Monday, September 28, 2009

News: Swiss Federal Roads Office considers introducing GPS surveillance for speeders

According to an article in Dem Bund, the Federal Roads Office has supported a suggestion to force known speeders to have a GPS device installed in their cars that would allow federal authorities to identify if the driver violates speed limits. The measure would be a condition for the reinstatement of a driver's license which had previously been revoked for excessive speeding.

Friday, September 25, 2009

Update: Border Laptop Searches

From Privacy.org I previously reported on searches of laptops at US borders, now the Department of Homeland Security have published a Privacy Impact assessment declaring that laptops are equivalent to briefcases and backpacks and that it has authority to seize the devices and copy stored data whether or not wrongdoing is suspected.

News: Programme Can Reveal the Sexual Orientation of Social Network Users

From Privacy.org: 2 students at MIT have developed a program, nicknamed project Gaydar, which will predict sexual orientation on the basis of who the individual 'friends' on social networking sites:


“Even if you don’t affirmatively post revealing information, simply publishing your friends’ list may reveal sensitive information about you, or it may lead people to make assumptions about you that are incorrect,” said Kevin Bankston, senior staff attorney for the Electronic Frontier Foundation, a nonprofit digital rights organization in San Francisco. “Certainly if most or many of your friends are of a particular religious or political or sexual category, others may conclude you are part of the same category - even if you haven’t said so yourself.”

Thursday, September 24, 2009

News: UK Environment Agency's use of RIPA Slammed

The Daily Telegraph reports that government officials investigating 'illegal disposal of waste' improperly tracked cars and trespassed on private property under home office advice. The Office of Surveillance Commissioners found evidence of the breeches last year, but the tactics continued to be used until the Environment Agency recently announced a suspension of their use 'pending a legal judgement':

Reports from recent inspections show that “fundamental flaws” were discovered in some of its operations. The surveillance commissioner has also repeatedly raised concerns over the proportionality of the Environment Agency’s operations.
The reports – marked “restricted” - show that in 2007 the Home Office advised officials that “affixing a magnetic device to a vehicle on the public highway” was “not a criminal offence” and “putting an arm into a wheel arch or under the frame of a vehicle is straining the concept of trespass.”


The Environment Agency continues to trial a network of informants and intends to contruct 'a national spy network' the Commissioner reported.

EU Funding New Database to be used to Identify 'Abnormal Behaviour'

From the Daily Telegraph: the EU is funding a 5 year project entitled INDECT (Intelligent information system supporting observation, searching and detection for security of citizens in urban environment) which aims 'to develop computer programmes which act as "agents" to monitor and process information from web sites, discussion forums, file servers, peer-to-peer networks and even individual computers' in order to identify so called 'abnormal' behaviour.

A number of interest groups have criticised the program:


Stephen Booth, an Open Europe analyst who has helped compile a dossier on the
European justice agenda, said these developments and projects such as Indect
sounded "Orwellian" and raised serious questions about individual liberty.
"This is all pretty scary stuff in my book. These projects would involve a huge invasion of privacy and citizens need to ask themselves whether the EU should be spending their taxes on them," he said. "The EU lacks sufficient checks and balances and there is no evidence that anyone has ever asked 'is this actually in the best interests of our citizens?'"

[Liberty's Shami Chakrabarti commented] "Profiling whole populations instead of monitoring individual suspects is a sinister step in any society. "It's dangerous enough at national level, but on a Europe-wide scale the idea becomes positively
chilling."

News: EP Resolution on US SWIFT Access

From EDRI: I previously reported the concerns about the US access to European banking data. Now the European Parliament have passed a resolution insisting on the need for a new agreement:


The EP believes that the transfer requests should be "based on specific, targeted cases, limited in time and subject to judicial authorisation, and that any subsequent processing is limited to data which disclose a link with persons or organisations under examination in the US" and that "EU citizens and enterprises are granted the same defence rights and procedural guarantees and the same right of access to justice as exist in the EU and that the legality and proportionality of the transfer requests are open to judicial review in the US". In order to prevent any abuse, the transferred data should be "subject to the same judicial redress mechanisms as would apply to data held within the EU, including compensation in the event of unlawful processing of personal data." The resolution also asks for a reciprocity mechanism that would oblige the US authorities to equally transfer relevant financial data to the competent EU authorities, upon request.

