Category: Rights

The city where the cameras never sleep… New York, New York

The Gothamist blog has a brief report on the massive upgrading and expansion of the video surveillance system in the New York public transit system. Like Chicago, which I’ve mentioned several times here, the cameras in New York are really just collection devices to feed an evolving suite of video analytic software, that can track suspects or vehicles in real-time or search through old footage to find multiple occurences of particular distinctive objects or people.

The other notable thing is that the new camera system is just completely overlaying the old – in other words there is no attempt to connect the older cameras which are not compatible and have far poorer image quality. As cameras and software gets cheaper, this option looks like being the one many urban authorities will pursue, so cities like London, which pioneered widespread video surveillance, but which, with their disconnected mosaic of incompatible systems, have started to look increasingly ineffective and out-of-date, could deal with this not by expensive and unreliable fixes but simply by sticking in an entirely new integrated algorithmic system on top of or alongside the old ones. Technological fallibility and incompatibility can no longer be relied on as protections for the privacy rights of citizens in public spaces.

Backdoors for Spies in Mobile Devices

There’s been a lot of controversy over this summer about the threats made to several large western mobile technology providers mainly by Asian and Middle-Eastern governments to ban their products and services unless they made it easier for their internal intelligence services and political police to access the accounts of users. The arguments actually started way back in 2008 in India, when the country’s Home Ministry demanded access to all communications made through Research in Motion’s (RIM) famous Blackberry smartphone, which was starting to spread rapidly in the country’s business community. Not much came of this beyond RIM agreeing in principle to the demand. Then over this summer, the issue flared up again, both in India and most strongly in the United Arab Emirates (UAE) and Saudi Arabia. RIM’s data servers were located outside the countries and the UAE’s Telecommunications Regulatory Authority (TRA) said that RIM was providing an illegal service which was “causing serious social, judicial and national security repercussions”. Both countries have notorious internal police and employ torture against political opponents.RIM initially defended its encrypted services and its commitment to the privacy of its users in a full statement issued at the beginning of August. However, they soon caved in when they realised that this could cause a cascade of bans across the Middle-East, India and beyond and promised to place a data server in both nations, and now India is once again increasing the pressure on RIM to do the same for its internal security services. So instead of a cascade of bans, we now have a massive increase in corporate-facilitated state surveillance. It’s Google and China all over again, but RIM put up even less of a fight.

However, a lot of people in these increasingly intrusive and often authoritarian regimes are not happy with the new accord between states and technology-providers, and this may yet prove more powerful than what states want. In Iran, Isa Saharkhiz, a leading dissident journalist and member of the anti-government Green Movement is suing another manufacturer, Nokia Siemens Networks, in a US court for providing the Iranian regime with the means to monitor its mobile networks. NSN have washed their hand of this, saying it isn’t their fault what the Iranian government does with the technology, and insist that they have to provide “a lawful interception capability”, comparing this to the United States and Europe, and claiming that standardisation of their devices means that “it is unrealistic to demand… that wireless communications systems based on global technology standards be sold without that capability.”

There is an interesting point buried in all of this, which is that the same backdoors built into western communications systems (and long before 9/11 came along too) are now being exploited by countries with even fewer scruples about using this information to unjustly imprison and torture political opponents. But the companies concerned still have moral choices to make, they have Corporate Social Responsibility (CSR) which is not simply a superficial agreement with anyone who shouts ‘security’ but a duty to their customers and to the human community. Whatever they say, they are making a conscious choice to make it easier for violent and oppressive regimes to operate. This cannot be shrugged off by blaming it on ‘standards’ (especially in an era of the supposed personal service and ‘mass customization’ of which the very same companies boast), and if they are going to claim adherence to ‘standards’, what about those most important standards of all, as stated clearly in the Universal Declaration of Human Rights, Article 12 of which states: “No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence,” and in Article 19: “Everyone has the right to freedom of opinion and expression; this right includes freedom to hold opinions without interference and to seek, receive and impart information and ideas through any media and regardless of frontiers.”

