Tuesday, July 25, 2006

When surveillance meets bureaucracy

"Innocent People Placed On 'Watch List' To Meet Quota":
You could be on a secret government database or watch list for simply taking a picture on an airplane. Some federal air marshals say they're reporting your actions to meet a quota, even though some top officials deny it.

The air marshals, whose identities are being concealed, told 7NEWS that they're required to submit at least one report a month. If they don't, there's no raise, no bonus, no awards and no special assignments.

"Innocent passengers are being entered into an international intelligence database as suspicious persons, acting in a suspicious manner on an aircraft ... and they did nothing wrong," said one federal air marshal. ...

What kind of impact would it have for a flying individual to be named in an SDR?

"That could have serious impact ... They could be placed on a watch list. They could wind up on databases that identify them as potential terrorists or a threat to an aircraft. It could be very serious," said Don Strange, a former agent in charge of air marshals in Atlanta. He lost his job attempting to change policies inside the agency.
(via MetaFilter)

Tuesday, July 18, 2006

UK Government implements "Minority Report" - Department of Pre-Crime awaits

The Register reports that the UK government plans to tackle crime at birth by means of yet more entries in the proposed "Children's Index" database:
Children's Minister Hilary Armstrong was due today to outline what could become one of Project Blair's most ambitious, misguided and hubristic projects yet. The Government will attempt to identify children at risk of failure, violent behaviour or criminality at birth, and take the necessary corrective actions to steer them onto a law-abiding and successful path.

Ironically, Armstrong is floating these proposals just as this same predictive approach to future behaviour patterns is becoming discredited. A couple of national newspapers, the Independent and The Observer, appear to have seen outlines of the plans. According to the Independent, midwives, doctors and nurses are to be "asked to identify 'chaotic' families whose babies are in danger of growing up to be delinquents, drug addicts and violent criminals." The plan will be backed up by "research" which "shows that children from the most dysfunctional families are 100 times more likely to abuse alcohol commit crimes or take drugs", and a "source" close to Armstrong says: "It is the 'supernanny' model.' There is no reason why midwives who ask mothers lots of questions anyway can't ask a few more about the family circumstances and identify families where there may be problems. We need to intervene early to stop the cycle that leads to social exclusion."
The Register has some interesting comments about the quality of the data we can expect this database to contain:
The information they're sharing, meanwhile, will become more junk-like as the boxes they need to check and the fields they need to fill in multiply. Social workers, police, anyone who's given the job of spotting early warning signs will feel the need to put something in the box, for all too obvious reasons. What's it going to look like in five years time when some kid on your books gets beaten to death, and it turns out you didn't notice anything? The empty box clearly indicates negligence on your part. So the slightest, part-imagined 'signs' will go down, the people you're sharing the data with will see this 'concern' flagged and put in some 'signs' of your own. And as Brian Sheldon, Emeritus Professor, University of Exeter and former director of the Centre for Evidence-Based Social Work puts it, once social workers decide people need visiting, "they need visiting a lot." Or as Hine says, "if you're looking for problems, you will find problems."

The cases will tend to build themselves, the effect much magnified by the 'share and deploy' approach, and they'll also tend to focus on the easier cases. The ones who're easier to get at and who're on the receiving end of self-generating warning signs will get lots of attention (despite quite possibly never having needed any in the first place), and quite possible acquire real problems because of this, while harder cases of real need may not get any attention at all.

At ground level, midwives (and one presumes other professionals) are beginning to see the collateral damage of the Blair Project's data kleptocracy (Sheldon diagnoses this as symptomatic of a country suffering from obsessive-compulsive disorder). Some of the women midwives are dealing with have noticed that their histories can be taken down and used against them, and that it does not matter whether or not they have successfully coped, or are successfully coping with whatever the problem might have been. If you tell someone, it will be flagged as a 'concern' and will breed more concerns, and turn you into a 'case'. So they're starting to withhold information, and as midwives, and other professionals continue to ask "a few more" questions, people on the receiving end of the data kleptocracy will start to go underground.

Leaving systems built on junk science sharing junk data in pursuit of imaginary concerns and a pre-defined criminal underclass, while the rest of us hide.( Emphasis added)
For another perspective see the proceedings of the LSE conference "Children: Over Surveilled, Under Protected".

Monday, July 17, 2006

Online Anonymity - Ryanair Edition (continued)

The Irish Times reports that Ryanair has lost its action seeking to identify pilots posting to a bulletin board under pseudonyms. While the judgment doesn't seem to address the privacy issues involved, it does look at motive behind the action, and notes that "when Ryanair set up an investigation to find out who was behind the website, the real purpose of that investigation was to 'break the resolve' of pilots to seek better terms and conditions." This is an important finding - it indicates that actions to identify internet users should be assessed carefully to see whether there is some improper purpose underlying the application. From the Irish Times:
A High Court judge has rejected claims by Ryanair that its pilots or their unions had engaged in bullying, intimidation or isolation of other pilots over conditions imposed by Ryanair relating to training on new aircraft.

