New UK government to go ahead with old government plan on data retention

One of the many promises made by the new Conservative-Liberal Democrat coalition government was that it would “end the storage of internet and e-mail records without good reason.” The obvious flaw in this promise is that all the protection provided was only good so long as the government was unable to invent a ‘good reason.’

Now it appears according to The Guardian newspaper, that such a ‘good reason’ has been defined in the Strategic Defence and Security Review, to keep all web site visits, e-mail and phone calls made in the UK. And it is an old reason: basically, everything should be kept in case the police or intelligence services might find it useful in the prevention of a ‘terror-related crime’. Note: not actually terrorism, but terror-related, which is rather more vague and not so clearly defined in law, even given that ‘terrorism’ is already very broadly defined in the relevant laws.

This is pretty much exactly what the last Labour government were planning to do anyway with the proposed Communications Bill. Oh, and dont’t forget that the cost of this has been estimated at around 2Bn GBP ($3.5Bn) in a country that just announced ‘unavoidable’ welfare cuts of 7Bn GBP… that’s the reality of the ‘age of austerity’ for you’. It shows what David Gill argued in his book Policing Politics (1994) that the intelligence service constitute a ‘secret state’ that persists beyond the superficial front of the government of the day.

Cyber-Surveillance in Everyday Life: Call for Participation

Call For Participation: Cyber-Surveillance in Everyday Life

Digitally mediated surveillance (DMS) is an increasingly prevalent, but still largely invisible, aspect of daily life. As we work, play and negotiate public and private spaces, on-line and off, we produce a growing stream of personal digital data of interest to unseen others. CCTV cameras hosted by private and public actors survey and record our movements in public space, as well as in the workplace. Corporate interests track our behaviour as we navigate both social and transactional cyberspaces, data mining our digital doubles and packaging users as commodities for sale to the highest bidder. Governments continue to collect personal information on-line with unclear guidelines for retention and use, while law enforcement increasingly use internet technology to monitor not only criminals but activists and political dissidents as well, with worrisome implications for democracy.

This international workshop brings together researchers, advocates, activists and artists working on the many aspects of cyber-surveillance, particularly as it pervades and mediates social life. This workshop will appeal to those interested in the surveillance aspects of topics such as the following, especially as they raise broader themes and issues that characterize the cyber-surveillance terrain more widely:

  • social networking (practices & platforms)
  • search engines
  • behavioural advertising/targeted marketing
  • monitoring and analysis techniques (facial recognition, RFID, video analytics, data mining)
  • Internet surveillance (deep packet inspection, backbone intercepts)
  • resistance (actors, practices, technologies)

A central concern is to better understand DMS practices, making them more publicly visible and democratically accountable. To do so, we must comprehend what constitutes DMS, delineating parameters for research and analysis. We must further explore the way citizens and consumers experience, engage with and respond to digitally mediated surveillance. Finally, we must develop alliances, responses and counterstrategies to deal with the ongoing creep of digitally mediated surveillance in everyday life.

The workshop adopts a novel structure, mainly comprising a series of themed panels organized to address compelling questions arising around digitally mediated surveillance that cut across the topics listed above. Some illustrative examples:

  1. We regularly hear about ‘cyber-surveillance’, ‘cyber-security’, and ‘cyber-threats’. What constitutes cyber-surveillance, and what are the empirical and theoretical difficulties in establishing a practical understanding of cyber-surveillance? Is the enterprise of developing a definition useful, or condemned to analytic confusion?
  2. What are the motives and strategies of key DMS actors (e.g. surveillance equipment/systems/ strategy/”solutions” providers; police/law enforcement/security agencies; data aggregation brokers; digital infrastructure providers); oversight/regulatory/data protection agencies; civil society organizations, and user/citizens?
  3. What are the relationships among key DMS actors (e.g. between social networking site providers)? Between marketers (e.g. Facebook and DoubleClick)? Between digital infrastructure providers and law enforcement (e.g. lawful access)?
  4. What business models are enterprises pursuing that promote DMS in a variety of areas, including social networking, location tracking, ID’d transactions etc. What can we expect of DMS in the coming years? What new risks and opportunities are likely?
  5. What do people know about the DMS practices and risks they are exposed to in everyday life? What are people’s attitudes to these practices and risks?
  6. What are the politics of DMS; who is active? What are their primary interests, what are the possible lines of contention and prospective alliances? What are the promising intervention points and alliances that can promote a more democratically accountable surveillance?
  7. What is the relationship between DMS and privacy? Are privacy policies legitimating DMS? Is a re-evaluation of traditional information privacy principles required in light of new and emergent online practices, such as social networking and others?
  8. Do deep packet inspection and other surveillance techniques and practices of internet service providers (ISP) threaten personal privacy?
  9. How do new technical configurations promote surveillance and challenge privacy? For example, do cloud computing applications pose a greater threat to personal privacy than the client/server model? How do mobile devices and geo-location promote surveillance of individuals?
  10. How do the multiple jurisdictions of internet data storage and exchange affect the application of national/international data protection laws?
  11. What is the role of advocacy/activist movements in challenging cyber-surveillance?

