privacy – Page 4

EU Telecommunications Directive in effect

From today, private lives in the UK will be a little less private, as EU Directive 2006/24/EC becomes part of national law.

Traffic data on e-mail, website visits and Internet telephone calls now have to be recorded and retained by Internet Service Providers (ISPs). Specifically, the Directive mandates the retention of: the source of a communication; the destination of a communication; the date, time and duration of a communication; the type of communication; the type and identity of the communication device; and the location of mobile communication equipment.

This is coming into force despite the fact that many countries and ISPs still object to the directive. It has to be said that many ISPs are objecting on grounds of cost rather than any ethical reason. German courts are yet to determine the constitutionality of the directive and Sweden is not going to implement it at all.

As with many of these kinds of laws, it was rushed through on a wave of emotion after a particular ‘trigger event’ – in this case, the 7/7 bombings in London in 2005. There was a whole lot of devious practice in the Council of Ministers to get it passed too – if the Directive had been considered as a policing and security matter, it would still have needed unanimity, which means that the objections of Germany and Sweden would have vetoed the Directive. Instead, it was reclassified as ‘commercial’ on the grounds that it was about the regulation of corporations, and commerical matters need only a majority vote. How convenient…

The Home Office in Britain says our rights are safe because of RIPA, which is hardly cause for rejoicing. My main concerns, apart from the fact that this is yet another moment in the gradual erosion of private life, are that:

1. police access will rapidly become routine rather than specific, and this could be extended to many other public authorities – the original drafts of the Communications Bill would have extended the right of access to such data to all RIPA-empowered organisations (which includes most public authorities);

2. the data will be used illicitly by ISP employees for criminal purposes (remember that most identity thefts are inside jobs) – the records will be a blackmailers delight;

3. there will more ‘losses’ of this data by ISPs and others who have access to it. Remember the accidental revelation of user data by AOL in the USA?

A quarter of UK databases break privacy laws

This is massively important because it is based not simply on a financial, political or even an ethical position, but on the database projects’ respect for existing law. They are simply illegal…

A new report for the Joseph Rowntree Reform Trust by a very credible largely Foundation for Information Policy Research (FIPR) team that combines engineers, lawyers, software developers, and political scientists, has concluded that a quarter of the UK public-sector databases are illegal under human rights or data protection law. It also looks at UK involvement in some European database projects and finds all of them questionable too.

The report rates the 46 databases on a traffic light system – green, amber, red – and argues that those rated ‘red’, in particular the National Identity Register and the Communications Database, and are simply unreformable and should be scrapped. This is massively important because it is based not simply on a financial, political or even an ethical position, but on the database projects’ respect for existing law. They are simply illegal, and not just massively expensive, morally questionable or politically undesirable. In fact, a quarter of all the databases were found to contravene the law and more than half were ‘problematic’ (i.e. open to challenge in court) . All of those rated ‘amber’ (29 databases) the authors argue, should be subject to independent review.

There are a number of other major recommendations, including the reassertion of the necessity and proportionality tests contained in DP law, citizens should anonymous rights to access data, more open procurement of systems, and better training processes for civil servants. The most important and radical measures proposed, and entirely correctly in my view, are those concerning the location of data and the whole nature of UK IT development. For the former, the report recommends that the default location for sensitive personal data should be local, with national systems kept to a minimum – this appears to be rather like the ‘information clearing house’ system as opposed to central databases, that we proposed in our Report on the Surveillance Society, but better worded and justified! In the latter case, the authors simply note that fewer than 30% of government IT projects succeed at a cost of 16Bn GBP per annum and that there should never be a general and aimless government IT program, rather there should only ever be specific projects for clearly defined and justified (proportional and necessary) aims.

It is an excellent report and probably unanswerable in its logic. Tellingly, The Guardian report contains no response from any government minister…

Austin no longer the coolest city in the USA

The latest city to fall for the current wave of government enthusiasm for surveillance that is sweeping the USA is, unfortunately, the city of Austin… Sorry Austin – unless you people do something about this, you are off my list of cool cities…

Austin, Texas… lone island of sanity and liberalism in a less-than-liberal state. With its laid-back attitude, massive urban bat population, superb music scene and reputation for weirdness, it must for some time have been a candidate for coolest city in the States.

