Court rules against police precautionary surveillance

In another chapter in the current struggle over the means of visual representation, the UK Court of Appeal has made an important ruling that could affect the future of police surveillance tactics. In a case brought by anti-arms trade protestor, Andrew Wood (no relation!), the judges ruled that the Metropolitan Police should destroy photographs taken of Mr Wood at the AGM of giant dataveillance conglomerate, Reed Elsevier ( the BBC calls them a ‘publisher’ but that’s a rather archaic and inaccurate term for what Reed Elsevier does, which is to collect, analyse, organise and trade in personal and business data of all kinds).  Reed Elsevier had been involved with running arms trade exhibitions through a subsidiary at the time.

The ruling argued that the police should not take and retain pictures of people who were not suspected of any current wrongdoing, but whom the police considered might do so in the future. According to the BBC, the Met had argued that its actions “were reasonable in helping officers to detect crimes that may have occurred in the past or may do so in the future.” But that is exactly the kind of blanket risk-management-based way of thinking that allows almost any preemptive or precautionary mass surveillance to be justified, and it is quite right that the Court should have ruled that it should be controlled. It is about time that a ruling like this was made.

The one cautionary note here is that the Met will be appealing this to the House of Lords, and no doubt beyond if that fails, so watch this space…

Secure Cities

Following in the footsteps of leading urbanists like Mike Davis and Michael Sorkin, is a project led by Dr Jeremy Nemeth, an assistant professor at University of Colorado. which traces the degradation, securitization and privatization of what we used to optimistically refer to as ‘public space’. This project aims to map and quantify the space in three contemporary cities (New York, Los Angeles and San Fransisco) now restricted in the name of security. The website is online now, and their findings are summarized on the front page:

“Even before [the 9/11] terror attacks, owners and managers of high-profile public and private buildings had begun to militarize space by outfitting surrounding streets and sidewalks with rotating surveillance cameras, metal fences and concrete bollards. In emergency situations, such features may be reasonable impositions, but as threat levels fall these larger security zones fail to incorporate a diversity of uses and users.

Utilizing an innovative method developed by our interdisciplinary team, we find that over 17% of total space within our three study sites is closed entirely or severely limits public access. The ubiquity of these security zones encourages us to consider them a new land use type.”

(thanks to Dr Nemeth for the corrections to my original misattribution of his excellent project)

Contact Point goes live

The controversial new central database of all children in the UK has gone live today for the North-west of England, and will gradually be rolled out across the UK. The £224M ‘Contact Point’, one of the main planks of the ‘Every Child Matters’ initiative, will be accessible to around 390, 000 police, social workers and other relevant professionals. It is mainly being promoted as a time-saving initiative, allowing quicker and more informed intervention in the case of vulnerable children, which we all hope it does, although this of course depends on the correct information being on the database in the first place. In addition, as the Joseph Rowntree Reform Trust review, Database State, rated the system as ‘red’ for danger in terms of privacy:

“because of the privacy concerns and the legal issues with maintaining sensitive data with no effective opt-out, and because the security is inadequate (having been designed as an afterthought), and because it provides a mechanism for registering all children that complements the National Identity Register.”

CCTV: expensive and limited says Home Office study

Back in 2002, David Farrington and Brandon Welsh published a study for the UK Home Office which showed that CCTV had only small effects on crime, except in car parks. Now they are back with a study that confirms all that, plus which shows that despite the evidence, more money is spent on CCTV in Britain than on any other single form of crime prevention. So much we knew, but what is a slightly unexpected finding is that CCTV apparently works better in Britain than in other countries. This is not a plus for the UK, rather it shows that in other nations it is even worse value-for-money – and it is clearly not an efficient use of public funds here as currently used. Instead the authors recommend that CCTV should be more narrowly focussed – in other words, we don’t need mass surveillance, we need targeted surveillance At the same time however, more and more money is going into CCTV in the USA in particular, where all the same ‘silver bullet’ arguments are being made as were made in the UK in the 1990s, and have now been shown to be largely unwarranted. The government has now fallen back on populism to justify the continued expansion of CCTV: ‘people want it.’ Well, on that basis, they would bring back public flogging and hanging… it would make rather more sense if they listened to the evidence from the reports they themselves are commissioning.

