identification – Page 3

Fingerprint

41F2aVrLpyL._SS500_ I haven’t looked at BoingBoing in a while, but it so happened that the first post today when I finally did check in was about something wonderful and surveillance-related… this is Andrea Anastasio’s new multilayered artwork / book, Fingerprint, an exploration and extrapolation that resulted from the experience of being fingerprinted on entering the USA a few years ago.

Varieties of anti-surveillance activism in Japan

Although some progressive activists would like it to be otherwise, anti-surveillance feeling is not confined to the left, indeed in many countries, like the USA, libertarian individualist right-wing anti-surveillance activism is perhaps more common. And it seems that such a position is not unusual in Japan either.

Having returned from a weekend of hot springs, fine sake-tasting and eating way too much, today we met with the Mayor of the Suginami ward of Tokyo, Hiroshi Yamada, a prominent figure in the anti-juki-net campaign, and a also one of the leaders of a group of right-wing figures trying to promote a new nationalist grouping at that end of the Japanese political spectrum. But this new right is not at all a simple matter of ‘back to the 1930s’ that some commentators would have you believe. Yes, this group – which also includes the Mayors of major cities including Yokohama and Nagoya as well as popular journalists like Yoshiko Sakurai – has very conservative, revisionist views, on Japanese history, but in many ways they have far more in common with the new US libertarian right in their rejection of large state and high taxes, and in other areas too, for example Sakurai has rather unscientific views on climate change!

Part of the this libertarian outlook is the rejection of state intrusion into the private lives of individuals. Mayor Yamada saw the juki-net system as part of unwelcome movement towards a more top-down society, concentrating power at the centre. He was very clear that the state’s ability to collect information on the individual should be based on what the individual wanted to give up, not on what the state thought it needed (this is very much the opposite of what the Prime Minister’s IT Strategic HQ said to us last week). He was also most concerned about the risks posed by large databases, both as an attractive target to external hackers and to corrupt use from inside operators. Yamada is not opposed to what he calls IT shakai (IT society), but the use of IT should be based on what is useful to individuals, and of course what is actually he needed, he argued, would often be less expensive than the massive computerisation schemes favoured by the current administration as part of their i-Japan strategy. In this sense, he said he would oppose any move to unnecessary centralised databases and certainly to any possible national ID register or card.

In most respects, what Mayor Yamada said could probably have been said by any left-wing civil liberties activist in the UK, or by conservative right opponents of intrusive state like Conservative ex-Shadow Cabinet Minister, David Davis. Perhaps many aspects of what is felt to be wrong with surveillance society do not correlate neatly with old left-right divisions. This view was shared by Toshimaru Ogura, a Toyama University professor and major figure in left-wing anti-surveillance activism whom we met with just afterwards, along with campaigning journalist, Midori Ogasawara again. Just as the Convention on Modern Liberty event earlier in the year showed for the UK, there are many different varieties of anti-surveillance feeling in Japan, and whilst opponents may disagree with each other, and may even find other aspects of the politics of their erstwhile collaborators utterly distasteful, they do collaborate, even if it is only for short periods.

Professor Ogura’s analysis, as that of Ogasawara and indeed of Kanshi-no! whom we met the other day, is much more focused on the way in which surveillance excludes and discriminates – against union members, activists, gaikokujin (foreigners) and so on – and also the ways in which it favours the interests not just of the state but capital. We’ll be talking to groups who deal with the concerns of these excluded people in the last week we are here. Privacy is important, but Ogura’s analysis is concerned with the disproportionate effects of surveillance. It is not just that privacy is affected but that particular groups’ and individuals’ rights are damaged more than others, and those people are not generally the ‘ordinary taxpayers’ to whom Yamada and the libertarian right are trying to appeal.

Like me, Professor Ogura is also particularly interested in the way in which particular corporations and business coalitions pushing technological ‘solutions’ to social and organisational problems can have a profound influence the way government makes decisions. Such coalitions would still be there however large government was, and in some ways, without a government large enough to stand up to the private sector, a different kind of more purely market-driven surveillance society would emerge. In that sense, it is what government does, and to whom it responds, that is more important that more arbitrary questions of ‘size’.