Well no longer. The latest city to fall for the current wave of government enthusiasm for surveillance that is sweeping the USA is, unfortunately, the city of Austin, whose authorities have voted to install a CCTV system. The local newspaper, The Daily Texan, jauntily informs us that the city has voted to sacrifice privacy for security: that does not sound like the attitude of a confident, hip place. Sorry Austin – unless you people do something about this, you are off my list of cool cities!

Seriously, though: Austin is not a city with an especially high crime rate, nor has it seen any massive recent increase in crime – even if CCTV was any good at reducing crime, which we know from the multiple assessments done in the UK and elsewhere that it isn’t. Yet Police Chief Art Acevedo is quoted as praising CCTV in the UK, specifically in London. Perhaps he has been reading too much of the hype and hasn’t read the British government’s own assessments of CCTV (conducted under the auspices of the Home Office)?

So why the sudden urge to install cameras? Could it be because of the lure of federal funding from the Department of Homeland Security? It could be. Austin has acquired $350,000 to install cameras, and what set of city fathers turns down cash (whatever it is for)? That was one of the main lessons of the expansion of CCTV in Britain in the 1990s and of course cities are now paying the long-term price of their enthusiasm as they struggle to find the money to monitor and maintain their camera systems. Chief Acevedo seems to have no worries about this though – this techno-evangelist is already talking about automation and computer recognition systems. He really sounds like a guy who has started to believe the sales pitches at all those law enforcement technology trade fairs…

Battle lines being drawn in UK surveillance debate

there appears to be a gathering of forces and a drawing of battle lines amongst the ‘big beasts’ of security policy in the UK…

The UK’s Institute for Public Policy Research (IPPR), the influential think-tank that was behind the New Labour project, has released a report on intelligence and national security that argues that privacy and human rights will have to take second place in the War on Terror. The report, National Security Strategy, Implications for the UK Intelligence Community, is written by former civil service security and intelligence coordinator, David Omand, is part of the IPPR’s Commission on National Security in the 21st Century, whose rather unimpressive launch event I attended last year.

The Guardian newspaper’s story on this is trying to build this up into an ‘end of privacy’ / ‘end of civilisation as we know it’ story and Omand certainly comes down firmly on the side of security over liberty. He recognises that his arguments are contrary to ours and go “against current calls to curb the so-called surveillance society.” But he is not actually making a total ‘by any means necessary’ argument. Even the Guardian’s own report quotes his rather qualified statement that “in some respects [new intelligence methods] may have to be at the expense of some aspects of privacy rights.”

The report is simply not as strong or even as interesting as The Guardian‘s story suggests. Most of it is simply a description of how intelligence works (and not even a very comprehensive or insightful one at that). Much, as we predicted in our recent book (see My Publications), it tries to set the creation of ‘resilience’ as a key rationale for reducing civil liberties, as if resilience in itself was a good thing that needed no justification when in fact it is being used as a bland container for all sorts of questionable policies – from the use of torture and imprisonment without trial to the everyday use of intrusive high-tech surveillance. The references to the political controversies over surveillance are rather cursory and don’t really say much other than that people are worried and really they shouldn’t be. These are just the usual ‘trust us, we know what we are doing’ and ‘these are exceptional circumstances’ arguments that we have heard many times before, and they are as weak and old-fashioned coming from Omand as from anyone else.

It is worth noting that there appears to be a gathering of forces and a drawing of battle lines amongst the ‘big beasts’ of security policy in the UK. I reported yesterday on David Blunkett’s conversion to the cause of limiting surveillance society, and a few days ago, Stella Rimington, the former Head of the Security Service, MI5, condemned the current government’s approach to liberty and security in even stronger terms, arguing that the approach that Omand typifies would lead to ‘a police state’.

Surveillance has finally become an issue on which it is becoming less possible to be unengaged, apathetic or even neutral. That in itself is a good thing, however it does not guarantee a good outcome even if more major public figures suddenly discover their enthusiasm for liberty once they leave office. However, I hope this reflects a split which is growing within the current government too – normally when retired politicians and civil servants speak out, they are conscious of the way in which they speak on behalf of friends and colleagues who feel they cannot be so candid.

Chicago: the future of US CCTV?

…despite Britain’s reputation as a surveillance society… the USA is now eclipsing the UK. The post-9/11 surveillance surge has seen to that.

