Tag: Surveillance
Google’s intrusion into the physical world means that, were its privacy policy to stay in place and cover self-driving cars and Google Glass, our internet searches might be linked to our driving routes, while our favourite cat videos might be linked to the actual cats we see in the streets. It also means that everything that Google already knows about us based on our search, email and calendar would enable it to serve us ads linked to the actual physical products and establishments we encounter via Google Glass.
For many this may be a very enticing future. We can have it, but we must also find a way to know – in great detail, not just in summary form – what happens to our data once we share it with Google, and to retain some control over what it can track and for how long.
It would also help if one could drive through the neighbourhood in one of Google’s autonomous vehicles without having to log into Google Plus, the company’s social network, or any other Google service.
The European regulators are not planning to thwart Google’s agenda or nip innovation in the bud. This is an unflattering portrayal that might benefit Google’s lobbying efforts but has no bearing in reality. Quite the opposite: it is only by taking full stock of the revolutionary nature of Google’s agenda that we can get the company to act more responsibly towards its users.
I think that it’s critically important to recognize just what the regulators are trying to establish: some kind of line in the sand, a line that identifies practices that move against the ethos and civil culture of particular nations. There isn’t anythingnecessarily wrong with this approach to governance. The EU’s approach suggests a deeper engagement with technology than some other nations, insofar as some regulators are questioning technical developments and potentialities on the basis of a legally-instantiated series of normative rights.
Winner, writing all the way back 1986 in his book The whale and the reactor: a search for limits in an age of high technology, recognized that frank discussions around technology and the socio-political norms embedded in it are critical to a functioning democracy. The decisions we make with regards to technical systems can have far-reaching consequences, insofar as (some) technologies become ‘necessary’ over time because of sunk costs, network effects, and their relative positioning compared to competing products. Critically, technologies aren’t neutral: they are shaped within a social framework that is crusted with power relationships. As a consequence, it behooves us to think about how technologies enable particular power relations and whether they are relates that we’re comfortable asserting anew, or reaffirming again.
(If you’re interested in reading some of Winner’s stuff, check out his essay, “Do Artifacts Have Politics.”)
Categories
2013.4.8
Although some of the core supporters of that group are prone to violence and criminal behaviour, Catt has never been convicted of criminal conduct in connections to the demonstrations he attended. Nonetheless, Catt’s personal information was held on the National Domestic Extremism Database that is maintained by the National Public Order Intelligence Unit. The information held on him included his name, age, description of his appearance and his history of attending political demonstrations. The police had retained a photograph of Mr Catt but it had been destroyed since it was deemed to be unnecessary. The information was accessible to members of the police who engage in investigations on “Smash EDO”.
In the ruling the Court of Appeal departs from earlier judgments by mentioning that the “reasonable expectation of privacy” is not the only factor to take into account in determining whether an individual’s Article 8 (1) right has been infringed. In surveying ECtHR case law, the Court noted that it is also important to check whether personal data has been subjected to systematic processing and if it is entered in a database. The rationale to include consideration of the latter two categories is that in this way authorities can recover information by reference to a particular person. Therefore, “the processing and retention of even publicly available information may involve an interference with the subject’s article 8 rights.” Since in the case of Catt, personal data was retained and ready to be processed, the Court found a violation of Article 8 (1) that requires justification.
Carolin Moeller, “Peaceful Protester’s personal data removed from extremism database”
The removal of Mr. Catt’s data from these databases is a significant victory for him and all those involved in fighting for citizens’ rights. However, the case acts as a clear lens through which we can see how certain facets of the state are actively involved in pseudo-criminalizing dissent: you’re welcome to say or do anything, so long as you’re prepared to be placed under perpetual state suspicion.
Categories
2013.4.5
Much of the information collected by CIFA [Counterintelligence Field Activity] was amassed in a database called Talon, which stands for Threat and Local Observation Notice. Under a classified order data July 20, 2005, and reported in the Washington Post by military affairs blogger William Arkin, CIFA was allowed to collect information about U.S. citizens in Talon if there was reason to believe those citizens were connected to international terrorist activities, narcotics traffic, and foreign intelligence organizations and were a “threat” to DoD installations and personnel (“In other words,” Arkin commented, “some military gumshoe or over-zealous commander just has to decide [that] someone is a ‘threat to’ the military”). CIFA also obtained information about U.S. persons from the NSA and the DIA. As it turned out, however, many of these threatening people were antiwar activists, and the information about them came from monitoring meetings held in churches, libraries, college campuses, and other locations.
