Wednesday, August 29, 2007

"The New Surveillance" in Ireland

I've written a short piece for the Irish Security Industry Association's Risk Manager magazine about "The New Surveillance" and its growth in Ireland:
The recent trial of Joe O’Reilly for the murder of his wife Rachel attracted huge public interest for a number of reasons – the gruesome nature of the crime and the demeanour of the killer among them. But another cause of this public attention was the way in which the trial revealed the extensive digital footprints we leave behind in our day to day activities. In a first for the Irish courts, the prosecution case was built for the most part on digital evidence – including CCTV footage, mobile phone location data, details of calls and text messages and the content of emails.

Though this was the first case to attract such attention, in the background there has been a move towards greater surveillance of everyday life for some time now. For example: since 2002 Irish law has required that telephone companies log details of every telephone call made, every text message sent, and the movements of every mobile phone and that they store that information for three years. European law will extend this to the internet, requiring ISPs to log details of users’ emails, instant messages and web use. Recent legislation has permitted the random breath testing of drivers as well as random drug testing of employees. Within the last month alone Government plans were announced to roll out extensive CCTV schemes to sixteen additional towns, to introduce a national DNA database, to introduce mandatory registration of pre-pay mobile phones, and to introduce automatic number plate recognition systems which will automatically scan all passing cars to see whether they are reported stolen or untaxed.

What do these developments have in common? US academic Gary Marx has described them as “the new surveillance”. Traditionally we might think of surveillance as being something which is unusual or uncommon, carried out by the State, targeted towards a particular individual or group, labour intensive (and thus expensive), and focused on solving or preventing a particular crime. Technological developments (making surveillance easier and cheaper) and changes in social norms (including greater acquiescence to being monitored) have now turned this on its head.

The new surveillance is pervasive – far from being unusual surveillance has become the norm. It is not necessarily carried out by the State – for example, the obligation to track mobile phone users has been effectively outsourced to the mobile phone companies. This, along with increased automation, means that the cost to the State of surveillance can be minimised, doing away with any incentive to restrict surveillance to those situations where it is essential. It is untargeted – in the new surveillance every driver, web user, mobile phone user or pedestrian passing a CCTV camera is scrutinised as though they were a suspect and irrespective of whether any crime has been or is likely to be committed. The new surveillance is also largely invisible, allowing it to fly under the radar of public inspection and concern.

Should this concern us? The underlying technology is neutral in itself – for example, CCTV can be used to prosecute crime or (as in a recent English case) it can be used by its operators to spy on a woman through her bedroom and bathroom window. What matters is the use to which it is put and the legal controls which are in place. At an absolute minimum we should ensure that surveillance is democratically approved; that it is proportionate (going no further than necessary for a particular purpose); that information gained from surveillance be retained for the minimum period necessary; that it be subject to adequate independent oversight; and that sanctions should be in place for individuals or operators who violate these controls.

Unfortunately, Irish law generally fails these requirements. In 1996 the Law Reform Commission identified a range of deficiencies in Irish law on surveillance and over ten years on those problems remain unaddressed. Instead, official surveillance and technology have developed in what is often a legal vacuum. For example, there is no law governing the interception of emails, no law providing for criminal sanctions for the misuse of CCTV systems and no effective oversight of police surveillance. In short, the new surveillance has not been matched by new legal controls, which must raise doubts as to whether many aspects of the new surveillance are compatible with the right to privacy under the Constitution and under the European Convention on Human Rights.
PDF version here.

Friday, August 10, 2007

Australia to mandate ISP level filtering

The Sydney Morning Herald reports:
INTERNET service providers will be forced to filter web content at the request of parents, under a $189 million Federal Government crackdown on online bad language, pornography and child sex predators.

The Prime Minister, John Howard, said that the Government would increase funding for the federal police online child sex exploitation team by $40 million, helping investigators to track those who prey on children through chat rooms and sites such as MySpace and Facebook.

In a separate development, convicted sex offenders in NSW will have to register their email address with police as part of State Government efforts to stop them using the internet to prey on children.

Mr Howard will also confirm a previous announcement that the Government will pay $90 million to provide every household that wants it with software to filter internet content.

Those unable to install the software or who have concerns about their children's internet use will be able to get advice by phone, another proposal previously suggested by the Government.

The more efficient compulsory filtering of internet service providers (ISPs) was proposed in March last year by the then Labor leader, Kim Beazley. At the time, the Communications Minister, Helen Coonan, and ISPs criticised his idea as expensive.

Three months later Senator Coonan announced the Government's Net Alert policy, which promised free filtering software for every home that wanted it. She also announced an ISP filtering trial to be conducted in Tasmania. That trial was scrapped.

Today Mr Howard will hail the ISP filtering measure as a world first by any Government, and is expected to offer funding to help cover the cost. Parents will be able to request the ISP filter option when they sign up with an ISP. It will be compulsory to provide it.
This is a remarkable about face from the Australian government's previous position. No details yet on how the filtering systems will operate or be funded, but presumably the filtering categories will be based on the existing system under which the Australian Communications & Media Authority (ACMA) classifies content and issues takedown notices / notices to filtering software makers. Electronic Frontiers Australia has detailed criticism of the plan.