German Constitutional Court shoots down new ‘Lawful Access’ Provisions

Germany’s Constitutional Court is one of the few such national institutions that has been brave enough to interpret the right to privacy as actually meaning something that might outweight the state’s desire to know. According to the BBC, in a really strong decision, it has just ruled that a 2008 law, requiring all telecommunications traffic data to be stored for 6 months, violated privacy rights of citizens and should be struck out. Germany had already threatened to veto the European Union’s Telecommunications Directive 2006/24/EC (which came into force last year), a move which prompted the Council of Minister to take the unethical and devious step of redefining the Directive as belonging to the ‘commercial’ field (which requires only majority vote) as opposed to being a matter of ‘security’ (in which there has to be unanimity). We will now see what is the reaction of the German government to their own law being declared unconstitutional, and indeed, what international reverberations this have – the USA will certainly not like this.

(Thanks to ‘Unkraut’ for the pointer)

Closing the Internet

A lot of my current thinking is based around the dynamic of opening / closing. I’ve been considering the way in which elements of state power, and in particular the military and intelligence agencies, regard openness per se as a threat. Now, Wired’s Threat Level blog (just about my favourite reading right now), has an excellent take on the response to what has been termed (in a deliberately mixed-up phrase) the ‘open-source insurgency’. This  is the way in which the ex-head of US intelligence, now working for ‘contractor’*, Booz Allen Hamilton, Michael McConnell. is promoting the re-engineering of the Internet. This is necessary, it is argued, because the current openness of the Net means that terrorists and criminals can flourish. This re-engineering would make attribution, geo-location, intelligence analysis and impact assessment — who did it, from where, why and what was the result — more manageable”. In other words to close the Internet. remove everything that is innovative and democratic about it, and make it easier for agencies like the NSA to monitor it.

Along with a whole raft of measures like extending ‘lawful access’ regimes, introducing corporate-biased copyright and anti-peer-2-peer legislation, censorship and Net filtering, this is an attack on what the Internet has become and to turn it into something simply for consumption – something, in other words, more like television. But there is another layer here too – the US military, I suspect, still has a nostalgic longing for when the Internet was its private domain. It’s a long way from its origins, and now perhaps the military want it back. But it isn’t theirs anymore, it’s ours and we need to fight for it.

* or, more accurately, arm’s length consulting agency of the US state.

Fortress Toronto for G20 summit

There is an interesting article yesterday in the Toronto Star that does a good job of describing what will happen when the G20 arrives in town in June this year.

Of course, it will be accompanied by all the security and surveillance that these days comes as part and parcel of these ‘mega-events‘ (see also: here and here) whether they be sporting, economic or political – with the added hyper-security around world leaders. Rather like the peripatetic monarch’s court that used to be a feature of high mediaeval European societies, the travelling circus of global governance brings with it, its own security norms, creating locked-down ‘islands’ within cities, temporarily removing the rights and liberties of residents, and moving out and on those people seen to be ‘out-of place’ (the homeless, street vendors, protestors and so on). In many cases, ordinary people are suddenly potential troublemakers, and residents are harassed in advance by intelligence services who check profiles, backgrounds, political affiliations and so on. Business within the zone are usually negatively affected – even if the case is made, as it normally is, that there will be some nebulous ‘economic benefit’, which (oh, so conveniently) happens to cover the costs of security. The events are often also ‘test-beds’ for new technologies of surveillance and security – last year at the Pittsburgh G20 summit, we saw the use of sonic weapons on protestors for example.

Why do cities put up with this? Well, it’s all about inter-urban competition. For urban authorities these mega-events reinforce the global status of the city, or allow it to climb the ever-incrasing numbers of rankings of ‘world cities’ of ‘global cities’.  Toronto, like so many other cities in the second or third rank of global cities, is obsessed with appearing to be world class, and the local government will put up with almost any kind of inconvenience to its citizens that is seen to benefit the city’s global status.

I’ll be keeping an eye on developments, but if I was a Toronto resident, and if I could, I’d just leave town for a couple of weeks before and during the event…

SSN to do new Surveillance Society report for ICO

The same team that did the influential Report on the Surveillance Society for the UK Information Commissioner’s Office (ICO) back in 2006 will be doing a follow-up report on the state of surveillance in the UK for the ICO and the national Parliament this year. Many of the things discussed in that report, which I coordinated, have been accelerating and intensifying, most obviously things like airport body-scanning and the use of drone surveillance cameras, but other things have stalled or slowed, for example the implementation of the ID card regime and more widespread use of RFID tags outside of inventory systems. We’ll be assessing the state of play and making some recommendations as a result. The project this time will be led by Professor Charles Raab in Political Science at Edinburgh University, and one of the world’s leading experts on privacy regulation, and will also include Dr Kirstie Ball of the Open University Business School, Professor Clive Norris of the Centre for Criminological Research at Sheffield, Professor Steve Graham from the Global Urban Research Unit (my old place) at Newcastle University – all in the UK – as well as myself and Professor David Lyon here at the Surveillance Studies Centre at Queen’s University, in Ontario. It will be great to be back working with the whole team again, and I hope we can contribute to a more focused debate and some real changes to UK policy and practice. We shall see…

Microsoft takes Cryptome down!