Back in the USA again. Chicago has been featuring a lot this week for its CCTV system. Newspapers generally offered glowing assessments of its capabilities based around homey anecdotes of pretty harmless incidents ‘solved’ by CCTV – in this case the stories, for example those in the Chicago Sun-Times and the New York Times, featured a theft from a Salvation Army kettle, which sounds like it is straight from a Mayoral press release. It is depressingly poor journalism and once again, all very reminiscent of the situation in the UK in the 1990s before academic and even government assessments dampened the enthusiasm for CCTV. There’s also a depressing naivety (and factual incorrectness) about the insistence from the authorities and from some ‘experts’ that these cameras have nothing to do with human rights like privacy as they are all in public spaces.

But there is one very important difference. Chicago, with massive investment from the Department for Homeland Security, has gone much further than most UK cities, not only in coverage but also in capabilities. First of all, Daley and police-chief Orozco have promised that “We’re going to grow the system until we eventually cover one end of the city to the other” in other words they do want, as the Chicago Sun-Times subheading claims, ” a camera on every street corner.”

The particular innovation that the city is pushing here is the linking up of the law-enforcement aspects with emergency services through something called Computer-Aided Dispatch (CAD). This is system that uses a live Geographic Information System to match camera location to reported incident location, so that when an incident is called in via 911, the nearest cameras can immediately turn to picture the scene. This is part of what Chicago calls ‘Operation Virtual Shield’, a fibre-optic cable system which links the cameras with other biological and chemical weapons-detection system in a “homeland security grid.’’

The Chicago control room (New York Times)

As part of the work we did for our latest book, Jon Coaffee Pete Rogers and I visited and analysed several different cities in the UK to assess their emergency-response and surveillance systems. While most had intentions to use the cameras for more active emergency-response purposes and particular local police were starting to try to install override systems for the multiple local camera systems that exist in the UK in the case of citywide emergencies (like a mass evacuation). And in particular, Manchester (whose high-tech control room looks like the Chicago one as seen in the NYT (picture above) and also often features in media PR for CCTV) has gone further down the Chicago route than most. But they still don’t come close. Britain’s systems are fragmented, ageing, generally not integrated with other functions and certainly don’t link to other kinds of sensors. Britain has introduced some stupid authoritarianism like the infamous ‘shouting cameras’ mostly as part of the Respect (sic) Zones initiative. But despite Britain’s reputation as a surveillance society I suspect that in terms of advanced integrated cameras systems, the USA is now eclipsing the UK. The post-9/11 surveillance surge has seen to that.

There’s two other points worth noting here. The first is that Chicago is bidding for the Olympics in 2016. I can almost hear multiple researchers in surveillance studies around the world, releasing a collective ‘of course!’. Mega-events like the Olympics, the World Cup – there will be a fantastic conference on this theme in November this year in Vancouver – or other non-sporting ones like world summits or the G-8 conference are often the trigger for the introduction of repressive measures and new surveillance systems. This was true in Japan (where state CCTV was first introduced because of the soccer World Cup in 2002), in South Africa (for various major world summits), and in Athens for the Olympics in 2004. Mayor Daley wants the city to be 100% free from the possibility of terrorist attack. Laving aside the actual impossibility of that desire, how far will he go to get there?

Well, the last Olympic venue, Beijing, might give some indication. For it is actually the plans in authoritarian, non-democratic China that seem most similar to what is going on in Chicago. Even the names have an eerie reminiscence: China’s Golden Shield, Chicago’s Virtual Shield. That is trivial, however the substance is not. The Chinese government, as Naomi Klein has written, is installing massive and comprehensive camera systems in every major city in China. It is also, of course, linking this system into its infamous Internet monitoring operation, with the ultimate aim of being able to track individuals in real and virtual space. Of course, the US, like most other nations is now trying to control Internet use too and the NSA already keeps massive data banks of communications traffic information as well as doing real-time monitoring as recent revelations have, once again, shown. But, it’s different in the USA isn’t it? The USA wouldn’t link up all these systems, would it? The Land of the Free? The home of democracy? I wouldn’t bet against it…

Facebook, Privacy and the follies of youth

It is hard to say anything about Facebook that hasn’t been said elsewhere. Of course, the decision to reverse its attempt to change its terms, which would have made it nigh on impossible for members to remove material they had posted, is a good one. Effectively what it would have done is made Facebook the owner of all personal data posted on the site.

