Posts filed under ‘Privacy’
I’m trying to find out exactly how many CCTV cams are here in Christchurch, New Zealand. I’ve been told it’s 44. Certainly, 25 new cams were added to the CCTV network in 2009. In Oxford, where I’ll be living, I’ve yet to spot one. I will do a thorough check as there’s bound to be one, probably at the town’s only ATM. But it’s a relief to be in a town where you and the streets aren’t watched day in day out by a lot of unblinking eyes.
What has me more alarmed though is an NZ Bill I’ve blogged about before – the Search and Surveillance Bill 45-1 (2009). Skim that blog post first before reading on. The Bill is currently before the Justice and Electoral Committee which is due to report back in late 2010.
I was watching Sunday last week and there was a report on just how intrusive this Bill could be into the every day lives of New Zealanders. Why don’t you watch the session – it’s pretty damn frightening. I was pleased to see a partner from NZ law firm, Bell Gully, being interviewed about concerns that Government agencies will have increased surveillance powers and you can read that law firm’s submission here.
As I understand it, over 70 “non-police” NZ agencies (such as Fisheries Ministry, Inland Revenue Department, Commerce Commission, the Reserve Bank and the Pork Industry Board) already have the power to obtain a search warrant (as long as it is deemed “role appropriate) but the Bill is a step beyond this – it gives these agencies the power to enter private property and covertly install a listening or recording device, set up hidden cameras or plant tracking devices on cars without someone’s knowledge. At the moment, when one of these agencies obtains a warrant, it’s for the production of documents or to answer questions. If there is reasonable cause, a search of physical property might take place.
The S&S Bill extends investigatory powers and is trying to provide a homogeneous framework for regulators but….it is basically giving police powers to non-police Government agencies. Scary. Who will be overseeing exactly what these agencies can and can’t do? And under what circumstances will an agency be given the power to enter private property for secret squirrel operations? From my reading of the S&S Bill, it seems that non-police agencies would also be given the power to obtain a “residual warrant” that would allow them to legally hack into someone’s computer remotely and this would include asking an ISP to provide access to the person’s computer network.
Surely this Bill is contrary to the New Zealand Bill of Rights Act 1990, which gives New Zealanders the right to be free from unreasonable search and seizure?
What really, really scares me is that should the Bill become law, I can’t see how a person has the right to silence. It seems that under an Examination Order, a Government agency can haul you off for questioning and you have no right of refusal. I guess you could cite s60 of the Evidence Act and claim ‘privilege against self-incrimination’ – but I’m not sure how far that would get you.
Anyway, I plan to study this much more deeply. It’s very concerning that a democracy like New Zealand is considering such invasive powers (no doubt it’s being touted as an “anti-terrorism” measure). If you know anything, leave a comment.
I’m watching with interest a simmering cat fight that could boil over soon. Germany is looking at Google, closely, very closely and the German Federal Commissioner for data protection and freedom of information, Peter Schaar, is not happy with the search giant, saying that Google may been in breach of German privacy law.
Regular ThinkingShift readers know of my distaste for Google’s Street View service. After being pressed by the German Government to cough up information on the Wi-Fi data contained on the hard drives of Google’s Street View cars, Google posts (what sounds like) a transparent, open post.
The story goes like this: Google has allegedly been collecting private data on individuals by scanning for private wireless networks and recording the details whilst cruising streets with those ugly Google Street View vans. European officials were concerned about Google’s activities and demanded they reveal the type of data collected. Cornered, Google admitted that private data had been collected but oops, it was a programming error, and we didn’t mean to do it, sorry. But it seems that what Google was busy collecting was not just the names and addresses of private citizens but also information sent over the network such as emails and what websites were visited by those citizens.
