Friday, November 19, 2010

Increasing Controversy with Introduction of New Pat-Down Procedures for US Airline Travel

When the US deployed backscatter x-ray and millimeter wave scanners, travellers were given the choice to opt for a physical pat-down instead of going through the scanner. Now, the TSA has introduced new, more invasive pat-down procedures that involve exploring around breasts and genitals and between the buttocks (See for instance this particularly graphic account as well as this account reportedly from author Erin Chase). Some early reports speculated that the new measures were introduced in order to intimidate those who would otherwise choose the pat-down into deciding that maybe the scanners aren’t that bad. Jeffrey Goldberg of The Atlantic has stated that TSA personnel explicitly admitted that that was the reason behind the new policy. John Pistole, Administrator of the TSA, who was called before the US Senate Commerce Committee this week, suggested that the new procedures are in response to covert testing of the old pat-down method which indicated it wasn’t “thorough” enough.

Meanwhile, concerns about the health effects of the scanners continue. Four scientists affiliated with the University of California at San Francisco drafted an open letter last spring to President Obama’s Assistant for Science and Technology outlining their concerns with the backscatter scanners. They argue that official assessments of the health impact from backscatter radiation may underestimate the potential effects of the low-levels of dosage that the scanners emit since they are based on whole body exposure, whereas the scanners would concentrate all radiation in the skin. Additionally, they express concern that certain groups or individuals may be particularly vulnerable to the increased radiation exposure, and they decry the failure to publish key data that would permit independent assessment of the health risks. Both the Allied Pilots Association and the US Airline Pilots Association have advised their members not to go through the scanners. The US Airline Pilots Association further notes that experiences with the new “enhanced” pat-down procedures have involved “a wide range of possibilities … and the results can be devastating.” Others have more general objections to both the scanner/ pat-down procedures. Two commercial pilots have even filed a lawsuit against the Department of Homeland Security citing Fourth Amendment violations. A number of State legislators in New Jersey have objected to the current screening regime and have introduced resolutions calling on the TSA to reconsider its procedures. Additionally, one private individual is calling for a national “opt-out” day to stage a protest.

Wednesday, October 13, 2010

US Government seeks rehearing of Maynard decision

The US Attorney’s Office has submitted to the DC Circuit Court a petition for rehearing of the GPS issue from the recent Maynard decision. I discussed that case in a previous post. In the petition, the government argues that the court’s holding on GPS surveillance is inconsistent with both existing US Supreme Court and DC Circuit jurisprudence, “raises enormous practical problems for law enforcement” and “implicitly calls into question common and important practices such as sustained visual surveillance and photographic surveillance of public places.” A copy of the petition is available here courtesy of Wired’s Threat Level blog (See also this post there on the FBI's GPS surveillance of an Arab-American for unknown reasons).

Schneier on Web Surveillance

Security specialist Bruce Schneier has published an opinion piece on CNN. The article comes in response to reports that the Obama administration is seeking to secure law enforcement access to web-based communications data through the enactment of new legislation. See also this related post on the LegaLIFT blog.

Wednesday, September 15, 2010

News: Republican Dissidents using Spy Cameras on MI5 Base

From the Belfast Telegraph: There are reports today that Oglaigh na hEireann, the splinter dissident republican outfit, had established a sophisticated operation of four digital spy cameras in a forest overlooking the MI5 base at Palace Baracks in Northern Ireland. The cameras, which are likely to have been there for months, are reported to have been battery powered, equipped with memory sticks and to have successfully covered all angles of the base.

With recent increases in personnel, the barracks are the largest MI5 base outside London, employing more than 300 people.

It is feared ONH, which bombed Palace Barracks in April, has used the recordings to target soldiers and build profiles on spooks working at the new spy base.


Senior security sources in London tried to play down the cameras being found, saying only that trees were cleared and a new fence erected because of concerns the wooded area could conceal gunmen.

News of the World Phone Hacking Update

As police interview a former News of the World journalist who claimed Andy Coulson asked him to hack phones, the last week has seen the pressure increase on both the newspaper and David Cameron's Director of Communications. On Thursday the 9th of September House of Commons debate was the site of a series of robust attacks on press intrusion - for example see Tom Watson MP's forthright (but on the whole characteristic) contribution below:










The claim that MPs have so far refrained from coming down on press intrusion with too much vigour for fear of becoming victims themselves is replicated elsewhere, for example in a Guardian article reporting the claim of former Plaid Cymru MP Adam Price:

Price told Channel 4 News last night that four members of the committee had considered asking the serjeant at arms to issue a warrant forcing Brooks to attend. He said: "We could have used the nuclear option. We decided not to, I think to some extent because of what I was told at the time by a senior Conservative member of the committee, who I know was in direct contact with executives at News International, that if we went for her, called her back, subpoenaed her, they would go for us. [This] meant effectively that they would delve into our personal lives in order to punish them and I think that's part of the reason we didn't do it." Watson told Channel 4 News that News International had further interfered by asking Downing Street to persuade him to tone down his questioning. "A [former Labour] cabinet minister has confirmed to me this week that News International talked to my former colleagues in No 10 Downing Street to ask them whether I would withdraw my aggressive line of questioning … I felt very frightened and intimidated." Watson added that he was told that Brooks vowed to destroy him after he led the Labour coup that persuaded Tony Blair to resign. "A very senior News International journalist told me at the Labour party conference in 2006, in the early hours of the morning, that his editor would never forgive me for resigning as a minister in Tony Blair's government and that she would pursue me for the rest of my political career until I was destroyed."

Monday, September 6, 2010

News: Metropolitan Police to Look at new Evidence in News of the World Phone Tapping Case

From BBC News: The London Metropolitan Police have confirmed that they will look at new evidence which has come to light recently in relation to the News of the World phone hacking case in which stories were obtained by hacking the phones of the Royal Family, celebrities and politicians.

