Category: law

Corporate Privacy Redux

The Supreme Court of the USA has unanimously decided (pdf) that “corporations do not have “personal privacy” for the purposes of exemption 7(C) [of The Freedom of Information Act].”

This is a welcome decision which should set back further efforts by corporate bodies to claim ‘human rights’ as a justification for avoiding their responsibilities under laws mandating transparency and accountability.

Marc Rotenberg points us to a welcome for this decision from Senator Patrick Leahy of Vermont.

Good news all round for once.

Corporate Privacy?

I’ve been arguing a lot recently that individual privacy, state secrecy and corporate confidentiality should be regarded as clearly separate things. Keeping this separation is important precisely because it stops organisations which we should expect to be open to inspection and accountable to us, from using ‘privacy’ as an excuse for avoiding such inspection. Philosophically, the distinction should be clear, but legally it may not be so obvious. One problem however lies in the nature of the whole notion of ‘incorporation’, which in its very language already assigns certain individual human attributes to organisations. And corporations are very much aware of this.

Marc Rotenberg points me to a very interesting legal test case in which the Electronic Privacy Information Center (EPIC) in the USA is currently involved. This case originally started when in 2008 the Federal Communications Commission ruled that corporations could not use ‘privacy’ as a reason to reject Freedom of Information requests. In 2009, a court overruled this decision. And now the FCC, ironically aided by EPIC, an organisation which frequently finds itself challenging rather than supporting the state on such issues, is seeking to have this ruling overturned in the Supreme Court.

This strikes me as a vital case, not just for the USA, for other jurisdictions where corporations will be observing the outcome and seeking to bring similar challenges if they can. If privacy, and indeed any other fundamental human right, is to mean anything it can neither be granted to companies who find it simply a convenient cover for a desire for confidentiality, nor to states who seek to maintain secrecy. Clearly there is information possessed by corporations and by states that might have elements that could be damaging to personal privacy. Private individuals acting in a corporate or state capacity may perhaps in some clearly delineated circumstances have the right not to be personally identified, even more so for individuals from outside the organisation concerned, but the ‘what’ of the information should still not, by association with an individual expressing a desire for privacy or anonymity, acquire the protection of privacy.

Two Weeks to Go for Bill C-32

Many people will still not be aware of the imminence of a new bill on copyright for Canada. Everything you need to know (and more) is on Michael Geist’s excellent site. The key thing is that, like most such bills around the world, this bill is still skewed towards industry perspectives and does not place much importance on the rights on the ordinary citizen or resident of Canada, in particular in the areas of ‘digital locks’ that prevent fair use of digital materials, and the lack of provision for copying across form factors for personal use. You have until the end of January to make your views heard.

New UK government to go ahead with old government plan on data retention

One of the many promises made by the new Conservative-Liberal Democrat coalition government was that it would “end the storage of internet and e-mail records without good reason.” The obvious flaw in this promise is that all the protection provided was only good so long as the government was unable to invent a ‘good reason.’

Now it appears according to The Guardian newspaper, that such a ‘good reason’ has been defined in the Strategic Defence and Security Review, to keep all web site visits, e-mail and phone calls made in the UK. And it is an old reason: basically, everything should be kept in case the police or intelligence services might find it useful in the prevention of a ‘terror-related crime’. Note: not actually terrorism, but terror-related, which is rather more vague and not so clearly defined in law, even given that ‘terrorism’ is already very broadly defined in the relevant laws.

This is pretty much exactly what the last Labour government were planning to do anyway with the proposed Communications Bill. Oh, and dont’t forget that the cost of this has been estimated at around 2Bn GBP ($3.5Bn) in a country that just announced ‘unavoidable’ welfare cuts of 7Bn GBP… that’s the reality of the ‘age of austerity’ for you’. It shows what David Gill argued in his book Policing Politics (1994) that the intelligence service constitute a ‘secret state’ that persists beyond the superficial front of the government of the day.

Support Peter Watts

I’ve been snowed under teaching recently and haven’t been posting much. One thing has really got my goat though and I think it needs wider attention. Those of you who read boingboing will already know, but the SF author, Peter Watts (who wrote the excellent novel of really alien contact, Blindsight) has been convicted of obstructing US border guards and could spend up to two years in prison. This is despite the fact that the border guards lied about the whole incident (they claimed he had tried to choke an officer, when in fact they were assaulting him, a fact admitted in court). He basically got convicted for challenged the guards and getting out of his car to ask what was going on. As Cory Doctorow comments on BoingBoing, this is not about security, this is not about safety, and it is not even about crime as we would recognise it, it is about authority and the massive increase in humourless abuse that has increased so much in recent years, particularly on the US border*. Peter Watts was convicted essentially of not responding fast enough and questioning commands. He’s now posted more on his own blog, including some comments from some of the jury, who couldn’t quite believe the outcome…

Anyone who thinks ‘nothing to hide, nothing to fear’ or truly believes that it couldn’t happen to you, read this a be concerned. Show your support for Peter too. Write to your congressmen if you are in the USA, or Members of Parliament in Canada, write to Ministers and Secretaries of State. Make a fuss. Write to Peter too and tell him you support him.

