private detective agency. And of course then there was last year’s scandal over the way that the Lidl supermarket chain created a kind of Stasi-style operation at many of its stores and warehouses in Germany and the Czech Republic with secret cameras and operatives making detailed notes on the movements (especially toilet breaks) of its employees. According to The Guardian, the level of personal detail recorded by the store was incredible, one entry read: “Frau M wanted to make a call with her mobile phone at 14.05 … She received the recorded message that she only had 85 cents left on her prepaid mobile. She managed to reach a friend with whom she would like to cook this evening, but on condition that her wage had been paid into her bank, because she would otherwise not have enough money to go shopping.”

In the BBC report, the conclusion seems to be that better data protections laws are needed. Certainly this is true. But the cases involving corporations are important because they provide clear and comprehensible examples of how people ‘with nothing to hide’ can be targeted anyway and do have to be worried. There are enough of them too to show that this is not a series of isolated cases, but a part of a ‘culture of surveillance’. However it seems that there is a mood in Germany for much stronger action, and a growing awareness that the country cannot, unlike in the UK at present, or indeed Germany in its own recent past, be allowed to slip into a situation in which surveillance becomes normal. This means more than stronger DP, it means not allowing corporations and government to reduce fundamental liberties with arguments about ‘exceptions’. There seems to be growing awareness from the strong German Trades Unions in particular about this, we will see if this translates into wider social, and state, action.

Facebook, Privacy and the follies of youth

It is hard to say anything about Facebook that hasn’t been said elsewhere. Of course, the decision to reverse its attempt to change its terms, which would have made it nigh on impossible for members to remove material they had posted, is a good one. Effectively what it would have done is made Facebook the owner of all personal data posted on the site.

The campaign against it was of course organised through Facebook groups! That in itself should have been enough to persuade Facebook’s young owners of the power and passion generated by the system they had created. But I don’t think they really do understand it, or indeed very much about the implications of what they are doing at all. I mentioned their youth. Last time Facebook got into trouble, it was because of comments made by their ‘Marketing Director’ (age: 24) at Davos, which were (apparently erroneously) taken by the press to indicate that Facebook was going to sell personal data.

Now, I know that it’s not cool and probably won’t make me popular to knock youth at a time where youth is everything (despite the fact that the word is ageing) – Fast Company last month had snowboarder Shaun White as its cover star in a story full of fawning admiration about how rich he had become by telling big companies about the youth market. But at least White seems to have his head screwed on – maybe it’s a class thing? Facebook’s owners on the other hand need to grow up a bit. They need to learn a bit more about the value of some rather old-fashioned fundamental rights, particularly privacy, and strop treating the system they have created as the personal spare-time sophomore project as which it began. I think that they just didn’t appreciate how people would view their proposals.

There is a serious issue here. Privacy is something that you only start to truly truly understand as you get older. Partly this is because your mistakes and your secrets get more serious and more potentially damaging as you get older! But, as I have said before, most of those are nobody’s business but your own and no-one benefits from forced transparency – honesty and conscience are also profoundly personal matters. It has been argued that the ‘youthfulness’ of the Net has encouraged a general carelessness with privacy. I am not sure that is entirely true, as Facebook users have shown – they care. But it’s the careless and – let’s face it – privileged youth of many of these new entrepreneurs, the fast companies, which is more concerning. Most are not success stories from the wrong side of the tracks, who have learned ‘the hard way’.

The threat of legal action from EPIC, which was preparing to take them to the Federal Trade Commission might have concentrated minds in this regard. Maybe it was just the threat itself – EPIC have a strong record in these kinds of cases and have taken down Microsoft and Doubleclick. However I would like to think that the arrogance and energy of youth might be tempered with a bit more maturity and consideration in the future. If only, as I’ve said before, because Facebook is no longer a fresh young company in Web 2.0 terms and could easily be eclipsed by the next big thing. Perhaps they can hire someone more ‘real’ like Shaun White to tell them how privacy rights and user control of information would be like, totally rad, dude…

Woah man, I am so stoked about privacy... (Shaun White, not actually advising Facebook on privacy, pictured for Fast Company)

On a more serious note, EPIC put a lot of time and money into protecting privacy in the USA and they do a damn good job, and in cases like that of Facebook they are having a positive affect the world over, so give them some money!