Illegally tapping into private networks is against German law so Google is in hot water. Peter Schaar isn’t taking any of Google’s excuses lying down, saying:
‘‘So everything was a simple oversight, a software error! The data was collected and stored against the will of the project’s managers and other managers at Google. If we follow this logic further, this means: The software was installed and used without being properly tested beforehand. Billions of bits of data were mistakenly collected, without anyone in Google noticing it, including Google’s own internal data protection managers, who two weeks ago were defending to us the company’s internal data protection practices.’‘
If German data protection authorities had not demanded Google reveal what exactly was on the hard drives of Street View cars, then I wonder if Google would ever have admitted to “the software error”. Ah, I doubt it.
And German citizens are none too happy about Street View either, with many private home owners signing up to have their properties excluded from the spying Google eyes. I can assure Google that should they ever try to come down the driveway of our rural property in New Zealand, a huge cat fight will erupt. One poor woman in the UK has been captured by the cruising vans not once, not twice, but 43 times as she innocently strolls down a Suffolk street, walking the dog.
Google: your credibility is evaporating dudes.
UPDATE: 18/05/2010 Google’s woes are going from bad to worse – the Australian Privacy Commissioner is also asking questions of Google since the internet behemoth admitted it had “inadvertently” been recording Wi-Fi data from unsecured wireless networks in over 30 countries. Electronic Frontiers Australia and the Australian Privacy Foundation have sent Google a “please explain” joint letter and are pressing Google to reveal what data its Street View cars and vans actually collect. Can’t wait to hear Google’s latest response: “oh, we’ve been collecting heaps of data about private citizens in over 30 countries for four years? Really? We had no idea: must be a programming error. We’ll get back to you”.
All this sounds like Facebook’s latest debacle over privacy issues – and what’s happening now with Facebook? People are leaving it in droves. I have a Facebook “presence”, basically a cartoon cat avatar and minimal information. I think I will now even de-activate this. Note: there is a difference between deleting stuff off Facebook and de-activating your account. It seems Facebook retain the data (eg photos, your connections blah blah) and can data mine it to death.
Mark May 31 in your diaries as “Quitting Facebook Day” – there’s a whole website devoted to quitting Facebook on that day. I plan to join the exodus.
UPDATE: May 26 2010 – Congressman Henry Waxman (D-CA), Joe Barton (R-TX) and Ed Marley (D-MA) have sent a letter to Google and asking for a reply by June 7. There are 12 juicy questions that Google is being grilled on. Read it here.
UPDATE: May 27 2010 Google is resisting all demands to hand over private internet data to Regulators (and snubs Hong Kong’s Privacy Commissioner whilst it’s at it). Mmmmmm…..if Google “accidentally, inadvertently, oops, we didn’t mean to” collect data, then why are they fighting so hard to deflect any attempts at getting them to handover the collected data?
Do you remember your high school years? Was it full of Zac Efron dudes singing and dancing their way through musicals? Or pretty young things spending more time on their appearance than their learning? My time in high school was pretty pedestrian now that I think about it. I always had my nose in textbooks, showed up to all classes and thoroughly enjoyed the experience. I had a crush on a few dudes; every weekend I cleaned the pool for my ancient history teacher; and I plotted and schemed how to avoid physical education classes. But that’s about as radical as it gets. Boring, yeah, I know.
But seems if you’re a kid in school these days, it’s not necessarily a pleasant thing to experience. Why? Because we’ve reached the point where every school kid is looked on as a possible threat. Before I launch myself into the topic, yes, there have been some terrible incidents in schools where kids and teachers have been attacked or shot. But not every kid is planning to off his or her fellow students or teachers. Some are there – gasp! – to learn and gain the marks needed to enter university or college.