*And sure, there’s a context, but it seems to me that the post-9/11 situation is used as an excuse by rather too many guards to exercise a petty brutality on anyone who does not conform to their perception of normality. That critical point where liberty comes up against security is just as much about interpersonal encounters like this as it is about grand policy.

We are all libertarians now?

A rather telling little piece on The Guardian‘s ‘Comment is Free’ site today by UK Labour MP, Diane Abbot. First she takes a cheap shot at the Conservative shadow-cabinet minister, Damien Green, for having been successful in getting his details removed from the UK police National DNA Database (NDNAD). She then says that, well, she is doing much more to help by holding clinics for her young, black, constituents to help them with their complaints against the NDNAD. This is excellent, of course.

However two things spring to mind immediately. Firstly, is this Diane Abbot the same New Labour loyalist who voted in favour of the original bill to set up the NDNAD and made no attempt to amend it to prevent the kind of racially-biased abuses of which she is no complaining? I think it is. And now, why is she not also condemning the former Home Secretary, Jacqui Smith’s rather pathetic and weaselly response the judgement of the European Court that condemned the NDNAD, which was essentially to try to avoid doing anything fundamental at all?

This is not an issue on which anyone in New Labour can really make any political capital unless they take a rather stronger moral stance. Basically, and in addition to the stance that there should be no state retention of DNA data at all, there are only two ‘fair’ ways to maintain a police DNA database, and those are to keep the DNA of the guilty, or to keep the DNA of everyone. Which you prefer depends largely on your attitude to surveillance and your trust in the accountability of the state, but politicians like Abbot are hedging and avoiding making any serious attempt to put pressure on their own government to reform the law we have.

The end of the war on photographers?

The UK Home Office has finally issued a circular on Photography and Counter-Terrorism (012/2009) in response to the widespread complaints about police harassment of both professional and amateur photographers in the name of ‘anti-terrorism’ – which I covered here and here. The circular advises police of can and cannot be done under three separate parts of the Terrorism Act 2000: Sections 43 on searches, 44 on authorised area searches and 58A on eliciting and publishing information on members of the police, armed forces or intelligence services, which was introduced as part of the Counter-Terrorism Act 2008. This is of course to be welcomed, even if it is rather late in the day.

On Section 43, they make is clear that the Act “does not prohibit the taking of photographs, film or digital images in a public place and members of the public and the press should not be prevented from doing so in exercise of the powers conferred by section” and that it is the suspicion of being a terrorist that gives the justification for any search, not the fact of taking photographs.

On Section 44, they remind the police that neither the Press nor public can be prevented from taking pictures in an area defined as an ‘authorised area’ by the police, and that officers have no powers to delete pictures or seize film. And finally, on Section 58a, they remind officers that ‘reasonable excuses’ for taking pictures, even of subjects considered sensitive, include tourism, sight-seeing and journalism. Interestingly, however, they do not actually give academic research as an example of reasonable excuse!

Of course, all of this serves to remind us that the Terrorism Act was drawn way too vaguely and widely and gave too much discretion to individual police forces and officers in its interpretation. Earlier this year, Jack Straw promised at several meetings that the government was to review all of the legislation on terrorism and counter-terrorism – perhaps this guidance is a result but it is only about interpretation and does not make or propose any change to the law itself.

Community Safety in Suginami

Following our meeting with the Mayor the other day, we went back to Suginami-ku to talk to the community safety people, who are part of the Disaster Management section. Suginami is interesting because, as far back as 2004, it was the first Local Authority in Japan to introduce a special bohan kamera jourei (security camera ordinance) which is based in part at least on principles of data protection and privacy. And until neighbouring Setegaya-ku introduced their own ordinance last year, they were, so far as I know, the only such authority. The ordinance followed public consultation which showed that although people generally thought CCTV was effective (95%), a significant minority of 34% were concerned about privacy, and 72% thought that regulation was needed. These figures seem to be significantly more in favour of privacy and regulation of CCTV than the nationwide survey done by Hino Kimihiro, however he asked different questions leading to answers that are not directly comparable.

Suginami is one of the areas of Tokyo that has the other kind of CCTV system introduced by the Tokyo Metropolitan Police after 2002, help points where people press a button if they feel in danger and speak to someone from the police. The help points have both CCTV camera and an alarm / red flashing light if the caller says it is an emergency.