There’s a lot more to consider here too, in particular the extent to which any of the things we consider under the umbrella of ‘surveillance’ are actually and actively part of some coordinated state (or other) plan. I’m starting to develop a sense of this here, but I will leave those thoughts to another post.

(Thank-you to Mayor Hirioshi Yamada, Professor Ogura Toshimaru and again, to Midori Ogasawara for being so generous with their valuable time).

At the IT Strategic Headquarters

Yesterday we visited the Prime Minister’s IT Senryaku Honbu (IT Strategic Headquarters). (This has actually been the only national-level government agency that has agreed to speak to us, and some of the reasons for refusal have been rather telling, not least that of Houmusho (the Ministry of Justice), which claimed that they had nothing to do with privacy and so on, which betrays a level of ignorance about the effects of their own policies that is probably more the result of bureaucratic sectionalism and literalism than anything else but is nevertheless interesting!). The IT Strategic HQ is responsible for developing the ‘i-Japan’ strategy, the latest incarnation of what has at various times been called ‘Information Society Japan’ and ‘e-Japan’ policy. They are also the agency that wrote the most recent Japanese data protection laws, which I wrote about a couple of weeks ago.

We were treated to a prepared presentation on the latest incarnation of the i-Japan strategy, in which the ‘i’ seems to stand for ‘inclusion’ and ‘innovation’ but not apparently for ‘interactive’, which one might expect from its use elsewhere in computing. However it was the brief interview we had afterwards that was more enlightening.

In short, the government has acknowledged that what they originally wanted out of juki-net has failed due to opposition, despite the supreme court victory that ruled that the current cut-down version was constitutional. However, as Kanshi-no! argued, they are not going to back down that easily. The movement towards the creation of centralised government databases will continue, and there most likely will eventually be a fully configured identification system (and card) and rather alarmingly, the new i-Japan strategy makes it quite clear that laws that currently prevent this from happening will simply be changed or removed. They do not want opposition groups, nor indeed the current global recession, to be able to hold up or change these plans.

However the main thrust of development of centralised databases has shifted away from juki-net and the jyuminhyo (residents’ registration) system, towards national insurance, health and pensions. This is, as the agency than runs juki-net, Lasdec, suggested to us – and I am now beginning to think that this suggestion was rather more of a loaded hint than I had first thought – by far the most data-rich area of government records and therefore in many ways more suitable for being the basis of an architecture of central registration and identification. The database that the government intends to create in this area will also have the possibility for citizens to add in (voluntarily, they say), information from private sources, such as bank account and other financial details. Of course this could be more ‘convenient’ in terms of benefits and taxes, but it also puts an enormous amount of previously private data in the government’s hands and presents a huge temptation to identity fraud and theft from both outside and, more importantly inside the state bureaucracy (and let’s not forget, most identity fraud is an inside job).

It gets more worrying still as despite the advanced stage of these plans, the government has apparently still not decided exactly who will have access to this database, and the police in particular, as well as private insurance companies, are still considered as potential users. It seems that although the IT Strategic HQ might have developed data protection in Japan but they do not appear to understand its principles of necessity, proportionality and consent – indeed I asked them about these principles and they really had no serious reply. Instead they claimed that people in Japan wanted to have these central databases because the current fragmented system had led to poor security and data losses, and in any case, ageing society and the pensions crisis meant this had to be done. I have noticed that in Japan, ‘ageing society’ like ‘terrorism’ in the UK, seems to have become the spectre evoked to silence potential criticism.

There are many other issues too: the government is also trying to introduce a voluntary system of Electronic Health Records (EHR), but this is not as developed as the Connecting for Health centralised database that is still experiencing significant problems in its introduction in the UK; and there are some rather less controversial social inclusion measures included the provision of computers for schools and so on. However my overall impression after leaving the IT Strategic HQ was of a government that was determined to press ahead with centralised collection and control of personal information regardless of the views of citizens or of whether it is really necessary even to achieve the policy aims they have. And this won’t change as the result of a change in government either. If, as seems likely, the Liberal Democratic Party (LDP or Jyuminshuto) are voted out, the Democratic Party of Japan (DPJ or Minshuto) which will succeed them, has already said that it will create a central database.