City of Leon to install mass public iris-scanning

The City of Leon in Mexico, if a report in Fast Company are to be believed, is going ahead with a scheme that goes far further than any other urban surveillance project yet in existence. They are already installing scanners that according to their manufacturers, Global Rainmakers Inc., an until recently secretive company with ties to US military operations, can read the irises of up to 50 people per minute.

Now, we have to be careful here. Gizmondo, as usual has gone way over the top with reports of ‘the end of privacy’ (which, if you believed their stories has already happened as many times as the apocalypse for 7th Day Adventists…) and talk of the ‘entire city’ being covered and ‘real-world’ operations (i.e. in uncontrolled settings). In fact, if you read the  Fast Company report, and indeed the actual description of the products from the company, they are far more limited even in their claims (which are likely to be exaggerated anyway). There is no indication that the iris scanners proposed will work in uncontrolled settings. When the company talk about the scanners working ‘on the fly’, they mean that they will work when someone is basically looking at the scanner or near enough whilst no more than 2 metres away (in the most advanced and expensive model and significantly less for most of them) and moving at no more than 1.5 metres per second (and, again, slower for the lower range devices). All the examples on the company website show ‘pinch points’ being used (walls, fences, gates etc.) to channel those being identified towards the scanner. In other words, they would not necessarily work in wide public streets or squares anyway and certainly not when people were moving freely.

So is this what is being proposed? Well, there are two phases of the partnership with Leon that the company has announced – and we have as yet no word from Leon itself on this. Phase I will cover the settings in which one might expect levels of access control to be high: prisons, police stations etc. Phase II will supposedly cover “mass transit, medical centers and banks, among other [unnammed] public and private locations”. It is also worth noting that the scheme’s enrolment is limited to convicted criminals, with all other enrolment on an entirely voluntary basis.

I am not saying that this is not highly concerning – it is. But we need to be careful of all kinds of things here. First of all, the Fast Company report is pure corporate PR, and the dreams of the CEO of Rainmakers, Jeff Carter (basically, world domination and ‘the end of fraud’ – ha ha ha, as if…) are the same kind of macho bulltoffee that one would expect from any thrusting executive in a newish company in a highly competitive marketplace. Secondly, there’s a whole lot of space here for both technological failure and resistance. The current government Leon may well find that the adverse publicity from this will lose rather than gain them votes and that in itself could see the end of the scheme, or its being limited to Phase I. In addition, without this being part of wider national networks, there may in the end be little real incentive for anyone to enrol voluntarily in this. Why would banks in Leon require this form of identification but not those in Mexico City or Toluca for example? Will the city authorities force everyone who use public transport to undergo an iris scan (which would make the ‘voluntary’ enrolment a sham)? This could all end being as insignificant as the Mexican companies offering RFID implants as a supposed antidote to kidnapping, it could be the start of a seismic shift in the nature of urban space, or it could be a messy mixture.

I hope my colleagues in Mexico are paying attention though – and I will try to keep updated on what’s really going on beyond the corporate PR.

Facebook Places: opt-out now or everyone knows where you are?

Facebook Places… what to say? Most of the criticism writes itself because we have been here before with just about every new ‘feature’ that Facebook introduces, and they seem to have learned absolutely nothing from any of the previous criticisms of the way in which they introduce their new apps and the control users have over them. Basically, Facebook Places is just like Google Latitude, but:

1. instead of having to opt-in to it, you are automatically included unless you opt out; and (here’s the really creepy part),
2. instead of just you being able to tell your ‘friends’ where you are, unless you do turn it off, anyone who is your friend can tell anyone else (regardless of their relationship to you) where you are, automatically.

Luckily we know how to turn it off, thanks to Bill Cammack (via Boingboing).

When, if ever, will Facebook realise than ‘opt-out’ is an entirely unethical way of dealing with users? It lacks the key element of active consent. You cannot be assumed to want to give up your privacy because you fail to turn off whatever new app that Facebook has suddenly decided to introduce without your prior knowledge. Facebook is basically a giant scam for collecting as much networked personal data as it can, which eventually it will, whatever it says now, work out how to ‘add value’ to (i.e.: exploit or sell), whether its users like it or not. And surely this is now the ideal time for an open source, genuinely consensual social networking system that isn’t beholden to some group of immature, ethically-challenged rich kids like Zuckerberg et al.?

