Category: Rights

Big Brother isn’t listening (at least in Maryland)…

Hot on the heals of my earlier post on the subject, I have just received the news that following the publication of the report in The Baltimore Sun, the Maryland Transit Authority have pulled the proposal to use audio surveillance on their buses.

However, an interesting thing to note in this supplementary report by transport correspondent, Michael Dresser, on the paper’s blog, is that the proposal apparently came about because CCTV cameras these days come with sound-recording built in, and that other transit authorities in Cleveland, Denver and Chicago use it. The MTA administrator responsible for seeking the legal opinion on audio surveillance is quoted as saying “It’s something that’s becoming the standard of the industry.”

So, if I am reading this right here, important policy decisions that have major implications for privacy are being treated simply as technical issues because the technologies that are being purchased have the capabilities. It’s only in this case because the MTA sought a legal opinion that we know at all, let alone that anyone objected. So how many other transit, police or urban authorities or commercial venues in how many places are now regularly using the audio capabilities of cameras without ever having considered that this might be a problem? And what other built-in technical capabilities will simply be used in future simply because they are available? What about the Terahertz Wave scanning that I covered earlier on?

In the USA, Big Brother is listening…

Well, according to the Baltimore Sun, the Maryland Transit Authority will be listening if it implements a proposal for recording all conversations between passengers and employees on its buses. This is not the first attempt to introduce audio surveillance of the public. In 2006, in the Netherlands, a microphone system attached to existing CCTV cameras was introduced to supposedly prevent fights by detecting distinctive vocal sounds.

Now, there may well be problems with aggressive or abusive passengers in Maryland (although I’ve also encountered enough abusive drivers in my time!) but that does not mean that any kind of action is justified in the name of preventing or discouraging this. This, as in the Netherlands situation, is a problem of incivility (or ‘respect’ to use Tony Blair’s favourite policy word) but civility develops between people and cannot be imposed by authority or surveillance. What you get by going down this road, if indeed the strategy ‘works’ at all is simply a society of resentful, distrustful, quietude where civility is simply a set of superficial Pavlovian responses not genuinely felt values that people work to create and would want to defend. Problems of incivility are hardly going to he solved by trying to create an even more managed, automated and, fundamentally, desocialised and uncivil society. As the UK’s leading CCTV researcher, Clive Norris, remarked about the UK’s ‘shouting cameras’, introduced as part of the Blair’s ‘Respect Zones’, it is hard to imagine anything much more disrespectful of the public.

What’s particularly interesting in this story too is the way in which one form of surveillance can be used to justify another, producing an internal and self-replicating logic. The thinking is that as buses already have video cameras, then this is just the same thing, right? Stick a notice up saying you’re being recorded and all legal bases are covered. Well, no, I don’t think so. Let’s explore this further. I frequently record conversations that I have. Shocked? Actually, it’s part of my job as a researcher. I interview people and I record the interviews, but I do so with the full consent of the person being interviewed and if they do not want to be recorded, I don’t record them. However, there appears to be no room for consent around mass surveillance at all. It’s becoming clear that the (lack of) regulation of CCTV has set a dangerous precedent here, with consent being regarded as ‘impractical.’ It is really not enough in any accountable system of democracy to assume that the state can assume consent for surveillance measure on the grounds that to seek specific consent would be too hard. And in any case, the ‘acceptance’ of CCTV – even if one believes that the public does indeed ‘accept’ it rather than simply feel a sense of profound disempowerment with regard to video surveillance – does not mean that ‘anything goes’ as far as surveillance is concerned. An already dubious implied consent to one form of monitoring is not the same as consent to all monitoring. And of course, even if you did have some collective majoritarian consent, what does that imply for those in the minority? We already know that surveillance is targeted against minorities, so how can even a standard democratic procedure protect people here? Of course, this is what constitutional protections are for, and in particular in this case, the Fourth Amendment to the US Constitution but the MTA appears to think that the precedent of CCTV means that this does not apply. Round and round we go.

This, in the end, is all about organisational risk management and simply treats the public as sources of risk and as potential offenders, not people with rights, and indeed people who either are generally or, given the respect and space they deserve, would be, good. But risk-thinking seems to override even those things we are used to seeing as foundational of our societies.