Take a moment to remember your high school years – then read this letter from James Stephenson as he relates a school stuffed full of CCTV cameras and invasive searches. Stephenson graduated from Virginia’s public schooling system two years ago, so it’s all fresh in his memory. He talks of staff searching student cars and lockers; how heavily-armed and armored police officers roam the halls; and he invites us to consider that CCTV cams don’t make you feel more secure – they make you feel “twitchy and paranoid”. My heart went out to Stephenson when I read this letter. I cannot imagine being a kid in high school surrounded by security and teaching staff who consider I might be a potential threat and therefore have to monitor, surveil, frisk, search and spy on me. And of course you would have read about student laptop webcams used to spy on kids at school and in their own homes.
Now, I’ve just been reading about the circus going on at a school in Chelmsley Wood, UK (rest assured dear American reader: you are not the only country forced to put up with the theatre of security). Kids at Grace Academy in Chelmsley Wood discovered security cameras had been installed without parent permission in……the toilets. Yeegads! Apparently, this school has 26 CCTV cameras. I presume the CCTV cams in the loos are only pointing at the washing basins but I would not be surprised to learn otherwise.
The question in my mind is: what will be the results for a generation of kids who have been constantly monitored from kindergarten onwards? You just have to read Stephenson’s heartfelt letter to know that all kids are not saying “who cares, I’ve got nothing to hide”. The really interesting bit in my mind of Stephenson’s narrative was when he talked about an English teacher who never had any trouble with the kids in her class. She simply treated her class with respect and expected the same from them.
Most violence that kills children is outside the school environment. For example, between 1990 and 2001, two million children were killed in wars where small arms were used. In 2007/2008, 43 children (or 62% of killings in England and Wales) were killed by their parents. And in the United States, in 2005 there were 555 cases of infanticide with 60% of children dying at the hands of their parents.
I am not saying that child-on-child crime isn’t a serious issue in schools. It’s a tragedy that any child is killed or attacked whilst at school. But authorities should be probing the cause of school massacres not installing hundreds of CCTV cams in the false hope of stopping incidents. I suspect that schools and school authorities are in the grip of what Stanley Cohen refers to as a “moral panic”. I’ll do some more thinking on this and perhaps do another post.
So you know that I think the future will be full of iris scanners, full-body scanners, CCTV cams, micro-chips – basically a future full of us being surveilled, tracked, monitored and profiled. And so to news this week that iris scanning technology is starting to make its way into law enforcement. If you live in Arapahoe County, Colorado USA – well, you might be asked to undergo an iris scan. Police in the county will become the first law enforcement agency in Colorado to begin identifying criminals, missing children and seniors using biometric analysis of the human iris.
Check out this video:
Iris scanning technology is still fairly rudimentary and can be fooled. The individual undergoing a scan must remain still so that the scanner can do its thing. But there is a research project afoot to develop the ability to obtain facial and eye data when the subject is moving or when the lighting is not good. And I think the future will be full of us being surveilled and scanned without our knowledge. As we move through the streets of our cities, go down into the subways, travel the trains and buses, I suspect that unobtrusive, public iris scanning will be taking place, perhaps linked to online advertising. So you’re walking into the subway, pass a scanner and beep beep goes your iPhone with the latest glam ad for a product that matches your profile. Very Minority Report.
The issue I believe is that there will be a lot of scanning, surveilling and monitoring going on but no SEEING. The social contract of a city is that which is woven by its citizens. Anyone who has read Jane Jacobs’ The Death and Life of Great American Cities, knows that the city is a living organism with a delicate balance between watching and being seen. We’ve all learnt to live in cities and with our neighbours by being watchful of others – taking care not to smash into someone as we walk down a busy street or keeping a respectful distance from others and not invading their “space”. You learn to pick up subtle cues from people and you know not to walk down a deserted, unlit street.
Security cameras, iris and body scanners – sure they can all watch and monitor but they can’t see. And do you think for one moment that crazies and whackos are deterred by surveillance? Nope, they ignore it or find a way around it.
If we allow surveillance technology to take over then we lose the ability to really see. We become watched. And because we allow the Government to introduce CCTV cams, airport scanners and so on, we come to believe that watching is acceptable and so we watch our neighbours, we watch for terrorists, we watch for suspicious behaviour, but we don’t see. And the result? I think it’s a step towards the ultimate destination of knowing someone’s intentions before they act.