The campaign against it was of course organised through Facebook groups! That in itself should have been enough to persuade Facebook’s young owners of the power and passion generated by the system they had created. But I don’t think they really do understand it, or indeed very much about the implications of what they are doing at all. I mentioned their youth. Last time Facebook got into trouble, it was because of comments made by their ‘Marketing Director’ (age: 24) at Davos, which were (apparently erroneously) taken by the press to indicate that Facebook was going to sell personal data.

Now, I know that it’s not cool and probably won’t make me popular to knock youth at a time where youth is everything (despite the fact that the word is ageing) – Fast Company last month had snowboarder Shaun White as its cover star in a story full of fawning admiration about how rich he had become by telling big companies about the youth market. But at least White seems to have his head screwed on – maybe it’s a class thing? Facebook’s owners on the other hand need to grow up a bit. They need to learn a bit more about the value of some rather old-fashioned fundamental rights, particularly privacy, and strop treating the system they have created as the personal spare-time sophomore project as which it began. I think that they just didn’t appreciate how people would view their proposals.

There is a serious issue here. Privacy is something that you only start to truly truly understand as you get older. Partly this is because your mistakes and your secrets get more serious and more potentially damaging as you get older! But, as I have said before, most of those are nobody’s business but your own and no-one benefits from forced transparency – honesty and conscience are also profoundly personal matters. It has been argued that the ‘youthfulness’ of the Net has encouraged a general carelessness with privacy. I am not sure that is entirely true, as Facebook users have shown – they care. But it’s the careless and – let’s face it – privileged youth of many of these new entrepreneurs, the fast companies, which is more concerning. Most are not success stories from the wrong side of the tracks, who have learned ‘the hard way’.

The threat of legal action from EPIC, which was preparing to take them to the Federal Trade Commission might have concentrated minds in this regard. Maybe it was just the threat itself – EPIC have a strong record in these kinds of cases and have taken down Microsoft and Doubleclick. However I would like to think that the arrogance and energy of youth might be tempered with a bit more maturity and consideration in the future. If only, as I’ve said before, because Facebook is no longer a fresh young company in Web 2.0 terms and could easily be eclipsed by the next big thing. Perhaps they can hire someone more ‘real’ like Shaun White to tell them how privacy rights and user control of information would be like, totally rad, dude…

Woah man, I am so stoked about privacy... (Shaun White, not actually advising Facebook on privacy, pictured for Fast Company)

On a more serious note, EPIC put a lot of time and money into protecting privacy in the USA and they do a damn good job, and in cases like that of Facebook they are having a positive affect the world over, so give them some money!

The loneliness of personal data

Surveillance like this harms us all: it makes our lives banal and reveals only the sadness and the pain.

There is something at once banal and heartbreaking about what is revealed through the examination of personal data. The episodic film, I Love Alaska, captures this beautifully. The film by Lernert Engelberts and Sander Plug is based on AOL’s accidental exposure of the search data of hundreds of thousands of its users, and focuses on just one, 711391. The film consists of an actress reading out the (unusually discursive and plain language) search terms of User 711391 like an incantation, with background sound from Alaskan locations and static camera shots that serve to emphasize her boredom, isolation and loneliness.

I was watching episode 5 of the film when two stories popped into my inbox that just happened to be related. The first was from the New York Times business section and dealt with the other side of the recent US sporting scandal over revelations that baseball player Alex Rodriguez has taken steroids. Like User 711391, Rodriguez had given up his data (in this case, a sample) in the belief that the data would be anonymous and aggregated. But it wasn’t.

So, then we come to how the state deals with this. The Toronto Globe and Mail comments on the way the Canadian federal government is, like so many others, proposing to introduce new legislation to monitor and control Internet use. The comment argues that there is no general need to store personal Internet use data (or Canada will end up like the UK…), and that Internet surveillance should be governed by judicial oversight. Quite so. But, as the NYT article points out, it isn’t just the expanding appetite of the state for data (frequently coupled in the UK with incompetence in data handling) that we should fear but the growth in numbers of, and lack of any oversight or control over, private-sector dataveillance operations.

