NZ Spy Bill

I’m trying to find out exactly how many CCTV cams are here in Christchurch, New Zealand. I’ve been told it’s 44. Certainly, 25 new cams were added to the CCTV network in 2009. In Oxford, where I’ll be living, I’ve yet to spot one. I will do a thorough check as there’s bound to be one, probably at the town’s only ATM. But it’s a relief to be in a town where you and the streets aren’t watched day in day out by a lot of unblinking eyes.

What has me more alarmed though is an NZ Bill I’ve blogged about before – the Search and Surveillance Bill 45-1 (2009). Skim that blog post first before reading on. The Bill is currently before the Justice and Electoral Committee which is due to report back in late 2010.

I was watching Sunday last week and there was a report on just how intrusive this Bill could be into the every day lives of New Zealanders. Why don’t you watch the session – it’s pretty damn frightening. I was pleased to see a partner from NZ law firm, Bell Gully, being interviewed about concerns that Government agencies will have increased surveillance powers and you can read that law firm’s submission here.

As I understand it, over 70 “non-police” NZ agencies (such as Fisheries Ministry, Inland Revenue Department, Commerce Commission, the Reserve Bank and the Pork Industry Board) already have the power to obtain a search warrant (as long as it is deemed “role appropriate) but the Bill is a step beyond this – it gives these agencies the power to enter private property and covertly install a listening or recording device, set up hidden cameras or plant tracking devices on cars without someone’s knowledge.  At the moment, when one of these agencies obtains a warrant, it’s for the production of documents or to answer questions. If there is reasonable cause, a search of physical property might take place.

The S&S Bill extends investigatory powers and is trying to provide a homogeneous framework for regulators but….it is basically giving police powers to non-police Government agencies. Scary. Who will be overseeing exactly what these agencies can and can’t do? And under what circumstances will an agency be given the power to enter private property for secret squirrel operations? From my reading of the S&S Bill, it seems that non-police agencies would also be given the power to obtain a “residual warrant” that would allow them to legally hack into someone’s computer remotely and this would include asking an ISP to provide access to the person’s computer network.

Surely this Bill is contrary to the New Zealand Bill of Rights Act 1990, which gives New Zealanders the right to be free from unreasonable search and seizure?

What really, really scares me is that should the Bill become law, I can’t see how a person has the right to silence. It seems that under an Examination Order, a Government agency can haul you off for questioning and you have no right of refusal. I guess you could cite s60 of the Evidence Act and claim ‘privilege against self-incrimination’ – but I’m not sure how far that would get you.

Anyway, I plan to study this much more deeply. It’s very concerning that a democracy like New Zealand is considering such invasive powers (no doubt it’s being touted as an “anti-terrorism” measure). If you know anything, leave a comment.

Achtung Google!

I’m watching with interest a simmering cat fight that could boil over soon. Germany is looking at Google, closely, very closely and the German Federal Commissioner for data protection and freedom of information, Peter Schaar, is not happy with the search giant, saying that Google may been in breach of German privacy law.

Regular ThinkingShift readers know of my distaste for Google’s Street View service. After being pressed by the German Government to cough up information on the Wi-Fi data contained on the hard drives of Google’s Street View cars, Google posts (what sounds like) a transparent, open post.

The story goes like this: Google has allegedly been collecting private data on individuals by scanning for private wireless networks and recording the details whilst cruising streets with those ugly Google Street View vans. European officials were concerned about Google’s activities and demanded they reveal the type of data collected. Cornered, Google admitted that private data had been collected but oops, it was a programming error, and we didn’t mean to do it, sorry. But it seems that what Google was busy collecting was not just the names and addresses of private citizens but also information sent over the network such as emails and what websites were visited by those citizens.

