The important thing about RFID chips is not that they are the ´Mark of the Beast´ or any other such nonsense but that they are an appalling security risk
A story that has been circulating around the place over the last 48 hours, but which was originally in The Register on February 2nd, was the latest from Chris Paget´s valiant attempts to show that using RFID chips is just about the worst way to safeguard confidential information. This time he drove around San Francisco with a simple antenna and managed to read the unique number (which can be used to gain access to information on the US Department of Homeland Security database) from passports up to 30 feet (around 13m away), but he claims that with more powerful equipment, chips could be read from more than a mile (1.6km) away. There is also a very informative video on the site.
The important thing about RFID chips is not that they are the ´Mark of the Beast´ or any other such nonsense but that they are an appalling security risk…
the case of the serial killer, Kang Ho-Soon, looks like it will be the signal for a surveillance surge in South Korea
Martin Innes described how certain ´signal crimes´ can trigger major cultural shifts, changes in policy or in many cases what, a few years ago, I called a ´surveillance surge´. In the UK, the case of James Bulger was one such incident that continues to resonate in all sorts of ways, but in particular has been held to be a major factor in the nationwide expansion of CCTV. 9/11 can be seen as another for the expansion of surveillance in the USA. Now the case of the serial killer, Kang Ho-Soon, looks like it will be the signal for a surveillance surge in South Korea.
Kang, described as a classic psychopath, killed seven women in Gyeonggi province between late 2006 and 2008. He met the women through personal ads and by offering them lifts home as they were waiting at bus stops at night, and then raped and killed them before disposing of the bodies in remote locations. His capture was at least partly down to CCTV images of his car near the sites of the murders.
According to Kim Rahn´s story in the Korean Times, South Korea seems to in the grip of frenzy of fear of strangers, with massive increases in applications to companies offering mobile phone location and tracking services, all schools in Seoul installing CCTV apparently to prevent violence and kidnappings, and in Gyeonggi province, 1,724 surveillance cameras, many with high resolution night vision will be installed. The murders have also sparked new debates about the use of the death penalty in the country.
But, and there is always a ´but´, one interesting fact in the story is that the bus stops where Kang met his victims were unlit. Street lighting is now apparently also to be added. Now it is one of the truisms of studies of CCTV that improved street lighting is a far better deterrent of opportunist crime than cameras – not that you are ever going to deter a true psychopath. Neither street lighting nor all the CCTV cameras in the world will do that.
More broadly however, I wonder whether South Korea is going through a similar breakdown of the feeling of social assurance that Japan is experiencing. At the risk of sounding like George W. Bush, I know Japan is not South Korea and South Korea is not Japan, but both societies traditionally had highly structured, ordered cultures which have been rapidly transformed in the face of industrialisation and globalisation. From my own research in Japan, it seems that the move towards increasing surveillance is strongly connected to this transformation. However at the same time, increasing surveillance is also encouraging the further decline of trust and a move toward a society of strangers. This can be seen as part of what David Lyon is starting to call the ´surveillance spiral´, a self-reinforcing movement in which more surveillance is always the answer to the problems that can at least partly be traced to living in a surveillance society.
One of the purposes of my project here is to differentiate what is the product of globalising forces (or indeed generator of such forces), and what is more specific and particular to each of the countries and cities that I am examining. If you skim Mike Davis and Daniel Bertrand Monk´s 2007 collection, Evil Paradises, you can certainly come away with the overall impression that everything bad in the world is down to neoliberal capitalism. But actually, many of the contributors to that book, particularly Tim Mitchell on the reasons why the state and private capital are so entangled in Egypt and Mike Davis himself on Dubai, are quite careful about describing the particular historical roots and contemporary developments that have led to the situations they observe. I am trying to do the same.