This announcement follows claims in the New York Times at the weekend that the practice of phone hacking at the newspaper was far more widespread than so far recognised. Furthermore the detail that the then editor Andy Coulson apparantly knew about, condoned and even requested phone hacking is likely to continue to be a focal point to the story due to his current role as a close advisor to David Cameron and Director of Communications - the News of the World continue to maintain that only one employee is ever known to have been hacking people's phones and that he did so without the knowledge of his employers. The NYT story presents a very different picture:

But interviews with more than a dozen former reporters and editors at News of the World present a different picture of the newsroom. They described a frantic, sometimes degrading atmosphere in which some reporters openly pursued hacking or other improper tactics to satisfy demanding editors. Andy Coulson, the top editor at the time, had imposed a hypercompetitive ethos, even by tabloid standards. One former reporter called it a “do whatever it takes” mentality. The reporter was one of two people who said Coulson was present during discussions about phone hacking. Coulson ultimately resigned but denied any knowledge of hacking.


News of the World was hardly alone in accessing messages to obtain salacious gossip. “It was an industrywide thing,” said Sharon Marshall, who witnessed hacking while working at News of the World and other tabloids. “Talk to any tabloid journalist in the United Kingdom, and they can tell you each phone company’s four-digit codes. Every hack on every newspaper knew this was done.”

Monday, August 16, 2010

DC Circuit Rules on Fourth Amendment and GPS

In an earlier post, I discussed the case of People v. Weaver which was argued before the New York Court of Appeals. Now, the Federal Circuit Court for the District of Columbia has decided on the issue of whether the long-term use of GPS surveillance must be supported by a warrant. Unlike in People v. Weaver, the DC Circuit decided the case on the basis of the Fourth Amendment of the US Constitution as opposed to an analogous guarantee under a State Constitution. The case, United States v. Maynard, No. 08-3030 (D.C. Cir. August 6, 2010), does have some similarities to People v. Weaver, but there are also some interesting and significant differences.

Maynard involved the use of a GPS device to monitor the movements of a suspect’s vehicle over the course of 28 days. Inevitably, as in Weaver, much of the discussion in Maynard centers around the Knotts case (460 U.S. 276 (1983)). Knotts was the Supreme Court case involving the “beeper” homing device and the drum of chloroform (See my earlier post for more details). In Maynard, however, the court seized upon specific language indicating a limitation on the scope of the Knotts holding. In this way, the DC court argued that the Knotts court had drawn a distinction between the limited type of surveillance at issue in that case versus “more comprehensive or sustained” surveillance as was at issue in the Maynard case (“Most important for the present case, the Court specifically reserved the question whether a warrant would be required in a case involving ‘twenty-four hour surveillance,’….” (p. 17)).

Thus, for the Maynard court, the issue in question in the case was whether prolonged GPS-tracking of a vehicle without a warrant violated the Fourth Amendment protection against unreasonable searches. As in Weaver, the DC court was particularly impressed by the amount of information that could be extracted from having the complete record of an individual’s movements over an extended period of time.

Since the case concerned the Fourth Amendment, the Court had to apply the so-called Katz test (after Katz v. United States, 389 U. S. 347 (1967)) to determine whether there was a violation. That involves application of the famous (or infamous) “reasonable expectation of privacy” standard. Under that standard, US Supreme Court jurisprudence has established that one cannot reasonably expect that aspects of life that are exposed to the public remain in or belong to the private sphere. Thus, the reasoning in Knotts was that the use of the homing device did not implicate the Fourth Amendment since “[a] person traveling in an automobile on public thoroughfares has no reasonable expectation of privacy in his movements from one place to another” (Knotts, at 281). Interestingly, the DC court held that the prolonged surveillance of a suspect’s vehicle with GPS does not concern movements that are “exposed to the public” in the same way as the journey of the drum of chloroform from its place of purchase to Knotts’ cabin. Here, the extent of information gathered was the distinguishing factor. Although each of the vehicle’s movements on public roads was undoubtedly in public view, the DC court maintained that the likelihood that anyone would track each of those movements week after week was “essentially nil” (p. 26). Thus, in essence, it may be unreasonable to expect that no one will observe the totality of a single trip made with one’s automobile on public roads, but it is not unreasonable to expect that no one person will observe the totality of every trip made with that automobile over the course of a month. That, at least, appears to be the court’s reasoning.

This line of thought makes this case particularly remarkable. The notion that the extent of information itself that is gathered about a criminal subject could hold significance for Fourth Amendment analysis has not been adopted by the Supreme Court; yet, many have questioned or criticized the shortcomings of the reasonable expectation of privacy standard, including the potential lack of differentiation with respect to the aggregation of “publicly exposed” information as opposed to individual bits. I’m not sure that any other federal court has introduced this notion – there at least don’t appear to be any other such cases concerning the use of GPS. In fact, the 7th and 9th Circuits tended to suggest the sort of result one would expect—i.e. that use of GPS generally wouldn’t constitute a Fourth Amendment search since it merely conveyed information that was exposed to public view (See United States v. Garcia, 474 F.3d 994 (7th Cir. 2007), United States v. Pineda-Moreno, 591 F.3d 1212 (9th Cir. 2010)). If the Supreme Court were to adopt Maynard’s line of reasoning, it would mean a significant change for the scope of Fourth Amendment protection, not to mention the future of law enforcement surveillance.

But how does Maynard differ from Weaver—apart from the fact that they dealt with different bodies of law? Weaver seemed to focus on the technology itself and the novel dangers it posed—as bemoaned by Judge Smith in his dissent. As a result, Weaver appears to hold that the use of GPS for surveillance will always require a warrant whatever the circumstances. The holding in Maynard is narrower. It doesn’t subject GPS in and of itself to the warrant requirement but rather only the “prolonged” use of it. Again, it’s essentially the body of information that is acquired that is the key issue. “Prolonged” use results in the collection of too much information—beyond what one would reasonably expect to be public. That means that more limited use of GPS without a warrant should be OK within DC (assuming there aren’t other bases for objecting on Fourth Amendment grounds—for instance on the basis that depositing the GPS device on the car constituted an impermissible seizure). Where exactly the line would lie between overintrusive surveillance and permissible surveillance remains to be seen. It’s significant to note that the court expressly reserved any determination as to whether prolonged visual surveillance would be subject to the warrant requirement. That fact might, in a way, leave some room for technology to have some significance after all. However, if it were ruled that no warrant was required for police officers to maintain visual surveillance of a suspect over the course of a month and record that suspect’s movements—effectively accumulating the same body of information that was at issue in Maynard—this would be a strange result.

