privacy – Page 6

‘X-ray vision’ may not be so far away…

Fascinating and disturbing news from the MIT Technology Review blog that a team of researchers appears to have cracked the problem of how to produce cheap, effective Terahertz Wave (TW) cameras and receivers. TW are found between infrared and microwave radiation, and produce what we called in A Report on the Surveillance Society, a ‘virtual strip search’, as they penetrate under layers of clothing but not much further, and can thus produce images of the body ‘stripped’ of clothing. Thus far, they’ve been used on an experimental basis in some airports and not really any further afield.

This is largely because of the way that TW waves have been detected up until now has basically been a bit of a kludge, a side-effect of another process. This has meant that TW equipment has been generally quite large and non-portable (amongst other things).

However one Michel Dyakonov of the University of Montpellier II in France has followed up theoretical work he did in the 1990s, with a new larger team, to show that tiny (nanoscale) ‘field effect transistors’ can – and they are still not quite sure how exactly – both produce and detect TW. The details are in Technology Review, but the crucial thing for those interested in surveillance is that:

the output is ‘good enough for video’; and
‘they can be built into arrays using standard silicon CMOS technology’ which means small, cheap (and highly portable) equipment. This could be an add-on to standard video cameras.

I’m getting a genie-out-of-bottles feeling with this, but is it really as damaging to personal privacy as it feels? Does this really ‘reveal’ anything truly important? Or will it become something to which we rapidly become accustomed, and indeed with with which we quickly get bored? In some cultures, specially those that regard covering the body and modesty as being god-given, this is clearly going to present massive challenges to social and moral norms. It seems to me that there is also an immediate conflict with current constitutional and legal rights in several jurisdictions, not least the US Fourth Amendment right not to be subjected to warrantless searches and the European Convention Article Eight on the right to privacy.

But it seems that unless such a technology is banned, or at least particular commercial implementations, we’re about to cross another Rubicon almost before we’ve noticed it has happened. Ironically bans on technology can only really be effective in states where intensive surveillance and state control of behaviour is practiced. In other places, I am not sure banning can be effective even if it were desirable, as in reality, a ban simply means reserving the use of the technology to criminals, large corporations which can afford to flout laws, and the state.

UK newspaper phone-tapping scandal

Back in the UK, the Sunday newspaper, The News of the World, known largely for its obsession with minor celebrity scandal has been itself the subject of rather more serious investigations, following revelations that it has paid out over £1 Million (around $1.4 M US) to people whose phones it secretly tapped in its search for dirt. Proprietor, Aussie, Rupert Murdoch, is known to satirical magazine, Private Eye, as the ‘Dirty Digger’, and given this showing, he seems to be earning his nickname.

The Guardian editorial highlights this as another threat to privacy, but there’s much more here. Murdoch is one of the most powerful men in the world and his company, News International, covers far more than just Britain – they recently bought the Wall Street Journal, for example. His more ‘serious’ newspaper, The Times of London (for whom, I should declare, I have written a piece once) was very vocal in the past in attacking the recently-retired Information Commissioner, Richard Thomas, first over his comments on ‘sleepwalking into a surveillance society’ and then later on his attempts to bring newspapers under the same regulatory regime over privacy as other organisations.

At the time, it was hard to know what the agenda was; but clearly it was more than the supposedly ‘honourable’ position of acting to protect journalistic independence and the rights of their sources. Now, I think, we can start to understand a little more about the view The Times advocated – perhaps it was simply trying to deflect public investigation into the illegal, underhand and privacy-invasive surveillance practices of other parts of the News International empire.

We should indeed be worried by this, not just because of the activities themselves, but because of the attempts to manipulate public policy and undermine the authority of one of the few people who was interested in, and capable of, attacking abuses of surveillance by the media by an increasingly powerful global private company.

So, does News International own newspapers in your country? Do you know what they get up to? Someone needs to dig the dirt…

Contact Point goes live

The controversial new central database of all children in the UK has gone live today for the North-west of England, and will gradually be rolled out across the UK. The £224M ‘Contact Point’, one of the main planks of the ‘Every Child Matters’ initiative, will be accessible to around 390, 000 police, social workers and other relevant professionals. It is mainly being promoted as a time-saving initiative, allowing quicker and more informed intervention in the case of vulnerable children, which we all hope it does, although this of course depends on the correct information being on the database in the first place. In addition, as the Joseph Rowntree Reform Trust review, Database State, rated the system as ‘red’ for danger in terms of privacy:

“because of the privacy concerns and the legal issues with maintaining sensitive data with no effective opt-out, and because the security is inadequate (having been designed as an afterthought), and because it provides a mechanism for registering all children that complements the National Identity Register.”

