Category: policy

Here comes the US ID-card push

For a while now, I’ve been wondering why the US didn’t attempt to push for a national biometric ID card system in the wake of the 9/11 bombings.

Given reported statements from biometrics industry bosses about 9/11 being ‘what we’ve been waiting for’ and so on, one might have expected there to be a major effort in this direction but officially, as Zureik and Hindle (2004) point out, the International Biometrics Industry Association (IBIA) was relatively cautious in its post-9/11 press work, although it argued that biometrics had a major role to play in the fight against terrorism. Even the 9/11 Commission didn’t recommend a national ID card scheme, instead limiting itself in its final report to In its final report, to recommending a “biometric entry-exit screening system” for travelers in and out of the USA.

Part of this is because of the uneasy relations between the federal government and states governments, and suspicion of the former from the latter, and particularly from the political right has meant national ID cards have always been out of the question, even in an era of identification. So even though ID is frequently required in social situations, especially in dealing with banks, police and government agencies, the US relies on the ubiquitous driver’s licenses, which are issued by states not by the federal government. I remember from my time living in the US (in Virginia) as a non-driver, that in order to have valid form of ID, I had the choice of either carrying my passport or getting a special non-driver’s driver’s license, which always struck me simply as an absurd commentary on the importance of the automobiles in US life because, being young at the time, the nuances of federal-state relationships escaped me. And of course, passports won’t cut it for most, as less than 50% of US citizens have one.

So, if the apparently ubiquitous threat of terrorism was not going to scare states’ rights advocates and the right in general into swallowing the industry lines about security that they might usually have lapped up, what would? Well, the one thing that scares the right more than terrorism – Mexicans! More seriously, the paranoia about undocumented migrants combined with the spiralling cost of oppressive yet clearly ineffective border control (walls, drones, webcams, vigilantes etc. etc.) seems to have no done what the fear of terrorism could not, and inspired a push on both the centre and the right for ID cards – not that there’s much evidence that biometric ID cards will do a better job of excluding undocumented migrants, given that they do nothing to address what’s driving this migration – the demand for cheap, tax-free labour in the USA.

Today, not only the beltway insider’s bible, the Washington Post has an editorial demanding biometric social security cards for all (and a concomitant reduction in spending on hardening the border) following on from a cross-party senate recommendation, but also the Los Angeles Times, a paper which in the past has often been wary of the march to a ‘surveillance society’ – indeed it was the first major US newspaper to use this term, way back in 1970 as well as publishing critics like Gary Marx (see Murakami Wood, 2009) – has an op-ed arguing for a national ID card. The LA Times version, written by Robert Pastor, also claims that this is necessary to deal with voter fraud, a constant concern of the right and which always has a strong undertone of racism, so it’s unsurprising coming after a black Democrat has been elected as President for a second time in a tight election. Ironically, however, the President whose supporters are clearly the target of such attacks, has recently made it clear that he is also a supporter of a ‘tamper-proof’ national ID system.

No-one has yet made the international competition argument that is also so often used in these debates (‘if India and Brazil can do it, then surely the USA can’), but this debate is now ramping up in a way that even 9/11 couldn’t manage. Interesting times ahead…

References:

Murakami Wood, David. “The Surveillance Society’: Questions of History, Place and Culture.” European Journal of Criminology 6.2 (2009).
Zureik, Elia, and Karen Hindle. “Governance, security and technology: the case of biometrics.” Studies in Political Economy 73 (2004).
(thanks to Sarah Soliman and Aaron Martin for the newspaper articles…)

New Privacy Survey released

Simon Davies, AKA Privacy Surgeon, and the London School of Economics have a great new survey of privacy predictions for 2013 out now. Key quote from the press release:

“More aggressive action by companies to monetise personal information through advertising will inevitably fuel further controversy, while consolidation of markets such as social networking may induce emerging players to engage dangerous privacy practices.”

Whether 2013 is the tipping point in this regard that the survey suggests or not, it is certainly the case that various ‘lines in the sand’ are being crossed on a regular basis at the moment and if the public aren’t as concerned as the experts surveyed for this report, then privacy may even lose even its tactical utility as a way of opposing surveillance, let alone mean the same thing to most people as it used to.

