Category: UK

Blackberry and the London Riots

I’ve been in the papers and on radio and TV a bit in the last few days here in Canada, talking about the London Riots, both as a ‘token Brit’ and a surveillance expert. I’m happy to talk about my feelings as someone from Britain and I’ve made it clear to people that I am neither a technical nor a legal expert, but the conversation inevitably ends up in those domains and others which are really outside my expertise – and I’ve had to be careful what I say.

I’ve generally stuck to three lines:

1. That these riots don’t provide simple moral lessons, they are neither politically-motivated or just about ‘crime’, but they do have roots and implications which are profoundly political – this is about consumerism, class, inequality and exclusion.

2. That you can’t blame Blackberry. That’s like blaming the postal service for hate-mail. The problems for RIM here are twofold: bad public relations from being associated with rioting, and how much it is prepared to sacrifice the privacy of its users to help UK police in an effort to counter the bad PR.

3. That all the UK investment in video surveillance didn’t help stop these riots (see my previous posts).

People like Chris Parsons are the kinds of people that the media need to talk to about the technical issues, and there’s a really fantastic and detailed post from his blog here on Blackberry and security and privacy issues. On legal issues, there’s no-one better than Michael Geist on things like lawful access. His website is here. Michael writes a regular column for the Toronto Star and I was quite amused that when the Star called me yesterday, I had to remind them to talk to him about lawful access issues! The best sociological piece I have seen on the causes is from Zygmunt Bauman.

That said, here’s some links – There’s a podcast here on the Financial Post, which also has a good discussion with Tamir Israel of CPIC.

On the more social side here, syndicated in lots of local and regional papers.

And the usually strangely edited piece in my local paper, the Kingston Whig-Standard, here, also featuring my colleague, Vince Sacco.

London Riots and Video Surveillance, Pt.2

My last post was about the lack of any apparent deterrence of rioting from CCTV. However that’s not to say that video surveillance is proving of no use to the authorities. However the way it is being used says a lot about both the limits of CCTV and the general problem of analysis of video images.

As part of ‘Operation Withern’, the investigation into the rioting, the Metropolitan Police have set up a special section of their website, London Disorder Images, as well as on Flickr, which is essentially crowdsourcing the identification of suspects. Despite being the most well-resourced police force in the UK, the Met lacks the resources, time and expertise to analyse and identify everyone it wishes to identify itself, and with widespread popular anger about the riots, they are banking on opening up the process of surveillance and identification as being more efficient and effective – and they may well be right.

Of course, with the problems of lighting, angle, distances, and image quality, the images vary in identifiability – and bear in mind that the few posted so far are probably amongst the best ones – and no doubt there will be many misidentifications. And, in addition, hundreds of people are already being processed through magistrates courts without much need to video evidence. But it is a tactic we are seeing more and more in many places (e.g. Toronto, following the G20 disturbances).

London Riots and Video Surveillance, pt.1

 A really interesting map on the website of the US monthly, The Atlantic, illustrating the relationship between density of video surveillance cameras (CCTV) and recent incidence of rioting in London. There are many things one can get even from a simple map like this. It’s worth noting in particular that Wandsworth and Harringey are the residential boroughs with the highest concentration of CCTV, and have been hit by rioting. There are also places with both greater and less than average density of CCTV which have not had rioting.
 
Whilst you have to be careful not to mistake correlation for causality, and bearing in mind that this is not a statistically tested verdict, the main tentative conclusion one can draw is that there seems to be no relationship between the presence and density of CCTV and the occurence of rioting. This might seem like  a fairly weak statement, but it is yet more evidence that CCTV has little deterrent effect on crime of this sort (and of course, the rioting is not only explicable as ‘crime’ anyway).
CCTV_boroughs.jpg
 

UK consultation on CCTV: a weak brew?

The UK government has released a consultation document on a ‘Code of practice relating to surveillance cameras’ (CCTV). The closing date for comments in May 25th.

I will go through the document in more detail but there are several initial things to note here:

1. I am interested first of all in the fact that the camera systems are refered to as ‘surveillance cameras’ rather than ‘security cameras’ or ‘safety cameras’ as in many situations I have encountered around the world.

2. This is merely a step toward a state code of practice. The government had promised to ‘regulate’ CCTV, and what many people might have legitimately expected from such a promise was legislation, in other word a statutory footing for surveillance cameras and legal controls. A code of practice is very much at the weak and volunteeristic end of ‘regulation’ if it is regulation at all. The proposed Code itself is really quite weak and presaged on “gradually raising standards to a common level.” with nothing that is mandatory.