‘X-ray vision’ may not be so far away…

Fascinating and disturbing news from the MIT Technology Review blog that a team of researchers appears to have cracked the problem of how to produce cheap, effective Terahertz Wave (TW) cameras and receivers. TW are found between infrared and microwave radiation, and produce what we called in A Report on the Surveillance Society, a ‘virtual strip search’, as they penetrate under layers of clothing but not much further, and can thus produce images of the body ‘stripped’ of clothing. Thus far, they’ve been used on an experimental basis in some airports and not really any further afield.

This is largely because of the way that TW waves have been detected up until now has basically been a bit of a kludge, a side-effect of another process. This has meant that TW equipment has been generally quite large and non-portable (amongst other things).

However one Michel Dyakonov of the University of Montpellier II in France has followed up theoretical work he did in the 1990s, with a new larger team, to show that tiny (nanoscale) ‘field effect transistors’ can – and they are still not quite sure how exactly – both produce and detect TW. The details are in Technology Review, but the crucial thing for those interested in surveillance is that:

  1. the output is ‘good enough for video’; and
  2. ‘they can be built into arrays using standard silicon CMOS technology’ which means small, cheap (and highly portable) equipment. This could be an add-on to standard video cameras.

I’m getting a genie-out-of-bottles feeling with this, but is it really as damaging to personal privacy as it feels? Does this really ‘reveal’ anything truly important? Or will it become something to which we rapidly become accustomed, and indeed with with which we quickly get bored? In some cultures, specially those that regard covering the body and modesty as being god-given, this is clearly going to present massive challenges to social and moral norms. It seems to me that there is also an immediate conflict with current constitutional and legal rights in several jurisdictions, not least the US Fourth Amendment right not to be subjected to warrantless searches and the European Convention Article Eight on the right to privacy.

But it seems that unless such a technology is banned, or at least particular commercial implementations, we’re about to cross another Rubicon almost before we’ve noticed it has happened. Ironically bans on technology can only really be effective in states where intensive surveillance and state control of behaviour is practiced. In other places, I am not sure banning can be effective even if it were desirable, as in reality, a ban simply means reserving the use of the technology to criminals, large corporations which can afford to flout laws, and the state.

Data Protection in Japan

Comprehensive data protection in Japan is fairly recent. Until 2003, data protection was still governed under much two earlier ‘ information society initiatives: firstly, the Act for the Protection of Computer Processed Personal Data Held by Administrative Organisation (1988) and secondly, the Protection of Computer Processed Personal Data Act (1990), which are based on the 1980 OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data. These laws were limited an applied only to the state, and within that, only to some national government organisations rather than all of them.

Lawyers and those concerned with privacy within and without government were well aware of these limitations, and in the late 90s, a special Privacy Issues Study Working Group was set upby the Electronic Commerce Promotion Council of Japan (ECom). This committee issued Guidelines Concerning Protection of Personal Data in Electronic Commerce in the Private Sector in March 1998. The Chair of that committee, Professor Masao Horibe, provides an account here.

Subsequently, a Personal Data Protection Legislation Special Committee was established in January 2000 under the Advanced Information and Telecommunications Society Promotion Headquarters (now the IT Strategic Headquarters), a body responsible directly to the Japanese cabinet. This body has issued all the laws and directions regarding IT, e-Japan etc.

The need to “protect personal data” (kojin deta) was mentioned in Article 22 of the Basic Law on the Formation of an Advanced Information and Telecommunications Network Society within the rubric of ‘security’. This was followed up by the e-Japan strategy of January 2001, which under the section on the Facilitation of E-Commerce, recommended that “Necessary legislative measures should be taken to win the confidence of consumers, including submission of a bill to protect personal data to the ordinary session of the Diet in 2001.”

The Bill was introduced in March 2001, but as a result of concerns about its effects on the freedom of the press, was left to fall by 2002. However the Personal Information Protection Bill was passed in 2003, one of five bills with implications for data protections to be passed in that Diet session.The bill came into force in 2005. I’ll discuss the content and operation of the bill later, but there’s a good summary in English from when the Bill was passed here.

The one particularly interesting thing to note here is that it doesn’t designate or establish any one body to oversee the operation of the law or the enforcement of rights, or deal with complaints as in European countries and Canada, for example, Instead it keeps data protection as an internal matter for designated government ministries (and for companies), with legal action an option if all else fails. The law is generally on the side of data flow and commercial / administrative convenience, which is not surprising given its origins in industry-led e-commerce promotion organisations.