(Thank-you to the officials of the IT Strategic Headquarters for their time).

A juki-net footnote

I had a conversation yesterday (not a formal interview) with Midori Ogasawara, a freelance journalist and writer who used to report on privacy issues for the Asahi Shimbun newspaper. This was mainly to set up further interviews with those who are or were involved with campaigns on surveillance and privacy issues in Tokyo. However I also managed to clarify a few of my own questions about juki-net and the opposition which it attracted.

In short, there seem to have been several objections.

First of all was the objection to the idea of a centralised database, which was able to link between other previously separate databases.
Secondly, there was the fact that this was the national state asserting authority over both local government and citizens. Both Local Authorities and citizens groups had argued for ‘opt-in’ systems, whereby firstly, towns could adopt their own policies towards juki-net, and secondly and more fundamentally, individual citizens could decide whether they wanted their details to be shared.
The third objection was to there being a register of addresses at all. Many people saw this simply as an unnecessary intrusion onto their private lives, and in any case, the administration of welfare, education and benefits worked perfectly well before this (from their point of view) so why was such a new uniform system introduced?
Next there were objections based on what was being networked. The jyuminhyo (see my summary from the other day) is not actually a simple list of individuals and where they live, but is a household registry. It might not, like the koseki, place the individual in a family line, but is still a system based on patriarchal assumptions, with a designated ‘head’ of the household, and ‘dependents’ including wives and even adult children.
Finally, there was the question of the construction of an identification infrastructure. Whether or not juki-net is considered as an identification system, and it does have a unique identifying number for each citizen, and has the potential to be built on to create exactly such a comprehensive system of national identification. Lasdec, who we talked to the other day, may not approve of this, or believe it will happen, but they are only technicians, they are not policymakers and don’t have the power or the access to know or decide such matters. And in the end, if they are required by law to run an ID system then they will have to run it.
There were, as I already mentioned, objections to the potential loss or illicit sharing of personal information. I don’t think this is intrinsic to juki-net, or indeed to database systems, but of course both databases and networks make such things easier. People are also quite cynical about promises of secure systems. Lasdec may say that that juki-net is secure, but there have been enough incidences of government data leaks in the past for people not to accept such assertions.
Finally, Juki-net connects to the border, passport and visa system. The reason that foreigners will finally be included on the jyuminhyo (and therefore juki-net) from 2012 is not therefore to respond to long-term foreign residents’ requests for equal treatment but in fact to make it even easier to sort out and find gaikokujin, check their status, and deal with unofficial and illegal migrants. Groups campaigning for the rights of foreign workers (mainly the exploited South-East Asian and Brazilian factory workers) have therefore been very much involved. Of course it also makes it possible to connect the overseas travel of Japanese people to a central address registry.

I’ll be meeting Midori again soon, I hope, along with other researchers and objectors. I am also still hoping to be able to talk to officials from the Homusho (Ministry of Justice) and the Somusho (Ministry of Public Management, Home Affairs, Posts & Telecommunications), but they are are currently passing around my request to different offices and generally delaying things in the best bureaucratic traditions!

Identification in Japan (Part 2): Juki-net

As I mentioned yesterday, one of the big developments in state information systems in Japan in recent years has been the development of the jyuminkihondaichou network system (Residents’ Registry Network System, or juki-net). Very basically juki-net is a way of connecting together the 1700 (recently restructured from 3300) local authorities’ residents’ registries (jyuminhyo). These are a record of who lives in the area and where, that are held on a multiplicity of different local computer (and even still, paper) databases. Japanese government services are always struggling to catch up with massive and swift social changes, particularly the increased mobility of people, that made first the Meiji-era koseki (family registers) and then the disconnected local jyuminhyo (which were both themselves introduced to deal with earlier waves of increased social and spatial mobility) inadequate.

