We are developing the social individualist meta-context for the future. From the very serious to the extremely frivolous... lets see what is on the mind of the Samizdata people.

Samizdata, derived from Samizdat /n. - a system of clandestine publication of banned literature in the USSR [Russ.,= self-publishing house]

Electronic privacy in the USA

Today’s New York Times has a useful piece comparing and contrasting the legally enforced privacy (and unprivacy) implications of various different kinds of cable TV, internet use, etc. What are the powers of the IRS? What are the legal rights of the music industry as they go after music piracy? That kind of thing. If that’s what you want, go here.

The New York Times on RFID tags

The New York Times has an article today on the pros and cons of Radio Frequency Identification (RFID) being attached to products in supply chains and in stores. A couple of highlights.


Tags with the technology known as radio frequency identification, or R.F.I.D., transmit a digital response when contacted by radio signals from scanning devices. Older versions of the technology have been around for decades, but now major manufacturers and retailers and the Defense Department are pushing to speed the development of a new version that could be read by scanners anywhere in the world, making it cheaper and more efficient to track the flow of goods from global suppliers to consumers.

The Defense Department expects to issue a statement in the next few days calling on suppliers to adopt the new version of the technology by 2005. Wal-Mart Stores Inc. made a similar announcement in July when it said it was requiring its top 100 suppliers to place tags with the new technology on cartons and pallets shipped to its stores by the end of 2004.

The Department of Defence. A government mandate for doing business with that part of the government. One doesn’t have to be cynical, here. There are obvious reasons why the DoD needs and wants this technology that have nothing to do with taking away people’s privacy. (It simply allows them to run their logistics better, and potentially to keep track of what is going on on a battlefield). However, these are not the sorts of people I expect to want to put protections in place that safeguard my privacy, either.


Ms. Albrecht and other critics say that companies and government agencies will be able to monitor what people read or where they assemble from radio tags embedded in their books or woven into clothing. Unlike bar codes, which cannot be scanned unless a laser has a direct line of sight to them, the radio tags can be read through walls, and multiple tags can be read in an instant.

“R.F.I.D. certainly has value in the supply chain and in inventory management,” said Beth Given, director of the Privacy Rights Clearinghouse in San Diego. But she added that “there are so many potential issues once it gets beyond the point of sale that consumer protections need to be written into law.”

And thus we once again hit the usual quandry. There are potential benefits, very real ones, in adopting these sorts of technologies. And yet the privacy and surveillance implications are such that if we adopt them we give up a lot of privacy and hand the information to governments and large organisations almost automatically. Once again, what needs to be said is that it is possible to design such technologies so that the benefits are there and the privacy violations are not, or at least so that the privacy violations are transparent and we are informed when they are happening. But to build such safeguards in, these issues have to be discussed at the very beginning, by which I mean right now. And on the whole it isn’t happening. Do I actually expect to see such safeguards put in place. Well, to tell the truth, no.

(Link via slashdot).

Fly-away data

In America, the airline Jet-Blue Airways is now facing several lawsuits for illegally handing over the passenger data of more than a million customers to a Pentagon contractor. The contractor, trying to set up a programme to enhance security at military bases, wanted access to commercial databases in order to assess the risk of a person turning out to be a terrorist.

Jet-Blue Airways has apologised for the surrender of the information, while at the same time trying to drag back a little dignity by saying that at least it did not pass the details on to a government body – scant consolation to anyone who has just had their secrets stolen from them.

The general point of this episode is that whenever a new intrusion into privacy emerges – entitlement cards, identity cards, Customs’ swaggering taste for impounding cars and goods – the Government defence comes down to the old adage, “the innocent have nothing to fear”.

Well, that just plain isn’t true when the system breaks down because of incompetence or malice. Those little boxes in adverts saying “Tick if you would prefer that your details are not passed on to other organisations” aren’t always watertight.

No Pearl in this Foul Oyster

The BBC reports on the latest application of RFID technology: London Undergound’s new “Oyster” cards.

These are smart cards that will replace existing season tickets. The advantage is that they don’t even have to be swiped through a gate and will hopefully speed passenger flow through the stations.

The disadvantage is that they will be personalised to you and will – surprise, surprise – record full details of every journey you make on a central database. This information will be retained for “a number of years”.