John Young’s Cryptome is perhaps the world’s most informative repository of (now, not so) secret documents and whistleblower’s information. Around since 1996, and with its multiple mirror-sites and determined owner, governments have tried and failed to close it down. However now the evil monopolist and maker of appalling bloatware, Microsoft, has succeeded where states have failed by issuing copyright infringement threats against its ISP, Network Solutions. This apparently worried the company more than any government, and as seems to be the usual craven attitude in these cases, the ISP backed down. According to Wired, they have even put a block on the transfer of the domain name so John Young can’t move ISPs…

The problem was that Cryptome published a short Microsoft document, the Microsoft Online Services Global Criminal Compliance Handbook, about the storage and handling of user data held on online servers,which also offers advice on subpoena tactics, info about state backdoors and more. The odd thing is that this document is old news and openly available elsewhere on the web, including via the link above. Given Microsoft’s well-documented links to US intelligence, could this just be an excuse to take out Cryptome, which has revealed so much about the National Security Agency over the years? Or is this just Microsoft’s usual clumsy, blinkered legal blundering?

Do we need to be concerned about a new iPhone face-recognition app?

The Huffington Post has got itself in a twist about a new iPhone face-recognition app, Recognizr, that it claims will enable someone to take a person’s picture and instantly give them access to all their social networking details. Except that isn’t quite the case. As one (largely ignored) commenter points out, it’s not quite as the HP portrays it. It isn’t an open system – the original story (linked in the HP one) says that you have to opt in to the system, and upload your photo, and other social networking sites you want to be linked, into the developer’s own database. So only those who have decided they want to be part of this system can be recognised and linked. It’s only a rather small step from existing methods of social networking, and perhaps considered as the face recognition equivalent of giving out a business card. There’s the potential there for all kinds of development from this though, I would agree, but this isn’t (yet) a stalker’s or a marketer’s dream.

You can find the Swedish developer, The Astonishing Tribe (err, TAT!), here, and the source story, which is just slightly more circumspect, from Popular Science, here.

(Thanks to David Lyon for the link to the HP story).

Does the expansion of surveillance make assassination harder? Not in a world of UAVs…

Following the killing of Mahmood Al-Mabhouh is Dubai, allegedly by Israeli Mossad agents, some people are starting to ask whether political assassination is being made more difficult by the proliferation of everyday surveillance. The Washington Post argues that it is, and they give three other cases, including that of Alexandr Litvinenko in London in 2006. But there’s a number of reasons to think that this is a superficial argument.

However the obvious thing about all of these is that they were successful assassinations. They were not prevented by any surveillance technologies. In the Dubai case, the much-trumpeted new international passport regime did not uncover a relatively simple set  of photo-swaps – and anyone who has talked to airport security will know how slapdash most ID checks really are. Litvinenko is as dead as Georgi Markov, famously killed by the Bulgarian secret service with a poisoned-tipped umbrella in London in 1978, and we still don’t really have a clear idea of what was actually going on in the Markov case despite some high-profile charges being laid.

Another thing is that there are several kinds of assassination: the first are those that are meant to be clearly noticed, so as to send a message to the followers or group associated with the deceased. Surveillance technologies, and particularly CCTV,  help such causes by providing readily viewable pictures that contribute to a media PR-campaign that is as important as the killing itself. Mossad in this case, if it was Mossad, were hiding in plain sight – they weren’t really trying to do this in total secrecy. And, let’s not forget many of the operatives who carry out these kinds of actions are considered disposable and replaceable.

The second kind are those where the killers simply don’t care one way or the other what anyone else knows or thinks (as in most of the missile attacks by Israel on the compounds of Hamas leaders within Gaza or the 2002 killing of Qaed Senyan al-Harthi by a remote-controlled USAF drone in the Yemen). The third kind are those that are not meant to be seen as a killing, but are disguised as accidents – in most of those cases, we will never know: conspiracy theories swirl around many such suspicious events, and this fog of unknowing only helps further disguise those probably quite small number of truly fake accidents and discredits their investigation. One could argue that such secret killings may be affected by widespread surveillance, but those involved in such cases are far more careful and more likely to use methods to leverage or get around conventional surveillance techniques.

Then of course, there is the fact that the techniques of assassination are becoming more high-tech and powerful too. The use of remote-control drones as in the al-Harthi case is now commonplace for the US military in Afghanistan and Pakistan, indeed the CIA chief, Leon Panetta, last year described UAVs as “the only game in town for stopping Al-Qaeda.” And now there are many more nations equipping themselves with UAVs – which, of course, can be both surveillance devices and weapons platforms. Just the other day, Israel announced the world’s largest drone – the Eltan from Heron Industries, which can apparently fly for 20 hours non-stop. India has already agreed to buy drones from the same company. And, even local police forces in many cities are now investing in micro-UAVs (MAVs): there’s plenty of potential for such devices to be weaponized – and modelled after (or disguised as) birds or animals too.