Tim Shorrock, Spies for Hire: The Secret World of Intelligence Outsourcing. Pp. 178.
Dr. Pentland, an academic adviser to the World Economic Forum’s initiatives on Big Data and personal data, agrees that limitations on data collection still make sense, as long as they are flexible and not a “sledgehammer that risks damaging the public good.”
He is leading a group at the M.I.T. Media Lab that is at the forefront of a number of personal data and privacy programs and real-world experiments. He espouses what he calls “a new deal on data” with three basic tenets: you have the right to possess your data, to control how it is used, and to destroy or distribute it as you see fit.
Personal data, Dr. Pentland says, is like modern money — digital packets that move around the planet, traveling rapidly but needing to be controlled. “You give it to a bank, but there’s only so many things the bank can do with it,” he says.
His M.I.T. group is developing tools for controlling, storing and auditing flows of personal data. Its data store is an open-source version, called openPDS. In theory, this kind of technology would undermine the role of data brokers and, perhaps, mitigate privacy risks. In the search for a deep fat fryer, for example, an audit trail should detect unauthorized use.
Steve Lohr, “Big Data Is Opening Doors, but Maybe Too Many”
So, I don’t really get how Pentland’s system is going to work any better than the Platform for Privacy Preferences (P3P) work that was done a decade ago. Spoiler alert: P3P failed. Hard. And it was intended to simultaneously enhance users’ privacy online (by letting them establish controls on how their personal information was accessed and used) whilst simultaneously giving industry something to point to, in order to avoid federal regulation.
There is a prevalent strain of liberalism that assumes that individuals, when empowered, are best suited to control the dissemination of their personal information. However, it assumes that knowledge, time, and resourcing are equal amongst all parties. This clearly isn’t the case, nor is it the case that individuals are going to be able to learn when advertisers and data miners don’t respect privacy settings. In effect: control does not necessarily equal knowledge, nor does it necessarily equal capacity to act given individuals’ often limited fiscal, educational, temporal, or other resources.
Categories
2013.3.24
With drones, the question is how long before the dozens of states with the aircraft can arm and then operate a weaponized version. “Pretty much every nation has gone down the pathway of, ‘This is science fiction; we don’t want this stuff,’ to, ‘OK, we want them, but we’ll just use them for surveillance,’ to, ‘Hmm, they’re really useful when you see the bad guy and can do something about it, so we’ll arm them,’ ” Singer said. He listed the countries that have gone that route: the United States, Britain, Italy, Germany, China. “Consistently, nations have gone down the pathway of first only surveillance and then arming.”
When the Whole World Has Drones – NationalJournal.com (via thisistheverge)
It’s the creeping use, combined with perceptions of citizens’ inability to affect government behavior that, combined, arguably are provoking resistance to drones in Canada and the US.
Categories
More Visibility, Less Privacy
While admitting that increased surveillance was “scary” and that governments will have to be thoughtful with their laws, [Bloomberg] seemed to side with prioritizing radical transparency, especially through the use of automated drones, “but what’s the difference whether the drone is up in the air or on the building? I mean intellectually I have trouble making a distinction.”
…
Lest Bloomberg be labeled as a surveillience hawk, the interview took on a tone of inevitability, rather than advocacy: “Everybody wants their privacy, but I don’t know how you’re going to maintain it.”
Gregory Ferenstein, “Bloomberg: ‘We’re Going To Have More Visibility And Less Privacy,’ Drones And Surveillance Coming”
Correct me if I’m wrong, but his sentence “Everybody wants their privacy, but I don’t know how you’re going to maintain it” indicates a failure to understand his role as a politician. If everybody – including, one presumes, residents of New York city – “wants their privacy” then it is his job, and that of council, to protect and preserve those constituents’ privacy.