Operational from 2002, juki-net is restricted by law to only transmitting four pieces of personal data (name, sex, date-of-birth and address), plus a randomly-generated 11-digit unique number. Nevertheless, the system was strongly opposed and has sparked multiple legal challenges from residents’ groups who did not want to be on the system at all, and who considered the risk of data leakage or privacy violation to be too great for the system to be lawful. These challenges were combined together into one class-action suit, which finally failed at the highest level, the Supreme Court, in March 2008. The court ruled that juki-net was constitutional and there was no serious security risk in the system itself but according to some analysts did not address the possibility of mistakes being made by operatives. But this would seem to me to be a problem of data protection in general in Japan, rather than an issues that is specific to juki-net. Like Brazil, but unlike Canada and the UK for example, Japan has no independent watchdog agency or commissioner for safeguarding privacy or kojin deta (personal data), and other than internal procedures, the courts are the citizen’s only recourse. In any case, as Britain’s comparatively frequent incidence of data loss by public authorities shows, even having such a system does not necessarily make for better practice. There is in Japan, as in Britain, training and advice in data protection provided by a specialist government information systems agency.

We interviewed officials at that government agency, Lasdec (the Local Authorities Systems Development Centre) today. Lasdec also developed and runs juki-net and is responsible for the new jyuminhyo / juki-net card that enables easy access to local (and some national) services via the web or ATM-like machines at local government offices. Unsurprisingly they were quite bemused by the opposition to juki-net, which they say was based on a lack of understanding amongst citizens about what it was, and a general fear of computers and databases. They argued that many people (including one or two local authorities) had the impression juki-net was, or was planned to be, an extensive database of all personal information held by different parts of the government, or even was the basis for a new system of national identification or indeed was a new system of national identification – indeed that was the impression one got from reading both Japanese and foreign civil and cyber-liberties groups’ reports in 2002/2003 with plenty of stories of the new Japanese ‘Big Brother’ system (see the archived collection here for example).

However Lasdec argued that both ideas were incorrect. The officials recognised both that the 11-digit unique number was adapted from a previous failed identification scheme, and that juki-net could in theory become the basis for any proposed future national ID scheme, but this was prevented by the enabling law. In any case juki-net was not even the best existing system on which to base an ID system: passport, driving licence and healthcare databases all had more information and certainly information with higher levels of personal identifiability – and no-one seems to be objecting the amount of information contained on the driving licence system, for example. Juki-net has no photos or other biometric data and no historical information. Likewise the residents’ card can have a photo if the resident wishes, but this is not shared through juki-net, and in fact the card itself is entirely voluntary. In addition, only in one city has take-up of the card exceeded more than 50% of the adult population (Lasdec has detailed information on take-up but only published a ‘league table’ without percentages). You also do not lose anything by chosing not to have or use the card.

The officials at Lasdec were, as with many technical and systems engineers in both public and private sectors whom I have interviewed, far more aware of privacy, data protection and surveillance issues than most politicians and mainstream (non-technical) government officials. They did not shy away from the terms kanshi (surveillance) or kanshi shakai (surveillance society) and indeed were as critical of the unregulated spread of things like CCTV in public space as many activists. They saw themselves in fact as controllers of information flow as much as facilitators. They were committed to the minimalist model of information-sharing set out by the law governing juki-net and wanted to find always the ways that information that was necessary to be shared could be shared without the creation of central databases or the exchange of additional unnecessary information. In addition, new laws came into force (in 2006), which make the residential information more private than it was before. In fact, such local registers used to be entirely public (anyone could access them), and now they are far more restricted – this only seems to have been noticed by direct marketing firms, who of course were not 100% happy with this change.

This puts me into a strange position. I have colleagues here who have been utterly opposed to juki-net, and I have always assumed that it was in some way similar or equivalent to the UK National Identity Register / ID card scheme. However in fact, it seems very similar to the ‘information clearing house’ idea which I and others have proposed for the UK, in opposition to the enormous NIR which would seem to suck in every kind of state-held information on the citizen! In addition juki-net does not require any more information from the Japanese citizen than is already held by the state, again unlike the NIR in the UK, for which multiple new forms of information are being requested by the state and indeed there are fines, and ultimately prison sentences, proposed by law for refusal to give up or update such information. In contrast, juki-net is more like the electoral register in the UK, to which hardly anyone objects.