Don’t laugh just yet – read this piece from The Guardian. Scientists and researchers are already imagining a scanner that would be like shining a torch onto the human brain, revealing intentions and thoughts. Right now, the technology doesn’t exist to scan a brain and judge whether a person is likely to commit a crime. But the surveillance technology we are currently surrounded by assumes we have evil intentions of blowing up planes. So how short is the step to a brain scanner? A very short one I’d say.
The ethical debate about how brain scanning technology should be used or if indeed it should be used at all will never take place. Because we are becoming inured to surveillance technologies scanning the heck out of us, we will just say yeah, bring it on, I’ve got nothing to hide. It will be such a hassle to get through security at airports and just get onto a plane (remember when flying used to be fun?) that we will all be broken mentally and just accept the surveillance and monitoring. This makes it so much easier to introduce more intrusive surveillance and take us from the Sleeping Society to the Controlled Society.
The neuroscientist, Jean-Pierre Changeux, has warned of a dark future when neuroscience becomes entangled with imaging and scanning technologies:
“……..at the annual public meeting of the French national bioethics committee held last week in Paris… Jean-Pierre Changeux, the chairman of the committee and a neuroscientist at the Institut Pasteur in Paris, told the meeting that understanding the working of the human brain is likely to become one of the most ambitious and rich disciplines of the future. But neuroscience also poses potential risks, he said, arguing that advances in cerebral imaging make the scope for invasion of privacy immense. Although the equipment needed is still highly specialized, it will become commonplace and capable of being used at a distance, he predicted. That will open the way for abuses such as invasion of personal liberty, control of behaviour and brainwashing. These are far from being science-fiction concerns, said Changeux, and constitute “a serious risk to society”. Nature (Vol 391, Jan 22 1998 p 316).
And Japanese scientists are said to already be there – they’ve developed a machine that can take images directly from the human brain. Scary.
I did not have to gaze into any crystal ball to foretell that we, the weary traveller, would have to face increased security at airports because of the “underwear bomber“. (Imagine going down in history being called the “underwear bomber”). Yet again, we have authorities rushing around installing full-body scanners so they can look to be talking tough and doing something, anything in the face of alleged threats. The Canadians seem to very anxious to be seen in a flurry of reaction, purchasing 44 scanners in the wake of the underwear bomber.
I’ve blogged before about full-body scanners and invasion of privacy. But if any airport or private security dudes are reading this blog, rush off to read 5 reasons why body scanners will probably not resolve the terrorist problem. And pay particular attention to point 2 and why the “underwear bomber” probably would not have been detected.
Michael Chertoff, who was homeland security secretary from 2005 to 2009, is calling for the widespread expansion of whole-body imaging scanners that use radio waves or X-rays to reveal objects beneath a person’s clothes. (Chertoff BTW has a consultancy that represents Rapiscan, a company manufacturing body scanners.) Yeah, well I’d like to shove this dude into a booth and give him the equivalent of a digital strip search. These scanners show the outline of genitalia – see the photo accompanying this post or, better yet, the one below.
Now, call me cynical but I can foretell a time when some Hollywood star’s digital naked image will find its way miraculously onto the Internet courtesy of some scanning dude wanting to make a quick buck.
And tell me how scanning is not violating child pornography laws? Are you fine with: first of all, your child being viewed as a potential terrorist and secondly, your kid basically being lined up against a wall and a naked image produced? Guys: are you fine with your wife or tween-age daughter being seen naked? And what about Islamic women being subjected to scans: will this not violate Islamic rules of public modesty?