Met Police finally admit photography is not a crime

After protest and parliamentary questions, The Register reports this week that the London Metropolitan Police have finally got round to reminding their officers that it is not in fact a criminal offence for ordinary people to take photographs or video in public places, nor even to take pictures of police officers. The way that many Met officers had been acting over the past couple of years with harassment of photographers, even tourists in some cases, and arrests under the Terrorism Act,  there appeared to be a deliberate attempt to change or extend the meaning of the law by police policy. This was at the same time that the Met had been running campaigns stating that it was suspicious for anyone to be interested in CCTV. Part of this is also the fault of the Act (and others like it, including the recent Counter-Terrorism Act), which are very broadly drawn and easily subject to extreme interpretation by those who would want to abuse them to attack individual liberties.

This isn’t over yet however; there are many other police forces in the rest of the country and also quasi-police (community support officers, town centre managers etc.) as well as private security, who need to recognise that the public have a right to take photographs in public, and should not be harassed, assaulted or threatened with some non-existent sanction for a perfectly legal pastime.

UK newspaper phone-tapping scandal

Back in the UK, the Sunday newspaper, The News of the World, known largely for its obsession with minor celebrity scandal has been itself the subject of rather more serious investigations, following revelations that it has paid out over £1 Million (around $1.4 M US) to people whose phones it secretly tapped in its search for dirt. Proprietor, Aussie, Rupert Murdoch, is known to satirical magazine, Private Eye, as the ‘Dirty Digger’, and given this showing, he seems to be earning his nickname.

The Guardian editorial highlights this as another threat to privacy, but there’s much more here. Murdoch is one of the most powerful men in the world and his company, News International, covers far more than just Britain – they recently bought the Wall Street Journal, for example. His more ‘serious’ newspaper, The Times of London (for whom, I should declare, I have written a piece once) was very vocal in the past in attacking the recently-retired Information Commissioner, Richard Thomas, first over his comments on ‘sleepwalking into a surveillance society’ and then later on his attempts to bring newspapers under the same regulatory regime over privacy as other organisations.

At the time, it was hard to know what the agenda was; but clearly it was more than the supposedly ‘honourable’ position of acting to protect journalistic independence and the rights of their sources. Now, I think, we can start to understand a little more about the view The Times advocated – perhaps it was simply trying to deflect public investigation into the illegal, underhand and privacy-invasive surveillance practices of other parts of the News International empire.

We should indeed be worried by this, not just because of the activities themselves, but because of the attempts to manipulate public policy and undermine the authority of one of the few people who was interested in, and capable of, attacking abuses of surveillance by the media by an increasingly powerful global private company.

So, does News International own newspapers in your country? Do you know what they get up to? Someone needs to dig the dirt…

Google: ‘give us data or you could die!’

I’ve been keeping a bit of an eye on the way that online systems are being used to map disease spread, including by Google. What I didn’t anticipate is that Google would use this as a kind of emotional blackmail to persuade governments to allow them as much data as they like for as long as possible.

Arguing against the European Commission’s proposal that Google should have to delete personal data after 6 months, Larry Page claims that to do so would be “in direct conflict with being able to map pandemics” and that without this the “more likely we all are to die.”

Google talk a lot of sense sometimes –  I was very impressed with their Privacy counsel, Richard Fleischer, at a meeting I was at the other week – and in many ways they are now an intimate part of the daily lives of millions of people, but this kind of overwrought emotionalism does them no favours and belies their moto, ‘don’t be evil’.

(again, thanks to Seda Gurses for finding this)

Court rules against police precautionary surveillance

In another chapter in the current struggle over the means of visual representation, the UK Court of Appeal has made an important ruling that could affect the future of police surveillance tactics. In a case brought by anti-arms trade protestor, Andrew Wood (no relation!), the judges ruled that the Metropolitan Police should destroy photographs taken of Mr Wood at the AGM of giant dataveillance conglomerate, Reed Elsevier ( the BBC calls them a ‘publisher’ but that’s a rather archaic and inaccurate term for what Reed Elsevier does, which is to collect, analyse, organise and trade in personal and business data of all kinds).  Reed Elsevier had been involved with running arms trade exhibitions through a subsidiary at the time.