Illegally tapping into private networks is against German law so Google is in hot water. Peter Schaar isn’t taking any of Google’s excuses lying down, saying:

‘‘So everything was a simple oversight, a software error! The data was collected and stored against the will of the project’s managers and other managers at Google. If we follow this logic further, this means: The software was installed and used without being properly tested beforehand. Billions of bits of data were mistakenly collected, without anyone in Google noticing it, including Google’s own internal data protection managers, who two weeks ago were defending to us the company’s internal data protection practices.’‘

If German data protection authorities had not demanded Google reveal what exactly was on the hard drives of Street View cars, then I wonder if Google would ever have admitted to “the software error”. Ah, I doubt it.

And German citizens are none too happy about Street View either, with many private home owners signing up to have their properties excluded from the spying Google eyes. I can assure Google that should they ever try to come down the driveway of our rural property in New Zealand, a huge cat fight will erupt. One poor woman in the UK has been captured by the cruising vans not once, not twice, but 43 times as she innocently strolls down a Suffolk street, walking the dog.

Google: your credibility is evaporating dudes.

UPDATE: 18/05/2010 Google’s woes are going from bad to worse – the Australian Privacy Commissioner is also asking questions of Google since the internet behemoth admitted it had “inadvertently” been recording Wi-Fi data from unsecured wireless networks in over 30 countries. Electronic Frontiers Australia and the Australian Privacy Foundation have sent Google a “please explain” joint letter and are pressing Google to reveal what data its Street View cars and vans actually collect. Can’t wait to hear Google’s latest response: “oh, we’ve been collecting heaps of data about private citizens in over 30 countries for four years?  Really? We had no idea: must be a programming error. We’ll get back to you”.

All this sounds like Facebook’s latest debacle over privacy issues – and what’s happening now with Facebook? People are leaving it in droves. I have a Facebook “presence”, basically a cartoon cat avatar and minimal information. I think I will now even de-activate this. Note: there is a difference between deleting stuff off Facebook and de-activating your account. It seems Facebook retain the data (eg photos, your connections blah blah) and can data mine it to death.

Mark May 31 in your diaries as “Quitting Facebook Day” – there’s a whole website devoted to quitting Facebook on that day. I plan to join the exodus.

UPDATE: May 26 2010 – Congressman Henry Waxman (D-CA), Joe Barton (R-TX) and Ed Marley (D-MA) have sent a letter to Google and asking for a reply by June 7. There are 12 juicy questions that Google is being grilled on. Read it here.

UPDATE: May 27 2010 Google is resisting all demands to hand over private internet data to Regulators (and snubs Hong Kong’s Privacy Commissioner whilst it’s at it). Mmmmmm…..if Google “accidentally, inadvertently, oops, we didn’t mean to” collect data, then why are they fighting so hard to deflect any attempts at getting them to handover the collected data?

We see you here; we see you there

Do you remember your high school years? Was it full of Zac Efron dudes singing and dancing their way through musicals? Or pretty young things spending more time on their appearance than their learning?  My time in high school was pretty pedestrian now that I think about it. I always had my nose in textbooks, showed up to all classes and thoroughly enjoyed the experience. I had a crush on a few dudes; every weekend I cleaned the pool for my ancient history teacher; and I plotted and schemed how to avoid physical education classes. But that’s about as radical as it gets. Boring, yeah, I know.

But seems if you’re a kid in school these days, it’s not necessarily a pleasant thing to experience. Why? Because we’ve reached the point where every school kid is looked on as a possible threat. Before I launch myself into the topic, yes, there have been some terrible incidents in schools where kids and teachers have been attacked or shot. But not every kid is planning to off his or her fellow students or teachers. Some are there – gasp! – to learn and gain the marks needed to enter university or college.

Take a moment to remember your high school years – then read this letter from James Stephenson as he relates a school stuffed full of CCTV cameras and invasive searches. Stephenson graduated from Virginia’s public schooling system two years ago, so it’s all fresh in his memory. He talks of staff searching student cars and lockers; how heavily-armed and armored police officers roam the halls; and he invites us to consider that CCTV cams don’t make you feel more secure – they make you feel “twitchy and paranoid”. My heart went out to Stephenson when I read this letter. I cannot imagine being a kid in high school surrounded by security and teaching staff who consider I might be a potential threat and therefore have to monitor, surveil, frisk, search and spy on me. And of course you would have read about student laptop webcams used to spy on kids at school and in their own homes.