The full report is available from The Campbell Collaboration library, but there’s a summary in The Guardian today.

FBI data warehouse revealed by EFF

Tenacious FoI and ‘institutional discovery’ work both in and out of the US courts by the Electronic Frontier Foundation has resulted in the FBI releasing lots of information about its enormous dataveillance program, based around the Investigative Data Warehouse (IDW). 

The clear and comprehensible report is available from EFF here, but the basic messages are that:

  •  the FBI now has a data warehouse with over a billion unique documents or seven times as many as are contained in the Library of Congress;
  • it is using content management and datamining software to connect, cross-reference and analyse data from over fifty previously separate datasets included in the warehouse. These include, by the way, both the entire US-VISIT database, the No-Fly list and other controversial post-9/11 systems.
  • The IDW will be used for both link and pattern analysis using technology connected to the Foreign Terrorist Tracking Task Force (FTTTF) prgram, in other words Knowledge Disovery in Databases (KDD) software, which will through connecting people, groups and places, will generate entirely ‘new’ data and project links forward in time as predictions.

EFF conclude that datamining is the future for the IDW. This is true, but I would also say that it was the past and is the present too. Datamining is not new for the US intelligence services, indeed many of the techniques we now call datamining were developed by the National Security Agency (NSA). There would be no point in the FBI just warehousing vast numbers of documents without techniques for analysing and connecting them. KDD may well be more recent for the FBI and this phildickian ‘pre-crime’ is most certainly the future in more ways than one…

There is a lot that interests me here (and indeed, I am currently trying to write a piece about the socio-techncial history of these massive intelligence data analysis systems), but one issue is whether this complex operation will ‘work’ or whether it will throw up so many random and worthless ‘connections’ (the ‘six-degrees of Kevin Bacon’ syndrome) that it will actually slow-down or damage actual investigations into real criminal activities. That all depends on the architecture of the system, and that is something we know little about, although there are a few hints in the EFF report…

(thanks to Rosamunde van Brakel for the link)

UK Ministry of Justice sounding old, tired and defeated

I was at a meeting organised by the Information Commissioner’s Office (ICO) today (Wednesday) in London where both Jack Straw and Michael Wills from the Ministry of Justice spoke. In the wake of the expenses revelations it was not surprising that both sounded somewhat conciliatory, but the degree of both overt and tacit admission of mistakes and changes needed was quite surprising. I had a bit of a set-to with Michael Wills on the apparent lack of knowledge amongst government ministers of the results of their own research on the (in)effectiveness of CCTV, to which he responded with the Melanie Phillips defence – i.e.: come and talk to ordinary people and they will tell you they want CCTV. This is a diversion for many reasons, not least of which is that unlike both the Daily Mail’s moral minority and the minister, I actually live in places where they only visit on official business and I also understand that what people mean when they demand CCTV is not the technology itself but a solution to the real and perceived problems of crime and anti-social behaviour that they face. They only demand CCTV because they see the programs on TV and are convinced that CCTV ‘works’ – however if you talk to senior police officers or anyone who has done research on this, they will tell you, yes, targeted mobile CCTV surveillance to deal with specific problems can be very effective (in terms of both cost and results) but mass camera surveillance is not the same thing. It is rather disappointing that a Justice Minister did not appear to understand the difference.

Jack Staw gave a weird speech. It was both full of matey bonhomie and characterised by stuttering hesitancy and vagueness. He made a number of historical errors, for example in claiming that the culture of secrecy was a product of the Cold War, when the first Official Secrets Act was a product of WW1. He also claimed that CCTV was all about ‘low-level disorder’ and ‘reassurance’, which will be news to all those (like his ministerial colleague) who still think it prevents crime. But he did rightly take some credit for Freedom of Information, including allowing parliamentary expenses to be included, even as it turned out, to his latter-day embarrassment.