Some people will argue that any talk of privacy here is irrelevant: User 711391 was cheating on her husband; Rodrguez was taking steroids; there are paedophiles and terrorists conspiring on the Internet. With surveillance the guilty are revealed. Surely, as Damon Knight’s classic short story, ‘I See You’, claimed, with everything exposed we are truly free from ‘sin’? But no. In its revelations, surveillance like this harms us all: it makes our lives banal and reveals only the sadness and the pain. For User 711391, her access to the Internet served at different times as her main source of entertainment, desire, friendship, and even conscience. The AOL debacle revealed all of this and demeaned her and many others in the process. Most of us deserve the comfort of our very ordinary secrets and the ability for things to be forgotten. This is the true value of privacy.

(Thanks to Chiara Fonio for letting me know about I Love Alaska)

UK travel database

Lots of media outlets today and yesterday reporting on the UK government’s e-Borders initiative. I’m not quite sure why particularly now: we’ve known about the e-Borders program – which is based around the new RFID-chipped passports – for some time. Of course the system involves collecting vast amounts of data, including rather more personal information than seems in any way necessary, like for example, travel companions – as if terrorists and criminals will obediently identify themselves by booking and traveling together!

For that is the justification for all this. On the Politics.co.uk website, Phil Woolas, the Minister of State for Borders and Immigration – another barrel-scraping appointment by a government that doesn’t really have many options for ministers now – said that this is is just about allowing ‘us to count all passengers in and out of the UK.’ But this isn’t just counting. What was a system derived in a combination of bowing to US demands after 9/11 and embarrassment over the government’s total inability to counter opposition criticism over immigration with any real facts has expanded its functionality (as with all of these systems) into something rather more comprehensive.

Woolas goes on to say that it ‘targets those who aren’t willing to play by our rules’ – tough talk, but it with the ever increasing numbers of trivial, silly and sometimes plain bad rules introduced by the current government, it’s hard to know what playing by the rules means anymore. This is a major problem for those who just accept all of this with a shrug and argue ‘nothing to hide nothing to fear’. I also wonder how long it will be before this database is hacked or details get left on a train or the whole thing is ‘lost’. Maybe I will start paying attention to Phil Woolas’s idea of the rules when his government starts paying attention to the European Convention on Human Rights, introduces some proper accountability and oversight for all these new surveillance initiatives as the House or Lords recommended, and stops losing our data and pandering to fear. Accountability, competence, ethics and rationality: it’s not much to ask from a government is it?

Britain is a surveillance society and it must change: detailed anaysis of the Lords Constitution Committee report

This is probably the best parliamentary report on surveillance I have ever read, and if only half of the recommendations are given any attention by the government, then Britain will be a much better place.

It’s 3.00am here in Brazil, and I have just spent the last four hours reading, analyzing and writing about the House of Lords Constitution Committee Report Surveillance: Citizens and the State. My expectations of the work of the committee have generally not been disappointed. This is probably the best parliamentary report on surveillance I have ever read, and if only half of the recommendations are given any attention by the government, then Britain will be a much better place. However it is not only relevant to Britain. The UK seems to have come to be regarded as some kind of model for other democracies to follow in terms of surveillance and security – at least by governments. Reading this report should serve to disabuse others of any notion that Britain is a good example.

Here’s the detailed analysis. It is long and there are no pictures! But this is serious stuff. I have gone through the whole report and thought about all the recommendations. It is worth remembering first of all what the Committee was asked to do. Here are the questions they started out with:

Have increased surveillance and data collection by the state fundamentally altered the way it relates to its citizens?
What forms of surveillance and data collection might be considered constitutionally proper or improper? Is there a line that should not be crossed? How could it be identified?
What effect do public and private sector surveillance and data collection have on a citizen’s liberty and privacy?
How have surveillance and data collection altered the nature of citizenship in the 21st century, especially in terms of citizens’ relationship with the state?
Is the Data Protection Act 1998 sufficient to protect citizens? Is there a need for additional constitutional protection for citizens in relation to surveillance and the collection of data?