This all makes me wonder exactly what it is that provoked such vociferous opposition to juki-net. If it is a actually or potentially repressive surveillance system, somewhat like Barthes’ famous description of Tokyo, it is one with an empty centre; there is no ‘Big Brother’ only a rather well-meaning set of bespectacled technicians who are just trying, as they see it, to make things work better so that people don’t have to keep proving who they are every time they move to a new area. Perhaps there are particular cultural and political factors (that is after all the working hypothesis of this entire project – and perhaps in making assumptions about both systems and oppositions across borders we obscure the specifics). Perhaps it is the association of the 11-digit number with previous proposed ID schemes. Perhaps, as in Germany, in new government information systems, there are resonances with older systems of identification and control that hark back to more repressive, fascist, times. Or perhaps there is a general cynicism of successive government ‘information society’ / ‘e-Japan’ / ‘i-Japan’ strategies and initiatives, each of which promise empowerment and in practice deliver more bureaucracy. These are some questions I need to explore further with other officials academics and activists.

Identification in Japan (Part 1)

Just as I did in Brazil, I am going to be looking a little at the way in which systems of government information and identification work in Japan.

One of the immediately obvious things is that Japan has no national system of ID cards. Instead, as in the UK, the Driving Licence is used as a de-facto ID. The Japanese Driving License until recently was rather like that in Brazil, in that it connected to individual strongly to the family though carrying the honseki, the address where the koseki (family registration) was registered. However, this section can now be left blank and may be removed altogether in the future. The current driving license has a photo but no other biometric data, and whilst being a plastic card with a credit card form factor, is not any kind of smart card. There’s a really nice photo-essay on the process of obtaining a Japanese driving license on super-otaku, Danny Choo’s site.

The koseki is a very traditional way of registering people based on their family’s place of origin or residency and can often stretch back many generations with details of parents, grandparents etc. The individual is no more than one name on this register. The koseki is simply a computer record these days, although paper print-outs are used in more formal identification procedures, but very few people carry a copy of their koseki around with them.

In addition to the koseki, there is a jyuminhyou (Residents’ Register), a current address register, which every local authority keeps. As with the koseki, there was an associated old paper certificate for many years. In 1999, the old Resident Registration Law was updated and came into effect in 2002 and this included a provision to introduce a voluntary Resident Registration Card. This is a smart card, and is supposed to make access to local services easier, though some see it as a precursor to a full national ID-card scheme, especially as from 2004 the card could also be used to do other things online, like tax-returns. The suspicions are also because of the way in which the card as introduced along with a new system for connecting up all the local authority residents’ registry systems in Japan, juki-net. I’ll write more about this tomorrow as we are going to talk to the official responsible for the implementation of the card and juki-net at Lasdec, the Local Authorities Systems Development Center.* On Friday afternoon, I will also be meeting up with Ogasawara Midori, a freelance journalist who specialized in covering the juki-net controversy and is also a former student of my future boss, Professor David Lyon.

There is of course an exception to the lack of national ID. Foreign residents often get very upset that they are forced to carry the gaikokujin touroku shoumeisho (Certificate of Alien Registration). This is seen as discriminatory and it is particularly so in the case of families who are identified by the state as ‘Korean’ or ‘Chinese’, whose increasingly distant ancestors came from those countries. The gaikokujin touroku shoumeisho was also particularly controversial as it included fingerprinting requirements for Koreans and Chinese that were seen as a product of the colonial period, but which were only removed in 1999. But then, following on from reactions to 9/11, and G8 plans for standardized biometric passports and visas, they were reintroduced in 2007 along with fingerprinting and facial photographs of all foreigners at the border. In one small progressive step however, permanent Korean and Chinese residents would not have the ‘colonial stigma’ reintroduced.

Foreigners are also not included on the jyuminhyou except at the discretion of local officials, although indications are that they will be included from 2012 when the system in further rationalised, although it is probably down to the campaigns for change from naturalised and long-term foreign residents like Ardudou Debito.

*Although as I am also going ‘out on the town’ with an important figure in Shinjuku urban planning (and regular in the Golden Gai stand-up bar neighbourhood), I might not get round to writing this sequel up until Friday morning.