News: UK ID Card Design and New ID Commissioner Unveiled

We can now see what UK ID cards will look like. There is an interesting post at Spy Blog asking some important questions:

Will the ID Card number be randomly allocated, or will it betray information about the ID Card controllee, through batch sequences, which can also help to break the cryptographic protections on the Contactless / RFID chip, just as happened with the Netherlands biometric passport ?

The post at Spy Blog also criticises the limitations of the powers of the new ID Commissioner, Sir Joseph Pilling:

The National Identity Scheme Commissioner is specifically forbidden by the
terms of reference which appoint him under the Identity Cards Act 2006 section 22 Appointment of National Identity Scheme Commissioner to look into the following activities, which are exactly the secret activities which are the most likely to abuse the National Identity Register, and which therefore should be scrutinised the most:


(4) The matters to be kept under review by the Commissioner do not
include--
(a) the exercise of powers which under this Act are exercisable by
statutory instrument or by statutory rule for the purposes of the Statutory
Rules (Northern Ireland) Order 1979 (S.I. 1979/1573 (N.I. 12));
(b) appeals against civil penalties;
(c) the operation of so much of this Act or of any
subordinate legislation as imposes or relates to criminal offences;
(d) the provision of information to the Director-General of the Security Service, the
Chief of the Secret Intelligence Service or the Director of the Government Communications Headquarters;
(e) the provision to another member of the
intelligence services, in accordance with regulations under section 21(5), of
information that may be provided to that Director-General, Chief or Director;
(f) the exercise by the Secretary of State of his powers under
section 38; or
(g) arrangements made for the purposes of anything mentioned in paragraphs (a) to (f).

News: Insurers Offering Discounts to Put Cameras in Cars

From Slashdot: A car insurer is offering discounts to teen drivers who participate in the Teen Safe Driver scheme, whereby a camera is fixed under the rear view mirror. The recordings are sent to a third party analysis sender who then provide parents with footage and an assessment of the safety of the driving. Teen Safe maintain the footage would never be shared with insurers.

News: Newly Obtained Declassified Documents Reveal More Details about FBI's NSAC

Wired has run a story on the FBI’s National Security Branch Analysis Center (NSAC) based on newly obtained declassified documents. The Center makes use of a database system that includes “tens of thousands of records from private corporate databases, including car-rental companies, large hotel chains and at least one national department store.” The author of the article speculates that a number of businesses may be voluntarily providing records on specifically named individuals at the FBI’s request – as was the case with JetBlue and passenger records. The database system is being used both for counter-terrorist efforts as well as other criminal investigations. Among the things the system currently contains according to Wired:
• International travel records of citizens and foreigners

• Financial forms filed with the Treasury by banks and casinos

• 55,000 entries on customers of Wyndham Worldwide, which includes Ramada Inn, Days Inn, Super 8, Howard Johnson and Hawthorn Suites

• 730 records from rental-car company Avis

• 165 credit card transaction histories from Sears

• Nearly 200 million records transferred from private data brokers such Accurint, Acxiom and Choicepoint

• A reverse White Pages with 696 million names and addresses tied to U.S. phone numbers

• Log data on all calls made by federal prison inmates

• A list of all active pilots

• 500,000 names of suspected terrorists from the Unified Terrorist Watch List

• Nearly 3 million records on people cleared to drive hazardous materials on the nation’s highways

• Telephone records and wiretapped conversations captured by FBI investigations

• 17,000 traveler itineraries from the Airlines Reporting Corporation

Wired reports that the database system is being used in conjunction with a meta-search engine and link and pattern analysis software.