Maynard is interesting for another reason. On pages 36 - 37, it refers to what in German is known as a right to “informational self-determination” (informationelle Selbstbestimmung). In English scholarship, this right is often referred to as “informational privacy” (See DETECTER Deliverable D17.1: van der Hilst, "Human Rights Risks of Selected Detection Technologies: Sample Uses by Governments of Selected Detection Technologies," p. 4 (citing Alan F. Westin, Privacy and Freedom (1967) and Arthur Miller, The Assault on Privacy (1971))). If a right to control information about oneself wins greater recognition in the US—beyond law pertaining to the Freedom of Information Act and (potentially) common law torts—this would also represent a significant development for privacy law in the US.

Wednesday, August 11, 2010

Update: US Marshalls Service Incident

I noted in a post on Monday that the US Marshalls Service had revealed that it had stored more than 35,000 images from a Brijot Gen2 scanner that was in use at a Florida courthouse. The Marshalls Service has issued a statement in response to that disclosure. That statement is available on the Brijot website here.

A reader of my earlier post "Focus on Full Body Scanners" pointed out in a comment that the Brijot scanners are passive wave scanners--i.e. they don't emit radiation--and as the statement from the Marshalls Service indicates, the images produced don't represent clear images of the naked body (the statement includes a link to the Brijot website with a couple of examples).

Evidently, however, the scanner also took photographic images of the individuals passing through, and I'm curious as to whether the photos were among the images that were stored.

I think I would be happier with these kind of scanners in airports than the active wave scanners. Some UK airports have also been taking photographs of travellers as they pass through the airport. As long as the photos aren't generally retained for too long, say 24 - 48 hours, that might also be acceptable.

Tuesday, August 10, 2010

European Union Agency for Fundamental Rights: Document on Body Scanners

The European Union Agency for Fundamental Rights published a Q&A document on the use of full body scanners last month.

It addresses the following questions:

1. Which fundamental rights are at risk of being affected by the use of body scanners?

2. Is the use of a body scanner to be considered as processing personal data?

3. How could the requirements on the design and selection of body scanners best respect rules on data protection?

4. How can body scanners be assessed from a rule of law perspective?

5. Are there specific considerations to be taken into account when selecting people to be screened?

6. Should the person to be screened be given the choice between a body scanner and other screening methods?

7. Which information should be given to persons before they choose to be screened by a body scanner?

8. How intrusive are body scanners if compared to other screening methods?

9. Is the detection capability of body scanners an added value regarding security?

10. Which conditions should apply in order to address the concerns related to fundamental rights?

Monday, August 9, 2010

News: US Marshalls Service stored more than 35,000 images from full body scanners

In a letter responding to a Freedom of Information Request from the Electronic Privacy Information Center, the US Marshalls Service indicated that it had a file of approximately 35,314 images from a Brijot Gen2 scanner that were created between 2 Feb. 2010 and 28 July 2010. In this instance, the machine was not being used for airport security but rather was installed at the security checkpoint of a Florida courthouse. Additionally, the letter indicated that there may have been other images stored by a scanner being tested at a federal courthouse in the District of Columbia. That machine was returned to the manufacturer once testing had been completed and “any images that may have been stored on that machine are therefore no longer under agency control.” No copies of images from that machine were stored by the agency, the letter states.

Wednesday, July 28, 2010

News: Body Scanner Developments

EPIC points out that DHS announced last week it plans to roll out full body scanners (now known as “Advanced Imaging Technology” in TSA-speak) to 28 additional airports. Meanwhile, EPIC has attempted to bring an action to suspend use of the scanners, and a bill has been introduced in the US Senate (S.3536) that would require deployment of the scanners at all US airports by 2013.

In Switzerland, the Zurich Airport began a pilot test involving a single body scanner on 8 June 2010. The test involved the “second generation” system which uses the gingerbread-man-like display rather than an actual scan image. The pilot test was completed on 14 July 2010, and the Airport states that the use of the system enjoyed a high acceptance rate among passengers. The results from the test are being assessed, and future tests may take place, but there are currently no plans to acquire any scanners, the Airport reports.

Wednesday, July 21, 2010

News: Washington Post launches New Series on "Top Secret America"

For those who haven't already read about it on the LIFT, the Washington Post began a new series of reports and features this week highlighting the ballooning national security and intelligence apparatus in the US since Sept. 11. The main page of the project is accessible here.

One figure that stuck out for me was the claim that "[a]n estimated 854,000 people, nearly 1.5 times as many people as live in Washington, D.C., hold top-secret security clearances." (Found in this article)

Also have a look at the gallery of anti-deception technology.

Friday, July 16, 2010

Swiss Intelligence Oversight Body Cites Problems with Database

Earlier this month, Swiss media announced that the oversight body for Swiss intelligence and national security activities, the “Geschäftsprüfungsdelegation” (GPDel), had produced a negative report on the state of the Federal Intelligence Service’s information system, the ISIS-NT. According to the report, the database held entries on 50,000 people in 2001 and grew to 60,000 entries in 2004 (p. 6). Since that time, however, the database has grown to contain primary entries on 120,000 individuals plus an additional 80,000 or so “third persons”. These third persons represent individuals who have some tie to the 120,000 individuals of primary concern or to some event recorded in the database.

The GPDel expressed concern about the overall quality of the data held in the database. Based on its inspection of various sample entries, the GPDel found instances where the individuals or incidents entered into the database were not serious enough to warrant inclusion as well as instances where data had expired but had not been deleted. The GPDel also opined that the database suffered from the systematic entry of incorrect data due to a flaw in internal entry guidelines. Additionally, it suspected that many of the 80,000 third person entries did not meet the legal requirements that warranted entry in the database.

According to an article in the Neue Zürcher Zeitung, only about 5% of the entries concern Swiss citizens and only 12.2% are Swiss residents. These facts have perhaps prompted the Federal Commission for Migration Issues to inquire whether the database has had any bearing on the issuance of resident permits, as reported by the NZZ (citing an interview on Swiss Radio DRS).

The report is available in French here and in German here.