Resident Registration Card

India to issue biometric ID cards

According to The Times (and many other sources), this week, India is to create a central database, a unique identification number and biometric ID cards for all of its citizens. The scheme will be run by the newly-created Unique Identification Authority and cost an estimated £3 Billion (or around $5 Billion US).

As in Brazil, there is a felt need for such a system because of the proliferation of IDs and the dangers of anonymity and invisibility in a society where this can be a life or death issue. None of this, of course, means that the particular measures chosen will achieve their aims or will not create other problems. The Times with predictable journalistic cliche, calls this the largest Big Brother scheme in the world and the leader of the project is talking about a “ubiquitous online database” . However, it is rather difficult to see how it will be anything like that when most of India’s chaotic multi-level bureaucracy, especially at local level, still ‘works’ on the basis of paper-based filing systems.

There are suggestions too that this has purposes in crime-fighting and anti-terrorism, although the Indian government website on the scheme makes no such claims (which have in any case been discredited in the discussion about the proposed UK National Identity Register and ID card). It instead focuses on how ‘the Unique ID will be helpful in reducing identity related fraud and allow only targeted people to get the benefits from the government’ (MIT website).

Discussions on listservs has also served to question claims made in The Times article. The paper talks about ‘1.2 Billion’ people being enrolled, but in fact the scheme would only cover over-18s, which would be less than 2/3 of that number It also seems unclear exactly how the cards will be biometric. If it is just a photograph and fingerprint, this would be much the same as the Brazilian scheme. Of course the UK had more ambitious plans, but these were scrapped due to cost and reliability concerns.

Japan, where I am now, has instituted its own central database, and unique ID number, juki-net, and I will be talking to one of the people responsible for dealing with the technology that enables local governments to use the system this coming week…

(Thanks to John Bredehoft for pointing out the problem with the figures).

USA, EU and UK all investing in advanced biometrics

News from various sources has revealed that the United State, the European Union and the United Kingdom are all preparing to invest further large sums in advanced biometrics and surveillance research.

According to an anonymous message to Slashdot, in the USA, Department of Justice requisitions for the coming year show “$233.9 million in funding for an ‘Advanced Electronic Surveillance’ project, and $97.6 million to establish the ‘Biometric Technology Center.'” The former is largely to deal with the problems of intercepting Voice-over-Internet Protocol (VoIP) communications – like Skype. The latter is what Slashdot calls a “vast database of personal data including fingerprints, iris scans and DNA which the FBI calls the Next Generation Identification” for the FBI. In other words, the architecture of the proposed ‘Server in the Sky’ system, which The Guardian revealed last year – for some notes on this and other systems under development, see here.

Meanwhile Owen Bowcott in The Guardian today has a story which puts together various bits and pieces from the EU’s FP7 Security theme research budget and UK security investment. In the UK, there is to be £15 million spent on updating UK biometric security for embassies, and more interestingly other unspecified ‘surveillance’ purposes, and in addition, rolling out of facial recognition systems to more UK airports. As we know, the controlled environments of airports where people are required to look at cameras, are one of the few place where this technology works properly.

This provides a rather tenuous link to the headline of the Guardian story which is an EU-funded study into brain-scanning (yet again) called Humabio (Human Monitoring and Authentication using Biodynamic Indicators and Behaviourial Analysis). There are lots of these about, and one of them may work sooner or later, but it is worth pointing out that people have been putting out ‘we will soon have brain scanning’ stories since the 1980s and like, nuclear fusion, it always seems to be 5 or 10 years in the future. Brain-scanning seems to be the technology of the future… always has been, always will be?

UK National DNA Database – what will change?

The government’s official response to the damning ruling by the European Court over the retention of DNA and fingerprint samples and data is a farce, which seems utterly contemptuous of the ruling and reasoning of the court, shows no sign of understanding the significance of Article 8 or the British common law principle of innocent until proven guilty.

One thing that has struck me recently in the UK has been the sudden increase in the level of defensiveness by New Labour over the surveillance apparatus it has constructed over the last 12 years. Report after report has damned their slapdash attitude to human rights and civil liberties – we expect the government’s official response to the Lords Constitution Committee report next week – and there have been attacks from various political ‘big beasts’ including David Blunkett, former MI5 Chief Stella Rimington, and most recently Stephen Byers and even current cabinet ministers reportedly asked for the ID card scheme to be scrapped.