To be clear: it is not his job to authorize enhanced surveillance, and then throw his hands up and say that he doesn’t get how his constituents are going to realize their wishes as he and council march against those interests.
This promotional video of the FinFisher surveillance malware has some interesting components:
- they are talking about older Blackberry devices – I’m curious to know if they already have a ‘solution’ for more contemporary devices;
- the video speaks of infecting websites, which seems to suggest that an element of the FinFisher process is attacking unrelated website to then hunt targets. Crazy illegal in most jurisdictions I’m familiar with;
- the company focuses on TrueCrypt, which confirms the position the TC is a pretty awesome way of securing things you want to remain confidential….so long as you’re not infected with surveillance malware.
From a National Post article, published in 2012, we get a taste of the governments’ existing surveillance capabilities and activities:
Medical
The intimate information in medical files might include: erectile dysfunction, anti-psychotic medication, HIV tests, addictions, body mass index, the times you sought help because of stress, depression or sexual trauma. Health records can include psychiatric counselling.
And it isn’t just information about the person named on the file. They contain concerns expressed about a spouse’s drinking or infidelity or drug use by their child; the times they vented about their unstable boss.
Aren’t these out of the hands of anyone other than health-care providers?
Ask Sean Bruyea. The Gulf War veteran found his health records, including psychiatric reports, had been passed around by bureaucrats and sent to a Cabinet Minister in an apparent bid to discredit the outspoken critic.
Financial
Financial records are similarly sensitive: how much you earn, how much you donate to charity, which charities you choose, bankruptcy declarations, who you owe money to.
Financial data in government hands include income tax records, pension information, child tax benefits and much more. Anyone who has received a cheque from the government for any reason or ever paid money to the government is now in a database.
Corporate and business registration, federally and provincially, also requires a lot of personal and financial information. Credit card records offer a detailed profile of spending habits. Although privately held, a court order sees them turned over.
“You can find almost anyone and learn an awful lot about them if you have their credit history,” said a former police officer who now works for a provincial government.
There are also the enormous databanks of the Financial Transactions and Reports Analysis Centre of Canada (FinTRAC), a government agency collecting and disclosing information on suspected money laundering and terrorist financing.
Banks, life insurance companies, securities dealers, accountants, casinos, real estate brokers and others who deal with cash are obligated to report the deals or attempted deals under certain circumstances.
“Behaviour is suspicious, not people,” is FinTRAC’s mantra.
Scholastic
Extensive student records exist on most Canadians, including government student loans.
Local school boards and provincial education ministries have recorded your marks, attendance, illnesses, notes from teachers to parents and notes from home to the school. Many jurisdictions are moving to creating a complete, portable account of each student that follows the person from class to class, school to school.
Like head lice in a shared toque, it never goes away.
Policing
Law-enforcement databanks allow officers anywhere to check if a person is dangerous or a fugitive. Databanks such as the Canadian Police Information Centre lists criminal convictions, warrants and other important interactions with police. Also flagged are “emotionally disturbed persons” and those who are HIV-positive.
But there is, increasingly, much more to police databanks, with almost anyone who has a police encounter being entered into one.
It is hard to muster worry that a convicted killer or child molester is flagged in a police computer, but what about you being embedded there for complaining about a noisy party or reporting stolen property?
The PRIME-BC police database contains the names of more than 85% of B.C. residents, according to the B.C. Civil Liberties Association, which warns citizens could be passed up for jobs and volunteer positions because of misleading red flags. In Alberta, TALON, a new, $65-million database, is also raising concerns.
Manitoba, under Mr. Toews when he was the province’s attorney-general, was a trailblazer in recording interaction with young men to note markers of gang activity to help identify and declare them as gang members.
The Toronto-area forces have an enormous, shared combined database.
Federally, also, those convicted of certain offences are ordered to submit their DNA to the DNA databanks, perhaps the ultimate baring of your identity.
Travel
Passport Canada, an agency of Foreign Affairs Canada, keeps a large repository on citizens, including facial-recognition biometrics, those who vouched for your passport application and all trips abroad as well as visa applications.
