Wednesday, May 16, 2007

A day in the life of the surveillance society

The Data Protection Commissioner's Annual Report, following the lead of his English counterpart, has a very interesting account of a day in the life of our surveillance society and how we can expect it to make terrorist suspects of law abiding individuals:
A Day in the Life

07:00 Annie Wun wakes up and turns on her computer to access the internet. She begins by checking the news using her account on an on-line news source. She had checked the privacy policy of the website before registering and was satisfied with the uses made of her data.

07:15 Annie searches for some personal items online. The searches together with her IP address (a unique address assigned to Annie's PC by her internet service provider (ISP)) are recorded and retained by the ISP for an unknown period of time and without a specified purpose. Searches made by Annie are also retained by the search engine and sometimes clearly used for targeted marketing purposes.

07:30 Annie phones her father to talk about a story on the news. The record of her call to her father is retained by her phone provider for a period of 3 years as required by law. It will be available to An Garda Síochána (and hopefully nobody else) should the need arise as part of any criminal investigation.

08:00 Annie leaves her house and drives to work. She passes through a toll booth using her easy travel card. Information is stored about the time her car passes through the booth and other booths along the journey each time. Again this information is retained and may be accessed for law enforcement or other purposes.

09:00 Annie reaches her workplace. CCTV cameras record her arrival as her employers are concerned about the security of the workplace. The use of CCTV was communicated to employees in advance of implementing the system and it was made clear to them that images from the system would only be used for security purposes and would be kept safe and secure.

Annie's employers were also concerned about their ability to properly track their employees in terms of time worked in the workplace so, after considering many options, they introduced a biometric thumb print clock-in system which records each employee each time they enter and leave the workplace. Annie was concerned that such a system was a bit intrusive into her personal space but most of her colleagues seemed unconcerned so she went along with it. There are no details available to Annie as to what other uses her employer might make of the information or indeed what security is in place to protect her personal data stored in the system.

09:15 Annie logs onto her email to check for any emails received. She has received a number of work related emails which require her attention and one personal email. Her employer has an email and internet usage policy in the workplace stating that some limited personal use of these facilities is permitted but that inappropriate usage is not permitted. Annie understands that this means that her employer may check her emails and internet usage from time to time or in response to a genuine suspicion of inappropriate usage. However, her employer may not check her mail or internet usage on an ongoing basis since this would intrude on her legitimate, limited personal use of these systems.

11:15 Annie uses her coffee break to check her bank balance using her bank's on-line service. Her bank knows how much use she makes of her account and has credit-profiled her based on this use for a €10,000 loan which is offered to her upon log-in. She doesn't accept.

Annie had spoken to her younger brother the previous evening and agreed to send him some additional funds. He is back-packing around Europe. Annie chooses the fund transfer option. Her bank, in common with all other major financial institutions, uses the SWIFT exchange system for such transfers. It is not made clear to Annie that details of the transfer may be accessed by the US Government as part of its efforts to combat the financing of terrorism.

13:00 Annie pops out for lunch and visits her local supermarket to pick up some things for the house as she is planning a major spring clean at the weekend. She hands in her store card to collect loyalty points as part of the purchase. Her supermarket accesses her information to monitor her buying habits and offers some suitable products in her next mail shot. She doesn't mind as she personally doesn't care what the supermarket knows about her buying habits. She was, of course, recorded on the shop's CCTV system as she entered and exited the shop.

13:20 Annie visits her local library to return a self help book “Male and Female Chemistry” and takes out a book on building self esteem “Love Bomb People”. She uses her library card which stores her usage pattern on the local authority database.

13:45 Using her lunch-break, Annie phones the Revenue Commissioners to query her tax allowances. She gives her personal public service number (PPSN) to the person on the other end of the phone line. They use her PPSN to pull up her name and address and a complete record of her dealings with the Revenue Commissioners for the past number of years. This reveals that she is a member of a Trade Union (a fact that her employer is unaware of), pays her refuse charges and claimed a substantial amount in medical
expenses the previous year.

16:00 Annie has to leave work early today to attend hospital for an appointment with her specialist. Annie still suffers from pain from an accidental shotgun wound in her leg suffered in an accident while on her family farm 3 years ago. Upon arrival, she gives her details. Her full medical file is with her specialist. This is not a concern as she wishes this to be the case. She is also aware that her full medical history is entered on an electronic system in the hospital. She does not mind this either but assumes that her records are only accessed by those persons who need her information to treat her.

18:00 Annie arrives home. She picks up her post which arrived after she left the house in the morning. Her credit card company is offering her another loan and has increased the credit limit on her card (without her asking) based on their analysis of her usage. She has also received direct marketing from a company with which she had no previous dealings offering her services for the property for which she has just made a planning application. She is very surprised at this as the local authority had not informed her that her personal details would be made public as part of the planning process. She has also received an unwanted text message offering her similar services. She is also very surprised by this but remembers that her local authority had asked her for her mobile phone number as a means of contacting her.

19:00 Having eaten dinner, Annie logs onto the internet again and books a flight to New York (she will in fact have minor plastic surgery undertaken). In doing so, a large amount of her personal details, which she was required to make available to book the flight, will be made available to the US authorities, in advance of her travelling, as part of its security procedures. Using this information, an assessment will be made as to whether she poses a threat to US security. The airline, through on-screen information, had provided some details of this but Annie does not normally read all such optional information, so is not aware of this.

20:00 Annie receives a call on her mobile phone. She doesn't recognise the number but answers it in any case. Upon hearing her name the person hangs up and Annie thinks nothing more of it. Unknown to Annie, the person who had phoned her number by accident is suspected of criminal activity by An Garda Síochána. They will shortly make a formal request under the provisions of the Criminal Justice Act 2005 for all records of phone activity by that person. This will highlight that Annie's number was phoned. As a result, An Garda Síochána will also request all details of her mobile phone usage for the past 3 months to ascertain whether she is relevant to their inquiries. This will ultimately reveal that she is not but only after all her mobile phone usage - including her location when she made and received calls - is thoroughly examined. Annie finishes her day by watching Big Brother on television. Her personal data is not made available to anybody else for the rest of the day.

Surveillance Society?

Well, why would law-abiding Annie Wun have anything to worry about? Her daily life has been made easier by the use of modern technology and she has willingly shared her personal information to get these benefits. Then again, perhaps she should worry. What if the information retained about her were pulled together in one place? The profile which emerges, and the conclusions that could be drawn from it, might give her an unpleasant surprise. Step forward Annie Wun, terrorist suspect?


Internet News Search: Articles of Interest include “London Terrorists Charged” (internet records).
Web searches: Plastic surgery.
Fund Transfer: Made out to a male in Hamburg.
Medical records: Operated on for gunshot wound.
Criminal records/offences committed: Yes. (Two speeding fines)
Local Authority library files: A word search threw up two hits - “chemistry” and “bomb”.
Phone records: Call received from known criminal.
Shopping habits: Large variety of hazardous cleaning materials purchased.
Holiday plans: Travelling on a flight to New York next week.

No comments:

Post a Comment