As a result, there has been a splurge of sudden backtracks, retreats and promises of change and consultation on future plans but there have also been rather devious attempts to avoid taking real action to remedy already existing wrongs. In the first category, we have seen the abandonment of Clause 152 of the Coroners and Justice Bill, where a an blanket permission for government data-sharing had been hidden, and there have been suggestions that the proposed new super-database of communications traffic data might not be constructed after all – though largely, it seems, on grounds of cost not principle.

However, in the second category, today we got the government’s official responseto the damning ruling by the European Court over the retention of DNA and fingerprint samples and data by the UK police. It is, to put it mildly, a farce, which seems utterly contemptuous of the ruling and reasoning of the court, and shows no sign of understanding the significance of Article 8 for individual liberty. Mind you, it also shows little sign of comprehending the British common law principle of innocent until proven guilty.

The government proposals are to retain the DNA samples and profiles, and fingerprints (these are just as important and not so often mentioned in the news reports) of all those convicted of a crime. Of the innocent, the National DNA Database (NDNAD) has around 350,000+ people who are certainly in such a position, however the police apparently need two years to go through the Police National Computer to check the other 500,000+ DNA profiles of those not convicted of any crime, as they can’t be sure whether existing profiles match to those who have committed offences (so much for joined-up government…). Then those people, who are, let’s not forget, entirely innocent in law will be sorted into two categories – those arrested but not convicted for serious and violent offences, and those arrested and not convicted of minor offences.

Will the latter have their profiles immediately removed, as we might reasonably expect?

Err, no.

In fact, these innocent people will have their DNA profiles and fingerprints retained for 6 years – more than the number of years (5) that Scotland retains the DNA of those suspected of serious and violent offences. Those in the latter category will have their DNA profiles and fingerprints retained for 12 years. In addition the profiles of children will be retained until they are 18, and then removed only if they have been arrested (again, not convicted) for one minor offence.

Is this an acceptable response? Quite clearly not. It is against the spirit of the ruling by the European Court, even if it might be interpreted as complying with the exact wording issued. More to the point, it is an attempt to get around the difficult issues, not deal with them. It is devious, based on the pre-emptive logic of risk-surveillance principles, and goes against the long-standing principles of British Common Law as well as more recent developments in Human Rights law, and is not the response of a government that has any trust in the people who elected them. It allows the police to continue to populate the NDNAD by stealth. And they certainly are using whatever methods they can to do so – for example, one key indicator is the rise in the number of stop and searches under Section 44 of the Terrorism Act, which in London, it was also reported today, rose from 72,000 in 2007 to 170,000 in 2008, a rise of 236%, however it rose by 325% amongst the black population. There seems to be no mention of the role that discriminatory stop and search policing plays in populating the NDNAD in recent government statements, however it is quite clear that stop and search policing is discriminatory, and we know too that young black men are disproportionately represented in the NDNAD.

In this climate, with a government obsessed by pre-emptive security to compensate for its growing loss of power and trust, and a police service that appears, after the G20, increasingly out-of-control, what is the chance of developing a fair, accountable, just and transparent system of personal data retention in law enforcement in the UK? At the moment, it could appear, the answer is ‘very small’.

New report on facial recognition out now

There is an excellent new report on facial recognition now available for free download. The report is written by my one-time co-author on the subject, Lucas Introna of Lancaster University, and new Surveillance & Society advisory board member, Helen Nissenbaum of New York University.

The report is aimed primarily at people who developing policy on, or thinking of commissioning or even using facial recognition and therefore concentrates on the practical questions (does it work? what are its limitations?) however it does not neglect the moral and political issues of both overt and covert use. What is quite interesting for me is how little the technical problems with the systems have changed since Lucas and I wrote our piece back in 2004; the ability of facial recognition to work in real-world situations as opposed to controlled environments still appears limited by environmental and systemic variables like lighting, the size of the gallery of faces and so on.

The report is probably the best non-technical summary available and is perfect for non-specialists who want to understand what is the state-of-the-art in facial recognition and the range of issues associated with the technology. Very much recommended.