Surveillance, Coercion, Privacy and the Census

There’s been a huge furore here in Canada about the current government’s decision to abolish the long-form census. I’ve been following the debate more interested in what the proponents and opponents have been saying about privacy and surveillance rather than intervening. But it’s about time I got off the fence, so here’s my two cents’ worth. It may come out as an op-ed piece in one of the papers soon, I don’t know…

Sense about the Census:

Why the Long-form Census debate really matters.

The debate about the scrapping of the long-form census is in danger of being unhelpfully polarized. The result can only benefit the current government to the long-term detriment of the Canadian people. On the one hand, some of those campaigning for the reinstatement of the survey have dismissed issues of surveillance and privacy. On the other hand, supporters of its abolition have referred to ‘privacy’ and ‘coercion’ as if these words in themselves were reason enough to cut the survey. But the whole way in which privacy has been discussed is a red herring. We need to reaffirm a commitment to privacy alongside other collective social values not in opposition to them. We need privacy and we need the census.

First, coercion. The long-form census is undoubtedly a form of coercive state surveillance. One only has to glance at the recent history of state data collection and its role in discrimination and mass-murder to see that that one can be far too blasé about the possibility of states misusing statistics. Examples abound from the Holocaust to the genocide in Rwanda, and there is no reason to suppose that this could never happen again. In fact technology makes discrimination easier and more comprehensive: with sophisticated data-mining techniques, inferences can be made about individuals and groups from disparate and seemingly harmless personal data.

However, just because censuses have the potential for abuse, this does not make them wrong. Surveillance forms the basis of modern societies, good and bad, and coercion is all around us from the time we are children told by our parents not to play on the stairs. Coercion can be caring, protect us and improves our lives. The long-form census would have to be shown to be unfairly coercive, or not have enough beneficial policy outcomes to justify any coercion. This, the government has failed to do, whereas the campaign for the restoration of the survey has highlighted numerous examples of improvements in communities across Canada resulting from long-form census data.

Now to privacy. The campaign to restore the long-form census has seen frequent instances of the argument, ‘nothing to hide, nothing to fear’. This is one of the most glib arguments about privacy and surveillance, not only because of the potential abuse of state data collection but also because it assumes so much about what people should want to keep private. Another common argument is that privacy is irrelevant because ‘everyone gives away their personal information on Facebook anyway’. But the fact that some people chose to share parts of their lives with selected others does not imply that any infringement of privacy is acceptable. Privacy depends on context. Social networking or marketing trends do not mean that ‘anything goes’ with personal data.

In making these arguments, campaigners end up unwittingly bolstering a government strategy that relies not only on the evocation of ‘coercion’ but on pitting individual privacy against collective social goals. Yet, the government’s position is misleading. Privacy is not simply an individual right but also a collective social value. And further, just because the data is collected from individuals by the state, does not mean that the state infringes on privacy. It depends on whether the data is stored without consent in a way that identifies individuals or is used in a way negatively impacts upon them.

However, Statistics Canada have demonstrated a commitment to privacy within the census process. The long-form census data is not used to identify or target individuals. It is aggregated and used for wider community purposes. As Statistics Canada say quite on their website: “No data that could identify an individual, business or organization, are published without the knowledge or consent of the individual, business or organization.” The census returns are confidential and Statistics Canada employees are the only people who will ever have access to the raw returns, and they are bound by The Statistics Act. All this was confirmed by the Office of the Privacy Commissioner of Canada, who found the 2006 census fully compliant with privacy law.

So both privacy and coercion are red herrings. The conduct of the long-form census has demonstrated a commitment to privacy alongside other collective social values in support of individuals and the wider community. This moderate, sensible and profoundly Canadian position is now under threat. That is why this debate matters.

Further details on the new UK government’s Civil Liberties agenda

The UK full coalition agreement between the Conservatives and Liberal Democrat parties has just been published. It includes a section on civil liberties which is much more than we could have hoped for and which makes no mention of rolling back the Human Rights Act or the more ludicrous fringe Conservative demands… In full it is as follows:

“The parties agree to implement a full programme of measures to reverse the substantial erosion of civil liberties under the Labour government and roll back state intrusion.