Call me cynical again but what strict processes will be put into place to ensure that scanning personnel won’t show their family and friends images of celebrities or people with odd body features or grandma’s underpants? What’s to ensure that images of kids won’t fall into the hands of pedophiles? Authorities are saying that scanners will be used alongside metal detectors and pat-down searches. So for now, full-body scanning isn’t mandatory but wait….when private corporations stand to make millions out of scanners being mandatory, you can bet your bottom dollar that we’ll all be subjected to scanning sooner rather than latter.
There are two types of scanners: scanners using “millimetre-wave” technology and x-ray scanners. Scanners using millimetre-waves would not have detected the 3oz of the chemical powder PETN (pentaerythritol tetranitrate) that Abdulmutallab had stuffed up his underwear. Because this material is low density the millimetre waves pass through and the object is not shown on screen. X-ray scanners (called backscatter scanners) penetrate one-tenth of an inch into the body, which is enough to detect any devices or drugs hidden just under the skin. Manufacturers are saying the risk of irradiation is low, 1% or less of the radiation in a dental X-ray but consider the cumulative effects. For frequent flyers, what are the health risks of ongoing x-rays? A 2004 study suggested that 0.6% of all cancers diagnosed in the UK are due to medical X-rays. This would amount to around 700 of the 124,000 new cases of cancer in the UK each year. Flying for 30 hours BTW is equivalent to one chest x-ray.
And a leading US expert on the biological effects of x-ray radiation, Dr. John Gofman, who has conducted exhaustive studies, concludes that there is NO SAFE DOSE-LEVEL of ionizing radiation. His studies suggest that radiation from x-rays and treatment is a causal co-factor in 50% of cancers in the US.
UPDATE: Natural News article – full-body scanners may damage human DNA.
Back in November 2008, the European Union seemed to be displaying some sense when they shelved plans to introduce scanners but are now deeply divided over whether to introduce this intrusive technology or not. It’s possible the EU may issue a binding regulation demanding use of imaging technology.
You know, it would be far smarter if authorities spent millions on improved and collaborative intelligence instead of full-body scanners. We’ve put up with increased security measures since 9/11 but did this stop Abdulmutallab from smuggling explosives onto a jet airliner? NOOOOOOOOOOO. From all I’ve read, the CIA (who was contacted by Abdulmutallab’s father) declined to share information about Abdulmutallab with the National Counterterrorism Center, which may have placed him on the “no fly” list. The National Security Agency was also busy eavesdropping on a conversation that discussed a plot to use a Nigerian man for a coming terrorist attack but the NSA didn’t seem to have the information the CIA had or didn’t share it with other agencies. So there was an intelligence breakdown and a pattern of information that could have pointed to a terrorist threat was not detected by US security agencies.
Instead of seeing every citizen as a potential terrorist and subjecting us to one more intrusion on our personal privacy and dignity, why not enhance intelligence operations and stop any terrorist from even getting to an airport car park?
“Naturally the common people don’t want war; neither in Russia, nor in England, nor in America, nor in Germany. That is understood. But after all, it is the leaders of the country who determine policy, and it is always a simple matter to drag the people along, whether it is a democracy, or a fascist dictatorship, or a parliament, or a communist dictatorship. Voice or no voice, the people can always be brought to the bidding of the leaders. That is easy. All you have to do is to tell them they are being attacked, and denounce the pacifists for lack of patriotism and exposing the country to danger. It works the same in any country.”
If we keep allowing the nanny state to contain us in a climate of fear, then we deserve the suffocating future we’ll all end up in.
UPDATE: May 19 2010 “Naked” scanners may increase cancer risk.
I recently read an article that carried comments from Google’s CEO, Eric Schmidt, that frankly I thought were pretty dismissive towards those who are concerned about online privacy. He said: “If you have something that you don’t want anyone to know, maybe you shouldn’t be doing it in the first place“. Mmmm…and this is from the man who whacked CNet over the head and banned them for a year after the site published information about him it had discovered on ahem, Google. (This is a bit like Facebook’s CEO, Mark Zuckerberg, being caught by Facebook’s new privacy settings. Candid shots of him were splashed over the Internet before he locked his profile to allowing access to “friends of friends”. My personal favourite shot is the teddy bear one).