New UK report on the future of identity

There is yet a another major surveillance-related report out, this one from the UK, on Future Identities – Changing identities in the UK: the next 10 years. It is part of the UK government’s Foresight program, and is available from their website. Their other major current project is on the future of manufacturing. Although the cancellation of the last New Labour administration’s ID card scheme is not explicitly mentioned in the background it seems clear that this report was originally commissioned as a ‘what now?’ exercise – to open up a much wider debate. The Foresight project say this about the final report:
“This Report provides an important opportunity for the Government to consider how identities in the UK are changing and the possible implications for policy-making in the next 10 years. It has involved over 100 academics and stakeholders and is supported by 20 published evidence papers.
It shows that the economic downturn, the effects of globalisation, and increasing international migration have all been influential on notions of identity, while the impact of social media and modern communications technology have created a new digital UK. In particular the report discusses an emerging trend of hyper-connectivity and the ubiquity of the internet enables people to be constantly connected across many different platforms. The detailed findings of the report have implications for a wide range of policy areas and will support the design and evaluation of robust, innovative, open policy-making.”

Who gets Freedom of Information?

UK transparency campaigner, Heather Brooke, writes a comment piece on The Guardian website today on why she believes that UK university cancer researchers should have to give up information to transnational tobacco giant, Philip Morris. The basis for the argument is that Freedom of Information law should apply regardless of who the applicant is.

I generally admire Heather’s single-minded work on FoI, but single-mindedness is not always a virtue, and can sometimes lead to overly extreme conclusions which lack a broader understanding of the political economics involved. As in this case. As a researcher and analyst rather than a campaigner, I can see that there are three important counter-arguments to her piece:

1. Corporations are not people. There is a serious and ongoing battle here. Although legal incorporation means companies are often considered as legal people, we should not start to think of them as having ‘rights’ like individuals, not should rights that come from citizenship or by being an individual voter apply to them. Recently, the US supreme court rejected the argument of a large telecoms company that it had privacy rights. The worrying thing is that several lower courts had accepted that it could have such rights. Rather than providing corporations with more equivalences to human rights, we need to be holding corporations to account.  This brings me to…

2. The really important issue with large private companies and FoI is why those large private companies are not subject to the same kind of transparency. Corporate confidentiality makes no sense even in the context of liberal economic theory, however it makes even less sense if we think about FoI as a method of accountability. Corporations are unable to be held accountable via electoral processes and the markets are too diffuse and diverse (and spread across too many different countries) to work as a mechanism of accountability, so we need law that rebalances the power imbalances between corporations on the one had, and people, individually and collectively, on the other – through transparency. That is, after all, what is its main point when it comes to state transparency and FoI; it’s not really about ‘value for the tax payer’, it’s about power.

3. On that note, FoI is being increasingly used against academics and activists in particular as a form of intimidation by corporate interests. This is not to say that academics and activists should not be accountable, but it is not the case that all parties here of on a level playing field, and further, mechanisms of accountability are themselves not simply neutral or unequivocally always a good thing because of what they are supposed to do. Law has to embed intention, and be interpretable by the courts, in a way that clearly differentiates between legitimate use (for people holding organisations to account), poor excuses (as in the state claiming expense or lack of time as reasons for not releasing information), and blatant misuse of the law for purposes for which it was not intended. If it does not, it can simply become another method the intensification of organisational power against the interests of people.

David Cameron doesn’t get it

David Cameron’s speech in the House of Commons today and associated comments, show that he has a really superficial grasp of what has been going on in British cities, mostly whilst he was on holiday and unwilling to return to demonstrate any kind of leadership.

