surveillance – Page 18

No need to fear a database society?

Peter Bradwell of Demos raises some interesting points in his summary of their new report on people’s attitudes to state databases in the UK, but he also sets up a straw man, and as I am one of the people implicated, I object to this. He argues that there are many positive sides to databases (of course!) and contrasts this with the former Information Commissioner’s statement on ‘sleepwalking into a surveillance society’ as ‘fear-based’. However, the reaction of the ICO was to commission a report in 2006, which I coordinated, to examine the concept of the ‘surveillance society’. This was pretty balanced and stressed the positive aspects of surveillance as much as the negative, indeed it did exactly the kind of assessment that Demos claims it’s doing here. So it’s rather ironic that the author is trying to stop people being afraid of the word ‘database’ yet still promoting the idea that ‘surveillance’ is automatically a bad thing to be feared! However, I would urge rather less optimism. We’re currently writing an update to our 2006 report and it’s pretty clear that in most areas, the UK has gone further, faster, than even we anticipated.

The basic argument of Demos appears to be that if all of this was under some kind of accountable control, then perhaps one might have grounds for optimism. But that’s true of just about almost anything and it’s a rather big ‘if’. What are the developments in the direction of accountability that they have seen which give rise for optimism? There are none in the piece, and the report itself is about what people think about state databases. That is very interesting from a political point of view, but unfortunately doesn’t tell us much about what is actually happening or likely to happen, only what people believe about it. Of actual examples of increasing accountability recently, I can only think of the state’s retreat on RIPA, but that wasn’t particularly profound, and the only other serious changes have come when the British government’s hand has been forced by European Court decisions (on the National DNA Database, for example)… can Demos help me out here with more than just the fact that people don’t think it’s that bad? I will have to read the full report and get back to you…

UK Government to Increase Postal Surveillance

For a long time now, the Royal Mail has been a service that prided itself on confidentiality. Historian, David Vincent, noted in his 1998 book, The Culture of Secrecy in Britain 1832-1998, that one of the first major scandals over surveillance in the modern era was the 1844 scandal when an Italian exile, Joseph Mazzini, who was resident in London, discovered that the British government were secretly opening his mail. The prompted discussion in the House of Commons and outrage that such low ‘foreign’ practices were taking place in Britain.

In reality, of course the mail of targets of intelligence services is opened and read regularly, but in law in the UK, if mail is going to be opened – and this can only be done by HM Revenue & Customs (HMRC) – the recipient has to be notified and present when it is done. Indeed, it’s been one of the characteristic complaints about many different states’ recent attempts to extend so-called ‘lawful access’ provisions to electronic mail and Internet sites by requiring ISPs to retain traffic data and provide it to the state upon request, that this goes far beyond what has ever been done with mail, except in totalitarian societies like the former East Germany, whose Stasi were notorious for opening letters either secretly or in many cases, quite openly.

So, the UK has now, it seems, decided to redress the balance. It will not of course, hold back on the lawful access provisions regarding electronic communications in the Telecommunications Bill. No, of course not. Instead, according to the Guardian this weekend, it is planning what they had probably hoped would be a quiet little amendment to the Postal Services Act, removing any requirement to notify people when their mail is to be opened. I am sure there will be the usual ‘safeguards’ and ‘codes of conduct’, in other words, the voluntary provisions which hae characterised recent British government’s pathetic and limited attempts to provide for privacy and other civil rights. But essentially, this is the end of any generalised assumption of confidentiality of the mail in Britain. It runs contrary to the European Convention on Human Rights (and therefore the UK Human Rights Act too). Every time you think there is no way the government could get any more repressive and get away with it, they do – will it be different this time?

Google does the right thing, but…

Google is, as I type this, closing down its Chinese site as the first stage of its withdrawal of service from mainland China, in response to numerous attacks on the company’s computers from hackers allegedly connected to the Chinese state and ongoing demands to provide a censored service with which they felt they could not comply. The company claims that Chinese users will still be able to use Google, only through the special Hong Kong website, http://www.google.com.hk, which for historical reasons falls outside the Chinese state’s Internet control regime. Whether this will mean that the site will actually be accessible to Chinese Net users is debateable. Some say they cannot access it already. There are also numerous ‘fake Google’ sites that have sprung up to try to make some fast cash out of the situation.