Now, I’ve just been reading about the circus going on at a school in Chelmsley Wood, UK (rest assured dear American reader: you are not the only country forced to put up with the theatre of security). Kids at Grace Academy in Chelmsley Wood discovered security cameras had been installed without parent permission in……the toilets. Yeegads! Apparently, this school has 26 CCTV cameras.  I presume the CCTV cams in the loos are only pointing at the washing basins but I would not be surprised to learn otherwise.

The question in my mind is: what will be the results for a generation of kids who have been constantly monitored from kindergarten onwards? You just have to read Stephenson’s heartfelt letter to know that all kids are not saying “who cares, I’ve got nothing to hide”.  The really interesting bit in my mind of Stephenson’s narrative was when he talked about an English teacher who never had any trouble with the kids in her class. She simply treated her class with respect and expected the same from them.

Most violence that kills children is outside the school environment. For example, between 1990 and 2001, two million children were killed in wars where small arms were used. In 2007/2008, 43 children (or 62% of killings in England and Wales) were killed by their parents. And in the United States, in 2005 there were 555 cases of infanticide with 60% of children dying at the hands of their parents.

I am not saying that child-on-child crime isn’t a serious issue in schools. It’s a tragedy that any child is killed or attacked whilst at school. But authorities should be probing the cause of school massacres not installing hundreds of CCTV cams in the false hope of stopping incidents. I suspect that schools and school authorities are in the grip of what Stanley Cohen refers to as a “moral panic”. I’ll do some more thinking on this and perhaps do another post.

The eye in ID

So you know that I think the future will be full of iris scanners, full-body scanners, CCTV cams, micro-chips – basically a future full of us being surveilled, tracked, monitored and profiled. And so to news this week that iris scanning technology is starting to make its way into law enforcement. If you live in Arapahoe County, Colorado USA – well, you might be asked to undergo an iris scan. Police in the county will become the first law enforcement agency in Colorado to begin identifying criminals, missing children and seniors using biometric analysis of the human iris.

Check out this video:

Iris scanning technology is still fairly rudimentary and can be fooled. The individual undergoing a scan must remain still so that the scanner can do its thing. But there is a research project afoot to develop the ability to obtain facial and eye data when the subject is moving or when the lighting is not good. And I think the future will be full of us being surveilled and scanned without our knowledge. As we move through the streets of our cities, go down into the subways, travel the trains and buses, I suspect that unobtrusive, public iris scanning will be taking place, perhaps linked to online advertising. So you’re walking into the subway, pass a scanner and beep beep goes your iPhone with the latest glam ad for a product that matches your profile. Very Minority Report.

The issue I believe is that there will be a lot of scanning, surveilling and monitoring going on but no SEEING.  The social contract of a city is that which is woven by its citizens. Anyone who has read Jane Jacobs’ The Death and Life of Great American Cities, knows that the city is a living organism with a delicate balance between watching and being seen. We’ve all learnt to live in cities and with our neighbours by being watchful of others – taking care not to smash into someone as we walk down a busy street or keeping a respectful distance from others and not invading their “space”. You learn to pick up subtle cues from people and you know not to walk down a deserted, unlit street.

Security cameras, iris and body scanners – sure they can all watch and monitor but they can’t see. And do you think for one moment that crazies and whackos are deterred by surveillance? Nope, they ignore it or find a way around it.

If we allow surveillance technology to take over then we lose the ability to really see. We become watched. And because we allow the Government to introduce CCTV cams, airport scanners and so on, we come to believe that watching is acceptable and so we watch our neighbours, we watch for terrorists, we watch for suspicious behaviour, but we don’t see. And the result? I think it’s a step towards the ultimate destination of knowing someone’s intentions before they act.

Don’t laugh just yet – read this piece from The Guardian. Scientists and researchers are already imagining a scanner that would be like shining a torch onto the human brain, revealing intentions and thoughts. Right now, the technology doesn’t exist to scan a brain and judge whether a person is likely to commit a crime. But the surveillance technology we are currently surrounded by assumes we have evil intentions of blowing up planes. So how short is the step to a brain scanner? A very short one I’d say.