In conjunction with the workshop there will be a combination of public events on the theme of cyber-surveillance in everyday life:

  • poster session, for presenting and discussing provocative ideas and works in progress
  • public lecture or debate
  • art exhibition/installation(s)

We invite 500 word abstracts of research papers, position statements, short presentations, works in progress, posters, demonstrations, installations. Each abstract should:

  • address explicitly one or more “burning questions” related to digitally-mediated surveillance in everyday life, such as those mentioned above.
  • indicate the form of intended contribution (i.e. research paper, position statement, short presentation, work in progress, poster, demonstration, installation)

The workshop will consist of about 40 participants, at least half of whom will be presenters listed on the published program. Funds will be available to support the participation of representatives of civil society organizations.

Accepted research paper authors will be invited to submit a full paper (~6000 words) for presentation and discussion in a multi-party panel session. All accepted submissions will be posted publicly. A selection of papers will be invited for revision and academic publication in a special issue of an open-access, refereed journal such as Surveillance and Society.

In order to facilitate a more holistic conversation, one that reaches beyond academia, we also invite critical position statements, short presentations, works-in-progress, interactive demonstrations, and artistic interpretations of the meaning and import of cyber-surveillance in everyday life. These will be included in the panel sessions or grouped by theme in concurrent ‘birds-of-a-feather’ sessions designed to tease out, more interactively and informally, emergent questions, problems, ideas and future directions. This BoF track is meant to be flexible and contemporary, welcoming a variety of genres.

Instructions for making submissions will be available on the workshop website by Sept 1.

See also an accompanying Call for Annotated Bibliographies, aimed at providing background materials useful to workshop participants as well as more widely.

Timeline:

2010:

Oct. 1: Abstracts (500 words) for research papers, position statements, and other ‘birds-of-a-feather’ submissions

Nov. 15: Notification to authors of accepted research papers, position statements, etc. Abstracts posted to web.

2011:

Feb. 1: Abstracts (500 words) for posters

Mar. 1: Notification to authors of accepted posters.

Apr. 1: Full research papers (5-6000 words) due, and posted to web.

May 12-15 Workshop

Sponsored by: The New Transparency – Surveillance and Social Sorting.

International Program Committee: Jeffrey Chester (Center for Digital Democracy), Roger Clarke (Australian Privacy Foundation), Gus Hosein (Privacy International, London School of Economics), Helen Nissenbaum (New York University),
Charles Raab (University of Edinburgh) and Priscilla Regan (George Mason University)

Organizing Committee: Colin Bennett, Andrew Clement, Kate Milberry & Chris Parsons.

University of Toronto & University of Victoria.

German Constitutional Court shoots down new ‘Lawful Access’ Provisions

Germany’s Constitutional Court is one of the few such national institutions that has been brave enough to interpret the right to privacy as actually meaning something that might outweight the state’s desire to know. According to the BBC, in a really strong decision, it has just ruled that a 2008 law, requiring all telecommunications traffic data to be stored for 6 months, violated privacy rights of citizens and should be struck out. Germany had already threatened to veto the European Union’s Telecommunications Directive 2006/24/EC (which came into force last year), a move which prompted the Council of Minister to take the unethical and devious step of redefining the Directive as belonging to the ‘commercial’ field (which requires only majority vote) as opposed to being a matter of ‘security’ (in which there has to be unanimity). We will now see what is the reaction of the German government to their own law being declared unconstitutional, and indeed, what international reverberations this have – the USA will certainly not like this.