But there’s more to this of course. Google has been widely reported to have opened its doors to the US National Security Agency (NSA) in order, they say, to solve the hacking issue, but the NSA only get involved in matters of US national security – if Google is essentially saying it is effectively beholden to US intelligence policy and interests, I am not sure that this is a whole lot better than bowing to China. You can be sure as well, that once invited in, the NSA will insinuate themselves into the company. Having a proper official backdoor into Google would make things a lot easier for the NSA, especially in populating its shiny new data warehouse in Utah…

UK Parliamentary Committee rejects Government DNA proposals

The House of Commons Home Affairs Select Committee has rejected a key part of the UK government’s new plans for the National DNA Database (NDNAD). The plans came in response to the ruling by the European Court that the NDNAD was being operated contrary to human rights law by keeping the profiles of innocent people indefinitely. The database has been filled largely through the provisions of a very vague and wide-ranging provision that allowed the police to take DNA from anyone arrested for an indictable offence, and to keep it even if they were never even charged (let alone charged and not convicted). The result had been that long-standing prejudices within the police had meant a bias in the databases against young black men, and a rapidly expanding set of profiles of children and the entirely innocent.The NDNAD had also been attacked by the HUman Genetics Commission (the government’s own watchdog) which recommended multiple reforms.

One of the main parts of the government’s response to the European Court ruling was that DNA should be retained for 6 years – the committee has recommended that this be halved to 3 years (we are still talking about the DNA of innocent people here…), and that there should be some proper national system for deciding who gets deleted entirely (at the moment it is at the discretion of Chief Constables of local police forces!). Of course all of these leaves the wider question of fairness and rights undebated. There are only two properly just ways to run a database of this sort. One would be to include only the DNA of those convicted of a crime or suspected in an ongoing investigation. The other would be to include everyone (as the UAE has decided to do). At the moment, the NDNAD is, like most things in Britain, an unaccountable mess of law, customary practice and happenstance that pleases no-one and is also remarkably ineffective for the money and effort put into it. This will only improve slightly even if the select committee’s recommendations are accepted.

German Constitutional Court shoots down new ‘Lawful Access’ Provisions

Germany’s Constitutional Court is one of the few such national institutions that has been brave enough to interpret the right to privacy as actually meaning something that might outweight the state’s desire to know. According to the BBC, in a really strong decision, it has just ruled that a 2008 law, requiring all telecommunications traffic data to be stored for 6 months, violated privacy rights of citizens and should be struck out. Germany had already threatened to veto the European Union’s Telecommunications Directive 2006/24/EC (which came into force last year), a move which prompted the Council of Minister to take the unethical and devious step of redefining the Directive as belonging to the ‘commercial’ field (which requires only majority vote) as opposed to being a matter of ‘security’ (in which there has to be unanimity). We will now see what is the reaction of the German government to their own law being declared unconstitutional, and indeed, what international reverberations this have – the USA will certainly not like this.

(Thanks to ‘Unkraut’ for the pointer)

Closing the Internet

A lot of my current thinking is based around the dynamic of opening / closing. I’ve been considering the way in which elements of state power, and in particular the military and intelligence agencies, regard openness per se as a threat. Now, Wired’s Threat Level blog (just about my favourite reading right now), has an excellent take on the response to what has been termed (in a deliberately mixed-up phrase) the ‘open-source insurgency’. This is the way in which the ex-head of US intelligence, now working for ‘contractor’*, Booz Allen Hamilton, Michael McConnell. is promoting the re-engineering of the Internet. This is necessary, it is argued, because the current openness of the Net means that terrorists and criminals can flourish. This re-engineering would “make attribution, geo-location, intelligence analysis and impact assessment — who did it, from where, why and what was the result — more manageable”. In other words to close the Internet. remove everything that is innovative and democratic about it, and make it easier for agencies like the NSA to monitor it.