The ethical debate about how brain scanning technology should be used or if indeed it should be used at all will never take place. Because we are becoming inured to surveillance technologies scanning the heck out of us, we will just say yeah, bring it on, I’ve got nothing to hide. It will be such a hassle to get through security at airports and just get onto a plane (remember when flying used to be fun?) that we will all be broken mentally and just accept the surveillance and monitoring. This makes it so much easier to introduce more intrusive surveillance and take us from the Sleeping Society to the Controlled Society.

The neuroscientist, Jean-Pierre Changeux, has warned of a dark future when neuroscience becomes entangled with imaging and scanning technologies:

“……..at the annual public meeting of the French national bioethics committee held last week in Paris… Jean-Pierre Changeux, the chairman of the committee and a neuroscientist at the Institut Pasteur in Paris, told the meeting that understanding the working of the human brain is likely to become one of the most ambitious and rich disciplines of the future. But neuroscience also poses potential risks, he said, arguing that advances in cerebral imaging make the scope for invasion of privacy immense. Although the equipment needed is still highly specialized, it will become commonplace and capable of being used at a distance, he predicted. That will open the way for abuses such as invasion of personal liberty, control of behaviour and brainwashing. These are far from being science-fiction concerns, said Changeux, and constitute “a serious risk to society”. Nature (Vol 391, Jan 22 1998 p 316).

And Japanese scientists are said to already be there – they’ve developed a machine that can take images directly from the human brain. Scary.

Scan, baby, scan

I did not have to gaze into any crystal ball to foretell that we, the weary traveller, would have to face increased security at airports because of the “underwear bomber“. (Imagine going down in history being called the “underwear bomber”). Yet again, we have authorities rushing around installing full-body scanners so they can look to be talking tough and doing something, anything in the face of alleged threats. The Canadians seem to very anxious to be seen in a flurry of reaction, purchasing 44 scanners in the wake of the underwear bomber.

I’ve blogged before about full-body scanners and invasion of privacy. But if any airport or private security dudes are reading this blog, rush off to read 5 reasons why body scanners will probably not resolve the terrorist problem. And pay particular attention to point 2 and why the “underwear bomber” probably would not have been detected.

Michael Chertoff, who was homeland security secretary from 2005 to 2009, is calling for the widespread expansion of whole-body imaging scanners that use radio waves or X-rays to reveal objects beneath a person’s clothes. (Chertoff BTW has a consultancy that represents Rapiscan, a company manufacturing body scanners.) Yeah, well I’d like to shove this dude into a booth and give him the equivalent of a digital strip search. These scanners show the outline of genitalia – see the photo accompanying this post or, better yet, the one below.

Now, call me cynical but I can foretell a time when some Hollywood star’s digital naked image will find its way miraculously onto the Internet courtesy of some scanning dude wanting to make a quick buck.

And tell me how scanning is not violating child pornography laws? Are you fine with: first of all, your child being viewed as a potential terrorist and secondly, your kid basically being lined up against a wall and a naked image produced? Guys: are you fine with your wife or tween-age daughter being seen naked? And what about Islamic women being subjected to scans: will this not violate Islamic rules of public modesty?

Call me cynical again but what strict processes will be put into place to ensure that scanning personnel won’t show their family and friends images of celebrities or people with odd body features or grandma’s underpants? What’s to ensure that images of kids won’t fall into the hands of pedophiles? Authorities are saying that scanners will be used alongside metal detectors and pat-down searches. So for now, full-body scanning isn’t mandatory but wait….when private corporations stand to make millions out of scanners being mandatory, you can bet your bottom dollar that we’ll all be subjected to scanning sooner rather than latter.