Phorm philling

UK satirical magazine, Private Eye, this week brings the ludicrous Stop Phoul Play website to my attention. This is a corporate spin site devoted entirely to defending BT’s underhand and intrusive ‘Phorm’ online advertising technology against what it calls ‘privacy pirates’ who they claim are either being paid or pushed to damage BT.

Those listed as ‘piracy pirates’ include the excellent investigative IT journal, The Register, the Open Rights Group and the brilliant Foundation for Information Policy Research (FIPR), along with numerous bloggers and contributors to web forums. Now, it may be that some other corporations with rival technologies would like Phorm to fail, just as Microsoft probably enjoys it a great deal every time Google takes a PR hit (or vice-versa), but to suggest that everyone who make a criticism of Phorm is secretly part of some conspiracy against BT is frankly, either stupid paranoid.

And there are very good reasons for being critical of Phorm in the trojan-like manner of its operation and the way in which it has been tested without the consent of users. As Private Eye also reminds us, Phorm has landed the UK government in legal trouble with the EU. It hardly needs a conspiracy to make people justifiably annoyed.

This is one of the weirder exercises in PR I have seen, not least because its paranoia and promotion of conspiracies can only be damaging to BT. Thus it is no surprise to find that, according to the The Register, that it is the product of the fevered imagination of Patrick Robertson, whose previous clients include the lovely General Pinochet and former Tory MP and convicted liar, Jonathan Aitkin. So go take a look at Stop Phoul Play (while it still exists…) – it really is quite insane.

A quarter of UK databases break privacy laws

This is massively important because it is based not simply on a financial, political or even an ethical position, but on the database projects’ respect for existing law. They are simply illegal…

A new report for the Joseph Rowntree Reform Trust by a very credible largely Foundation for Information Policy Research (FIPR) team that combines engineers, lawyers, software developers, and political scientists, has concluded that a quarter of the UK public-sector databases are illegal under human rights or data protection law. It also looks at UK involvement in some European database projects and finds all of them questionable too.

The report rates the 46 databases on a traffic light system – green, amber, red – and argues that those rated ‘red’, in particular the National Identity Register and the Communications Database, and are simply unreformable and should be scrapped. This is massively important because it is based not simply on a financial, political or even an ethical position, but on the database projects’ respect for existing law. They are simply illegal, and not just massively expensive, morally questionable or politically undesirable. In fact, a quarter of all the databases were found to contravene the law and more than half were ‘problematic’ (i.e. open to challenge in court) . All of those rated ‘amber’ (29 databases) the authors argue, should be subject to independent review.

There are a number of other major recommendations, including the reassertion of the necessity and proportionality tests contained in DP law, citizens should anonymous rights to access data, more open procurement of systems, and better training processes for civil servants. The most important and radical measures proposed, and entirely correctly in my view, are those concerning the location of data and the whole nature of UK IT development. For the former, the report recommends that the default location for sensitive personal data should be local, with national systems kept to a minimum – this appears to be rather like the ‘information clearing house’ system as opposed to central databases, that we proposed in our Report on the Surveillance Society, but better worded and justified! In the latter case, the authors simply note that fewer than 30% of government IT projects succeed at a cost of 16Bn GBP per annum and that there should never be a general and aimless government IT program, rather there should only ever be specific projects for clearly defined and justified (proportional and necessary) aims.

It is an excellent report and probably unanswerable in its logic. Tellingly, The Guardian report contains no response from any government minister…

The rise of personal surveillance

Personal surveillance is only going to get harder to regulate as things like ‘smart dust’ and micro-UAVs come down in price and are more easily available…

CBS News in the USA is reporting on the rise of stalking and in particular the use of more powerful, smaller and cheaper surveillance devices: embedded hidden cameras, GPS trackers and so on. They discuss in particular the case of Michael Strahan, a sportsman who seems to be obsessed with keeping watch on family and friends. But the bigger pictures is that stalking is something that apparently affects around 3.4 million US citizens. That’s more than one in a hundred, an astonishing figure if it’s anywhere near ‘right’.

Stalking and personal surveillance are an integral part of the culture of any state in which order in ensured through surveillance. We are creating unhealthy societies in which personal relationships between people are increasingly characterised by the same fear and distrust as states have of their people.