3. The document proposes another ‘Commissioner’ to govern surveillance cameras, a ‘Surveillance Camera Commissioner’. This government, despite its avowed attempt to reverse the proliferation of Quangos, seems to want to create another one. One would think that this would naturally fall under the remit of the Information Commissioner, but it appears that the Tory attacks on the ICO (which have been going on in newspapers like The Times for some years and have now spread to other libertarian groups) have been having some effect. Does Britain need another Commissioner in the area of information, surveillance and privacy? I don’t think so. I think we need to clarify the roles of existing Commissioners, and reduce their number – provide adequate budgets and better guidance and division of labour. I suggested a few weeks ago that splitting the ICO into a Surveillance and Privacy Commissioner (which would incorporate the data protection function and absorb all the existing micro-commissions like Surveillance, Interception of Telecommunications and now this new proposed Surveillance Camera Commissioner) and a separate Freedom of Information Commissioner, would be the best solution.

4. The consultation document acknowledges that camera surveillance has increased too rapidly in Britain and has eroded privacy and been overly intrusive. That’s a start. However it also hedges this quite strongly by saying that the government does not intend to limit law enforcement’s abilities. I am not sure the two things are compatible – but I will have to examine the proposals in more detail.

5. The document acknowledges that “CCTV does not always provide the benefits expected of it” but explains this as largely down to technical and operation reasons rather than anything more fundamentally problematic. This is not necessarily justified by evidence or particularly insightful.

6. The document acknowledges that Automatic Number Plate (Licence Plate) Recogntion (ANPR / ALPR) is largely unregulated too and that it connects to all kinds of databases, yet proposes little more than auditable data trails.

7. The document mentions both flying drone cameras / Unmanned Aerial Vehicles (UAVs) and helmet-mounted cameras, but assumes mistakenly that these are ‘niche and novel’. If this can still be said to be true, it will not be for much longer, and the document is overly dismissive of the immediacy of this issue.

8. The document is way too cautious and has the fingerprints of a ‘Sir Humphrey’ bureaucratic avoidance of anything that might ‘frighten the horses’, motivated as it claims to be by “the wish to avoid imposing unreasonable or impracticable bureaucratic or financial burdens on organisations” and recommending “an incremental approach.” It is too late for incrementalism, about 20 years too late in fact.

At first glance, the consultation document appears to be a rather weak brew rather than the strong medicine that is required.

Death to the ICO?

Chris Parsons draws my attention to a blog posting on the very swish and refurbished Privacy International site (nice job BTW – I will check in regularly). Simon Davies argues in this post for the ‘assisted suicide’ of the UK Information Commissioner’s Office (ICO) because it has become a ‘threat to privacy’. The bases for this argument are several, namely that:

  1. “the legislation that underpins the Office is narrow and in places regressive”;
  2. the ICO is “a quasi judicial regulator that sees its role as protecting data rather than people”, which leads to timid decisions;
  3. the ICO is sometimes “ill-informed… and almost always out of step with the more proactive and advanced regulators overseas” especially when it comes to technology;
  4. its complaints procedure is slow and frequently pointless;
  5. there are too many surveillance-related commissioners in the UK (the Surveillance Commissioner, the Interception of Communications Commissioner, the Equality & Human Rights Commission etc.)
  6. it is disconnected from “an information environment dominated by companies which appear to be largely exempt from local protections for citizens.”

Now, I’ve done some work on commission for the ICO, and therefore you might expect me to defend it from these criticisms. But in fact, I find much to agree with here, as well as some points with which I disagree, and much to ponder.

On the side of agreement,the ICO, like much of government, is undoubtedly technologically rather backward. When, in the Report on the Surveillance Society, we wrote about the way in which governments were behind the times, this was as much a message for them as for parliament or the executive. Maybe it is down to funding, maybe to institutional inertia, maybe deliberate choice, but the ICO has still has not taken serious steps to remedy this as Simon points out, and relies largely on occasional external reports, many of which are in any case general rather than specialist, to update it.