The only evidence of bullying was by Ryanair itself, Mr Justice Thomas Smyth stated yesterday. He described as "most onerous and bordering on oppression" a condition requiring pilots to pay Ryanair €15,000 for training on new aircraft in 2004. The €15,000 was payable by pilots if they left the company within five years or if Ryanair was required to engage in collective bargaining within the same period.

In a strongly worded reserved judgment, the judge dismissed a bid by the private airline for orders aimed at identifying pilots who posted messages under codenames, such as "ihateryanair" and "cantfly, wontfly" on a pilots' website. Ryanair had claimed the messages showed evidence of wrongful activity against it and its employees.

The judge also made a finding of false evidence in relation to two members of Ryanair management who had given evidence at the hearing. He held that, when Ryanair set up an investigation to find out who was behind the website, the real purpose of that investigation was to "break the resolve" of pilots to seek better terms and conditions. There was no warrant for Ryanair's action in seeking assistance from gardaĆ­ on the matter, he added.

He rejected as "baseless and false" the evidence of Ryanair director of personnel Eddie Wilson in relation to the setting up the investigation. The judge also said there was no conspiracy in relation to the setting up of the website and it was not engaged in anything unlawful. There was "no actionable wrong", he held, and dismissed Ryanair's application.

Friday, July 14, 2006

Dutch court upholds refusal to disclose file-sharers' identities

The Register reports that the Dutch decision in BREIN (holding that information about alleged filesharers had been obtained in breach of data protection law) has been upheld on appeal. The result is that litigation by the music industry will be unable to proceed.
A Dutch appeals court has thwarted attempts by the Dutch anti-piracy organisation BREIN to get the identities of file-sharers from five ISPs, including Wanadoo and Tiscali.

The court found that the manner in which IP addresses were collected and processed by US company MediaSentry had no lawful basis under European privacy laws. A lower court in Utrecht had reached a similar conclusion last year.

The court also argued that the software MediaSentry uses can't properly identify users or provide evidence of infringement.

Last year, expert witnesses at Delft University of Technology criticised MediaSentry's software for being too limited and simplistic. For instance, MediaSentry took filenames in Kazaa at face value. More importantly, the software scans all the content of the shared folder on the suspect's hard disk. In that process, it breached privacy laws.

The Dutch Protection Rights Entertainment Industry Netherlands (BREIN) represented 52 media and entertainment companies and has been investigating 42 people suspected of swapping song files. Nine file-sharers decided to settle with BREIN.

BREIN says it will go to a higher court, but lawyer Christiaan Alberdingk Thijm, who represented the ISPs, sees the decision as an important victory.

Wednesday, July 12, 2006

UK government abusing copyright to silence whistleblower

The Foreign Office is now seeking to misuse copyright law to stop a former ambassador from publishing material showing British involvement in torture. From the Guardian:
The government is threatening to sue former ambassador Craig Murray for breach of copyright if he does not remove from his website intelligence material that was censored out of his newly published memoirs.

Mr Murray has posted full texts of all passages the Foreign Office ordered deleted from the book version of Murder in Samarkand, the former Tashkent ambassador's account of alleged British complicity in torture by the despotic Uzbekistan regime. His book contains links to the website.

The passages detail CIA intelligence reports that Mr Murray says were false, and accounts of US National Security Agency intercepts and conversations with John Herbst, the US ambassador in Uzbekistan at the time. The Foreign Office says release of the material is damaging. ...

The Foreign Office is also demanding, in a claim that breaks new legal ground, that Mr Murray remove from his website the text of Foreign Office correspondence which he says he obtained officially through Freedom of Information Act and Data Protection Act requests.

The Treasury solicitors, the government lawyers, wrote to Mr Murray last week claiming: "Even if a document is released under the Freedom of Information Act or the Data Protection Act, that does not entitle you to make further reproductions of that document by, for example, putting them on your website."

Mr Murray said yesterday: "If the media do not react to this, they will lose the ability to report in any detail material released under the Freedom of Information Act. The documents in question are the supporting evidence for my book. The government continues to claim my story is untrue."
It is unacceptable that a government can silence its critics by relying on copyright law. The approach taken by US law is preferable, under which government publications don't benefit from copyright protection. After all, this material has already been paid for by the taxpayer.

Tuesday, July 11, 2006

Henry Porter on ID cards

Henry Porter gives an eloquent statement of the case against ID cards in today's Guardian:
Some, like the editor of Prospect, David Goodhart, have attempted to portray the cards as "badges of citizenship embodying the idea of the contract between citizen and state". The argument is superficially comforting. "They help us to know who is in the country and what their status is and to protect the precious entitlements of all existing citizens." There is no mention in his recent essay of the database or the terrible potential for intrusion and control. And of course the idea of this being a contract is ridiculous when one party is being forced to sign or face penalties. The notion of a badge of citizenship is codswallop being put about by people who are too impressed by authority and too weak to oppose it.