(Thanks to ‘Unkraut’ for the pointer)

UK pushes forward with online data retention plans

Like Canada, the UK is pushing forward with new plans to force telecommunications companies and ISPs to retain online data, despite opposition from both the industry and ordinary service users. The New Labour govenrment had delayed the plans from last year, faced with the strength of the opposition and launched a ‘consulation’. The consultation apparently still generated 40% opposition, which one would think was enough to tell them that something was wrong. But, as I said last year, “the collection of such traffic data will still go ahead… partly at least because the Americans want it; there is pressure on many countries for this kind of data collection and storage – see for example, the FRA law in Sweden. Networking these databases together with others is a major aim of the FBI’s secretive ‘Server in the Sky’ project.”

However, now the UK plans go further than many other countries’ schemes in this area, as they would cover not only traffic data but also a whole range of data which would not normally have been regarded as  traditional communications like social networking activity and even internal online gaming data. This would seem to be in line with US programs that regard the behaviour of – let’t not forget, fantasy – game and virtual world avatars as somehow indicative of real-world tendencies and practices (e.g.: Projects VACE and Reynard), an extremely dubious assumption and one which extends the reach of the state into people’s fantasy and dream lives.

The BBC story mentions an estimated 2Bn GBP (around $3.5 CAN) cost for this – which will no doubt be passed on to service users – but given the immense problems posed by some of this data, I would reckon that this could a massive underestimate, especially if one takes into account the UK state’s history of appallingly-managed computerisation and database-building schemes. The original plans also would have allowed all agencies empowered under the Regulation of Investigatory Powers Act (RIPA) to make use of such data, and the RIPA consultation response from the UK government did contain some indications that some new agencies would be given powers of access, but I am still not sure whether the government will keep the list of agencies as long as it was in last year’s draft Communications Bill.

Canadian Internet Snooping Law

I’ve noted before that there seems to be a concerted push around the world by governments to introduce comprehensive new telecoms surveillance laws that force telecommunications and Internet Service Providers (ISPs) to record, store, and provide access to and/or share with state intelligence agencies, the traffic and/or communications data of their customers (in other words, users like us). What is noticeably here is that there is a particular logic that appears in the arguments of governments who are attempting to persuade their parliaments or people of the need for such laws. This logic that is firstly, circular and self-referential, in that it makes reference to the fact that other governments have passed such laws as if this in itself provides some compelling reason for the law to be passed in their own country. The second part of this is a king of competitive disadvantage arguments that flows from the first argument: if ‘we’ don’t have this law, then somehow we are falling behind in a never openly discussed intelligence-capability race that will hit national technological innovation too.

The media often seem oblivious to what seems obvious, and hence the story on the CTV news site today with reference to Canada’s currently proposed communications law that would allow the Canadian Security and Intelligence Service (CSIS) warrantless access to such the data from Internet and telecoms providers. They consider it to be ‘unexpected’ that the parliamentary Security Intelligence Review Committee has come out in support of the bill. Looking at the reasons why though, they are exactly what one would expect if one has been following the debates around the world and contain exactly the logics I have outlined. The story notes that the committee “points out that governments in the United States and Europe have already passed laws requiring co-operation between security agencies and online service providers” (without, incidentally, pointing out that these remain enormously controversial, or that other governments have abandoned some of their attempts) and later that “intelligence technology… requires continued access to new talent and innovative research.” However they won’t go into details as it is a “very sensitive matter.”

And absent from this debate as usual is the fact that this is not just a question of ‘national security’ if you set up these systems, you feed the US National Security Agency too. Canadian intelligence is still bound by agreements made after WW2, particularly the CANUSA agreement on Signals Intelligence (SIGINT), later incorporated into the UKUSA structure. And as we all know, right now, the USA does not always have the same strategic interests as Canada (the issue of arctic sovereignty is just one example). If this bill is passed, it’s a license for US spies, not just Canadian ones.