Where it got very interesting was in his comments on the government’s consultation on the future of the DNA database following the damning verdict of the European Court. Contrary to Jacqui Smith, Straw indicated that he would be quite happy with the proposed 12 year retention period being reduced to 9 or even 6 years. He also claimed that there was a behind-the-scenes review of The Terrorism Act and other post-9/11 measures going on, which I don’t think many people in the room even appreciated. He admitted that the Labour government got many things wrong after 9/11 and that the environment had now also changed.

It was all very interesting, but you really got the feeling that this was a government on the way out anyway. The Tories will no doubt scrap the ID cards and register, but listening to the Shadow Justice Minister, Dominic Grieve, I got the impression that they don’t have much to offer apart from caution. That might be welcome for a while, but as a speaker from Google remarked, the debate is so far behind the reality of technological change that none of this will really matter very much unless there is a real culture shift. The ICO under the massively influential Richard Thomas, for whom this was very much a valedictory event before he steps down, has made great strides in this direction, but the government and opposition parties are still a long way away from understanding the need to establish a new basis for informational relationships between people, state and private companies that we desperately need.

Another US court says police GPS tracking does need a warrant

The complex landscape of the US judicial system has thrown up a ruling on the police use of GPS tracking devices completely at odds with the recent ruling handed down by the appeals court in Wisconsin. The New York appeals court ruled 4-3 that police GPS tracking should require a warrant. Judge Lipmann’s words on the case, quoted by the New York Times,  are particularly interesting as it appears that he wa taking a long view of potential harm in making his decision. He said:

“One need only consider what the police may learn, practically effortlessly, from planting a single device. The whole of a person’s progress through the world, into both public and private spatial spheres, can be charted and recorded over lengthy periods possibly limited only by the need to change the transmitting unit’s batteries. Disclosed in the data retrieved from the transmitting unit, nearly instantaneously with the press of a button on the highly portable receiving unit, will be trips the indisputably private nature of which takes little imagination to conjure: trips to the psychiatrist, the plastic surgeon, the abortion clinic, the AIDS treatment center, the strip club, the criminal defense attorney, the by-the-hour motel, the union meeting, the mosque, synagogue or church, the gay bar and on and on. What the technology yields and records with breathtaking quality and quantity, is a highly detailed profile, not simply of where we go, but by easy inference, of our associations — political, religious, amicable and amorous, to name only a few — and of the pattern of our professional and avocational pursuits. When multiple GPS devices are utilized, even more precisely resolved inferences about our activities are possible. And, with GPS becoming an increasingly routine feature in cars and cell phones, it will be possible to tell from the technology with ever increasing precision who we are and are not with, when we are and are not with them, and what we do and do not carry on our persons — to mention just a few of the highly feasible empirical configurations.”

This long term thinking has to be applauded. Sometimes imagination is necessary in the law, and particularly when the issue is one of socio-technical changes. The technological determinism of ‘if it exists, then it must be used’ is a way of thinking that has to be challenged. The question now for the USA is if either of these case or others will find their way to the federal courts. Until then, US citizens and police do not really know where they stand and the constitutional questions remain open.

Phorm philling

UK satirical magazine, Private Eye, this week brings the ludicrous Stop Phoul Play website to my attention. This is a corporate spin site devoted entirely to defending BT’s underhand and intrusive ‘Phorm’ online advertising technology against what it calls ‘privacy pirates’ who they claim are either being paid or pushed to damage BT.

Those listed as ‘piracy pirates’ include the excellent investigative IT journal, The Register, the Open Rights Group and the brilliant Foundation for Information Policy Research (FIPR), along with numerous bloggers and contributors to web forums. Now, it may be that some other corporations with rival technologies would like Phorm to fail, just as Microsoft probably enjoys it a great deal every time Google takes a PR hit (or vice-versa), but to suggest that everyone who make a criticism of Phorm is secretly part of some conspiracy against BT is frankly, either stupid paranoid.

And there are very good reasons for being critical of Phorm in the trojan-like manner of its operation and the way in which it has been tested without the consent of users. As Private Eye also reminds us, Phorm has landed the UK government in legal trouble with the EU. It hardly needs a conspiracy to make people justifiably annoyed.