Don’t trust your kids and all the people that might come into contact with them? Solution: irremovable RFID tags disguised as digital watches, GPS clothing…
Don’t trust your workers to be doing what they should? Solution: Put cameras in their bathrooms, and employ specialists to record their every action...
Don’t trust your spouse? Get their mobile phone registered with a tracking service, and put a GPS tag on their car…
and so on.

raven This is only going to get harder to regulate as things like ‘smart dust’ and micro-UAVs come down in price and are more easily available. And already surveillance equipment like head-mounted cameras for cyclists, is marketed as ‘toys’… regulation is only half the answer. The other half has to be in working out how to shift away from this mistrustful, fearful, risk-obsessed culture. Part of this has to be down to government: the more that surveillance is part of every solution they come up with to any problem, the worse the social malaise will become.

How many cameras are there in Britain? (4)

Despite the fact that it really doesn’t ‘work’, the growth of CCTV is almost out of control in Britain, and it is probably only the recession that is holding this growth back at all…

Here is another episode in the ongoing saga that was sparked off by my discussion with David Aaronovitch about supposedly misleading figures used in our Report on the Surveillance Society, leading to his rather weak comment piece in The Times, my pre-emptive response here, and Paul Lewis’ similar piece in The Guardian.

Aaronovitch’s own newspaper, The Times, has now published a story by one of its reporters, Kaya Burgess, in which she counted the cameras on her commute into work, and found there were a total of 281 cameras on her 3.1 mile route, or one camera every 18 metres on average. 108 of these were state-placed and the rest were installed by private operators (shops,homes etc.). As the article points out, and this is something I have been arguing for years, the growth of private cameras is remarkable and of course, almost completely unregulated.

The figure of 281 is remarkably similar to Clive Norris’ little fictional tale of ‘Thomas Kearns’ of 1999 which sparked the ‘we are watched by 300 cameras a day’ stories in the press, and which was the subject of Aaronovitch’s piece. Perhaps we should feel smug, but that still isn’t the point. There never was an ‘accurate’ figure to be correct about. It was a possibility. Now it seems that the possibility has been bypassed by some distance, at least for London. Because remember, Kaya’s journey was merely the journey into work. It was not even a small portion of the day. It did not count cameras at work, or those she might encounter during her working day, nor those her image might be captured by if she went out for a post-work meal and drinks… her 281 might well end up being double that by the end of the day, and she was not doing any of the more ‘unrealistic’ things that Norris’ ‘busy Londoner’ was.

Of course, this density of cameras is by no means uniform across London or across the country, nor is there one central ‘Big Brother’ behind the cameras, no one guard in the tower. We live not in the Panopticon of Jeremy Bentham, made notorious by Michel Foucault’s analysis, but in what contemporary French theorist, Bruno Latour, called, an ‘oligopticon’. In some places we are watched (and even known) intensely and in others hardly at all, and we move through these different zones of varying intensities of surveillance in our days and our lives.

Does that make the huge number and high density of cameras in some places ethically more acceptable? Hardly. Despite the fact that it really doesn’t ‘work’, the growth of CCTV is almost out of control in Britain, and it is probably only the recession that is holding this growth back at all. The Times report also notes that the Local Authority cameras appeared to be placed in clear violation of the existing voluntary CCTV Code of Practice which states that CCTV should be installed in areas of high crime, not just at regular intervals everywhere. Senior police officers I have talked to agree with this. They don’t see the need for cameras on every corner; they want to target crime hot spots effectively and efficiently. And of course, the private cameras aren’t really regulated much, and those on private homes not at all. The important thing, is to have stronger, clearer regulation of CCTV as the House of Lords Constitution Committee recently demanded. This new regulation should control and perhaps even reverse the growth in the number of cameras by specifying much more clearly the circumstances and contexts under which CCTV is appropriate and how it is to be discussed and approved, so that it becomes a possibility to be debated not the normality to be expected.

(thanks to Charles Raab for bringing this piece to my attention and for being fair about The Times!)

UK police spying on activists… again

The Met are unlikely to care. They are not generally known for their respect for the political rights of British citizens…

The Guardian has posted another worrying story (and an interesting video) on the routine police surveillance of environmental activists, most of whom have no connection to any criminal behaviour. The Metropolitan police, who have always been in the forefront of efforts to try to portray political activists as actual or potential criminals, is collecting storing and sharing information, including many private personal details, on activists using Crimint, the national criminal intelligence system. The data includes activists “seen on a regular basis” as well as less frequent activists, regardless of arrests or convictions, their names, political associations and photographs. This information is being shared between police forces to build up more complete portraits of political activity nationwide.

The human rights group, Liberty, is challenging this data collection and sharing on the grounds that it breaches Article 8 of the European Convention on Human Rights. My view is that it almost certainly does, and that the Met are unlikely to care. They are not generally known for their respect for the political rights of British citizens indeed one of their original purposes was to crack down on political dissent back in the Nineteenth Century and they have always maintained this role. They operate the National Extremism Tactical Coordination Unit (NETCU) which is also involve in spreading disinformation on political activists and their HQ at New Scotland Yard will apparently host the new privately-run ACPO Confidential Intelligence Unit (CIU).