I also agree with the charge that the ICO has been relatively powerless in the face of the rise of corporate surveillance. This is not surprising given its origins as an arm’s-length regulator of government, and some of the particular issues of concern – like whether it took the Google wireless hacking episode seriously enough or made the correct decisions – are far from obvious. But one can clearly contrast the relatively activist stance of even quite bureaucratic Privacy Commissioners like the federal Canadian body over Facebook, with the ICO. It has in the recent past taken some serious actions against illegal private sector surveillance – for example the bust of a notorious blacklisting firm – but this direction appears to have fizzled out. Not being privy to internal policy discussions, I am not sure why.

Then there are some areas in which the criticisms are valid, but which may not be directed at the right target.

The first of these is the proliferation of Commissioners of various kinds – and incidentally, we have thankfully been spared the birth of yet another one with the cancellation of the ID Cards scheme. I have also been arguing for the merging of all the various surveillance-related quangos for a long time. The reason so many of them exist is partly because of the piecemeal way in which British legislative process occurs. There are rarely comprehensive Acts covering broad areas, instead existing institutions, however inappropriate to the job needed, are often merely supplemented or modified. The other reason is of course the ongoing effort to protect certain parts of the state from serious scrutiny, in particular the intelligence services and political police.

The second is that, fundamentally, it seems clear that British data protection and privacy legislation is generally archaic and not up to the job. Neither is its Freedom of Information legislation, even though it was a massive advance on the culture of secrecy that preceded what in retrospect may have been one of New Labour’s most important measures.

However, I am not sure that either of these points are in themselves a criticism of the ICO but rather of the legislation which created it, and the governance environment in which it has to operate. The way in which the ICO came about, through a rough fusion of old Data Protection and newer Freedom of Information functions produced a lumbering Frankenstein’s monster made of parts and bits, kept going on a drip-feed of limited funding, something that was never going to be capable of what campaigners expected of it. The same could be said partially of the critique of the complaints procedure, itself is a widely shared opinion and one with which I would not take issue. However, how much of this is down to the limited funding and staffing, and once again, the foundational legislation which hampers as much as empowers the ICO to do much of what we outsiders would want them to do?

Then, some of the criticisms are more personal opinion, with which I am sure many in the ICO would disagree, particularly the idea that the ICO does not care about people. Both Simon and I know many people in the ICO personally and whatever our political differences with them, the idea that they are heartless data bureaucrats with no interest in people is a rather unhelpful and hyperbolic caricature, as is the idea that the ICO is an ‘enemy of privacy’. The ICO had a legally mandated job to do first and foremost and it needn’t, legally, go beyond that at all. Yet it has. The interventions that the previous Information Commissioner, Richard Thomas, made on surveillance in particular were absolutely vital in adding a new level to a debate that had previously, despite the best efforts of activists, campaigners and researchers, been of more marginal concern. One could argue that surveillance and privacy would never have become such a topic parliamentary debate, let along an election issue, without his advocacy. Certainly it hasn’t gone far enough, but is has hardly, during this period at least, acted as a stereotypically uncaring bureaucracy.

So what of the solutions?

Simon advocates only one: that the government “scrap the data protection functions of the ICO and building a new Privacy Act that creates a true watchdog with a broad mandate.” It is hardly surprising that Privacy International see the ‘privacy’ element as the most important one here. Simon will also not be surprised to discover that I disagree with him on this. In fact, my argument for a while has been that privacy cannot justifiably be prioritised over other forms of human informational rights. In addition, the concept of ‘human rights’ in general does not deal with everything about information relationships, positive or negative, and the many elements of those information relationships between state, citizen and corporation cannot be so arbitrarily separated.

I would therefore argue that a comprehensive Information Act, which covered citizens’ rights to information (their own, and that generated by government and corporations), their rights of privacy and the more general parameters of what the state and companies may know of those who information this is and how they are allowed to do so (i.e the limits of surveillance). I agree that ‘data protection’ is an out-of-date concept. But ‘privacy’ does not, and cannot, replace it, at least not alone. Privacy Commissioners, where they exist, find themselves dealing with a lot more than privacy and end up becoming ‘surveillance’ or ‘information commissioners’ in practice or by stealth, and in some cases an emphasis on privacy over all else can hamper legitimate needs to know (as has been true in the case of family members of elderly patients with dementia in Canada for example).