Friday, July 9, 2010

News: US Official Claims SWIFT Data Used in Arrest of 3 al Qaeda Suspects in Norwegian Investigation

The EUobserver has run a story stating that Under-Secretary for Terrorism and Financial Intelligence Stuart Levey announced that SWIFT data were used to track down 3 suspects accused of planning a terrorist attack involving peroxide bombs. All three suspects were Norwegian residents and were arrested as part of a Norwegian investigation.

Thursday, July 8, 2010

EU Parliament Gives Green Light to EU-US SWIFT Agreement

The Neue Zürcher Zeitung has announced that the EU-Parliament has approved the new US-EU SWIFT agreement that would involve communication of European bank transfer data. According to the NZZ story, 484 parliamentarians voted in favor of allowing the treaty, 109 voted against. The agreement will have a term of 5 years by which time, the EU hopes to have developed its own monitoring system.

Thursday, July 1, 2010

Detecter Deliverable: Border Control and Internal Security in the European Union

Deliverable D14.1 was written by Audelina Ahumada as part of Work Package 05. You can read the whole thing here.


Executive summary

  1. Since the New York terrorist attacks in September 2001, border control is increasingly shaped by security considerations. This paper concentrates on the implications of this trend for the enjoyment of human rights protection by third-country nationals that seek to enter or have already gained access to European Union territory. The integration in the common border policy of threat assessments and risk analyses together with information gathering and sharing through the use of advanced technology has contributed to the perception that cross-border movements, and, in particular (potential)irregular immigration are closely related to serious criminality, including terrorism.
  2. In the development of a common border policy, the EU, together with its Member States, should ensure that control and surveillance over the external frontiers are implemented in full compliance with legally binding international and European human rights standards. This should include operations aimed at diverting “illegal immigration” when conducted beyond EU external borders and when carried out in cooperation with third countries.
  3. The legal mandate of the EU Border Control Agency, Frontex, should be clearly defined, in particular as regards the Agency’s competencies and corresponding responsibilities. Any coordination of or other involvement in border control operations by Frontex should be governed by clear guidelines which ensure respect for the principle of non-refoulement, including chain-refoulement, and the right to a fair and effective asylum procedure for any person claiming an international protection need.
  4. The integration of internal security aspects in EU border policy also affects the processing of personal data on third-country nationals. Such data are stored in centralised EU-operated databases and were originally collected for primarily immigration-related purposes. Promotion of access to sensitive personal immigration data, including fingerprints, by law enforcement authorities for purposes including the prevention of and fight against terrorism implies that non-EU citizens form a suspect category in itself. This raises serious questions concerning the legitimacy, including necessity and proportionality of the measure under data protection principles inherent in the right to privacy. It may, in addition, have serious implications for the principle of non-discrimination.
  5. Trends towards “interoperability” between EU-operated databases should be accompanied by the establishment of a comprehensive, specific and legally binding data protection framework with adequate safeguards to cover risks related to the large scale storage and use of personal data. The more authorities have access to sensitive personal information, the greater the risks of abuse, misuse, leaks and loss of data. This may have serious consequences, including with regard to the prohibition of torture and the principle of non-refoulement, if data on refugees and asylum-seekers reach authorities in their countries of origin.
  6. Applying systematically EU carrier sanctions regime on international carriers may obstruct refugees and asylum-seekers in seeking protection in the EU. Trends toward the extension of the carrier sanctions regime to include the transfer of passenger data to national authorities, including for counter-terrorism purposes, raise serious questions from the perspective of data protection principles. Refugee protection is further marginalilzed, while adding to the perception that cross-border movements are closely linked with criminality.

Wednesday, June 30, 2010

Comment: EDRI on the New SWIFT Deal

European Digital Rights has a comment on the new SWIFT access deal signed earlier this week. It maintains that this deal has "no significant improvements from the Agreement rejected by the European Parliament in February 2010":

Unfortunately, the new adopted text still allows for bulk data transfers. The Parliament would have liked to replace bulk data with targeted searches carried out by an EU-based authority but according to MEP Birgit Sippel, "We cannot reduce the problem of bulk data for the moment as we do not have the technical
capability."


The retention period is still 5 years and there is no real system in place from the US on a binding legal redress. The US Privacy Act court clauses only apply to US citizens and legal residents. Therefore there is currently no right of judicial review for foreign citizens and residents (including EU) under the US law.


Another key critique to the current text is the role of Europol that should authorize the data transfer requests from the US. Besides the fact that Europol is not a judicial authority, as requested by the European Parliament in May 2010 Resolution, the incentive from this agency to limit the amount of data being transferred is extremely reduced due to the fact that they can actually request data searches from the US.

Detecter Deliverable: Unilateral Exceptions to International Law

Deliverable D06.1 was written by Mathias Vermeulen and Martin Scheinin as part of Work Package 04. You can read the whole thing here.

Executive Summary

This paper on unilateral exceptions to human rights and international law in the fight against terrorism prepares the ground for two further deliverables under the DETECTER project, namely a policy-oriented paper summarizing the results and applying them in respect of EU law and policies, and a study specifically addressing detection technologies. It is well known that many governments have resorted to a wide range of constructions to justify, under international law, their unilateral exceptions to human rights in the name of countering terrorism. This paper seeks to take stock of a whole range of arguments, doctrines or constructions that states may resort to when seeking to justify their unilateral exceptions to human rights norms in the fight against terrorism. Many of those constructions have a valid legal basis and a proper scope of application. However, they also have their limitations, to the effect that often they affect only a specific treaty, or the availability of a procedure, but do not affect the substantive obligations of the state in question under international law. In many cases this results from the overlap of treaty law and customary norms of international law. Some of the constructions are open to abuse, i.e. bad faith efforts to distort international law to the detriment of human rights. Because of the complexity of the combined effect of the various excuses and exceptions, there is a need for a holistic approach that seeks to address the combined effect of the various constructions of unilateral exception.