There are two types of scanners: scanners using “millimetre-wave” technology and x-ray scanners. Scanners using millimetre-waves would not have detected the 3oz of the chemical powder PETN (pentaerythritol tetranitrate) that Abdulmutallab had stuffed up his underwear. Because this material is low density the millimetre waves pass through and the object is not shown on screen. X-ray scanners (called backscatter scanners) penetrate one-tenth of an inch into the body, which is enough to detect any devices or drugs hidden just under the skin. Manufacturers are saying the risk of irradiation is low, 1% or less of the radiation in a dental X-ray but consider the cumulative effects. For frequent flyers, what are the health risks of ongoing x-rays? A 2004 study suggested that 0.6% of all cancers diagnosed in the UK are due to medical X-rays. This would amount to around 700 of the 124,000 new cases of cancer in the UK each year. Flying for 30 hours BTW is equivalent to one chest x-ray.

And a leading US expert on the biological effects of x-ray radiation, Dr. John Gofman, who has conducted exhaustive studies, concludes that there is NO SAFE DOSE-LEVEL of ionizing radiation. His studies suggest that radiation from x-rays and treatment is a causal co-factor in 50% of cancers in the US.

UPDATE: Natural News article – full-body scanners may damage human DNA.

Back in November 2008, the European Union seemed to be displaying some sense when they shelved plans to introduce scanners but are now deeply divided over whether to introduce this intrusive technology or not. It’s possible the EU may issue a binding regulation demanding use of imaging technology.

You know, it would be far smarter if authorities spent millions on improved and collaborative intelligence instead of full-body scanners. We’ve put up with increased security measures since 9/11 but did this stop Abdulmutallab from smuggling explosives onto a jet airliner? NOOOOOOOOOOO.  From all I’ve read, the CIA (who was contacted by Abdulmutallab’s father) declined to share information about Abdulmutallab with the National Counterterrorism Center, which may have placed him on the “no fly” list. The National Security Agency was also busy eavesdropping on a conversation that discussed a plot to use a Nigerian man for a coming terrorist attack but the NSA didn’t seem to have the information the CIA had or didn’t share it with other agencies. So there was an intelligence breakdown and a pattern of information that could have pointed to a terrorist threat was not detected by US security agencies.

Instead of seeing every citizen as a potential terrorist and subjecting us to one more intrusion on our personal privacy and dignity, why not enhance intelligence operations and stop any terrorist from even getting to an airport car park?

Let’s recall the words of Hermann Goering:

“Naturally the common people don’t want war; neither in Russia, nor in England, nor in America, nor in Germany. That is understood. But after all, it is the leaders of the country who determine policy, and it is always a simple matter to drag the people along, whether it is a democracy, or a fascist dictatorship, or a parliament, or a communist dictatorship. Voice or no voice, the people can always be brought to the bidding of the leaders. That is easy. All you have to do is to tell them they are being attacked, and denounce the pacifists for lack of patriotism and exposing the country to danger. It works the same in any country.”

If we keep allowing the nanny state to contain us in a climate of fear, then we deserve the suffocating future we’ll all end up in.

UPDATE: May 19 2010 “Naked” scanners may increase cancer risk.

Dirty little secrets

I recently read an article that carried comments from Google’s CEO, Eric Schmidt, that frankly I thought were pretty dismissive towards those who are concerned about online privacy. He said: “If you have something that you don’t want anyone to know, maybe you shouldn’t be doing it in the first place“. Mmmm…and this is from the man who whacked CNet over the head and banned them for a year after the site published information about him it had discovered on ahem, Google. (This is a bit like Facebook’s CEO, Mark Zuckerberg, being caught by Facebook’s new privacy settings. Candid shots of him were splashed over the Internet before he locked his profile to allowing access to “friends of friends”. My personal favourite shot is the teddy bear one).

BTW: be aware that the new privacy settings on Facebook mean that the default settings make most of your content accessible to “everyone” (ie the whole planet, the whole universe, EVERYONE).  All your personal information – your name, profile picture, where you live, gender, networks and friends, and the pages that you are a fan of – will be treated as publicly available information. You want that? If so, good luck.