My conclusion about what a new Information Act would contain in terms of the regulatory bodies has something in common with Simon’s view, but I have two options. One is the creation of a single mega-regulator – a real Information Commissioner that covered all the areas of our information relationships with the state and corporations that would be able to go after corporations, local and national government over issues of their secrecy, transparency and accountability, and our privacy and informational needs. It wouldn’t just merge the existing ICO, Surveillance Commissioner, Interception of Communications Commissioner and so on), but start with new legislation and a new structure.

The other option would be a merge all the existing bodies but create two new ones to replace them: a Surveillance and Privacy Commissioner, to cover all of the areas of state and corporate intrusion into the lives of citizens, but also a Freedom of Information Commissioner, to cover the equally vital areas of state and corporate transparency and accountability. Privacy without FoI, whether together in one organisation or separate, is altogether too defensive an approach to what we can expect from the state.

And whichever route one took, the organisation(s) should have a wider range of powers built in and required – research (including technological foresight), advocacy, assessment, response and enforcement functions – with protected funding and legally binding decision-making capability. I think we would all be in agreement on that…

UK Control Orders to be replaced by Surveillance Orders

There has been a lot of speculation in the last couple of weeks about the fate of the ‘Control Orders’ that have been placed on various people (largely British Muslims) who are strongly suspected by the authorities of involvement with terrorism, but who have not committed any crime that would likely lead to a successful prosecution. These orders tend to amount to forms of curfewing or house arrest without trial, and banning them from using all forms of telecommunications, and needless to say, have been immensely controversial with civil liberties groups arguing that they subvert the rule of law, and that if there is evidence of terrorist activity people should be investigated and charged with such offenses. This has also been a test case for the willingness of the Conservative- LibDem coalition to take onboard key Liberal Democrat priorities and to go further in rolling back the creeping authoritarianism that characterised the final years of the New Labour regime.

So what will replace them? Speculation had centred around the replacement of the order with a system that allowed suspects to move around relatively freely but placed them under intensified ongoing surveillance. Now the BBC is claiming that it has details of what are likely to be called ‘Surveillance Orders’. These, they say, will give the security services the power to:

  • Ban suspects from travelling to locations such as open parks and thick walled buildings where surveillance is hard;
  • Allow suspects to use mobile phones and the internet but only if the numbers and details are given to the security services;
  • Ban suspects travelling abroad; and
  • Ban suspects meeting certain named individuals, but limited to people who are themselves under surveillance or suspected of involvement in terrorism.

Some of this is hardly new: those suspected of involvedment in football hooliganism in the UK have been subject to travel bans since the 1980s, and it seems to be from this that precendent is taken for at least this part of the new place. It is also almost funny that certain locales are seemingly specified as being difficult for surveillance – and I know this won’t be in the actual Bill – but, surely it is actually quite useful for real terrorists to know this? 😉

But this is all very interesting not least because it uses ‘surveillance’ as a supposed replacement for ‘control’, or as something synonymous with increased freedom. That may be so in physical terms, but the constant monitoring suggested under these new orders creates something very far from freedom. However in many ways it constitutes simply an intensified version of the kind of low-level constant monitoring or mass surveillance that is characteristic of contemporary surveillance societies. It is not so much that there are the ‘unwatched’ and the ‘watched’ rather there is a spectrum of surveillance between the lightly and heavily monitored. The new ‘Surveillance Orders’ would merely seem to push the dial for an individual into the category of heavy monitoring.

UK U-turn on Interception Consulation

The BBC reports that the UK Home Office has been forced by the European Union to accept input from civil and digital rights groups over the revision of its Regulation of Investigatory Powers Act (RIPA) – I’ve posted lots on RIPA here in the past, so it’s worth doing a search of this site for some of the backstory.

The u-turn was apparently sparked by the EU’s report on the Phorm debacle (see also here) which, amongst other things concluded that the UK was in breach of the Privacy Directive for having no adequate complaints procedure or systems of legal redress for those who believe they have been subject to illicit surveillance. Amongst the little nuggets in this story is the fact that since its creation in 1986, the Interception Commissioner has upheld four complaints. Yes, four. 4.

The consultation has also been extended to the 17th of December, so get writing if you haven’t already made your views known. You can find the consultation document here (pdf).

Campaigners uncover UK local government spending on CCTV

Using Freedom of Information requests, Big Brother Watch in the UK has managed to get hold of figures from many British local governments on how much they spend on CCTV surveillance systems.