Finally, assassinations were not that common anyway, so it’s hard to see any statistically significant downward trends. If anything, if one considers many of the uses of drones and precision-targeted missile strikes on the leaders of terrorist and rebel groups as ‘assassinations’, then they may be increasing in number rather than declining, albeit more confined to those with wealth and resources…

(Thanks to Aaron Martin for pointing me to The Washington Post article)

Arrests for taking pictures continue in the UK

Despite repeated government and police assurances that it would not be happening any more, ordinary people are still being arrested for taking pictures in the UK, under the pernicious terms of Section 44 of the Terrorism Act, and not just in London. This time, a photographer video camera user managed to film the process of his arrest. There particularly ridiculous aspects of this case are firstly that the officer, when challenged on his assertion that this was a terrorism-related offence, changed her charge to that of anti-social behaviour (which isn’t a crime as such, anyway), and secondly that the first officer was not even a proper police officer, but a Police Community Support Officer (PCSO) AKA ‘plastic police’. PCSOs do not have the training or powers of the regular police but they are increasingly acting as if they do, and since they look almost identical to the untrained eye, they frequently get away with it. They shouldn’t: PCSOs need to be more clearly trained as to the legal and moral limitations of their role.

The second time he was stopped, it was by a police officer who had been informed by the PCSO, however the police officer too was unable to give reasons as to why they wanted the details of the photographer. They seemed to think that just because the officer was suspicious that was enough, whereas in law they must have a ‘reasonable’ suspicion. There were no such grounds. The officer refused to give reasonable grounds other than the fact they were taking pictures and refused to say whether they were being arrested. So they left, but they were later arrested by another officer for ‘anti-social behaviour’ (which is not a crime, and certainly taking pictures is not inherently ‘anti-social’ – or if it was, then the state’s CCTV systems would be equally ‘anti-social’). This seemed to have nothing more than a matter of the officers being annoyed by the fact that they challenged the officers. The police need to remember that they serve the public and are not there to tell the public what to do when they are doing nothing unlawful.

US school spies on kids at school… and at home

There’s a really disturbing story on Boingboing concerning a US school in a wealthy suburb that issued laptops to students whose webcams could be covertly switched on by school administrators, wherever the kids were. As if this wasn’t bad enough, the school saw nothing wrong in using these cameras to spy on kids at home, and even issuing a disciplinary notice to one child who was apparently deemed to be guilty of ‘improper behaviour.’ Not surprisingly the school is now subject to a class action lawsuit.

School surveillance is a particularly under-studied issue, although recently, there has been the excellent new book edited by Torin Monahan and there will be a double issue of Surveillance & Society on surveillance and children coming out in March / April. It seems that because children either do not have adult rights (or their rights are not seen as important in the same way), states, school authorities and individual Heads and Administrators have all taken the opportunity to experiment with ever more  intrusive surveillance measures. Many of these were once justified with reference to concerns over truancy and attendance, or security and violence (the metal detectors in many urban US high schools, for example), and then there was health (used to justify the automated monitoring of what kids ate at meal times). But increasingly more petty and market-based issues have emerged: corporate data-collection and compliance with minor rules and regulations. All seemingly without any regard for the developing sense of autonomy, privacy or sociality of children.

Of course, the increasing use of surveillance in schools also serves an educative function in a surveillance society: essentially it indoctrinates children as to what is the ‘new normal’, what should be their expectations of privacy (and other rights) in a world increasingly organised on the principles of surveillance. However it’s good to see the lawsuit in this case and that some things still have the power to raise people from their apathy. But this is a school in a wealthy area with educated parents who understand and have access to the law – what would be the outcome in a school in a marginalized area?

European Parliament blocks EU-US data-sharing agreement

In a rare burst of sanity and concern for the rights of EU citizens, the European Parliament has exercised one of its very limited range of powers and blocked an agreement to continue the ability of the US government to access the Swift international bank transfer system. The parliament argued that the agreement, the descendent of a secret arrangement discovered in 2006, which came about in the aftermath of 9/11, paid insufficient attention to privacy. They are right. It doesn’t pay any attention to the safeguarding of citizens’ information rights, it merely confirms the terms of the undemocratic original agreement, one of a surge of such arrangements that were rushed through in the wake of the attacks when no-one was likely to pay much attention to things like human rights. Now, however, in an slightly less charged atmosphere, the Parliament has been able to demand that such rights should be respected in any transparent and accountable agreement. No-one is arguing that data should not be shared where there is a case for it to be shared, but this should not be at the expense of the rights and freedoms of which we are supposedly exemplars.