Along with a whole raft of measures like extending ‘lawful access’ regimes, introducing corporate-biased copyright and anti-peer-2-peer legislation, censorship and Net filtering, this is an attack on what the Internet has become and to turn it into something simply for consumption – something, in other words, more like television. But there is another layer here too – the US military, I suspect, still has a nostalgic longing for when the Internet was its private domain. It’s a long way from its origins, and now perhaps the military want it back. But it isn’t theirs anymore, it’s ours and we need to fight for it.

* or, more accurately, arm’s length consulting agency of the US state.

Fortress Toronto for G20 summit

There is an interesting article yesterday in the Toronto Star that does a good job of describing what will happen when the G20 arrives in town in June this year.

Of course, it will be accompanied by all the security and surveillance that these days comes as part and parcel of these ‘mega-events‘ (see also: here and here) whether they be sporting, economic or political – with the added hyper-security around world leaders. Rather like the peripatetic monarch’s court that used to be a feature of high mediaeval European societies, the travelling circus of global governance brings with it, its own security norms, creating locked-down ‘islands’ within cities, temporarily removing the rights and liberties of residents, and moving out and on those people seen to be ‘out-of place’ (the homeless, street vendors, protestors and so on). In many cases, ordinary people are suddenly potential troublemakers, and residents are harassed in advance by intelligence services who check profiles, backgrounds, political affiliations and so on. Business within the zone are usually negatively affected – even if the case is made, as it normally is, that there will be some nebulous ‘economic benefit’, which (oh, so conveniently) happens to cover the costs of security. The events are often also ‘test-beds’ for new technologies of surveillance and security – last year at the Pittsburgh G20 summit, we saw the use of sonic weapons on protestors for example.

Why do cities put up with this? Well, it’s all about inter-urban competition. For urban authorities these mega-events reinforce the global status of the city, or allow it to climb the ever-incrasing numbers of rankings of ‘world cities’ of ‘global cities’. Toronto, like so many other cities in the second or third rank of global cities, is obsessed with appearing to be world class, and the local government will put up with almost any kind of inconvenience to its citizens that is seen to benefit the city’s global status.

I’ll be keeping an eye on developments, but if I was a Toronto resident, and if I could, I’d just leave town for a couple of weeks before and during the event…

SSN to do new Surveillance Society report for ICO

The same team that did the influential Report on the Surveillance Society for the UK Information Commissioner’s Office (ICO) back in 2006 will be doing a follow-up report on the state of surveillance in the UK for the ICO and the national Parliament this year. Many of the things discussed in that report, which I coordinated, have been accelerating and intensifying, most obviously things like airport body-scanning and the use of drone surveillance cameras, but other things have stalled or slowed, for example the implementation of the ID card regime and more widespread use of RFID tags outside of inventory systems. We’ll be assessing the state of play and making some recommendations as a result. The project this time will be led by Professor Charles Raab in Political Science at Edinburgh University, and one of the world’s leading experts on privacy regulation, and will also include Dr Kirstie Ball of the Open University Business School, Professor Clive Norris of the Centre for Criminological Research at Sheffield, Professor Steve Graham from the Global Urban Research Unit (my old place) at Newcastle University – all in the UK – as well as myself and Professor David Lyon here at the Surveillance Studies Centre at Queen’s University, in Ontario. It will be great to be back working with the whole team again, and I hope we can contribute to a more focused debate and some real changes to UK policy and practice. We shall see…

Microsoft takes Cryptome down!