When reading the ID card bill I am constantly struck by its minatory tone - the threats of fines and the general contempt for the average citizen. There's a reason for this. Rather than being something that is designed to help us, the card and the register are, in fact, tools of government control and surveillance. Over and above the information you have supplied at enrolment (please note the voluntary connotations of the word enrolment ) your file on the NIR will build an entire picture of your life - your hospital visits, your children's schools, your driving record, your criminal record, your finances, insurance policies, your credit-card applications, your mortgage, your phone accounts (and, one presumes your phone records), and your internet service providers.

Every time you get a library card, make a hire-purchase agreement, apply for a fishing or gun licence, buy a piece of property, withdraw a fairly small amount of your money from your bank, take a prescription to your chemist, apply for a resident's parking permit, buy a plane ticket, or pay for your car to be unclamped you will be required to swipe your card and the database will silently record the transaction. There will be almost no part of your life that the state will not be able to inspect. And it will be able to use the database to draw very precise conclusions about the sort of person you are - your spending habits, your ethnicity, your religion, your political leanings, your health and even perhaps your sexual preferences. Little wonder that MI5 desired - and was granted - free access to the database. Little wonder that the police, customs and tax authorities welcome the database as a magnificent aid to investigation.

But know this: from the moment the database goes live, we will become subjects not citizens and each one of us will be diminished in relation to the state's power.

Something enormous and revolutionary is about to happen to us. We are giving the most precious part of ourselves to the government, allowing it complete freedom to roam through our privacy. And it's not just to this government, but to the governments of the future, the nature of which we cannot possibly know. And it's not just our privacy - it is the rights and privacy of future generations. While we are comfortable about handing this information over to the state, the citizens of the future may feel strongly about our complacency and our faith in the British government. We have a duty to those people, just as all the people who fought for the rights we enjoy today felt a sense of obligation to us.

The prime minister asks us to trust him and implies that abuse of a database would be unthinkable in Britain. But after the lies before the invasion of Iraq, the revelations of the Hutton inquiry and the evidence about rendition flights using British airspace I would suggest that we treat these sorts of assurances and appeals with the utmost suspicion.

Remember this government's attack on liberty. Remember what we have already lost - the campaign that has diminished defendants rights, introduced punishment without a court deciding that the law has been broken, restricted protest and speech and even assembly. Blair is unabashed about his record and has taken to describing civil liberties as a privilege that may be removed from someone the moment they become a suspect or a defendant.

I am afraid I do not trust the government's motives - nor do I trust its competence. The past decade is littered with failed government IT projects - the Child Support Agency, the immigration records, the working tax credit database, the farmers' single payment scheme are a few that come to mind. This is to say nothing of its record on security. The NIR will literally have thousands of entry points where the information on your file can be accessed.

One of the worst failures of a government database came to light a few weeks ago when the Home Office admitted that the Criminal Records Office had wrongly identified 2,700 people as having criminal records. I cannot think of a clearer case of defamation and it is surprising there is not some kind of class action against the Home Office. Not only were these people's reputations seriously damaged, many were turned down for jobs as a result of the CRO's mistake and can therefore argue for a serious loss of earnings. But the Home Office did not even apologise. It is exactly the arrogance that I fear will come to characterise all government dealings with the person in the street once this database is operational.

As I said, I am instinctively - genetically, as I put it - opposed to ID cards and the Identity Register. I am also politically opposed because as the government database grows, I believe there will be a commensurate lessening in the state's respect for each one of us. We will be reduced to the great mass of classified specimens, pinned down and itemised like dead butterflies in a showcase. Because of the power it possesses over us, I believe the government will gradually become less accountable and less responsive to the needs and wishes of the people. Whereas once politicians were our servants, they will become our masters and we their slaves.

I have philosophical objections, too. In a free country I believe that every human being has the right to define him or herself independently and without reference to the government of the time. This, I believe, is particularly important in a multicultural society such as ours. The ID card and NIR require and will bring about a kind of psychological conformity, which is utterly at odds with a culture that has thrived on individualism, defiance and the freedom to go your own way.

And it will remove the right of those who for whatever reason wish to withdraw from the cares of the world and the influence of society, to resort to the consolations of solitude and privacy without inspection from a centralised authority. Privacy, anonymity and solitude are rights, and we are about to lose them for ever.

People say that everything about you is known already. Someone has calculated that each of us appears on up to 700 databases. But the real point is that everything that is known about you will become linked up on the NIR. The register will take on a life of its own, for once you set up a system like this it becomes ineluctably compelled to find out more and more about you. That will be its hardwired purpose.

Imagine handing over the keys to your home when you are out at work to allow some faceless bureaucrat to rifle through your desk and drawers, your photograph albums and children's school reports, your bills and love letters. That is the kind of access they are going to have, and it is going to grow as time goes by and we become accustomed to this unseen presence in our lives.

Well, it's not for me. I cannot do it. I will not do it, and I hope you won't either.