BTW: be aware that the new privacy settings on Facebook mean that the default settings make most of your content accessible to “everyone” (ie the whole planet, the whole universe, EVERYONE). All your personal information – your name, profile picture, where you live, gender, networks and friends, and the pages that you are a fan of – will be treated as publicly available information. You want that? If so, good luck.
You have to wonder why Zuckerberg suddenly locked down all his personal stuff. Gawker quipped: “Facebook’s own chief executive is illustrating that his privacy settings are so baffling that even he himself doesn’t grasp their full implications“. LOL.
But back to Schmidt. His comment is a bit like saying “you got dirty little secrets? then don’t use any Google applications, because search engines, including Google, retain your info”. So the really important question is: should you choose to use Google Docs or other Google apps that require you to use your Google sign-on, to what extent are you subject to the US Patriot Act? If you’re living in Australia, or Holland, or Canada or South Africa – are you subject to this Act? I started wondering about this when I read Schmidt’s comments and when Facebook tinkered around with its privacy settings yet again. So let’s find out.
Well, there is one glaring case study we can examine. Canada’s LakeHead University decided to replace its ageing infrastructure by adopting Google email and collaboration tools. Good idea you’d think because it saved the Uni hundreds of thousands of dollars. But it meant that emails and documents sent by email to the US from Canadian university staff became subject to the US Patriot Act, which basically gives the US Government the right to access or search virtually any data hosted by US companies (and this of course includes Google, a company based in Mountain View, California). And the U.S. Justice Department can subpoena search records. This is all at odds with Canada’s very strict privacy laws.
Section 215 of the Patriot Act allows the US FBI to issue a national security letter, which compels a third-party, such as ISPs, financial institutions and telecommunications firms, to disclose customer information. And Section 215 includes a “gag order”, meaning the third-party cannot reveal to any other party that it has been served with a national security letter. So if a Canadian company is a subsidiary of a US company and the US parent is whacked with the national security letter, any information held in subsidiary locations would have to be coughed up. No warrant is required. (This is my understanding from reading Section 215). This would apply I presume to firms based in Australia with a US parent. Think of it this way: information crossing the US border in a fiber-optic cable is treated the same way as papers carried in a briefcase. Canada has done a huge amount of work in sorting out the implications of trans-border data flows. Go here for FAQs on the Patriot Act.
And I think the US Patriot Act has tremendous impact on cloud security. So if cloud service providers have data centres in the US, the information is in danger of being exposed. Should you choose to store your personal data in the cloud (business records and sensitive corporate documents, emails etc) then I think you will have inadequate legal protection over your own data.
This prompted me to find out where the heck Google data centres are located and I came across the map below. Also read this Data Center Knowledge FAQ, which covers in detail Google’s servers and data centres.
Australia doesn’t appear to have a data centre or server (although there were rumblings earlier in 2009 that Google would build one in Oz. This seems to be on hold until the Federal Government sorts out the broadband network). So if there’s no local data centre or server, then where is the personal financial document you stored in Google Docs actually held? The Patriot Act makes all data stored on US shores liable to inspection – this would contravene the EU’s Data Protection Act I would think (ie cause a huge cat fight) although I’m presuming the EU-US Safe Harbor program also provides protection. I’m not so sure what protects Australians. I’m looking into it – leave a comment if you know more.
The point is we are increasingly seduced by Google. It’s a clever company with clever apps. Just think about your online privacy protection. I need to come up to speed with the Patriot Act. Several provisions of the Patriot Act are due to expire December 31 2009 unless renewed by Congress but Obama is seeking to extend its spying provisions.
Just love this. For those of us concerned about Google and privacy, watch this. If you’re not concerned but just want to have a chuckle, watch it anyway.