I have had my own personal experience of the Met’s way of dealing with activists and it is certainly not in any way respectful of anyone’s rights. It urgently needs to be brought under some proper control and accountability, and hopefully being found guilty of breaching Article 8 of the ECHR, if it happens, will be a good start.

Protecting yourself from surveillance

The Electronic Frontier Foundation (EFF) and the Open Society Initiative have created the very useful ‘Surveillance Self-Defense’ (SSD) site. Although the SSD is aimed at US citizens and the legal aspects are therefore more relevant to those living in the States, the general advice and information on risk management and defensive technologies is all worth reading for anyone who uses a computer anywhere in the world.

Essentially this is a kind of care and maintenance of your ‘data double’ concept, which is one response to the growth of surveillance. Of course no-one should think that this kind of ‘personal information economy’ approach is enough and the EFF certainly don’t. There is in any case a general effect that could emerge from this kind of action should large numbers of people start taking the advice of EFF: mass surveillance effectively becomes more difficult, more expensive and less worthwhile. However, things like SSD cannot be a substitute for political action to curb the powers of state and private sector to monitor us and reduce individual liberties and dignity.

Surveillance in the UK and the USA: commonalities and differences

In one of those fortuitous instances of synchronicity, there are two stories today that illustrate some of both the commonalities and the differences between state surveillance practices and regulation in the UK and the USA.

In the UK, The Guardian has revealed that the Surveillance Commissioner (a separate office to the Information Commissioner) has been very critical behind the scenes, as the Lords Committee was in public, of the uses to which the Regulation of Investigatory Powers Act (2000) (RIPA) has been put, not this time by local government, but by national ministries like the Department for Environment, Food and Rural Affairs (DEFRA) and agencies, including Ofcom (the broaadcast and communications regulator) and the Charities Commission. DEFRA came in for a particular telling-off over its spying on fishermen. The chief commissioner, Sir Christopher Rose found generalised lax practice, a lack of proper justification for and proportionality in the used of RIPA, and little training or accountability. In short, RIPA is being used because the powers exist not because there is any pressing justification to use surveillance in this manner – the used of surveillance has expanded because it is available.

It is very interesting that The Guardian had to discover all this through Freedom of Information Act (FOIA) requests, and that the Surveillance Commissioner had not put all of this in the public domain as a matter of course. It highlights for me, once again, the clear difference in attitude and regulatory practice between him and the open, accountable, and active Information Commissioner’s Office (ICO). It confirms my view that we would be much better off if the Surveillance Commissioner’s work was absorbed into the ICO.

In the USA, it is to lawyers that people immediately turn if some bad practice is suspected on behalf of the government. The Los Angeles Times reports that on Friday, the US government lost the case it had been bringing to try to stop an Islamic charity based in Oregon from suing them over what they claim were illegal wiretapping operations targeted at them. The case stems from the Bush administration’s attempts to bypass what were already very weak regulations governing the surveillance of American citizens which were introduced in the Foreign Intelligence Surveillance Act (1978) (FISA) and recently amended in the Protect America Act (2007). Requests are supposed to go to the Foreign Intelligence Surveillance Court (FISC) which meets in secret and does not have to publish its rulings and so far as we know, has never turned down a request – so it is somewhat mystifying except as a matter of speed and convenience that the Bush administration did bypass the court.

Now the Obama administration is (shamefully) defending the actions of his predecessor. This is not entirely surprising. Intelligence is one area of continuity between governments: it is what Peter Gill called the ‘secret state’, a core that remains constant regardless of changes of administration. Nixon and Bush were both stupid enough to get caught, but the NSA, CIA and FBI are continually looking for different ways to get around domestic regulations on surveillance. Political devices like the UKUSA agreement served this purpose for many years – whereby Canadian and British intelligence services would collect SIGINT on Americans and supply it to the NSA and vice-versa. But GCHQ and others just don’t have the capabilities to carry out the amount of monitoring that now goes on. It’s been the reality for many years now that the NSA in particular does spy on Americans. Again, they have the capabilities so those capabilities are used.

Of course, unlike in the UK, we are talking about the threat of terrorism not anglers catching one-too-many fish; that really does say something about the petty bureaucracy that characterises the UK! However RIPA was also justified originally with reference to terrorism and serious and organised crime. Anyway, the ruling in the Oregon case clearly states that state secrets privilege was not enough to justify warrantless surveillance of suspects, whatever they had allegedly done. It seems that at least is one point of hope that the USA and the UK have in common. Let’s see where these situations now lead in each country…