Friday, September 11, 2009

News: EC Proposes Police Access to Asylum Fingerprint Database

The Eurodac Database, which holds fingerprints for asylum seekers and other irregular border crossers, can currently only be accessed by national authorities dealing with asylum requests. Under the proposed legislation, however, Europol and national police services would gain access for fighting serious crime and terrorism. Human Rights groups have criticised the proposals:

The European Council on Refugees and Exiles (ECRE) has said the move could potentially put asylum-seekers in danger, since Europol has the right to exchange data with other EU bodies and with non-EU countries. “How would it be ensured that information about people fleeing persecution doesn't reach their persecutors?”, Bjarte Vandvik, the ECRE's secretary-general, has said.

Comment: Henry Porter on DNA and Certainty

Henry Porter at the Guardian reports on new research that DNA samples can be fabricated. He argues that this severely undermines the argument for mass DNA databases of everybody's DNA:

Police officers in the past have been tempted to "fit up" those they believe guilty of a crime. It is easy to imagine how DNA might, in the future, be manufactured to gain a rock solid conviction against a person who was proving inconvenient to the authorities. We may chose to doubt that this will ever happen but legislators must allow for the possibility. Whatever the advances we celebrate today the actual anniversary of the Jeffrey's discovery – it is vital to absorb that DNA evidence is not fool proof.

George Bush Airport Testing New Body Scanners

From privacy.org: George Bush Airport Houston has started testing Millimetre Wave and Backscatter Body Scanners.

Both technologies provide clear images of the subject's naked body.

Comment: Brown on the Wilson Doctrine

Spyblog has a very interesting comment on Brown's response to a written question by David Davis as to whether any MP has been subject to official surveillance or interception of communications in the last two years. Brown replies as follows: 'The Wilson doctrine continues to apply to all forms of surveillance and interception that are subject to authorisation by Secretary of State warrant.'

The author calls attention to the careful wording 'all forms of surveillance and interception that are subject to authorisation by Secretary of State warrant' would appear to only apply to:

  1. Interception of Communications (electronic or postal) under the Regulation of Investigatory Powers Act 2000 Part 1 Chapter 1., which requires a Warrant or a Certificate signed by a Secretary of State (either the Home Secretary or the Foreign Secretary, usually)
  2. A property interference and / or interference with wireless telegraphy warrant under the Intelligence Services Act 1994 sections 5 to 7

But leave out:

  • GCHQ or any other public body authorised to intercept electronic communications, not via a Warrant but via a more general Certificate (e.g. for snooping, in bulk, on transatlantic fibre optic cables or satellite communications)

  • Police units using the Police Act 1997 Part III powers

    • Property Interference i.e. authorised breaking and entering into homes or vehicles, usually to plant electronic bugging or tracking devices.
  • Police or intelligence agency units using the rest of the Regulation of Investigatory Powers Act 2000 for: the various kinds of Surveillance:
    • Directed Surveillance

    • Covert Surveillance
    • Intrusive Surveillance

    • The use of Covert Human Intelligence Sources (CHIS) - informants and infiltrators
    • Seizure of cryptographic keys and / or de-crypted plaintext.
    • Communications Data:

      • Subscriber Details - Name and Address of land line or registered mobile phones<
    • Location Based Services Data (instantaneous and historical tracking of mobile phone handsets)
    • Communications Traffic Data (itemised phone bills, who called who and when "friendship trees", email server logfiles, internet access log files etc.

The Police or Military covert surveillance units (but not the Intelligence Agencies, without a Warrant) could also use the Counter Terrorism Act 2008 section 18 Material not subject to existing statutory restrictions


  • DNA or fingerprint samples obtained in secret, through Property Interference or by Confidential Human Intelligence Sources

There are "official surveillance" techniques and Databases which are not covered by RIPA e.g.


  • Automatic Number Plate Recognition (the Metropolitan Police have access to all of the Transport for London Congestion Charge ANPR data "in bulk, in real time", exempt from the Data Protection Act).