The answers to the first and last questions are, in short ‘yes’ and ‘no’ respectively. Their basic conclusion is that increasing surveillance by the state is the greatest change to the nature of the relationship between state and individual in Britain since the end of the second world war. In opposition to the House of Commons Home Affairs Committee report from last year, and largely in support of our Report on the Surveillance Society form 2006 and that of the Royal Academy of Engineers from 2007, they show that Britain is a surveillance society, and that this must change. They do not go so far as to recommend an Information Act to bring all legislation in this area together, as I have been arguing, but they do advocate significant new legal / constitutional measures to rebalance the state-individual relationship in favour of the individual.

There are 8 chapters of consideration of all of the evidence given, which is treated in a very careful and even-handed way. The Home Office, the police and the Surveillance Commissioners for example, all come in for a telling-off at various points, but at the same time, some of the current government’s initiatives on openness are quite rightly praised (although of course they don’t go far enough in tackling the culture of secrecy that has plagued British government for far too long).

Who comes out of it well? First of all, the Information Commissioner, Richard Thomas and his office (the ICO). This is entirely right. None of this debate would have happened without him and he continues to push the agenda forward in an activist manner that many campaigners should look to as an example. Secondly, the media. The Lords seem to be very aware of the role of investigative journalists in holding the government to account. People are too willing these days to make blanket generalisations about the media as if they were all superficial and obsessed with celebrity. In the case of surveillance, the BBC and The Guardian in particular have done a great job. Thirdly academics and campaigners alike come across as far more informed and sensible about this than the state, which leads the Lords to recommend that the government pay us far more attention. On a personal note, it is a bit disconcerting to see myself, Surveillance Studies Network and other people and organizations with whom I work mentioned (approvingly) quite so much in such an important document…

The Committee place the two values of privacy and freedom as the foundations of its recommendations. The Lords argue that privacy and the restraint of state powers are at the heart of liberty, and that they should be taken into account at all times. There is, I am very pleased to see no mention of ‘trade-offs’ between freedom and security and it seems that they accepted my argument (they do quote me on this) that when claims to protect fundamental freedoms by increasing security are actually eroding those freedoms, the tacit agreement that binds people and state is broken. They stress that all organisations involved in surveillance and date handling need to give far more attention to privacy at all stage, indeed that it should be built in.

There are many individual recommendations.The first concern the Information Commissioner. Basically, the Lords argue that he should be given more extensive powers and more resources, specifically:

to have a role in assessing the effect on any new surveillance measure on public trust;
to be able to monitor the human rights (Article 8, ECHR) effects of government and private surveillance practices on the public;
to be consulted by the government at the earliest stages of policy development – they specifically attack the government for not doing thus far; to extend the ICO’s power of inspection to private companies (again something I am quoted on) – they don’t note that the power of inspection over government departments was only granted in a rush by Gordon Brown following the revelations of disastrous losses of data by various state bodies;
to speed up the implementation of the ICO’s new power to fine bodies that break the rule on data protection and freedom of information;
to be a statutory consultee on all surveillance and data processing laws and for the ICO to report to Parliament on this;
for the government and the ICO to undertake a review of the law governing citizens’ consent to use of their personal data – there is quite a lot of interesting discussion in the body of the report on how consent might operate, and I am very pleased that they haven’t, unlike the government, given up on the importance of consent;
for the government to work with the ICO on raising public awareness as it should already be doing but has failed to do;
and finally, and this is really important – for the Data Protection Act to be amended to mandate a Privacy Impact Assessments (PIA) “prior to the adoption of any new surveillance, data collection or processing scheme, including new arrangements for data sharing” with a role for the ICO in overseeing these. The government will probably try to ignore this, but this is the most crucial recommendation for future policy.

On the various other commissions – of which there are too many in my opinion – they merely recommend that the Surveillance and Communications Commissioner work together better and seek the advice of the ICO, especially with regard to the misuse of powers under the Regulations of Investigatory Powers Act (RIPA), and that the Investigatory Powers Tribunal stops hiding from the public. These are weak recommendations. Later they are rather more robust about the problems of having too many ineffectual regulators of RIPA, but despite a brief mention, any recommendations regarding the regulation of the Intelligence Services get quietly dropped along the way (not surprisingly). I would have thought that recommending at the very least that the offices of the Surveillance and Communications Commissioners are brought under the control of the ICO, if not completely absorbed into the ICO, would have been a much better long-term move.