First of all, he’s done the usual knee-jerk authoritarian and technophobic thing of blaming Blackberry and other messaging services. He has indicated that “Ministers would work with the police and MI5 to assess whether it would be right to stop people communicating via social network sites ‘when we know they are plotting violence, disorder and criminality’, and had “asked the police if they needed new powers in this area”. When the Egyptian government cut off access to social networking sites recently, western governments were quick to condemn this as evidence that this regime was exactly the kind of authoritarian government that should be brought down. However, in Britain, apparently not. And closing down communications systems just because some people are using them to send messages you don’t like is several steps beyond things like wiretapping. It is a massive and idiotic overreaction. Let’s hope the ‘assessment’ is, in the end, more considered…

Another face-palming moment was provided by the appeal to US experts in gang culture. Now, no-one is going to deny that there were gangs involved in this, nor that gang culture is an issue in British cities. But, first of all, the US is no place to look if you want lessons on controlling gangs, or more importantly, how to create a society in which gangs seem like a less attractive option in the first place. And secondly, there is an assumption that UK gang culture is just like US gang culture, just because they are both gang cultures. Why not look instead to other European countries without significant gang problems and ask what it is about those societies that work? Unfortunately that is the kind of question that would lead to fundamental challenges to UK socio-economic policy, and that’s exactly why the questions and responses will remain superficial.

These kinds of things will annoy the libertarian right and the left respectively, however at the same time, the UK Prime Minister is taking some strange stances that threaten to alienate his own centre-right supporters, in particular in refusing to halt cuts to policing budgets already proposed as part of his austerity measures (never mind massive cuts to social services to inner city youth, which will also be pushed ahead regardless).

It’s hard to see who remains that he is appealing to here…

UK consultation on CCTV: a weak brew?

The UK government has released a consultation document on a ‘Code of practice relating to surveillance cameras’ (CCTV). The closing date for comments in May 25th.

I will go through the document in more detail but there are several initial things to note here:

1. I am interested first of all in the fact that the camera systems are refered to as ‘surveillance cameras’ rather than ‘security cameras’ or ‘safety cameras’ as in many situations I have encountered around the world.

2. This is merely a step toward a state code of practice. The government had promised to ‘regulate’ CCTV, and what many people might have legitimately expected from such a promise was legislation, in other word a statutory footing for surveillance cameras and legal controls. A code of practice is very much at the weak and volunteeristic end of ‘regulation’ if it is regulation at all. The proposed Code itself is really quite weak and presaged on “gradually raising standards to a common level.” with nothing that is mandatory.

3. The document proposes another ‘Commissioner’ to govern surveillance cameras, a ‘Surveillance Camera Commissioner’. This government, despite its avowed attempt to reverse the proliferation of Quangos, seems to want to create another one. One would think that this would naturally fall under the remit of the Information Commissioner, but it appears that the Tory attacks on the ICO (which have been going on in newspapers like The Times for some years and have now spread to other libertarian groups) have been having some effect. Does Britain need another Commissioner in the area of information, surveillance and privacy? I don’t think so. I think we need to clarify the roles of existing Commissioners, and reduce their number – provide adequate budgets and better guidance and division of labour. I suggested a few weeks ago that splitting the ICO into a Surveillance and Privacy Commissioner (which would incorporate the data protection function and absorb all the existing micro-commissions like Surveillance, Interception of Telecommunications and now this new proposed Surveillance Camera Commissioner) and a separate Freedom of Information Commissioner, would be the best solution.

4. The consultation document acknowledges that camera surveillance has increased too rapidly in Britain and has eroded privacy and been overly intrusive. That’s a start. However it also hedges this quite strongly by saying that the government does not intend to limit law enforcement’s abilities. I am not sure the two things are compatible – but I will have to examine the proposals in more detail.

5. The document acknowledges that “CCTV does not always provide the benefits expected of it” but explains this as largely down to technical and operation reasons rather than anything more fundamentally problematic. This is not necessarily justified by evidence or particularly insightful.

6. The document acknowledges that Automatic Number Plate (Licence Plate) Recogntion (ANPR / ALPR) is largely unregulated too and that it connects to all kinds of databases, yet proposes little more than auditable data trails.

7. The document mentions both flying drone cameras / Unmanned Aerial Vehicles (UAVs) and helmet-mounted cameras, but assumes mistakenly that these are ‘niche and novel’. If this can still be said to be true, it will not be for much longer, and the document is overly dismissive of the immediacy of this issue.