  • Passenger Name Records, credit card and email details data slurped from Airline, Train and Ferry Booking Systems
  • Transport for London Oyster Travel Smart Card data
  • The planned National Identity Register / ID Card scheme
  • Literally millions of CCTV surveillance cameras and recording devices
  • There are also other Government Departments which have granted themselves snooping powers, which fall outside of the RIPA or Intelligence Services legal frameworks:

    News: ACPO Publish Policy Advice on the Use of ANPR

    From Spyblog: The Association of Chief Police Officers has published its 'Practice Advice on the Management and Use of Automatic Number Plate Recognition'.

    The post calls attention to the potential for the guidelines to result in 'false positives' and innocent people being flagged up for stop and search. Also some categories for 'flagging' vehicles do not seem to be indicative in any way of having any involvement in criminality such as 'Protest' - presubably flagging the driver as involved in protests. The full pdf can be found here

    News: FOI Request Reveals DHS Travel Records

    From Slashdot: A US citizen's FOI request has revealed what information the DHS is storing on travellers. The info listed includes:

    • Credit card number and expiration (really)
    • IP address used to make web travel reservations
    • Hotel information and itinerary
    • Full Name, birth date and passport number
    • Full airline itinerary, including flight numbers and seat numbers
    • Cruise ship itinerary
    • Phone numbers, incl. business, home & cell
    • Every frequent flyer and hotel number associated with the subject, even ones not used for the specific reservation

    News: Italy to Create National DNA Database

    EDRI reports that after a long process the Italian Parliament has passed law 85 ratifying the Prum Convention and creating the legal basis for an Italian National DNA Database. EDRI is scathing, however, about the lack of safeguards built into the legislation. Particularly of note:
    • "Lacks any general provision that would oblige all the responsible parties to adopt serious and adequate security measures against unauthorized access, data tampering, and illegal handling of data and information."
    • It says "nothing about the need for a properly established chain of custody...[making it]...impossible for a "planted" or "altered" sample to be used."
    • Nothing is said "about the effect of an improperly managed chain of custody on admissibility of the samples as evidence in Court"
    • "Law enforcement officers can access the NDNA database without prior authorisation from the prosecutor or the judge that is responsible for the investigation involving the sample or profile in question (under Italian law, law enforcement bodies are under the direction and control of the public prosecutor). Since the article is silent about the matter, only future court decisions will determine whether prior authorization is needed to access the NDNA database, thus leaving wide open a window of several years in which "anything can happen".
    • Requires "neither the positive identification of the personnel accessing the NDNA database and material in the central lab, nor the secure logging of access to and activity involving the profile and sample."
    • Does not "clearly identify who is in charge of ordering the destruction of samples and profiles."
    • Punishment for a public officer "that communicates or uses data and information without authorization, or for purposes other than those stipulated specifically in the law" is negligible: "a jail term of between one and three years...[which in practice could be reduced to]... "a final jail term of less than six months that could be avoided by simply paying a fine."
    • By leaving white collar crime profiles out the legislation opens the door to the database skewing, say, the racial balance of future crime statistics.

    News: More Complaints About Google Street View

    EDRI: Complaints against Google in France and Switzerland. The French Data Protection Agency (CNIL) has reported several complaints against Google Street View, citing flaws and delays in the blurring technology leaving some people's images untouched, and calling for other sensitive visible information - such as access to people's homes - to also be blurred. Google had earlier agreed to improvements and deletion of some raw images before the EC's Article 29 Working Party.

    Meanwhile in Switzerland the country's Data Protection Commissioner have called for the interruption of Street View less than a week after it went live, demanding that the blurring technology be improved. This is a demand they have agreed to, but that has not reassured everyone in the debate:

    Sébastien Fanti, a lawyer specialised in Internet issues, warns on the fact that all the data gathered by Google is available to US authorities as according to the USA Patriot Act, any US government agency has access to data collected anywhere in the world by US firms, even without a court order. "If the CIA asks to see what was going on in Zurich this spring, Google isn't going to provide blurred images," says Fanti.

    Google's Switzerland spokesman Matthias Meyer admitted that the companies is collaborating with authorities but stated that "What we are putting on line are photos of the past. Once they've been taken they don't change, nothing is shown in real time."