This will include:

• A freedom or great repeal bill;

• The scrapping of the ID card scheme, the national identity register, the next generation of biometric passports and the Contact Point database;

• Outlawing the fingerprinting of children at school without parental permission;

• The extension of the scope of the Freedom of Information Act to provide greater transparency;

• Adopting the protections of the Scottish model for the DNA database;

• The protection of historic freedoms through the defence of trial by jury;

• The restoration of rights to non-violent protest;

• The review of libel laws to protect freedom of speech;

• Safeguards against the misuse of anti-terrorism legislation;

• Further regulation of CCTV;

• Ending of storage of internet and email records without good reason;

• A new mechanism to prevent the proliferation of unnecessary new criminal offences.”

All of these points are excellent. They lack detail of course, and the devil is always in the detail, and I would have liked to have seen a little more on what would be included in the ‘great repeal’ given that later it only talks about ‘safeguards’ against the abuse of anti-terrorism laws, but really this is as good as anyone could have hoped for, even, though they may not admit it, many of the more socially-liberal Labour Party supporters. The reform of libel laws and commitment to transparency is equally as welcome as the rolling back or regulation of surveillance, and this seems to extend into other parts of the agreement for the reform of government and elections. I hope the eventual full programme will also include some rationalisation of the crazy landscape of multiple ‘commissions’ to regulate different aspects of state-citizen information relations, in favour of an expanded and more powerful Information Commissioner’s Office, but we will see. However, this is a great start (and I never, ever, thought I would be saying that about a Conservative government…).

UK ID Card Program scrapped after election (and more)

As both the Conservative Party and the Liberal Democrats in the UK had the scrapping of the National Identity Card card scheme as part of their manifesto, the unpopular program has been suspended immediately by the new coalition government, pending further announcements.

The full statement reads as follows:

“Both Parties that now form the new Government stated in their manifestos that they will cancel Identity Cards and the National Identity Register. We will announce in due course how this will be achieved. Applications can continue to be made for ID cards but we would advise anyone thinking of applying to wait for further announcements.

Until Parliament agrees otherwise, identity cards remain valid and as such can still be used as an identity document and for travel within Europe. We will update you with further information as soon as we have it.”

But although the cards will almost certainly go, despite the statement it is unclear yet what will be the fate of the National Identity Register (NIR), the new central database at the heart of the scheme. Neither party, and the Tories especially, said anything specific in their manifestos about scrapping the database, so we will see what happens here – although the statement issued seems categorical about this too. Although the end of the card scheme reduces opportunities for the ‘papers, please’ style abuse of minorities, it is the database that is of biggest concern to those interested in surveillance and social sorting. I have long favoured a secure central government Information Clearinghouse, which whilst transferring necessary information as needed and consented to between different parts of government, would not in itself hold any data. I suspect however, that some fudge will emerge!

In the meantime, the price of the coalition also was reported to include new legislation regulating video surveillance (CCTV) cameras (only about 20 years too late, but that’s the speed of British politics for you), and the review of many of the new powers in the (Anti-)Terrorism and Civil Contingencies Acts (and perhaps the Regulation of Investigatory Powers Act too – though it hasn’t yet been mentioned specifically). It is very rare that legislation is repealed or rolled back but we may yet see an increase in civil liberties under the new coalition. The one big worry in this are though is the Conservative opposition to the Human Rights Act – however with their Liberal Democrat partners being committed to the HRA, I can’t see any moves to repeal the act in this Parliament.

I am cautiously optimistic…

Google vs. Privacy Commissioners Round 1

Google and a group of Information and Privacy Commissioners have been having an interesting set-to over the last couple of days. First, a group including Canada’s Privacy Commissioner and the UK’s Information Commissioner sent a letter to Google expressing concern about their inadequate privacy policies, especially with regard to new developments like Buzz, Google’s new answer to Facebook.

Then Google put up a post on its blog, unveiling a new tool with maps out various governments requests for censorship of Google’s internet services. Interestingly, it framed this by reference to Article 19 of the Universal Declaration on Human Rights.