John Young’s Cryptome is perhaps the world’s most informative repository of (now, not so) secret documents and whistleblower’s information. Around since 1996, and with its multiple mirror-sites and determined owner, governments have tried and failed to close it down. However now the evil monopolist and maker of appalling bloatware, Microsoft, has succeeded where states have failed by issuing copyright infringement threats against its ISP, Network Solutions. This apparently worried the company more than any government, and as seems to be the usual craven attitude in these cases, the ISP backed down. According to Wired, they have even put a block on the transfer of the domain name so John Young can’t move ISPs…

The problem was that Cryptome published a short Microsoft document, the Microsoft Online Services Global Criminal Compliance Handbook, about the storage and handling of user data held on online servers,which also offers advice on subpoena tactics, info about state backdoors and more. The odd thing is that this document is old news and openly available elsewhere on the web, including via the link above. Given Microsoft’s well-documented links to US intelligence, could this just be an excuse to take out Cryptome, which has revealed so much about the National Security Agency over the years? Or is this just Microsoft’s usual clumsy, blinkered legal blundering?

Does the expansion of surveillance make assassination harder? Not in a world of UAVs…

Following the killing of Mahmood Al-Mabhouh is Dubai, allegedly by Israeli Mossad agents, some people are starting to ask whether political assassination is being made more difficult by the proliferation of everyday surveillance. The Washington Post argues that it is, and they give three other cases, including that of Alexandr Litvinenko in London in 2006. But there’s a number of reasons to think that this is a superficial argument.

However the obvious thing about all of these is that they were successful assassinations. They were not prevented by any surveillance technologies. In the Dubai case, the much-trumpeted new international passport regime did not uncover a relatively simple set of photo-swaps – and anyone who has talked to airport security will know how slapdash most ID checks really are. Litvinenko is as dead as Georgi Markov, famously killed by the Bulgarian secret service with a poisoned-tipped umbrella in London in 1978, and we still don’t really have a clear idea of what was actually going on in the Markov case despite some high-profile charges being laid.

Another thing is that there are several kinds of assassination: the first are those that are meant to be clearly noticed, so as to send a message to the followers or group associated with the deceased. Surveillance technologies, and particularly CCTV, help such causes by providing readily viewable pictures that contribute to a media PR-campaign that is as important as the killing itself. Mossad in this case, if it was Mossad, were hiding in plain sight – they weren’t really trying to do this in total secrecy. And, let’s not forget many of the operatives who carry out these kinds of actions are considered disposable and replaceable.

The second kind are those where the killers simply don’t care one way or the other what anyone else knows or thinks (as in most of the missile attacks by Israel on the compounds of Hamas leaders within Gaza or the 2002 killing of Qaed Senyan al-Harthi by a remote-controlled USAF drone in the Yemen). The third kind are those that are not meant to be seen as a killing, but are disguised as accidents – in most of those cases, we will never know: conspiracy theories swirl around many such suspicious events, and this fog of unknowing only helps further disguise those probably quite small number of truly fake accidents and discredits their investigation. One could argue that such secret killings may be affected by widespread surveillance, but those involved in such cases are far more careful and more likely to use methods to leverage or get around conventional surveillance techniques.

Then of course, there is the fact that the techniques of assassination are becoming more high-tech and powerful too. The use of remote-control drones as in the al-Harthi case is now commonplace for the US military in Afghanistan and Pakistan, indeed the CIA chief, Leon Panetta, last year described UAVs as “the only game in town for stopping Al-Qaeda.” And now there are many more nations equipping themselves with UAVs – which, of course, can be both surveillance devices and weapons platforms. Just the other day, Israel announced the world’s largest drone – the Eltan from Heron Industries, which can apparently fly for 20 hours non-stop. India has already agreed to buy drones from the same company. And, even local police forces in many cities are now investing in micro-UAVs (MAVs): there’s plenty of potential for such devices to be weaponized – and modelled after (or disguised as) birds or animals too.

Finally, assassinations were not that common anyway, so it’s hard to see any statistically significant downward trends. If anything, if one considers many of the uses of drones and precision-targeted missile strikes on the leaders of terrorist and rebel groups as ‘assassinations’, then they may be increasing in number rather than declining, albeit more confined to those with wealth and resources…

(Thanks to Aaron Martin for pointing me to The Washington Post article)