This is one of the weirder exercises in PR I have seen, not least because its paranoia and promotion of conspiracies can only be damaging to BT. Thus it is no surprise to find that, according to the The Register, that it is the product of the fevered imagination of Patrick Robertson, whose previous clients include the lovely General Pinochet and former Tory MP and convicted liar, Jonathan Aitkin. So go take a look at Stop Phoul Play (while it still exists…) – it really is quite insane.

US court rules GPS tracking is the same as the naked eye

CNET’s ‘Technically Incorrect’ blog leads me to a rather disturbing story in the Chicago Tribune last week about a ruling from a court in Wisconsin, USA. The judges in the appeal court decided that police use of covert GPS tracking devices is equivalent to the naked eye and therefore is not covered by US constitutional prohibitions (in the 4th amendment) on search and seizure. Whilst the local representative claimed that “GPS tracking is an effective means of protecting public safety”, ACLU argued that in fact this is an unwarranted extension of surveillance powers: “the idea that you can go and attach anything you want to somebody else’s property without any court supervision, that’s wrong.”

Now the case itself involved a man suspected of stalking, itself a form of surveillance and not something anyone would want to encourage or defend, however, once again, ends do not justify the means, particularly when the implications of the use of such means are so profound. The ruling illustrates the widespread inability of judges (and lawmakers more broadly) to deal effectively the way in which new technologies change the game or perhaps the inability of constitutional protections to protect effectively in an age of vastly improved technologies of visibility.

In fact the judges in this case themselves expressed some disquiet about their ruling. I can sympathise with them – it is far from obvious how to interpret new surveillance technologies with the constition and laws available. One would think, after the wiretapping cases of the 60s and 70s in the USA, that this lesson might have been learned, but it seems courts will continue to take terms like ‘inside’ and ‘outside’ literally – as perhaps they must. But surely if a device is attached to the ‘outside’ of a car or a house, or indeed is not attached at all and is remote, it does not automatically follow that the information that the device collects is not intimate and personal, and indeed not the same as what could only have been obtained in previous decades by direct human intrusion? For example, a device that can effectively ‘see through walls’ is not the same as the naked eye – it is the equivalent of a police officer being inside the house.  Whether this applies to a GPS tracker on a car (whether it is really any more or less than an officer sitting outside the house, or following the vehicle) is a moot point – there will be more and more of these cases, as police test the technological limits of the law, and it seems that most countries, not just the USA, still lack the professional (as opposed to the academic) legal thinking to deal with them.

USA, EU and UK all investing in advanced biometrics

News from various sources has revealed that the United State, the European Union and the United Kingdom are all preparing to invest further large sums in advanced biometrics and surveillance research.

According to an anonymous message to Slashdot, in the USA, Department of Justice requisitions for the coming year show “$233.9 million in funding for an ‘Advanced Electronic Surveillance’ project, and $97.6 million to establish the ‘Biometric Technology Center.'”  The former is largely to deal with the problems of intercepting Voice-over-Internet Protocol (VoIP) communications – like Skype. The latter is what Slashdot  calls a “vast database of personal data including fingerprints, iris scans and DNA which the FBI calls the Next Generation Identification” for the FBI. In other words, the architecture of the proposed ‘Server in the Sky’ system, which The Guardian revealed last year – for some notes on this and other systems under development, see here.

Meanwhile Owen Bowcott in The Guardian today has a story which puts together various bits and pieces from the EU’s FP7 Security theme research budget and UK security investment. In the UK, there is to be £15 million spent on updating UK biometric security for embassies, and more interestingly other unspecified ‘surveillance’ purposes, and in addition, rolling out of facial recognition systems to more UK airports. As we know, the controlled environments of airports where people are required to look at cameras, are one of the few place where this technology works properly.

This provides a rather tenuous link to the headline of the Guardian story which is an EU-funded study into brain-scanning (yet again) called Humabio (Human Monitoring and Authentication using Biodynamic Indicators and Behaviourial Analysis). There are lots of these about, and one of them may work sooner or later, but it is worth pointing out that people have been putting out ‘we will soon have brain scanning’ stories since the 1980s and like, nuclear fusion, it always seems to be 5 or 10 years in the future. Brain-scanning seems to be the technology of the future… always has been, always will be?