However the Suginami community safety officers said that these cameras have not proved very effective and in fact they cause a lot of problems, because children tend to press the button for fun, and run away – meaning that there are many false alarms.

Suginami has some of the same kind of array of ‘blue-light’ volunteer patrols as Arakawa-ku. In Suginami, there is a fleet of mini-patoka (mini patrol cars) and motorbikes, used by 15 retired police officers. These are mainly about visibility leading to deterrence and increased community confidence, as the volunteers ex-officers have no special powers nor do they carry side-arms or handcuffs or any other conventional ‘police’ equipment. Suginami does not have the small community safety stations like Arakawa-ku, although they do also have the same problem of local koban (police boxes) being closed. However where Suginami really stands out is in the sheer number of volunteers they have involved in their community patrols, organised through the local PTAs, shoutenkai (shopkeepers’ associations) and choukai (community associations). There are 140 groups with 9600 people actively involved in one way or another in community safety just in Suginami.

Suginami is a relatively wealthy ward and the kinds of problems that concern Arakawa (mainly minor street crime and snatch-thefts) are not such big issues here.  The main concern in this ward seems to be burglary and furikomi – the practice of gangsters and other criminals calling old people and pretending to be a relative or representative of a relative and persuading them to transfer money to a particular ATM (which you can do in Japan – it would be impossible in the UK). Furikomi is a very interesting phenomenon in that it seems to be a product of family, social and technological changes. Many older people who would have lived with family in traditional Japanese society are now living alone. They are lonely and miss the intimacy of family contact, so they tend to welcome unexpected calls from relatives who may now be living almost anywhere in Japan. These older people are also technologically literate and able to use mobile phones, ATMs and computers. The combination of this technological skill, dispersed families, and psychological vulnerability makes for a ripe target for fraudsters, and Suginami estimate that 40% of all crime in the ward is some form of furikomi.

In many ways, increasing concern for privacy is also a product of this change in lifestyles and family structure, as well as building techniques – western-style walls and better sound insulation mean that you can’t always know what is going on in the next room anymore, let alone in your neighbours’ apartments or houses. This also makes burglary rather easier, as once the thief has got past the initial walls or doors, no-one can hear or see very much. The intense and intimate ‘natural surveillance’ that used to characterise ordinary Japanese communities is disappearing. But the Suginami community safety officers see the possibility of revitalising such natural surveillance, and protecting privacy, without going down the route of impersonal, technologically-mediated surveillance. In many ways, this is quite heartening – if, of course, you are of a communitarian mindset. Such supportive, mutually monitored and very inward-looking communities can be stifling to those who do not fit and exclusionary to those from outside… and, not coincidentally, one of our last interviews was with a leading support group for foreign migrants in Japan, who have a very different perspective on all of these developments. That will be in my next post, which may not be until Saturday as we’re going off to Kansai for a couple of days…

(Thank-you to the Disaster Management section for their time and patience).

Japanese surveillance studies researchers

Somebody's watching you... office workers walk past an installation in Shinjuku station, Tokyo
Somebody's watching you... office workers walk past an installation in Shinjuku station, Tokyo

We’ve met with several Japanese surveillance studies researchers whilst out here this time. I mentioned Ogura Toshimaru already the other day, but we also had a long meeting the week before with Hino Kimihiro, a researcher into bohan machizukuri (community security development), and government advisor on security planning. Dr Hino has been carrying out a number of research projects on both ‘designing out crime’ and on the effectiveness and public acceptability of CCTV in Japan. I hadn’t come across this research before as my contacts here were mainly in social sciences and law and Dr Hino tends to publish in urban planning journals and is not connected to other Japanese surveillance researchers. His work is very interesting and reminiscent of that of Martin Gill or Farrington and Welsh in the UK. It is a shame, that just like those researchers who have carried out analyses of CCTV for the UK Home Office, his assessments tend to be ignored by the government. Dr Hino’s latest project is to assess the trials of a new movement recognition system in Kawasaki city. I hope he can come to the January Camera Surveillance workshop at Queen’s University, Ontario, or the April Surveillance & Society conference in London (details coming soon!).

I also met today with Tajima Yasuhiko, a professor of media law in the School of Journalism at Jochi (Sophia) University in Tokyo. Professor Tajima has been one of the most important critical voices in the debate about surveillance in Japan, and has bridged the academic and activist world, being involved with legal action against juki-net and Google StreetView. We had a productive conversation about the politics of surveillance in Japan and the prospects for critical voices to be heard. He wasn’t optimistic that they would be, and neither am I after our meeting at the Prime Minister’s IT Strategic JQ the other day, however I am also convinved that in many ways Japan has not yet gown as coordinated and centralised a route on issues of security and surveillance as has the UK. There is, so far as I can see, no real attempt to link up things like juki-net or other databases and the anshin anzen (or bohan) machizukuri agenda, and i-Japan, national and local police, and wider community security agendas do not really coordinate at all. This is due to the lack of an obvious ‘threat’ like that of terrorism in the UK, around which such coordination can occur. The government half-heartedly tries to get people worried about North Korea, but really they aren’t, and ‘ageing society’, whilst a phrase used to justify almost anything (including central databases) is a worry, it does not generate the fear that comes with the war on terror.