They also have a number of other recommendations on the egregious RIPA, firstly that the (inadequate) administrative procedures are reviewed and secondly that the government should think again about the whole business of allowing Local Authorities police powers, and that in any case, these powers” should only be available for the investigation of serious criminal offences which would attract a custodial sentence of at least two years.” In my opinion, this effectively amounts to saying ‘repeal RIPA’ without saying so directly. The use of intense targeted surveillance powers to deal with minor infractions is what a lot of RIPA is all about whether that was the intention or not. It is an ill-thought out and badly worded law, like so many in this area.

The Lords recognize this deficiency in detail and specificity and argue as a general point, following the Human Rights Committee, that “the Government’s powers should be set out in primary legislation.” Crucially they also note that the government has not seemed very concerned with what happens after legislation is passed or how it works. They recommend the formation of a new Joint Committee in parliament on surveillance and data powers that would have post-legislative scrutiny as one of its key functions.

There are several measures concerning particular technologies. Their coverage of technologies of surveillance and data-collections is not too bad. I gave a seminar to the Committee on the range of surveillance technologies before they started their hearings, and I was beginning to despair at the levels of knowledge – “can they really do that?” was a common cry – and yet here they consider everything from CCTV to ubiquitous computing / ambient intelligence. There are still major deficiencies however. Although they take my point that government needs to get ahead of the technological game in order to regulate effectively, they still have not. They don’t recommend anything specific about the use of scanners in public places, location tracking, about the increasing dependence on RFID, or about the new flexibility, mobility, decrease in size and bodily intrusiveness of surveillance technologies and what this means for regulation. Mind you that is all in our report to the ICO that inspired all this (see Paragraph 4!)

They recommend that:

the Government comply fully with the recent ruling from the European Court of Human Rights that DNA profiles of innocent people are no longer kept indefinitely on the National DNA Database (NDNAD) – they also rule out a complete national database on both liberty and cost grounds, and argue that there should be a single, clear law governing the NDNAD and better transparency all-round.
On CCTV, they recommend more research on “the effectiveness of CCTV in preventing, detecting and investigating crime”, and more importantly that the government finally put CCTV on a proper statutory basis, with clear regulations, and systems of complaint and redress.
The report is at its weakest on the proposed new National Identity Register (NIR) and ID card. No2ID will not be happy, as all that they say is that “the Government’s development of identification systems should give priority to citizen-oriented considerations.” This is practically meaningless.Considering that this is the Constitution Committee report, and that the NIR and ID card are at the heart of how the government sees the information relationship between state and individual, this is also an unacceptable and compromised omission. No doubt it is evidence of a key area of disagreement amongst members, but the Chair should have banged some heads together on this one!
Although it is treated as a legislative measure, the Lords recommend mandatory encryption of personal data “in some circumstances.” This should have been stronger – bear in mind that most of the data lost by the state over the last few years was not encrypted
They also recommend that the government incorporate ‘design solutions’ in particular Privacy-Enhancing Technologies (PETs) in all new schemes. This is good as a minimum – we have to make sure that the government doesn’t use PETs as a way of claiming to have dealt with the problem – ooh, look: technology!

In other general measures for the whole of government, the Lords return to their central themes, specifically:

that Government should instruct government agencies and private organisations involved in surveillance and data use on compliance with Article 8 ECHR and in particular the legal meanings of necessity and proportionality. They also recommend legal aid should be available for challenges under Article 8.
a system of judicial oversight for surveillance carried out by public authorities, with compensation “to those subject to unlawful surveillance by the police, intelligence services, or other public bodies” acting under RIPA. This would be a severe blow the ad-hoc and effectively extra-legal expansion of surveillance powers under the present government. It would be great if it happens, but I am not going to hold my breath until it does…
increasing the stature and power of the data protection minister
lots of general blah about improving safeguards and restrictions on data handling and implementing standards and training, and education, to improve public confidence. But the thing is, public confidence isn’t really the main issue. Public confidence is low because the government and its private sector contractors have been time and again demonstrated to be incompetent.
there are also several paragraphs of recommendations which basically amount to saying ‘listen to the public’ and particularly, pay attention to pressure groups and research in this area because they know what they are talking about. They are right, you know – we do! They also want more research to get better information on public opinion in this area. We can do that too!

Despite this slight degeneration into well-meaning generality at the end, and despite the glaring hole when it comes to the NIR and ID cards, the principles advocated by this report, if implemented, would transform the direction of government in Britain. Many of the individual recommendations are things that I and others have been arguing for, for some time.