Some of the main conclusions of the paper are highlighted in this executive summary. To start with:

  • None of the constructions discussed affects a state's obligations under peremptory norms of international law (jus cogens).
  • Outside that realm of peremptory norms, some of the constructions discussed have an impact upon both treaty law and customary international law, hence affecting the substantive human rights obligations of a state. This would be the case for the lex specialis effect of international humanitarian law during armed conflict but only when lex specialis is properly construed as an interpretive effect upon the scope or content of a particular human right.
  • Counter-terrorism measures may qualify as permissible limitations on human rights, again when properly construed. This conclusion calls for a rigorous test for permissible limitations, rather than an all-encompassing act of 'balancing'.
  • Most constructions discussed in this paper pertain merely to human rights treaties and do not affect the state's obligations under customary international law. As there is a high degree of substantive overlap between human rights treaties and customary norms of international law, resorting to these excuses therefore usually only has procedural consequences. It does not affect the substantive obligations of the state under international law, but precludes the competence of an international (or regional) human rights court or treaty body to address the breach of international law through its regular monitoring mechanisms.
  • The most relevant constructions of unilateral exceptions to human rights treaty obligations are the power of a state to declare a state of emergency and to derogate from some but not all of its human rights treaty obligations, reduction of the scope of a state's human rights obligations when it acts outside its own territory, the right to enter permissible reservations upon the signature or ratification of a treaty and, in some cases, withdrawal from a treaty.
  • There is some state practice of declaring a state of emergency because of acts of or a threat of terrorism. When applied under the fairly strict requirements for derogation enshrined in the treaties in question and when subject to international monitoring through the procedures available under the treaties in question, derogation is a permissible and even recommended mechanism for reacting to situations of a genuine threat to the life of the nation.
  • Although the European Court of Human Rights has in some cases implied that a state is not subject to exactly the same obligations when it is, through its agents, acting outside its own territory, caution is required when resorting to this excuse. Other human rights treaties and customary norms of human rights law may remain applicable, and even the position of the European Court of Human Rights appears to be shifting (or inconsistent).
  • Somewhat surprisingly, states have not resorted to reservations under human rights treaties with express reference to terrorism. However, a very small number of existing reservations, including in respect of the right to a fair trial, may have a bearing upon the treatment of terrorism suspects.
  • Some, primarily regional, human rights treaties would allow for a state's unilateral withdrawal from the treaty. In practice, the option of withdrawal has figured in the political discourse, for instance after a government has received a ruling by a regional human rights court but no state has actually resorted to withdrawal from human rights treaties as a response to terrorism.

Tuesday, June 29, 2010

Detecter Deliverable: Privacy, Secret Detention Centres and Overflights

Deliverable 16.1 was written by Geir Ulfstein as part of Work Package 08. You can read the whole thing here.

Executive Summary

  1. Article 17 of the International Covenant on Civil and Political Rights (ICCPR) establishes the right to privacy. The implementation of this right is monitored by the Human Rights Committee. The Committee has emphasized that interference in the right to privacy must be foreseeable; mechanisms should be established to prevent abuse of collected information and to ensure review, supervision and redress; and vulnerable groups should be protected. The Committee has, however, not established clear guidance about which substantive measures would be considered a violation of the right of privacy.
  2. News media and NGOs reported in 2005 about secret detention centres and overflights in Europe as part of US counter-terrorism strategy. Such activities gave rise to several human rights concerns. The Parliamentary Assembly of the Council of Europe initiated an inquiry into these matters. The Secretary General requested member states to provide relevant information. The European Commission for Democracy through Law (Venice Commission) prepared an opinion on the human rights aspects. Cooperation was also established with the European Parliament of the European Union. This cooperation uncovered suspicious patterns of military and civilian aircraft and indications of secret detention centres. They were also able to put political pressure on the respective international organs and on national governments. The Committee of Ministers of the Council of Europe, however, failed to follow up strongly, and the European Parliament deplored the lack of follow up by the Council of the European Union, and by member states.
  3. Several UN organs have been involved in the issues of secret detention and overflights, including the Human Rights Committee, the Committee Against Torture, the Special Rapporteur on the promotion and protection of human rights while countering terrorism, the Special Rapporteur on torture and other cruel, inhuman or degrading treatment or punishment, the Working Group on Arbitrary Detention and the Working Group on Enforced or Involuntary Disappearances. The UN organs have generally been more reactive than what was the case of the European Parliament and the Parliamentary Assembly. But all the bodies have, within their mandates, addressed these matters. They have helped to uncover certain facts, but have not been able to establish ‘hard facts’ about the relevant activities. These bodies have, however, the benefit of being able to have a more continuous focus on such cases. Furthermore, they have a global focus, and may thus engage in activities beyond the European context.

News: Germany Expresses Concern over Apple's iPhone users Database

From Privacy Digest: The German minister of justice, Sabine Leutheusser-Schnarrenberger, has spoken out over Apple's compilation of data on iPhone users, requesting the company to provide state data protection officials with details of what information on German iPhone users was being gathered, how long it was being stored, and for what purpose.

The case is being cited as further proof of Germany's tough line on privacy after previous tensions with Google Street View this year. However, a speedy resolution seems likely:

Stefan Köpsell, an instructor in data protection at the Technical University in Dresden, said that Apple could probably settle the controversy surrounding the iPhone 4 by having German users give their consent prior to the data being forwarded.

“I think there is probably a fundamental conflict between some Internet business models and German privacy law,” Mr. Köpsell said. “But in general, evidence shows that most Germans are willing to participate if there’s a benefit.” For example, 60 percent of households in Germany use a retail bonus card called Payback, owned by Loyalty Partner of Munich, which gives them points that can be used toward future purchases. By participating, consumers have given the company the right to collect and market data on their purchasing habits, as well as target them with advertising. “I would think the same would be possible for Apple,” Mr. Köpsell said.

News: New US/EU Agreement on Transfer of SWIFT Banking Data

From European Voice: A new agreement to grant US Counter-Terrorism authorities access to European banking transaction data held in the SWIFT database:

Final agreement on the new wording was reached on Friday (25 January). After the draft agreement had been initialled by Malmström on 10 June, MEPs had demanded
changes to the text concerning the bulk transfer of data, the creation of an EU counterpart to the US Terrorist Finance Tracking Programme (TFTP), and EU oversight of TFTP data-processing on US soil.
The three largest political groups in the Parliament – the centre-right EPP, centre-left PES and liberal ALDE – are now in favour of the agreement. In February, the Parliament, using new powers under the EU's Treaty of Lisbon, had rejected an interim agreement on SWIFT transfers.