Canada Border Services Agency keeps track of who is crossing our borders, including where you go and who arrives to visit you.
Recall that thin slip of card for customs you filled out on the airplane when returning to Canada. You wrote your name, address, travelling companions, passport number, where you went, how long you stayed and what you bought.
Those cards — its catalogue of booze and tobacco and all — are kept and can be forwarded to police or other government agencies.
Immigration
The Field Operations Support Systems, used by border and immigration agents, track all immigration-related information.
The Computer Assisted Immigration Processing System tracks every immigration application being processed by overseas offices, including family history, assessment notes, appeals status and concerns raised by citizenship staff.
Both of these large databanks are being consolidated into the Global Case Management System. The consolidation is but one example of the government’s drive of integrating data.
Transportation
Provincial ministries regulating driver’s licences hold a bevy of information, including medical information, address, photograph and its biometric information for facial recognition, driving and vehicle records.
This summer, the Insurance Corporation of British Columbia caused an uproar by offering biometric data from its database to police to help identify participants in the Stanley Cup riot. Critics blasted the potential use of data collected for one purpose for a distinctly different one.
Automatic Licence Plate Recognition (ALPR) creates another powerful tool for surveillance.
Pitched as a way of finding stolen cars and kidnapped children, the technology has appeal, but the portable devices that read hundreds of passing licence plates every minute and runs them through registration databases to attach it to an owner is causing concern.
Scanned pictures can be stamped with GPS co-ordinates, date and time information and stored in a database. It can track cars coming and going from any destination.
In Britain, there have been wide complaints of police using ALPR to stop vehicles coming or going to political protests. Privacy watchdogs in B.C. uncovered that among those automatically targeted by the RCMP’s ALPR included everyone who has gone to court to establish legal custody of a child, all who had a mental health problem that received police attention, and those linked to others under investigation.
Corporate information
Information collected by private corporations also has a way of making it to government.
407 ETR, the privately run electronic toll highway north of Toronto, scans licence plates so the owner can be billed. Police have accessed the data to track vehicles entering and exiting the highway, cross-referencing it and linking it to their investigations.
More widely used is hydro-electricity data. Special legislation in some provinces sees hydro data turned over to government to help identify homes with unusually high usage.
Drawing a lot of power is a marker for running a marijuana grow operation. More than one hothouse cucumber farmer, hot tub or swimming pool owner has been on the wrong end of that information.
Needless to say, that’s a lot of surveillance in a lot of sectors. The range of activities also speaks to why privacy advocates are often jack-of-all-trades (there aren’t a lot of them, so they need to learn a little about a lot) and why there are persistant worries around ‘surveillance creep’, or the gradual expansion of state surveillance capabilities. Sure, a new program may not be all that significant on its own but when combined with everything else authorities can derive previously-impossible-to-realize insights into Canadians’ private lives.
And, let me tell you from experience: getting access to the personal information that is stored about you by various agencies is often an act in futility. Government can learn about you, but it’s often impossible to learn what government has recorded about yourself.
Link: Lawful Access Was the Tip of an Already Existant Iceberg
Just so it remains clear just how much surveillance can happen in Commonwealth countries when authorities enjoy broad lawful access to communications data without needing warrants:
Law enforcement and government departments are accessing vast quantities of phone and internet usage data without warrants, prompting warnings from the Greens of a growing “surveillance state” and calls by privacy groups for tighter controls.
Figures released by the federal Attorney-General’s Department show that federal and state government agencies accessed telecommunications data and internet logs more than 250,000 times during criminal and revenue investigations in 2010-11.
(…)
Access is authorised by senior police officers or officials rather than by judicial warrant.
Federal agencies making use of telecommunications data include the Australian Federal Police, Australian Crime Commission and Australian Taxation Office, departments including Defence, Immigration and Citizenship, and Health and Ageing, and Medicare and Australia Post.
Data is also accessed by state police and anti-corruption bodies, government departments and revenue offices, and many other official bodies.
Needless to say, that’s an awful lot of parties accessing an awful lot of information about Australian citizens. Not included: statistics on telecommunications data access by the Australian Security Intelligence Organisation.
Excited Pixels 