    News: Belgian Justice Minister Wants 2 Year Retention of Data

    EDRI: In Belgium, discussions on implementing the EU's controvertial Data Retention Directive have sparked the proposal to retain electronic communication traffic data for 2 years, citing the needs of the police and the prosecutors office. That figure has been disputed by the Belgian ISP association, who express concern about costs to customers, and the Belgian Data Protection Authority.

    Comment: Locational Privacy

    From the Electronic Frontier Foundation: There's a New York Times piece on the way that in the space of a few years, locational privacy has gone from near absolute to practically zero, as a side effect of new convenient technology:

    What can be done? As much as possible, location-specific information should not be collected in the first place, or not in personally identifiable form. There are many ways, as the Electronic Frontier Foundation notes, to use cryptography and anonymization to protect locational privacy. To tell you about nearby coffee shops, a cellphone application needs to know where you are. It does not need to know who you are.

    When locational information is collected, people should be given advance notice and a chance to opt out. Data should be erased as soon as its main purpose is met. After you pay your E-ZPass bill, there is no reason for the government to keep records of your travel.

    Thursday, September 3, 2009

    News: Facebook Adopts Improved Privacy Controls

    From Jurist: Following discussions with the Office of Privacy Commissioner of Canada, Facebook have announced that they would give users more control over the information they share through their profiles.

    News: ECHR Affirms Prisoner's Right to Private Medical Correspondence

    From the Register: The European Court of Human Rights has affirmed the rights of prisoners to private medical correspondence under Article 8. This overturns the UK Court of Appeal's 2004 ruling that medical correspondence did not have the same privacy rights as communication with an MP.

    News: Scottish Government Seeks to Curb Data Collection

    From the Register: The Scottish Government has proposed a series of ID management and Privacy Principles to constrain Public Bodies. These move away from the trend "of building up very large public databases of personal information.":

    "Organisations should avoid creating large centralised databases of personal information and store personal and transactional data separately," said a statement outlining the plans. "People should only be asked for identity when necessary and they should be asked for as little information as possible."

    News: UK Government Plans to Link ID Cards to Criminal Records

    From Slashdot: Previously Government Ministers had denied that the ID database would contain criminal records, but have now admitted to a feasibility study on linking the National Identity Database to the Criminal Records Bureau. In a written statment they said that:

    This research is still in the early stages of feasibility and several options are being considered as part of this work, including options for the use of ID card data and fingerprints. The CRB is not considering the use of other biometrics at this stage,

    News: Fears of More US Access to EU Banking Details

    From European Digital Rights: SWIFT (Society for Worldwide Interbank Financial Telecommunication) intends to open a new European focussed server in Switzerland. In 2006 it was revealed that the US government had access to SWIFT transactions via the Terrorist Finance Tracker Program.

    The EC is drafting a new agreement on access with US authorities in advance of the new server, to the exclusion of the European Parliament and heavy criticism of MEPs. The Commission claim they are trying to negotiate a better deal, although this will apparently not include any EU access to US banking transactions.

    In the meanwhile the Council of Foreign Ministers authorised the Swedish Presidency to negotiate a temporary agreement whereby information would be granted on a per request basis and could be stored in the US for up to five years.

    News: New DHS Privacy Standards

    From the ACLU: The Department of Homeland Security have released new privacy standards on border searches of electronic devices. The ACLU are calling it "a good first step, but not enough to protect privacy or curtail profiling":

    “There are two key aspects of this new policy worth applauding – the limitations on the time that electronic devices can be held by Customs officers and requirements that information from electronic devices only be retained if there is probable cause that a crime has been committed. These procedural safeguards recognize that the old system was invasive and harmed many innocent travelers.

    “But unless and until the government requires agents to have individualized suspicion before reviewing such sensitive information as medical records, legal papers and financial information, even the most elaborate procedural safeguards will be insufficient for the government to live up to its constitutional obligations. It is now time for Congress to act and create concrete standards for searches and directly confront the problem of racial and religious profiling.”