The ruling argued that the police should not take and retain pictures of people who were not suspected of any current wrongdoing, but whom the police considered might do so in the future. According to the BBC, the Met had argued that its actions “were reasonable in helping officers to detect crimes that may have occurred in the past or may do so in the future.” But that is exactly the kind of blanket risk-management-based way of thinking that allows almost any preemptive or precautionary mass surveillance to be justified, and it is quite right that the Court should have ruled that it should be controlled. It is about time that a ruling like this was made.

The one cautionary note here is that the Met will be appealing this to the House of Lords, and no doubt beyond if that fails, so watch this space…

Contact Point goes live

The controversial new central database of all children in the UK has gone live today for the North-west of England, and will gradually be rolled out across the UK. The £224M ‘Contact Point’, one of the main planks of the ‘Every Child Matters’ initiative, will be accessible to around 390, 000 police, social workers and other relevant professionals. It is mainly being promoted as a time-saving initiative, allowing quicker and more informed intervention in the case of vulnerable children, which we all hope it does, although this of course depends on the correct information being on the database in the first place. In addition, as the Joseph Rowntree Reform Trust review, Database State, rated the system as ‘red’ for danger in terms of privacy:

“because of the privacy concerns and the legal issues with maintaining sensitive data with no effective opt-out, and because the security is inadequate (having been designed as an afterthought), and because it provides a mechanism for registering all children that complements the National Identity Register.”

UK Ministry of Justice sounding old, tired and defeated

I was at a meeting organised by the Information Commissioner’s Office (ICO) today (Wednesday) in London where both Jack Straw and Michael Wills from the Ministry of Justice spoke. In the wake of the expenses revelations it was not surprising that both sounded somewhat conciliatory, but the degree of both overt and tacit admission of mistakes and changes needed was quite surprising. I had a bit of a set-to with Michael Wills on the apparent lack of knowledge amongst government ministers of the results of their own research on the (in)effectiveness of CCTV, to which he responded with the Melanie Phillips defence – i.e.: come and talk to ordinary people and they will tell you they want CCTV. This is a diversion for many reasons, not least of which is that unlike both the Daily Mail’s moral minority and the minister, I actually live in places where they only visit on official business and I also understand that what people mean when they demand CCTV is not the technology itself but a solution to the real and perceived problems of crime and anti-social behaviour that they face. They only demand CCTV because they see the programs on TV and are convinced that CCTV ‘works’ – however if you talk to senior police officers or anyone who has done research on this, they will tell you, yes, targeted mobile CCTV surveillance to deal with specific problems can be very effective (in terms of both cost and results) but mass camera surveillance is not the same thing. It is rather disappointing that a Justice Minister did not appear to understand the difference.

Jack Staw gave a weird speech. It was both full of matey bonhomie and characterised by stuttering hesitancy and vagueness. He made a number of historical errors, for example in claiming that the culture of secrecy was a product of the Cold War, when the first Official Secrets Act was a product of WW1. He also claimed that CCTV was all about ‘low-level disorder’ and ‘reassurance’, which will be news to all those (like his ministerial colleague) who still think it prevents crime. But he did rightly take some credit for Freedom of Information, including allowing parliamentary expenses to be included, even as it turned out, to his latter-day embarrassment.

Where it got very interesting was in his comments on the government’s consultation on the future of the DNA database following the damning verdict of the European Court. Contrary to Jacqui Smith, Straw indicated that he would be quite happy with the proposed 12 year retention period being reduced to 9 or even 6 years. He also claimed that there was a behind-the-scenes review of The Terrorism Act and other post-9/11 measures going on, which I don’t think many people in the room even appreciated. He admitted that the Labour government got many things wrong after 9/11 and that the environment had now also changed.

It was all very interesting, but you really got the feeling that this was a government on the way out anyway. The Tories will no doubt scrap the ID cards and register, but listening to the Shadow Justice Minister, Dominic Grieve, I got the impression that they don’t have much to offer apart from caution. That might be welcome for a while, but as a speaker from Google remarked, the debate is so far behind the reality of technological change that none of this will really matter very much unless there is a real culture shift. The ICO under the massively influential Richard Thomas, for whom this was very much a valedictory event before he steps down, has made great strides in this direction, but the government and opposition parties are still a long way away from understanding the need to establish a new basis for informational relationships between people, state and private companies that we desperately need.