According to the Press Association, the annual spend by 336 local councils on the installation and operation of CCTV cameras over a three year-period from 2007/08 and 2009/10 totalled £314,835,170.39 (around $400M US). That’s a large amount of money in an ‘age of austerity’… however it is still not complete as there are another 80 local governments who did not respond to the requests. Interestingly there were still some local governments, albeit only 15, who still did not operate public-area CCTV. That’s not to say that the local police forces in those areas did not, however. There are some cities in Britain, the exception rather than the rule, like Newcastle for instance, where police own and operate public CCTV cameras. I am not sure if these are the types of councils making the claims, and I will have to look at all the figures in greater detail.

The top ten spenders on CCTV over the three years were listed as:

  1. the city of Birmingham, Britain’s second-largest city, and controversial for its special scheme targeted at ‘Muslim’ areas, but also with a massively regenerated and semi-privatised city-centre. £10,476,874.00
  2. Sandwell metropolitan borough, a large urban area to the north-west of Birmingham £5,355,744.00
  3. the city of Leeds, in Yorkshire, whose downtown district is the epitome of the characterless, over-regenerated urban centre. £3,839,675.00,
  4. the city of Edinburgh, capital of Scotland, a wannabe global city, and former G8 meeting host, £3,600,560.00
  5. the borough of Hounslow, on the edge of urban and suburban west London, £3,573,186.45
  6. the borough of Lambeth, a diverse south London district, £3,431,301.00
  7. the city of Manchester, one of the cities we studied in our book on urban resilience, which put a huge amount in to CCTV in the downtown core the wake of a provisional IRA bombing, which has now also been gentrified out of recognition – it also has a signficant suburban gang problem, £3,347,310.00
  8. the borough of Enfield, a leafy north-east London suburb, £3,141,295.00
  9. the borough of Barnet, also in north London, £3,119,020.00
  10. the borough of Barking and Dagenham, in east London, on the borders with Essex, and another area of high racial tensions stoked by a strong local British National Party, £3,090,000.00.

Half of the top ten are London boroughs, outside of the centre of London, showing that CCTV is still diffusing outwards from the heavily surveilled core around the financial centre of the City of London and the government district of Westminster. Not surprisingly, the diffusion is also continuing primarily to the major urban centres beyond London, and the case of Sandwell perhaps shows that the greater Birmingham area is going through a similar process seen in London. In any case, public area video surveillance is not going away in the UK any time soon, and the new government will have to, at some time, demonstrate what it actually meant by introducing greater regulation of CCTV.

Manchester Surveillance Blimp Axed

The axed Manchester Police drone (Guardian)

Police in Manchester, UK, have axed a tethered surveillance balloon that cost them 80,000 GBP (around $130,000 US). The supposedly covert balloon – if a large white blimp with ‘POLICE’ written on the side in big blue letters can be called ‘covert’ – had been intended to be used for monitoring of public order at large-scale events. However it was a victim of a more conventional Manchester problem – bad weather. Apparently it did not function very well in wet and windy weather. One would have thought that this might have occurred to the police of a notoriously wet and windy town…

This might seem like a victory for anti-surveillance forces, but of course, this will only increase the pressure for more versatile and weather-proof aerial surveillance, i.e. the micro-UAVs (or camera drones) that several other forces have already purchased, not to mention the more expensive powered high-level surveillance airships of the kind specified in the secret South-Coast Partnership report on drone surveillance.

UK Media on the New ICO Surveillance Report

There has been some good coverage (and some less good) coverage of the new ICO surveillance update report, to which we (founder-members of the Surveillance Studies Network) contributed the background research.

There are national press stories in The Guardian, The Daily Telegraph and the Daily Mail, in regional papers like The Yorkshire Post, and in trade publications like Computer Weekly, The Register, and Public Service.

Although some of the reports get things wrong, and The Daily Mail’s in particular is a masterpiece of selective quotation and context-removal, the response has generally got the main points that we intended to get across. These include the points that the change of government in Britain with its rhetoric of rolling back surveillance doesn’t necessarily affect a great deal of what the state does beyond those headline measures like scrapping ID cards and the National Identity Register; and, even more importantly, both transnational data sharing between states and surveillance by the private sector are intensifying and spreading regardless. We do highlight some particular surveillance technologies and practices but these are largely emblematic in this report – it was not a large survey like the 2006 orignal – so although we talk about drone cameras, Google Latitude and Facebook Places, ubiquitous computing, e-borders and new workplace monitoring practices, we are not trying to say that these are the only games in town.