We also considered the relative weakness of Japanese civil liberties organisations and the failure of the mainstream media to pick up on issues of privacy and surveillance. There seems to be some effort now to try to coordinate various organisations to push for an explicit constitutional protection for privacy (rather than the rather vague inclusion of such an idea in a wider notion of the ‘pursuit of happiness’), but whilst I can see that being happily accepted after the government has got its central database(s), I can’t see it being done in time to alter either this trajectory or the way in which the database(s) are built.

At the IT Strategic Headquarters

Yesterday we visited the Prime Minister’s IT Senryaku Honbu (IT Strategic Headquarters). (This has actually been the only national-level government agency that has agreed to speak to us, and some of the reasons for refusal have been rather telling, not least that of Houmusho (the Ministry of Justice), which claimed that they had nothing to do with privacy and so on, which betrays a level of ignorance about the effects of their own policies that is probably more the result of bureaucratic sectionalism and literalism than anything else but is nevertheless interesting!). The IT Strategic HQ is responsible for developing the ‘i-Japan’ strategy, the latest incarnation of what has at various times been called ‘Information Society Japan’ and ‘e-Japan’ policy. They are also the agency that wrote the most recent Japanese data protection laws, which I wrote about a couple of weeks ago.

We were treated to a prepared presentation on the latest incarnation of the i-Japan strategy, in which the ‘i’ seems to stand for ‘inclusion’ and ‘innovation’ but not apparently for ‘interactive’, which one might expect from its use elsewhere in computing. However it was the brief interview we had afterwards that was more enlightening.

In short, the government has acknowledged that what they originally wanted out of juki-net has failed due to opposition, despite the supreme court victory that ruled that the current cut-down version was constitutional. However, as Kanshi-no! argued, they are not going to back down that easily. The movement towards the creation of centralised government databases will continue, and there most likely will eventually be a fully configured identification system (and card) and rather alarmingly, the new i-Japan strategy makes it quite clear that laws that currently prevent this from happening will simply be changed or removed. They do not want opposition groups, nor indeed the current global recession, to be able to hold up or change these plans.

However the main thrust of development of centralised databases has shifted away from juki-net and the jyuminhyo (residents’ registration) system, towards national insurance, health and pensions. This is, as the agency than runs juki-net, Lasdec, suggested to us – and I am now beginning to think that this suggestion was rather more of a loaded hint than I had first thought – by far the most data-rich area of government records and therefore in many ways more suitable for being the basis of an architecture of central registration and identification. The database that the government intends to create in this area will also have the possibility for citizens to add in (voluntarily, they say), information from private sources, such as bank account and other financial details. Of course this could be more ‘convenient’ in terms of benefits and taxes, but it also puts an enormous amount of previously private data in the government’s hands and presents a huge temptation to identity fraud and theft from both outside and, more importantly inside the state bureaucracy (and let’s not forget, most identity fraud is an inside job).

It gets more worrying still as despite the advanced stage of these plans, the government has apparently still not decided exactly who will have access to this database, and the police in particular, as well as private insurance companies, are still considered as potential users. It seems that although the IT Strategic HQ might have developed data protection in Japan but they do not appear to understand its principles of necessity, proportionality and consent – indeed I asked them about these principles and they really had no serious reply. Instead they claimed that people in Japan wanted to have these central databases because the current fragmented system had led to poor security and data losses, and in any case, ageing society and the pensions crisis meant this had to be done. I have noticed that in Japan, ‘ageing society’ like ‘terrorism’ in the UK, seems to have become the spectre evoked to silence potential criticism.

There are many other issues too: the government is also trying to introduce a voluntary system of Electronic Health Records (EHR), but this is not as developed as the Connecting for Health centralised database that is still experiencing significant problems in its introduction in the UK; and there are some rather less controversial social inclusion measures included the provision of computers for schools and so on. However my overall impression after leaving the IT Strategic HQ was of a government that was determined to press ahead with centralised collection and control of personal information regardless of the views of citizens or of whether it is really necessary even to achieve the policy aims they have. And this won’t change as the result of a change in government either. If, as seems likely, the Liberal Democratic Party (LDP or Jyuminshuto) are voted out, the Democratic Party of Japan (DPJ or Minshuto) which will succeed them, has already said that it will create a central database.

(Thank-you to the officials of the IT Strategic Headquarters for their time).