Even more worrying, there have been suggestions that the people responsible for these cards are keen to extend them to “other applications”.

An anonymous card will be available, but will cost more. An estimated £200 pa for an average commuter.

So the question for London commuters is: Are you willing to sell your privacy for 200 quid?

Cross-posted from The Chestnut Tree Cafe

If they can’t get you, they get your children…

Ministers are preparing legislation for the next session of parliament to make local authorities create files on every child in England, including intimate personal information about parents’ relationships with other partners and any criminal record, alcohol or drug abuse in the extended family. The files will be available to teachers, social workers, NHS staff and other professionals dealing with children to help them piece together symptoms of neglect or abuse that might require intervention by the authorities.

The green paper produced as a response to the murder of Victoria Climbié, an eight-year-old who died in London in 2000 after months of torture and neglect, said the need to protect children had to be balanced against preserving the privacy of parents. But Charles Clarke, the education secretary, said yesterday that the interests of children “absolutely” took precedence over the civil liberties of adults.

Mark Littlewood, the campaigns director of Liberty, said Mr Clarke’s remarks were even more disturbing than the green paper.

We have to make sure social workers are sharper, smarter and better focused. That’s done by better training, not by casting the net so wide that every child in the country will be in it. That creates the danger that investigations will be triggered by supposition, guesswork, gossip and rumour. Our concern is that there will be witchhunts rather than protection of the relatively small number of children in real danger.

Privacy that isn’t

It’s one thing to promise not to pass on data to other organisations, and it’s another thing again not to pass on data to other organisations:

JetBlue Airways passengers, more than a million of them, have been unsuspecting guinea pigs in a Defense Department contractor’s experiment in mining commercial databases to assess the risk of a person turning out to be a terrorist. The airline admits it violated its own privacy policy when it acceded to the Pentagon’s request to give passenger records to Torch Concepts, a private technology business that was ostensibly creating a program to enhance security at military bases.

That’s paragraph one of a New York Times story today. This is the final para:

This misstep only feeds legitimate consumer fears that companies and governments are too quick to use private data in unauthorized ways. It is worrisome, in this regard, that the Homeland Security Department has already backtracked from its original vow to use its passenger-profiling program only to fight terrorism. There is now talk of turning it into an all-purpose law-enforcement tool. For its part, in addition to ascertaining what actually took place, Congress may also need to consider new legal protections for consumers’ privacy.

Mission creep, in other words.

UK police and ISPs debate legal access to email

Silicon.com reports that police and Internet service providers (ISP) in the UK have started working together to combat crime on the Internet. Private seminars held behind closed doors later this month aim to identify which electronic evidence could – and should – be made available to police investigating a crime. Detective chief superintendent Keith Akerman, chair of the Computer Crime Group set up by the Association of Chief Police Officers (ACPO), said:

We aim to cover all crimes. We will publish working guidelines on how evidence is gathered, its integrity, and its presentation in court

.

The actual content of emails is expected to remain private, in all circumstances, in line with Akerman’s statement that the new guidelines will follow the Data Protection Act’s existing laws for telephone operators. Those laws state that police may access details of the timing of a phone call, and who participated, but not the content of the call. “Content is not at issue here,” Akerman added.

The emotive issue of child pornography and internet ‘grooming’ represented the biggest headache for ISPs. While they would never wish to be seen to be condoning such crimes, they risked a serious backlash if they were to implement the more wide-ranging surveillance and monitoring measures which would have been required.

Privacy law cracks down on spammers

Reuters reports that Britain has become the second country in Europe to criminalise spam, that unwanted barrage of e-mail and mobile phone text messages that promise get-rich-quick schemes, cheap home loans and a better sex life.

The unsolicited messages, which industry groups say account for more than half of all e-mails sent, have become the scourge of Internet users everywhere. Under the new UK law, spammers face a 5,000 pound fine if convicted in a magistrates court. The fine from a jury trial would be unlimited. Spammers would not face prison, according to the new law, which was introduced by Communications Minister Stephen Timms.

The law does not however cover workplace e-mail addresses. Anti-spam proponents had been calling for a blanket law that would criminalise all forms of spam. Steve Linford, founder of anti-spam group Spamhaus Project says:

To say it is permissable to spam somebody at work but not at home could put an extremely large burden on British businesses. It says it’s okay to spam companies.