You have to wonder why Zuckerberg suddenly locked down all his personal stuff. Gawker quipped: “Facebook’s own chief executive is illustrating that his privacy settings are so baffling that even he himself doesn’t grasp their full implications“. LOL.

But back to Schmidt. His comment is a bit like saying “you got dirty little secrets? then don’t use any Google applications, because search engines, including Google, retain your info”. So the really important question is: should you choose to use Google Docs or other Google apps that require you to use your Google sign-on, to what extent are you subject to the US Patriot Act? If you’re living in Australia, or Holland, or Canada or South Africa – are you subject to this Act? I started wondering about this when I read Schmidt’s comments and when Facebook tinkered around with its privacy settings yet again. So let’s find out.

Well, there is one glaring case study we can examine. Canada’s LakeHead University decided to replace its ageing infrastructure by adopting Google email and collaboration tools. Good idea you’d think because it saved the Uni hundreds of thousands of dollars. But it meant that emails and documents sent by email to the US from Canadian university staff became subject to the US Patriot Act, which basically gives the US Government the right to access or search virtually any data hosted by US companies (and this of course includes Google, a company based in Mountain View, California). And the U.S. Justice Department can subpoena search records. This is all at odds with Canada’s very strict privacy laws.

Section 215 of the Patriot Act allows the US FBI to issue a national security letter, which compels a third-party, such as ISPs, financial institutions and telecommunications firms, to disclose customer information. And Section 215 includes a “gag order”, meaning the third-party cannot reveal to any other party that it has been served with a national security letter. So if a Canadian company is a subsidiary of a US company and the US parent is whacked with the national security letter, any information held in subsidiary locations would have to be coughed up. No warrant is required. (This is my understanding from reading Section 215). This would apply I presume to firms based in Australia with a US parent. Think of it this way: information crossing the US border in a fiber-optic cable is treated the same way as papers carried in a briefcase. Canada has done a huge amount of work in sorting out the implications of trans-border data flows. Go here for FAQs on the Patriot Act.

And I think the US Patriot Act has tremendous impact on cloud security. So if cloud service providers have data centres in the US, the information is in danger of being exposed. Should you choose to store your personal data in the cloud (business records and sensitive corporate documents, emails etc) then I think you will have inadequate legal protection over your own data.

This prompted me to find out where the heck Google data centres are located and I came across the map below. Also read this Data Center Knowledge FAQ, which covers in detail Google’s servers and data centres.

Australia doesn’t appear to have a data centre or server (although there were rumblings earlier in 2009 that Google would build one in Oz. This seems to be on hold until the Federal Government sorts out the broadband network). So if there’s no local data centre or server, then where is the personal financial document you stored in Google Docs actually held? The Patriot Act makes all data stored on US shores liable to inspection – this would contravene the EU’s Data Protection Act I would think (ie cause a huge cat fight) although I’m presuming the EU-US Safe Harbor program also provides protection. I’m not so sure what protects Australians. I’m looking into it – leave a comment if you know more.

The point is we are increasingly seduced by Google. It’s a clever company with clever apps. Just think about your online privacy protection. I need to come up to speed with the Patriot Act. Several provisions of the Patriot Act are due to expire December 31 2009 unless renewed by Congress but Obama is seeking to extend its spying provisions.

Google opt out feature

Just love this. For those of us concerned about Google and privacy, watch this. If you’re not concerned but just want to have a chuckle, watch it anyway.

Register now!

Holy Gaucamole! As I was hyperventilating over news that the most surveilled people on Earth (that would be the Brits) are now to suffer the possibility of CCTV cams in private homes, I completely missed news from South Africa.

Thank goodness I have alert readers. Prophet Kangnamgu let me know about what’s going on in South Africa. Yeegads! Is there no end to the surveilling, the snooping, the tracking that’s going on in contemporary society?