8. The document is way too cautious and has the fingerprints of a ‘Sir Humphrey’ bureaucratic avoidance of anything that might ‘frighten the horses’, motivated as it claims to be by “the wish to avoid imposing unreasonable or impracticable bureaucratic or financial burdens on organisations” and recommending “an incremental approach.” It is too late for incrementalism, about 20 years too late in fact.

At first glance, the consultation document appears to be a rather weak brew rather than the strong medicine that is required.

Death to the ICO?

Chris Parsons draws my attention to a blog posting on the very swish and refurbished Privacy International site (nice job BTW – I will check in regularly). Simon Davies argues in this post for the ‘assisted suicide’ of the UK Information Commissioner’s Office (ICO) because it has become a ‘threat to privacy’. The bases for this argument are several, namely that:

  1. “the legislation that underpins the Office is narrow and in places regressive”;
  2. the ICO is “a quasi judicial regulator that sees its role as protecting data rather than people”, which leads to timid decisions;
  3. the ICO is sometimes “ill-informed… and almost always out of step with the more proactive and advanced regulators overseas” especially when it comes to technology;
  4. its complaints procedure is slow and frequently pointless;
  5. there are too many surveillance-related commissioners in the UK (the Surveillance Commissioner, the Interception of Communications Commissioner, the Equality & Human Rights Commission etc.)
  6. it is disconnected from “an information environment dominated by companies which appear to be largely exempt from local protections for citizens.”

Now, I’ve done some work on commission for the ICO, and therefore you might expect me to defend it from these criticisms. But in fact, I find much to agree with here, as well as some points with which I disagree, and much to ponder.

On the side of agreement,the ICO, like much of government, is undoubtedly technologically rather backward. When, in the Report on the Surveillance Society, we wrote about the way in which governments were behind the times, this was as much a message for them as for parliament or the executive. Maybe it is down to funding, maybe to institutional inertia, maybe deliberate choice, but the ICO has still has not taken serious steps to remedy this as Simon points out, and relies largely on occasional external reports, many of which are in any case general rather than specialist, to update it.

I also agree with the charge that the ICO has been relatively powerless in the face of the rise of corporate surveillance. This is not surprising given its origins as an arm’s-length regulator of government, and some of the particular issues of concern – like whether it took the Google wireless hacking episode seriously enough or made the correct decisions – are far from obvious. But one can clearly contrast the relatively activist stance of even quite bureaucratic Privacy Commissioners like the federal Canadian body over Facebook, with the ICO. It has in the recent past taken some serious actions against illegal private sector surveillance – for example the bust of a notorious blacklisting firm – but this direction appears to have fizzled out. Not being privy to internal policy discussions, I am not sure why.

Then there are some areas in which the criticisms are valid, but which may not be directed at the right target.

The first of these is the proliferation of Commissioners of various kinds – and incidentally, we have thankfully been spared the birth of yet another one with the cancellation of the ID Cards scheme. I have also been arguing for the merging of all the various surveillance-related quangos for a long time. The reason so many of them exist is partly because of the piecemeal way in which British legislative process occurs. There are rarely comprehensive Acts covering broad areas, instead existing institutions, however inappropriate to the job needed, are often merely supplemented or modified. The other reason is of course the ongoing effort to protect certain parts of the state from serious scrutiny, in particular the intelligence services and political police.

The second is that, fundamentally, it seems clear that British data protection and privacy legislation is generally archaic and not up to the job. Neither is its Freedom of Information legislation, even though it was a massive advance on the culture of secrecy that preceded what in retrospect may have been one of New Labour’s most important measures.

However, I am not sure that either of these points are in themselves a criticism of the ICO but rather of the legislation which created it, and the governance environment in which it has to operate. The way in which the ICO came about, through a rough fusion of old Data Protection and newer Freedom of Information functions produced a lumbering Frankenstein’s monster made of parts and bits, kept going on a drip-feed of limited funding, something that was never going to be capable of what campaigners expected of it. The same could be said partially of the critique of the complaints procedure, itself is a widely shared opinion and one with which I would not take issue. However, how much of this is down to the limited funding and staffing, and once again, the foundational legislation which hampers as much as empowers the ICO to do much of what we outsiders would want them to do?