So now we have two sets of bodies referring to different ‘human rights’ as the basis for their politics. Of course they are not incompatible. Google is right to highlight state intervention in consensual information-sharing as a threat, but equally the Privacy Commissioners are right to pull up Google for lax privacy-protection practices. The problem with Google is that it thinks it is at the leading edge of a revolution in openness and transparency (which not coincidentally will lead to most people storing their information in Google’s ‘cloud’), and the problem with the Privacy Commissioners is that they are not yet adapting fast-enough to the multiple and changing configurations of personal privacy and openness that are now emerging as they have to work with quite outdated data-protection laws.

This won’t be the end, but let’s hope it doesn’t get messy…

UK Government to Increase Postal Surveillance

For a long time now, the Royal Mail has been a service that prided itself on confidentiality. Historian, David Vincent, noted in his 1998 book, The Culture of Secrecy in Britain 1832-1998, that one of the first major scandals over surveillance in the modern era was the 1844 scandal when an Italian exile, Joseph Mazzini, who was resident in London, discovered that the British government were secretly opening his mail. The prompted discussion in the House of Commons and outrage that such low ‘foreign’ practices were taking place in Britain.

In reality, of course the mail of targets of intelligence services is opened and read regularly, but in law in the UK, if mail is going to be opened – and this can only be done by HM Revenue & Customs (HMRC) – the recipient has to be notified and present when it is done. Indeed, it’s been one of the characteristic complaints about many different states’ recent attempts to extend so-called ‘lawful access’ provisions to electronic mail and Internet sites by requiring ISPs to retain traffic data and provide it to the state upon request, that this goes far beyond what has ever been done with mail, except in totalitarian societies like the former East Germany, whose Stasi were notorious for opening letters either secretly or in many cases, quite openly.

So, the UK has now, it seems, decided to redress the balance. It will not of course, hold back on the lawful access provisions regarding electronic communications in the Telecommunications Bill. No, of course not. Instead, according to the Guardian this weekend, it is planning what they had probably hoped would be a quiet little amendment to the Postal Services Act, removing any requirement to notify people when their mail is to be opened. I am sure there will be the usual ‘safeguards’ and ‘codes of conduct’, in other words, the voluntary provisions which hae characterised recent British government’s pathetic and limited attempts to provide for privacy and other civil rights. But essentially, this is the end of any generalised assumption of confidentiality of the mail in Britain. It runs contrary to the European Convention on Human Rights (and therefore the UK Human Rights Act too). Every time you think there is no way the government could get any more repressive and get away with it, they do – will it be different this time?

Support Peter Watts

I’ve been snowed under teaching recently and haven’t been posting much. One thing has really got my goat though and I think it needs wider attention. Those of you who read boingboing will already know, but the SF author, Peter Watts (who wrote the excellent novel of really alien contact, Blindsight) has been convicted of obstructing US border guards and could spend up to two years in prison. This is despite the fact that the border guards lied about the whole incident (they claimed he had tried to choke an officer, when in fact they were assaulting him, a fact admitted in court). He basically got convicted for challenged the guards and getting out of his car to ask what was going on. As Cory Doctorow comments on BoingBoing, this is not about security, this is not about safety, and it is not even about crime as we would recognise it, it is about authority and the massive increase in humourless abuse that has increased so much in recent years, particularly on the US border*. Peter Watts was convicted essentially of not responding fast enough and questioning commands. He’s now posted more on his own blog, including some comments from some of the jury, who couldn’t quite believe the outcome…

Anyone who thinks ‘nothing to hide, nothing to fear’ or truly believes that it couldn’t happen to you, read this a be concerned. Show your support for Peter too. Write to your congressmen if you are in the USA, or Members of Parliament in Canada, write to Ministers and Secretaries of State. Make a fuss. Write to Peter too and tell him you support him.

*And sure, there’s a context, but it seems to me that the post-9/11 situation is used as an excuse by rather too many guards to exercise a petty brutality on anyone who does not conform to their perception of normality. That critical point where liberty comes up against security is just as much about interpersonal encounters like this as it is about grand policy.