South African readers – you might wish to reconsider having a cell or mobile phone. Legislators over there have introduced a new law, which requires all cell phones with SIM cards to be registered from July 1, 2009.  Trotting out the usual drivel of combating crime, the Regulation of Interception of Communications and Provision of Communication-Related Information Amendment Act (or RICA), requires service providers to capture the following data before activating a SIM card:

• cell phone number
• full name of cell phone owner and address
• South African identity number
• whether on contract or pre-paid

Customers will have 18 months from implementation date to register both their pre-paid and contract SIM cards. Cell phone service providers will need to verify all this information by checking an electricity or water bill for example.  So the idea is that the  identity and whereabouts of the owner of a SIM card who uses a cell phone in planning and executing a serious crime is known by law enforcement authorities. Yep, I’m sure now this new Act is in effect, criminals will be burning up the cell phones lines planning their illegal business! Most likely, they’ll all flee to Skype.

So what I hear you say? And before some of you pounce on me, I have family who live in Johannesburg, so have been there and yes, I know that crime is prevalent.  Possibly tracking cell phones is therefore a good idea.

But then possibly it’s just part of what I’ve always been saying – a little bit more of our privacy being eroded.  More Government snooping intruding into our daily lives and tracking our movements – all because some people in society commit crimes.

Cell phone service providers will have comprehensive information about a phone owner. Let’s hope they know how to keep data secured in a central database and that staff don’t misuse said private information. Will the service providers sell the information for targeted advertising?  Will only one SIM card registration be allowed per citizen ID? The big question I think is – will criminals obligingly register giving their real names and place of residence?? What’s to stop clever crims from swapping SIM cards?

All South Africans have to go and register in person and if someone has a temporary residence, they register their address as their local school or church.  I can see it now: police tracking a criminal via the local church. How ridiculous.

And then there’s a little something known as the Bill of Rights. Section 14 of the Bill of Rights in the South African Constitution of 1996 states:  “everyone has a right to privacy, which includes the right not to have…..the privacy of their communications infringed”.

I’d also question whether all South Africans who have cell phones actually have a residence with electricity or water  – to prove their residential address for RICA registration. I know my sister-in-law’s servants (who live in her house but sometimes return to their home) basically have a hut with no water or electricity. But they do have a cell phone because it’s the way they keep in touch with their family.

And how will visitors to South Africa, like me, roam the network? For my next visit, should I stuff my suitcase full of utility bills and rate notices to prove my residential address should I wish to purchase a pre-paid SIM card? And should I whip into a public phone booth, should I leave a note behind with all my private details for police dudes?

Seems to me like crime prevention is being used as a cover-up for intercepting communications and monitoring citizens’ movements.  Next up, we’ll all have to register our iPods! Anyone know anything more?

Locational privacy

The Electronic Frontier Foundation has released a free report on locational privacy. Locational privacy is the ability for people to move freely in public space without any expectation that one is being tracked, monitored or secretly recorded. Of course, I’m going to suggest to you that our locational privacy is pretty stuffed already – for example, your cell phone can be used to locate you (triangulation can pinpoint a cell phone user’s whereabouts by bouncing signals off three phone masts to establish an exact set of co-ordinates – so turn it off if you don’t want to be found). Just think of the many ways our daily movements can be monitored:

• your credit card purchases will reveal the city you’ve shopped in, the stores you’ve visited
• the e-tag you have in your car to pay for bridge and highway tolls records your travel
• the swipe cards we use to get in and out of our office buildings monitor your comings and goings

Private information is collected by databases and available for analysis. In the not too distant future, perhaps the information collected will be used to answer these types of questions:

• Did you go to an anti-war rally on Tuesday?
• A small meeting to plan the rally the week before?
• At the house of one “Bob Jackson”?
• Did you walk into an abortion clinic?
• Did you see an AIDS counselor?
• Have you been checking into a motel at lunchtimes?
• Why was your secretary with you?
• Did you skip lunch to pitch a new invention to a VC? Which one?
• Were you the person who anonymously tipped off safety regulators about the rusty machines?
• Did you and your VP for sales meet with ACME Ltd on Monday?
• Which church do you attend? Which mosque? Which gay bars?
• Who is my ex-girlfriend going to dinner with?