    News: EDPS Opinion on ITS

    From European Digital Rights: The European Data Protection Supervisor Peter Hustinx has issued his opinion on the EC's plan to step up plans for the Intelligent Transport Systems - applications using information and communication technologies such as GPS embedded in different modes of transport. He is calling for:
    • More clarity with regard to the legal requirements of data protection accross Europe
    • Data Controllers to be clearly identified: "as they will bear the responsibility to ensure that privacy and data protection considerations are implemented at all levels of the chain of processing."
    • Appropriate safeguards "so that the use of location technologies is not intrusive from a privacy viewpoint. This should notably require further clarification as to the specific circumstances in which a vehicle will be tracked, strictly limiting the use of location devices to what is necessary for that purpose and ensuring that location data are not disclosed to unauthorized recipients".
    • Implementation "with due respect for data protection principles and practical safeguards on security"
    • Gathered data not to be used "for further purposes that are incompatible with those for which they were collected" - calling for Privacy by Design in ITS applications
    • Privacy and data protection to be built in from the beginning
    • Data Protection Authorities such as itself and the Article 29 Working Party to be involved through consultation on all ITS deployment initiatives.

    News: Another Case of Intimate Information Lost

    From the Register: Repair Management Services of Blackburn lost a laptop computer containing personal details of 37,000 people and information on 1,900 people's driving convictions. The information was stored on an unencrypted laptop and left in an unlocked vehicle, where it was stolen:

    "Personal information is valuable," said Sally-anne Poole, head of enforcement and investigations at the ICO. “In this case, it also involved the details of criminal convictions which, if accessed, could potentially result in distress being caused to the individuals concerned."

    The trade body has made a written undertaking to the ICO committing it to encrypting machines and to training staff in its information policies and procedures to try to ensure that such an incident is not repeated.

    Of course, disclosure of this sort of information has been considerably more significant in some cases than others.

    Comment: ACLU Seeks Info on Border Laptop Searches

    One interesting aspect of the previous post is the issue of assessing searches of laptop computers:
    The court rejected the argument that a laptop is like a human mind because of its ability to record ideas and emails, and held instead that a laptop is the same as closed containers such as purses and wallets.
    While clearly it would be silly to take the analogy between human minds and any inanimate object literally (pace some of my more extreme philosophical friends) there is clearly a real issue here. Not all searches of 'closed containers' or other objects are going to be on a par here - its reasonable to expect a search of my diary to be much more invasive than searching my lunchbox. Laptop computers record some of the most intimate information about us. Surely this is a distinction that ought to be recognised?

    News: ACLU Seeks Info on Border Laptop Searches

    The Jurist reports that the ACLU is filing a lawsuit to acquire documents on US Customs and Borders policy of searching traveller's laptops. They claim these searches may violate fourth amendment protection against 'unreasonable search and seizure' - searches are conducted on the basis of 'unindividualized suspicion'

    In April of last year, the US Court of Appeals for the Ninth Circuit Ruled that reasonable suspicion is not necessary for a warrantless search of a laptop or other digital device at the border due to inherent national security interests. The court rejected the argument that a laptop is like a human mind because of its ability to record ideas and emails, and held instead that a laptop is the same as closed containers such as purses and wallets.

    Zurich DETECTER Site Launched

    We've set up a few webpages related to the DETECTER project on the University of Zurich's website. The pages provide some information about Work Package 6, contact information for the researchers involved, and will provide a platform for any future publications that may come out in connection with the project. The "homepage" for the site is accessible here.

    Tuesday, September 1, 2009

    Update: Registered Traveler

    FederalComputerWeek reports that two members of the US House of Representatives have urged the TSA not to delete traveller information that is held in the TSA’s database for the Registered Traveler Program, the Central Information Management System (CIMS). The Representatives are concerned that the deletion of the data would hamper the continuation of the program.

    I discussed the Registered Traveler Program in a post concerning the CLEAR program last month. Verified Identity Pass, Inc., mentioned in the FederalComputerWeek article, is the parent company of CLEAR.