As I wrote last week, the private security industry here in Brazil is obvious and ubiquitous. It is easy to see this simply as part of a trend towards privatisation, and the growth of personal, community and class-based responses to risk and fear that is pretty much the same, or is at least in evidence, all over the world. However, there are several factors here that point internally and backwards in time. The first was made clear to me reading James Holston´s superb 2008 book Insurgent Citizenship, which is both an excellent ethnographic study of contemporary conflicts over housing and land in Saõ Paulo and an illuminating historical account of the roots of such conflicts in the development of citizenship, property rights and order in Brazil from its foundation.
Brazilian National Guard troops in the C19th
Holston makes a comparison between the foundation of Brazil and the other, and in many ways superficially similar, federal state in the Americas, the USA. He argues that whilst the USA consolidated itself within a smaller territory before expanding west, Brazil arrived as a massive fully-formed state. In consequence, the USA developed a form of governance that expanded with the territory, and this included centrally-determined land surveying and an emphasis on small townships to control territory and organise development. Brazil on the other hand, being basically divided between highly administered colonial towns and practically no administration at all elsewhere, had ´an incapacity to consolidate itself´ (65). The state therefore depended on large landowners, and in particular after the creation of the National Guard (1831), which was delegated to these property owners, these landowners also acquired a military-police power. Effectively, this conflation of private interest and the law, or coronelismo, was built into the governing structure and culture of Brazil.
One of the thousands of private security firms...
It is a masterly analysis but Holston´s one slight error, I think, is to call this ´a nationwide privatisation of the public´ (66). It is hard to argue this when the public had never really yet existed in anything like the idealised sense in which it is used by political scientists – in other words the nature of the ´public´ in Brazil was always pre-defined by the private, and by the power of the private, rather than the other way around. In other words, what has happened since, off and on, has been a struggle by the more democratic and progressive interests in Brazil to bring the private into the public. You can see this right up to the present day with the struggles by the state to prohibit and eradicate the so-called Autodefesas Comunitárias, the authoritarian paramilitary groups that have emerged in Rio and other cities in recent years. The struggle is essentially one of creating the ´public´.
Members of the elite Brazilian National Public Security Force in training, 2007 (EPA/Antônio Lacerda)
The ADC issue highlights another historical reason for the dependence on and trust in, private security in Brazil. The reason is simply that the law is not trusted. Judges and courts have long been perceived as essentially tools of privilege and the official police in their various forms are not trusted by many people of all social classes. The former, as with coronelismo, goes way back into the post-colonial period, but the latter is also a particular legacy of the dictatorships (which can also be seen as the ultimate private control of the public), the last of which only ended in 1985. This leaves Lula´s government, the first that can really claim to be at all progressive, with several major problems: making an untrusted police more trustworthy whilst at the same time increasing their effectiveness and equipment; regulating the thousands of private security firms and, if possible, reducing the dependence of property-owning Brazilians upon them; and finally, and most importantly, dealing with the massive underlying inequalities, that are also a product of what Holston calls the the inclusive but inegalitarian nature of Brazil´s constitution and subsequent socio-economic development. The latter subject is outside the scope of my project, but I will be continuing to delve into the differentiations and intersections between segurança pública and segurança privada whilst I am here.
I can’t say I am remotely surprised, but in the journal, Homeland Security Affairs, Marcus Holmes has written a comprehensive demolition of the claim that the US federal government’s No-Fly List is an efficient security policy. He isn’t concerned with civil liberties – ACLU has done that elsewhere – nor with effectiveness – Bruce Schneier nailed that one a while back. He simply demonstrates, using elementary Cost-Benefit Analysis that the policy is a big fat waste of money. The article isn’t complicated to understand, so the best thing I can suggest is that you just go read it… (and thanks to Bruce Schneier and Boingboing.net for posting on this one).
the primary limitation to any social networking tool being used for purposes that users don´t like is that the users can just walk
There´s been some discussion recently over surveillance on Facebook and in particular, the question of whether Facebook is planning to make the vast amounts of data it has for more targeted and intrusive marketing. Britain´s Daily Telegraph reported yesterday, based on an interview with Randi Zuckerberg, Facebook’s global markets director (and not coincidentally, sister of founder Mark Zuckerberg), that it was going to do this. It based its conclusion on the fact that Facebook was demonstrating new instant polling tools at the Davos World Economic Forum, Facebook´s development of so-called User Engagement Advertising, and the fact that unnamed ´marketing experts´ say that Facebook could be ´worth millions´to advertisers.