Years ago, private investigators would be hired to track people. Information collection was expensive and time consuming. Now, it’s cheap and unobtrusive.  Read the report so that you are aware of the ubiquity of tracking and monitoring devices.

Oops! Facebook

What a surprise, NOT! Canada and Facebook are having a bit of a cat fight. Canada’s Privacy Commissioner, Jennifer Stoddart, is clearly a wise woman. She has accused Facebook of breaching Canadian privacy law by keeping users’ personal information indefinitely after members close their accounts. The Canadian Internet Policy and Public Interest Clinic (CIPPIC) lodged a 35-page complaint in May 2008 over the privacy practices and policies of Facebook and The Office of the Privacy Commissioner of Canada has been busy investigating. The investigation was conducted under the Personal Information Protection and Electronic Documents Act (PIPEDA), which is the Canadian federal private-sector privacy law. The results of this investigation are the first I’m aware of that really raise significant concerns about a social networking site and if it heads to court, well, that will be VERY interesting.

Basically, there were a number of categories to the complaint: its failure to inform Facebook members of how their personal information is disclosed to third parties; Facebook advertising; deception and misrepresentation. And there were 22 violations of PIPEDA. An aspect of the complaint that was upheld related to Facebook’s disclosure of personal information to third-party developers who create applications, such as games, quizzes and classified ads, that run on the Facebook platform. There are more than 950,000 application developers in some 180 countries. If you use a third-party application, you consent to giving the application’s developer access to some of your personal information, as well as that of your “friends.” In my view, there’s a real concern about personal information being handed over to third-party developers without Facebook policing or disclosing to members the extent of personal information being shared.  I think this aspect of the complaint will cause a cat fight: the Privacy Commissioner has recommended that Facebook implement technological measures to restrict application developers’ access only to the user information essential to run a specific application but Facebook does not agree with this recommendation and has been given 30 days to comply – so watch this space because it could  mean that it will end up in Federal Court.  You can read the detailed findings here.

So there are a number of issues that interest me:

• Facebook is a privately owned US-registered company – so does Canada have jurisdiction over a foreign company?  The Privacy Commissioner maintains: “Our law says that if you’re operating this service in Canada, you’re subject to Canadian laws. So I think our jurisdiction is fairly clear”. Facebook has a Toronto, Canada “sales office” so are they subject to the commerce law of Canada? The Abika case demonstrated that the Canadian Federal Court has the power to order the Privacy Commissioner to investigate a complaint against a foreign company (Abika being a US registered online data broker, which allegedly collected and used private, personal information in violation of law) and that the Privacy Commissioner has jurisdiction under PIPEDA to investigate transborder data flows.

• if Facebook refuses to tighten up its privacy controls and gives the finger to Canada, what exactly can be done in the way of enforcement? Facebook has approximately 12 million users in Canada and this is said to be the highest per capita in the world, so I suppose that when Facebook figures out how to make money, any profit made from Canadian users could be confiscated by Canada; or Canadian companies involved as third-party developers could be ordered to cease dealings with Facebook. I think this will be real test of the jurisdiction and reach of countries over a private company that controls a vast global social network. Facebook is also tussling it out with the European Union, which has similar concerns over breaches in privacy.

• Facebook has grand plans to dominate the internet. What Facebook has that Google doesn’t is the private data of millions of people; their connections and friends; what they do; what they like; and tagged photos of people. Google just has an algorithm. Wired had a great piece recently in which Facebook’s grand vision was articulated: “Facebook CEO, Mark Zuckerberg, envisions a more personalized, humanized Web, where our network of friends, colleagues, peers, and family is our primary source of information, just as it is offline. In Zuckerberg’s vision, users will query this “social graph” to find a doctor, the best camera, or someone to hire—rather than tapping the cold mathematics of a Google search. It is a complete rethinking of how we navigate the online world, one that places Facebook right at the center. In other words, right where Google is now.”

Considering 200 millions users (or one fifth of all Internet users) have Facebook accounts, I am pleased to see Canada asking some serious questions of Facebook. It will be interesting to see just how far the might and power of Facebook can be tested.