Over at the Legalift Mathias Vermeulen has a discussion of some of the new restrictions build in to the new agreement, such as a ban on the use of this information for data mining, the possibility of administrative redress for EU citizens and the involvement of Europol in verifying and approving US requests for data.

In its coverage the Register points out that the European Data Protection Supervisor continues to question the need for mass transaction and long term storage of this data, and has additionally called for more oversight.

Thursday, May 27, 2010

News: Video Analytics to be Used by British Army to Spot 'Suspicious Activity'

From BBC News: Video analytics programmes are being developed at military research laboratories at Porton Down in Wiltshire. They are emphasising the use of the technology for tackling the use of improvised explosive devices. By automatically highlighting footage of unusual behaviour, such as going off road, captured by plane and helicopter mounted cameras, they hope to make the tracking of enemies more effective:

Andrew Seedhouse, from the Defence, Science and Technology Laboratory (DSTL), said: "Think of it as the ultimate CCTV system.

"An incident occurs, perhaps an IED goes off, and we can use this host of data to back track over time.

"Who was near the scene and where were they before the incident? What buildings or vehicles can we now associate with the incident?"

He said the research could help scientists to look for anomalies in behaviour and environment and alert appropriate forces before an incident occurred.


The video analytics are being combined with other methods for sophisticated modelling of the surveyed terrain, as you can see in the 'British Forces News' video below.

Also interesting is the same scientist Andrew Seedhouse's comment that the only way to tell insurgents from everybody else is "by what they do -so the whole experiment is about tracking people, finding what they're up to each day, who they're meeting, what they take with them, what they do, where they place things, and then hopefully we'll be able to track back through all that stuff and find out where they are now":

DETECTER: Survey of Counter-Terrorism Datamining and Related Programmes

D08.1 was written by Daniel Moeckli and James Thurman as part of Work Package 6. You can read the whole thing here.



Executive Summary




  1. The survey reflects a broad definition of data mining and also includes coverage of related programmes relating to data collection and database construction.
  2. In the West, collection activities have increased dramatically in the name of countering terrorism. In addition to data collection involving air passengers, this survey also describes general law enforcement collection activities as well as those specifically targeting terrorist activity.
  3. Air passenger information: in the United States, data mining in this area was proposed in order to identify terrorist suspects who might not otherwise raise suspicions. In the European Union, too, there seems to be interest in analyzing a passenger’s travel activities in order to identify suspicious patterns which might indicate criminal activity.
  4. Private companies and non-law enforcement databases: in the US there has been concern about the incorporation of data from these sources into general law enforcement data bases.
  5. Data analysis programmes that have been proposed and in some cases implemented for counter-terrorism purposes are also considered. These include not only data mining programmes but also a discernable trend of providing tools which guide users in their analysis and decision-making.

DETECTER: The Human Rights Risks of Selected Detection Technologies

DETECTER Deliverable 17.1 was written by Rozemarijn van der Hilst as part of Work Package 9. You can read the whole thing here:



Executive Summary

  1. Intelligence is a vital element in successful counter-terrorism. There is rapid development in detection technologies that aid in the gathering of information. However, there are concerns over the privacy intrusion these detection technologies cause.
  2. Privacy is important for individual well-being, as well as the proper functioning of a democratic society. The right to privacy is vested in different national, European and International laws, which prescribe that the right to privacy may only be limited by measures that have a sound legal basis and are necessary in a democratic society for the protection of national security.
  3. From the legal and moral framework around privacy it emerges that detection technologies used in counter-terrorism should take account of: legitimacy, proportionality, necessity, transparency, factors concerning the person targeted, the sensitivity of the data sought, the effectiveness, the possibility of function creep and the extent to which PET’s are implemented.
  4. Privacy concerns arise with the widespread and indiscriminate use of communication surveillance; the covert use of CCTV technology; the sensitivity of biometric data; and the ineffectiveness (and therefore disproportionateness) of data mining and analysis and decision support technologies.
  5. There are also risks inherent to the use of detection technologies in general. The use of detection technologies can have a ‘chilling effect’ and can be ineffective due to the huge amount of gathered data. However, positive effects of the use of detection technologies are the ability to detect and therefore prevent terrorist attacks and the deterrent effect they have.
  6. Detection technologies should be used, provided that their authorization is based on legislation that protects against abuse and presents fair consideration to the proportionality and necessity of the aim pursued. The ultimate assessment of the threat detection technologies pose to privacy depends on the actual usage of the technologies.

DETECTER: The Moral Risks of Preventive Policing in Counter-terrorism

I'm going to start listing details of publications of the DETECTER project here on the blog. D05.1 has been written by Tom Sorell as part of Work Package 3. You can read the whole thing here.

Executive Summary

1. Preventive policing is any action carried out by police with the intention of identifying and preventing a specific crime or a type of crime. Preventive policing can include “special investigation techniques”, including secret surveillance. These carry obvious moral risks.

2. Recommendaton Rec (2005) 10 of the Committee of Ministers of the Council of Europe outlines possible restrictions on the use of special investigation techniques. It suggests that the least intrusive special investigation measures should be used, if at all, only when the prevention or prosecution of serious crime requires it, and not in a way that conflicts with the right of anyone arrested to a fair trial. The principles reflect legal privacy protections under European Convention on Human Rights, Article 8, and Convention 108.

3. Liberal theory supports the approach of Rec (2005) 10. It permits the use of special investigative techniques in preventive policing if the crime that these techniques are intended to prevent is very serious, e.g. a terrorist attack. In particular, liberal theory permits the use of secret surveillance, if the choice of targets for the surveillance is evidence-based.

4. The form of liberal theory that best reconciles the demands of privacy and counterterrorism with those of liberty is a modified Kantian theory, which is less utopian in its assumptions about human beings than a Lockean theory, but which excludes the total concentration of power, as in a Hobbesian theory.

5. Liberal theory condemns terrorist acts not just because of the injury and death they cause, but because of the contempt for impartiality that terrorist groups display. Impartiality is central to the liberal design of government institutions.

6. Privacy in Kantian theory is primarily the scope agents have for deliberating and choosing life plans free from other people’s interference. In liberal theory generally, privacy is also the scope people have for forming intimate relationships without scrutiny and adopting harmless life plans (harmless means of pursuing happiness) without being subject to outside criticism.