But, it turns out this is putting 2+2 together to make 5. Techcrunch was one of many tech blogs that questioned the Daily Telgraph´s story. They asked Facebook what was going on and were told that the WEF polls were nothing to do with Engagement Ads (which have been on Facebook for a while already) and that ´Facebook has, for many years, allowed the targeting of advertising in a non-personally identifiable way, based on profile attributes. Nothing has changed in our approach, and Facebook is committed, as always, to connecting users in a trusted environment.´
Now I don´t trust The Daily Telegraph, which has been declining in quality over the last few years and cutting experienced journalists in favour of using agency stories rewritten by trainees. But equally I don´t trust Facebook (or for that matter, any company run by rich kids whose only experience of the world is college, but that´s another story…). It is easy to imagine that they encourage such stories to test the waters. If the reaction was less worried, they might indeed decide to reveal themselves as a massive marketing scam, but the primary limitation to any social networking tool being used for purposes that users don´t like is that the users can just walk. Facebook appeared from nowhere to become a global player within a few years and it could disappear just as quickly when the next big thing arrives. The rise and fall of net-based companies is only going to get faster.
(Thanks to Sami Coll and Jason Nolan for bringing this to my attention)
CCTV cameras are seen as the answer to anything and everything. It’s not much more than a form of magical thinking.
Two contrasting CCTV stories today.
On the one hand, we have a seemingly typical story of civic authorities wanting to install cameras, right down to the lazy, cliched, headline: ‘Smile, you’re on surveillance camera’ – how many times have we seen variations on that one? The cameras are proposed to arrest a decline in custom at a busy city market except… that the city is Jerusalem, and the market is the Mahane Yehuda market, a favoured target for suicide bombers. Now, I am not entirely sure how cameras will stop a determined suicide bomber, who by definition isn’t really that bothered about being seen committing a crime, but this is just an extreme case of underlying causes being missed. There are the usual civil rights concerns raised, and the effectiveness of cameras questioned. But suicide bombing isn’t just some unavoidable fact of life, it’s directly related to the ongoing repression by Israel of the Palestinian territories… a clear case of sticking plaster for a mortal wound if ever I saw one.
Here as in many cases, CCTV cameras are seen as the answer to anything and everything. It’s not much more than a form of magical thinking.
On the other hand, we see the town of Cambridge, Massachusetts, voting against allowing Homeland Security cameras to be used. It’s another extreme case of course. You could hardy find a more comfortable and safe middle-class town with a higher concentration of liberal intellectuals – they even had a former head of ACLU speaking at the meeting. It must be positively terrifying to be a city councilor in the face of informed opposition like that. Of course the story is replete with all kinds of ironies, not least the city representative who argues that the city voted against it only because there hasn’t been enough public participation!
However, as the article also notes, the cameras are already installed, they just aren’t switched on. Perhaps, like this snowbound camera photographed yesterday in London, their ‘magic’ will work anyway and everyone will be happy…
They can see through snow, you know. London CCTV camera (by Almost Witty on boingboing.net)
One of the items reported on in Privacy International´s assessment of privacy in Brazil was that ¨in November 2006, the Brazilian National Road Traffic Council approved a Resolution adopting a Radio Frequency Identification (RFID) tags in all licensed vehicles across the country.¨ The Conselho Nacional de Trânsito (CONTRAN) is part of the Departemento Nacional de Trânsito (DENATRAN), itself part of the massive new Ministério das Cidades (Ministry of Cities), the product of Lula´s major ministerial reforms designed to shift emphasis and power away from the large rural landowners to the growing numbers of increasingly populous cities.