Then, some of the criticisms are more personal opinion, with which I am sure many in the ICO would disagree, particularly the idea that the ICO does not care about people. Both Simon and I know many people in the ICO personally and whatever our political differences with them, the idea that they are heartless data bureaucrats with no interest in people is a rather unhelpful and hyperbolic caricature, as is the idea that the ICO is an ‘enemy of privacy’. The ICO had a legally mandated job to do first and foremost and it needn’t, legally, go beyond that at all. Yet it has. The interventions that the previous Information Commissioner, Richard Thomas, made on surveillance in particular were absolutely vital in adding a new level to a debate that had previously, despite the best efforts of activists, campaigners and researchers, been of more marginal concern. One could argue that surveillance and privacy would never have become such a topic parliamentary debate, let along an election issue, without his advocacy. Certainly it hasn’t gone far enough, but is has hardly, during this period at least, acted as a stereotypically uncaring bureaucracy.

So what of the solutions?

Simon advocates only one: that the government “scrap the data protection functions of the ICO and building a new Privacy Act that creates a true watchdog with a broad mandate.” It is hardly surprising that Privacy International see the ‘privacy’ element as the most important one here. Simon will also not be surprised to discover that I disagree with him on this. In fact, my argument for a while has been that privacy cannot justifiably be prioritised over other forms of human informational rights. In addition, the concept of ‘human rights’ in general does not deal with everything about information relationships, positive or negative, and the many elements of those information relationships between state, citizen and corporation cannot be so arbitrarily separated.

I would therefore argue that a comprehensive Information Act, which covered citizens’ rights to information (their own, and that generated by government and corporations), their rights of privacy and the more general parameters of what the state and companies may know of those who information this is and how they are allowed to do so (i.e the limits of surveillance). I agree that ‘data protection’ is an out-of-date concept. But ‘privacy’ does not, and cannot, replace it, at least not alone. Privacy Commissioners, where they exist, find themselves dealing with a lot more than privacy and end up becoming ‘surveillance’ or ‘information commissioners’ in practice or by stealth, and in some cases an emphasis on privacy over all else can hamper legitimate needs to know (as has been true in the case of family members of elderly patients with dementia in Canada for example).

My conclusion about what a new Information Act would contain in terms of the regulatory bodies has something in common with Simon’s view, but I have two options. One is the creation of a single mega-regulator – a real Information Commissioner that covered all the areas of our information relationships with the state and corporations that would be able to go after corporations, local and national government over issues of their secrecy, transparency and accountability, and our privacy and informational needs. It wouldn’t just merge the existing ICO, Surveillance Commissioner, Interception of Communications Commissioner and so on), but start with new legislation and a new structure.

The other option would be a merge all the existing bodies but create two new ones to replace them: a Surveillance and Privacy Commissioner, to cover all of the areas of state and corporate intrusion into the lives of citizens, but also a Freedom of Information Commissioner, to cover the equally vital areas of state and corporate transparency and accountability. Privacy without FoI, whether together in one organisation or separate, is altogether too defensive an approach to what we can expect from the state.

And whichever route one took, the organisation(s) should have a wider range of powers built in and required – research (including technological foresight), advocacy, assessment, response and enforcement functions – with protected funding and legally binding decision-making capability. I think we would all be in agreement on that…

US border project cancelled… or is it just mutating?

Neoconopticon is reporting that the Secure Border Initiative (SBI) project is to be shelved and replaced with off-the shelf surveillance equipment (UAVs etc.).

The project which was based on contracts with Boeing and Raytheon, had been in trouble for some time. I reported back in 2009 how Boeing had basically wasted most of the money on the Mexican border projects on systems that didn’t work. Neoconopticon gives the figure of $3.7Bn for the project, but in fact estimated costs for the longer-term maintenance just of the Mexican fence component had spiralled to over $10Bn.

The original source for this news, Defence Industry Daily, has a good timeline.