7. Kantian theory does not justify restrictions on thought or expression of thought about terrorism or in favour of terrorism, but it does justify restrictions on actions that contribute to terrorist acts.

8. Expression of thought about terrorism, even expression of thought sympathetic to
terrorism, should not be criminalized from the point of view of liberal theory. This counts against e.g. the “glorification” of terrorism provisions in the UK Terrorism Act (2006).

9. Kantian theory implies that preventive policing can fairly employ “profiling” techniques for identifying suspects in counter-terrorism, so long as these are evidence-based.

10. “Profiling techniques” cannot justifiably be used alongside detention and trial procedures that are revised ad hoc for counter-terrorism purposes.

Thursday, May 20, 2010

News: Negotiations Reopen on US Access to SWIFT Bank Data

From the Lift: The EU and US have begun talks on a new agreement to enable transfers of European bank transfer information held on the SWIFT database to US authorities. Talks are taking place between the European Commission and United States Treasury and it is hoped an agreement can be reached by the end of June:

A Commission source told Euractiv.Com that “in the coming months little will be known about the substance of the actual negotiations”

The agreement will be concluded only after the adoption by the member states of the EU at qualified majority voting and the approval of the European Parliament. The Parliament introduced two weeks ago theconditions on the content of a future agreement, including for bulk transfers of personal data to the USA to be avoided, if necessary by processing them within the EU, and for Europe’s citizens to be guaranteed the right of appeal to the US authorities.

Wednesday, May 19, 2010

News: More European Anger at Google Invasions of Privacy

From Privacy Digest: Google have admitted gathering private data on internet use in the course of the taking photographs for the Google Street View programme.

Google acknowledged on Friday that it had collected snippets of private data around the world. In a blog post on its Web site, the company said information had been recorded as it was sent over unencrypted residential wireless networks as Google’s Street View cars with mounted recording equipment passed by.

The data collection, which Google said was inadvertent and the result of a programming error, took place in all the countries where Street View has been catalogued, including the United States and parts of Europe. Google apologized and said it had not used the information, which it plans to delete in conjunction with regulators.

The Register reports that both Germany prosecutors and the Czech Republic data protection agency have launched investigations:

In effect, Mountain View may have hoovered up emails and other private information if the Google cars travelled over Wi-Fi networks while one of its vehicles was in range. The firm had previously claimed that no payload data was ever intercepted.

Hamburg prosecutors said they had received a complaint against unnamed Google workers over the “unauthorised interception of data”, and confirmed that an investigation - that could take about a fortnight to determine if the allegations warrant a full-blown probe - was underway.

Comment: John Rentoul Attacks Chakrabarti's 'Shameless' Endorsement of Surveillance

Regular Independent columnist John Rentoul blogs about Liberty director Shami Chakrabarti’s appearance on last night’s Newsnight programme. He writes under the headline ‘Shameless: I Want a Surveillance Society’ - he likes to call her ‘Shameless Chakrabarti’ you see, which I presume is an attempt to imply she’s a hypocrite: ‘Oh so now you’re in favour of surveillance’ this line goes – ‘I thought you civil liberties people were against it’. This is already puzzling, as Liberty have consistently defended the principle that the security services ought to be able to use targeted surveillance against people about whom there is specific evidence to imply involvement in serious crime, though they campaign vigorously against arbitrary and unjustified use of surveillance. Rentoul’s attack focuses on her continued criticism of control orders:


What would she do instead of control orders, she was asked by Alex Carlile, the Liberal Democrat peer and independent reviewer of anti-terrorist law. After trying to hide behind trying them in court - what if there is not enough evidence for a conviction yet enough to warrant concern? - and the use of intercept evidence - not relevant in this case - she was eventually embarrassed into mumbling an answer: "Put them under surveillance."

Presumably she wants more CCTV, especially around the homes of terrorist suspects, and monitoring of their telephones and internet use.

Surveillance would either be prohibitively expensive, or intensely intrusive (thereby reinventing control orders in another form), or ineffective. Several suspects subject to control orders have already legged it to who knows where; any weakening of the controls would make it easier for them to abscond.


Given how small the numbers of people are who have been put under control orders (about 12 as of February this year) I think his argument about cost is of marginal importance, even if his assessment of the relative expense is accurate.

It also seems highly disputable that even intrusive surveillance would ‘reinvent’ control orders in another form – control orders primarily involve restrictions on people’s freedom, by imposing restrictions on who suspects can and can’t associate with, or imposing curfews and various degrees of house arrest, rather than intrusions into their privacy (though certainly the practice of 'tagging' is invasive). Now you could maybe argue that the additional invasions of privacy would always be worse than the restrictions of freedom. That would be a interesting position to take, and might even be coherent (though I suspect most would find it unpersuasive). But Rentoul’s not coming out and saying that. Instead he seems to want to have it both ways: control orders aren’t effective enough as they are, anything weaker will let the bad guys get away, but using surveillance beyond what is in place now will be just as bad. He’s painting Liberty as an organisation that is indifferent to the needs of effective policing and intelligence gathering. On the contrary their criticism of the use of control orders specifically takes aim at the claims of efficacy - take their earlier response to Lord Carlile’s previous announcement that there was no alternative to the control order regime or for that matter Shami Chakrabarti's piece in today's Times:


These orders were dreamt up by officials in 2005 and allow terror suspects to be placed under house arrest for ever without any semblance of criminal charge or trial. Apart from being profoundly unfair and un-British (the term “control order” comes from apartheid South Africa), this scheme is profoundly unsafe. A number of its targets have disappeared, and one former “controlee” had a habit of turning up, complete with plastic tag, at large public meetings attended by members of the present and past Cabinets.


And, as I said, they've consistently defended the use of targetted surveillance when the evidence supports it:


We take no issue with the use of intrusive surveillance powers per se. While intrusive surveillance will always engage Article 8 of the Human Rights Act 1998 (HRA)1 (right to privacy) such intrusion can be justified if it falls within the legitimate purposes set out under Article 8 (e.g. if done to prevent crime and threats to national security) and if it can be shown to be necessary and proportionate in all the circumstances.