The new scheme is called the Sistema Nacional de Identificação Automática de Veículos (SINIAV, or National System for the Automatic Identification of Vehicles). Basically it will put an RFID-tag in every vehicle license plate, in a gradual process. Much like the new ID scheme for people, SINIAV is based on a unique number. In Annex II, Paragraph 3, the resolution provides a breakdown of exactly what will be contained in the tiny 1024-bit chip as follows. The unique serial number (64), and a manufacturer´s code (32), will be programmed in at the factory, leaving a total of 928 programmable bits. The programmable area contains two main sections. The first contains all the personal and vehicular information: place of registration (32), registration number of seller (32) application ate (16), license plate number (88), chassis number (128), vehicle tax number (RENAVAM) (36), vehicle make and model code (16) and finally 164 bits for ´governmental applications´. The remaining 384 bits are split into 6 blocks for unamed ´private initiatives.´
SINIAV system diagram (DENATRAN)
Privacy International note that there is no more than a mention of conformity to constitutional rules on privacy (of which more later). However there is much more that is of concern here. The resolution claims that the data will be encrypted between plate and reader, but the technical specifications are not given to any level of detail (*though there is more information from the Interministerial Working Group on SINIAV, which I haven´t examined in any detail yet). We all know already how easy it is to clone RFID chips. This scheme is supposed to be about security for drivers, but it could easily result in the same kind of identity fraud and consequent necessity of disproving the assumption of guilt created by automated detection systems for car-drivers as for credit cardholders. Could you always prove that it wasn´t your car which was the gettaway vehicle in a robbery in Saõ Paulo, or you driving it, when your actual car was in a car park in Curitiba? Widespread cloning of chips would also render the whole system valueless to government.
RFID chip
Then there is the question of function creep. The chip has spare capacity, and assigned space for unamed functions, state and private. Brazil already has a system of state toll roads (pay-for-use highways), and these chips could certainly be used as part of an automated charging system. That might be very convenient. However what other functions could be thought up, and how might safeguards be built in? As I have already noted, Brazil has no body for protecting privacy or data/information rights so it would be very easy for new more intrusive functionality to be added.
Combining the problems of a movement towards automated fines or changes, and criminality, another major issue would be the one recently revealed in Italy, where a automated red-light camera system was found to have been fixed in order to generate income from fines for corrupt police and a multitude of others.
The final question of course is whether this will all happen as planned or at all. The system would supposedly be complete by 2011. I know of a trial scheme in Saõ Paulo, but on a quick (and very unscientific) straw poll of people who I encountered today at the university here in Curitiba, there is to be no-one who has an RFID license plate or knows someone who does, and there is practically zero awareness even amongst educated professionals. Like the National ID-card scheme, people just don´t think it will go to plan or timetable. That may however, just reflect a (middle-class) Brazilian view of the abilities of the state.
Still, as the Frost and Sullivan market assessment states, all of this turns Brazil into a ‘highly attractive market for RFID suppliers’ which was probably the main motivation and will be the only real outcome.
There will be a very interesting -looking conference in Amsterdam, 11-12 June, called Datawars: Fighting Terrorism through Data. According to the call for papers, the workshop will be held at the University of Amsterdam in June and will explore the ethical and political implications of the new data-led approach to security, risk and fighting terrorism in Europe. Suggested topics include:
Privacy, security and human rights
Ethics, responsibility and justice in European data wars
Risk, prevention, preemption
Data and surveillance
Private authorities, states and the European Union
Constituting Europe through data
It´s part of a project run by a couple of excellent researchers, Louise Amoore and Marieke de Goede, of the Universities of Durham and Amsterdam respectively (who probably don´t remember but I worked in an tiny attic office opposite them in the Politics Dept at Newcastle for a few months just after my PhD!). I might go as I have been doing some work on attempts to create global databases, called ´From Echelon to Server in the Sky´, but the timing might be awkward (unfortunately I can´t reveal why yet…).
This time they are talking to Dan Trottier and Val Steeves about the way that social networking technologies, and in particular Facebook, track individuals and groups.
ubisurv 