I am left wondering however about whether this cancellation might have anything to do with the discussions that were recently revealed on the North American Perimeter project, which I blogged back in December last year. A complete North American perimeter might reduce the pressure to add further security to the US-Canadian border at least, and Canadian government funds and people could be leveraged by the US, as they were during the Cold War with the DEW Line and BMEWS. A summit on the issue between US President, Barack Obama, and Canadian Prime Minister, Stephen Harper, had been scheduled for January and was recently pushed back into February, which has given time for the decision on the cancellation of the SBI.

This could all be coincidence, but it is certainly interesting timing…

Internet doit être défendu! (4)

I write this addition to my ongoing series of thoughts on the implications of the Wikileaks scandal, en Francais because according to Le Point, the the Assemblée Nationale has passed a bill, Loppsi 2, which, amongst other things, in its Article 4, allows the French government to ban particular websites, and essentially to ‘filter’ the Internet. The Bill of course has ‘good intentions’, in this case, it is aimed at paedophiles, but the wording is such that it allows a far wider use against “la cybercriminalité en général”. Regardless, as the article points out: “Les expériences de listes noires à l’étranger ont toutes été des fiascos,” in other words such bills have generally been a complete failure as in most cases the state’s technology and expertise cannot deliver what the law allows.

However, I am left wondering what makes this any different from what China does, and what moral right the French state now has to criticise Chinese censorship or indeed any other regime that is repressive of information rights. And of course, what other very reasonable ‘good intentions’ could be drawn upon for closing the Net – opposing ‘information terrorism’, par example?

The New North American Perimeter

Canadians have been angered to discover recently that a deal to create a new US-Canada perimeter security initiative has been going on behind their backs. This plan has been some time in the making, as we uncovered during our current research on border security. In particular, alliances of major corporations and US and Canadian government organisations have been planning together in the Security and Prosperity Partnership (SPP) and the North American Competitiveness Council (NACC) – who back in 2007 produced a document, Building a Secure and Competitive North Anerica (pdf), that seems to prefigure exactly what this ‘new’ soon to be announced plan will contain.

And already the state public relations machines have rumbled into place to prevent dissent. The government clearly has nothing but contempt for the Canadian Charter rights that this deal will damage (most notably those around information and privacy). And there seems to be no doubt that this deal will further embed US security priorities in Canadian-US relations, and effectively add an inner core of security to the economic layer of NAFTA (excluding Mexico, of course… no doubt the perimeter will continue exclude them, even while we exploit their cheap labour and resources). Indeed the ‘success’ of NAFTA (read: the success of NAFTA for business elites) is one of the reasons given for supporting this so-far unseen plan by five former Canadian ambassadors to Washington in an Opinion piece in the Globe and Mail today.

This first volley from the big guns seems to have come straight from the Ottawa PR stategy. There are references to ‘common sense’ and the ‘reassertion of sovereignty’ and attacks on ‘bellyaching’ and ‘knee-jerk anti-Americanism’. Indeed it is worth quoting the final paragraph in full because it is a masterpiece of old-fashioned continentalist propaganda combined with post-9/11 fear-stoking:

“Knee-jerk anti-Americanism is an indulgence without purpose in today’s interconnected, interdependent world. Our future economic prosperity relies on an efficient border, and we should welcome any agreement that smoothes the way for jobs and growth while toughening up our borders to security threats against both our countries.”

In this worldview, asserting sovereignty means giving it up, ‘interconnected and interdependent’ means allied with the USA rather than all the other multiplicity of friendships Canada had carefully crafted around the world prior to the Harper era, and security threats to the USA are seen as one and the same as those to Canada. In other words, we should hitch our wagon more firmly to Washington and prevent any return to that ‘indulgent’ Canadian emphasis on global security, peace-building, human development and human rights – you know, the values that once gained Canada respect around the world.

It’s quite eye-opening in a way to see former representatives of the Canadian state to the USA openly acting as US assets in Canada, clearly trying to educate the Canadian public in how to think and how to behave towards their rulers (sorry, slip of the tongue, of course I meant ‘neighbours’), and trying to preempt and predefine reaction to a plan that we haven’t even seen yet not least because people like this seem to think that Canadians don’t deserve to have a say in something that amounts to nothing less than the future sovereignty of their country.

(thanks to Harrison Smith for the NACC document and David Lyon for pointing out the Opinion piece)