So what was the government’s first response? Well, the thoroughly useless Home Secretary, Jacqui Smith, according to the BBC has “rejected claims of a surveillance society as “not for one moment” true and called for “common sense” guidelines on CCTV and DNA.” When she has read the report she will realize that such guidelines are right in front of her – indeed, she got ‘common sense’ from the European Court on the DNA database some time ago and her department still does not know what to do with it!

As I said, if even half of this reported is acted on, Britain’s ways of dealing with surveillance will be transformed. I am not paying much attention to the Conservatives – in opposition you can say anything and they will beat the government with the liberty stick one day and the security stick the next. The question is, are New Labour brave enough to admit that their approach to surveillance has been almost entirely wrong?

We will soon find out.

Google Latitude: no place to hide?

the mixture of assumptions seems dangerous: a lack of genuine understanding combined with categorical friendship (analogous to categorical suspicion, the basis of profiling in policing) and technologies that unless actively adjusted all the time for all of those massive number of connections, allow you to be utterly exposed…

I’ve just seen that Google has launched its Latitude service, which allows you (once you register and add your phone number) to be tracked by all your ‘friends’, and correspondingly, for you so see your ‘friends’ – if they have signed up. I put the words friends in inverted commas with some sadness because the word seems to have become increasingly meaningless in the age of Facebook when accumulating ‘friends’ seems to have become a competitive sport. This is not entirely irrelevant to Latitude for reasons we will come to in a minute.

There are various questions about this.

A colleague comments that like many other tracking services, the way it is set up he assumed you could access the project if you just had access to someone else’s phone and a computer (or WAP/3G phone) at the same time. Perfect for a over-protective or suspicious parent, a suspicious, husband, wife, boyfriend, girlfriend – or anyone else for that matter.

The privacy policies are a mixture of Google’s standard (and already questionable) privacy statement and a new set of policies on ‘location privacy’, which state that:

“Google does not share an individual person’s location with third parties without explicit permission. Before someone can view your location, you must either send a location request by adding them as a friend or accept their location request and choose to share back your location.”

You can also change settings so that your location can be automatically tracked, manually selected, or hidden. If you are signed out of the service, you will not be on any map either. You can also change settings for specific friends, including hiding your location from them, share only the city you are in, or removing them from your Latitude list.

Now this all sounds very good, even fun – although it could be a recipe for all kinds of suspicions and jealousies – but it all depends on what the nature of ‘friendship’ means to the person using the service. Friendship no longer seems to require personal knowledge but simply matching categories. I was writing earlier about the loss of trust in South Korea, but the reformation of trust that occurs through social networking seems not to require the dense networks of interdependence in real life that traditional forms of social trust were built on. It doesn’t seem like a substitute, the mixture of assumptions seems dangerous: a lack of genuine understanding combined with categorical friendship (analogous to categorical suspicion, the basis of profiling in policing) and technologies that unless actively adjusted all the time for all of those massive number of connections, allow you to be utterly exposed, laid bare in time and space.

The most extreme examples of this personal surveillance are not in the relatively comfortable worlds that tech enthusiasts inhabit but firstly, in conflict zones – after all ‘I know where you live’ has always been one of the most terrifying and chilling expressions you can hear in such circumstances (see Nils Zurawski’s article on Northern Ireland in Surveillance & Society) and now it could be in real time; and secondly, in authoritarian, or even just paranoid countries. Here, real-time location data could be a goldmine for intelligence services, and it is not as if Google and Yahoo and others have bravely resisted the attempt of, for example, the Chinese government to suborn them to its illiberal requirements.

Now, perhaps this makes me sound very conservative. I’ve never joined a single social networking service – like, how Twentieth Century is that?! – but I am also sure that this service will be both used and abused in all kinds of ways, some that we expect and some that we don’t. It might be a tool for overprotective parents, for jealous lovers, for stalkers and even for killers; but it will also be a tool for new forms of creativity, deception, performance and play.

Or it could be just utterly pointless and no-one will bother using it at all.

(thanks to simon for the heads up. As it happens, Surveillance & Society currently has a call for papers out on ‘Performance, New Media and Surveillance’, to be edited by John McGrath and Bill Sweeney)