The biggest spammers are based in the United States and Asia. Strenuous anti-spam laws there are seen as key to shutting off the valve.

Tesco Abandons Customer Privacy

The BBC reports that Tesco branches in Sandhurst and Leicester are running trials of the controversial Radio Frequency Identification (RFID) chips.

These chips – each of which contains a unique identification number – will be attached to the packaging of almost every DVD in the stores.

What makes this trial unacceptable is that the chips will not be deactivated when the customer leaves the shop. Instead they will remain functional and will be broadcasting the customers’ purchase details wherever they go until they dispose of the packaging.

A useful reference regarding RFID is notags.co.uk.

Cross-posted from Chestnut Tree Cafe

Charity commission given ‘snooping’ powers

The Guardian reports that the charity commission will be given powers to use covert informants, track individuals and obtain email and telephone records under controversial legislation dubbed a “snooper’s charter” by civil liberties groups.

Orders laid before parliament last Friday will include the commission in the list of public bodies given powers under the Regulation of Investigative Powers Act 2000 (RIPA).

The orders will allow the commission to mount “directed surveillance operations” – monitoring people’s movements – use “covert human intelligence sources” – undercover agents and informers – and to obtain limited information about email, phone and postal communications, for the purpose of preventing and detecting crime.

Chris Stalker, head of campaigns at the National Council for Voluntary Organisations, said:

While NCVO welcome measures that will ensure greater trust, confidence and the integrity of charities, the use of RIPA by the charity commission does cause us some concern.

While the commission’s power to investigate is crucial to its work, we will be monitoring the use of this new legislation closely to ensure it remains proportionate to its role as regulator of the charitable sector.

2003 World Privacy Survey

Privacy International and the Electronic Privacy Information Center released Privacy and Human Rights 2003 on 5 September. The report reviews the state of privacy in 55 countries around the world. Issues covered include data protection, surveillance, anti-terrorism efforts and new technologies. This is what it has to say about the UK:

The privacy picture in the UK is mixed. There is, at some levels, a strong public recognition and defense of privacy. Proposals to establish a national identity card, for example, have routinely failed to achieve broad political support. On the other hand, crime and public order laws passed in recent years have placed substantial limitations on numerous rights, including freedom of assembly, privacy, freedom of movement, the right of silence, and freedom of speech.

No cure for cancer

It’s like a cancer that we can battle against but never truly defeat. As it creeps purposefully through our national lymph system some of us can summon up the courage to fight it back and, for a while, it can appear as if we are in remission. But then comes the hoping and the praying for the final ‘all clear’ that signals a rebirth and a new lease of disease-free life.

It never comes. The cells are corrupted again and the cancer returns to devour us:

Sweeping powers for Government agencies to carry out covert surveillance, run agents and gather the telephone data of private citizens were contained in legislation published yesterday.

State bodies ranging from the police, intelligence services and Whitehall departments to local councils, the Postal Services Commission and the chief inspector of schools will be able to authorise undercover operations.

The measures were activated by David Blunkett, the Home Secretary, under the controversial Regulation of Investigatory Powers Act, which became law three years ago. They need to be approved again by both Houses of Parliament before they can be used.

These horrors first made their appearance about a year ago and set off a call-to-arms that, in turn, caused the Home Office to drop the proposals. Or, at least, they made an appearance of dropping them because, like that lurking cancer, they never really went away. They were merely stacked neatly in the pending trays until an another opportune moment presented itself. Seems that the moment is now.

Shami Chakrabarti, director of Liberty, said the British people were “the most spied upon in the Western world”.

I reckon that’s a pretty fair prognosis. But why? Why are our political elites so determined to construct this panopticon? Why are they so single-minded about this project that they appear immune to sweet reason, protest or appeals to decency? What exactly is driving them? Are they so riddled with paranoia and insecurity that they see monsters and assassins lurking behind every curtain? Is that how they see us? I cannot think of any other reason why a democratically elected government would come to think of themselves as colonial occupiers of their own country.

What has led to this calamitous collapse of trust? Is it repairable? I rather fear that it is not.

Questions, questions. Answers may come in due course but I suspect none will be satisfactory or stop the cancer from spreading. Time for palliative surgery?

[This has been cross-posted from Samizdata.]