What's shameless about that?


News: Internet Browsers' Record of Your Web Habits Available to Other Websites

From the Sydney Morning Herald: The Electronic Freedom Foundation have been researching how easy it is to access information about a user’s internet activity. Commonly it is thought that disabling ‘cookies’ is enough to prevent one’s web browser collecting information on what websites are being visited. The EFF’s research implies that even with this safeguard the browser leaves ‘a virtual fingerprint’ which nearly uniquely identifies the user and enables websites to access information on the users browsing habits:

To conduct the research, the website anonymously logged information that most websites would normally access when users visit, the EFF said.

After comparing a database collected from almost a million visitors, the EFF discovered that 84 per cent of the configuration combinations were unique and identifiable, and where browsers had Adobe Flash or Java plug-ins installed they were 94 per cent identifiable.

"Browser fingerprinting is a powerful technique, and fingerprints must be considered alongside cookies and IP addresses when we discuss web privacy and user trackability,"

Monday, May 3, 2010

Israeli Security Expert Decries Body Scanners Before Canadian Parliament

The Vancouver Sun has reported that an Israeli security expert who assisted in the design of the security system at Tel Aviv's Ben Gurion International Airport suggested in parliamentary hearings that the deployment of body scanners is a “useless” waste of money.

“I don't know why everybody is running to buy these expensive and useless machines. I can overcome the body scanners with enough explosives to bring down a Boeing 747,” he is quoted as saying, “That's why we haven't put them in our airport.”

According to the story, a Canadian transport minister has defended the installation of body scanners at Canadian airports. Political scientist Mark Salter also reportedly testified that he viewed body scanners as a “genuine leap forward” in airline security. (Hat tip to unwatched.org)

Monday, April 19, 2010

Study: Privacy Not Dead to the Younger Generation

From Yahoo News: A new study coming out of Berkeley and the University of Pennsylvania suggests young people do not care significantly less about privacy than the older generation. Amongst the findings:

• Eighty-eight percent of people of all ages said they have refused to give out information to a business because they thought it was too personal or unnecessary. Among young adults, 82 percent have refused, compared with 85 percent of those over 65.

• Most people — 86 percent — believe that anyone who posts a photo or video of them on the Internet should get their permission first, even if that photo was taken in public. Among young adults 18 to 24, 84 percent agreed — not far from the 90 percent among those 45 to 54.

• Forty percent of adults ages 18 to 24 believe executives should face jail time if their company uses someone's personal information illegally — the same as the response among those 35 to 44 years old.

The sample is big: about 1,000 people, though smaller than the 27,000 the Eurobarometer surveys use (which also record some interesting results on attitudes to privacy). It's interesting to see empirical research on an issue people are all too often happy to accept quite crude generalisations as obvious truths.

I'd also be interested to see work on whether there has been a change in people's attitudes over the last 5-10 years. I have a hunch many young people who didn't care about privacy when they first started using the Internet and social networking sites have become far more conscious of privacy issues as they have become more prominent topics of controversy online and in the wider media.

Friday, April 16, 2010

Data Mining on Facebook?

The Guardian has run a story on Facebook against the backdrop of the Ceop “panic button” proposal which reveals that the social networking site conducts algorithm-driven monitoring that “track[s] the behaviour of its users and flag[s] up suspicious activity.” OK, that sounds like data mining, but why is this story of relevance to counter-terrorism? Interestingly, the article states that "Facebook's international law enforcement is lead by Max Kelly, a former FBI agent who worked on cyber-crime and counter-terrorism before moving to Facebook five years ago." The article also discusses how Facebook interacts with law enforcement in the US and UK. It suggests that UK officials still feel Facebook doesn’t do enough to assist them and the UK public to protect the safety of children.

Friday, March 26, 2010

News: Airport Worker Disciplined for Abuse of Full Body Scanner

From the Guardian: police gave a warning for harassment against a 25 year old man for taking a photo of a female co-worker as she inadvertantly walked through a full body scanner. Tabloid newspaper the Sun reports that he 'ogled her' and made 'lewd' comments.

BAA said: "We treat any allegations of inappropriate behaviour or misuse of security equipment very seriously and these claims are being investigated thoroughly," a BAA spokesman said. "If found to be substantiated we will take appropriate action."

Wednesday, March 17, 2010

News: US Government Accountability Office on the Cost of Full Body Scanners

Via Privacy.org: The Government Accountability Office , the audit, evaluation and investigative arm of the US Congress, has estimated that rolling out full body scanners worldwide will cost the American taxpayer about $3,000,000,000:

The audit agency said TSA estimates each unit costs about $170,000, meaning it would cost about $300 million to buy 1,800 units, enough to cover about 60 percent of screening checkpoint lanes at the highest-priority commercial airports. Each scanner requires three people to operate. Based on the administration's request for $219 million to hire 3,550 TSA staffers next year alone, GAO estimates it will cost $2.4 billion overall to staff the machines over eight years.

They also have raised the issue of effectiveness, noting in particular that the operation of such machines on the 25 of December would not have stopped Umar Farouk Abdulmutallab. The House Homeland Security Committee is due to have a hearing on the proposed use of the machines this afternoon.

Detecter partner Mathias Vermeulen has a piece summarising the growing opposition to full body scanners over at the Lift.

Tuesday, March 16, 2010

DETECTER on BBC Midlands Today

News: More Details on ID Card Databases - Ministers Seeking Advice from Industry on Security

The Register is reporting this morning that the Identity minister has announced that UK ID Card scheme is to have 3 different databases: "There is the one that holds the fingerprints and facial image, the biometric data, and then the other information which is broadly what is on your passport already and the third bit is the one that links the two,"

The announcement was made at a meeting organised by the Social Market Foundation. Meg Hillier, the minister, also revealed that her department is still researching how best to to make remote use of ID Cards work.

An example of an ID card reader, visually like a larger version of a card reader used by retailers, was available at the conference. Hillier said that the government "needed to do more work on this" and was keen to hear the views of industry about how this will work, particularly about security.

Monday, March 15, 2010

Comment: The Case for a Universal, DNA Database

There's an interesting Op-Ed piece on the NYTimes.com site today responding to Obama's apparent endorsement of a national DNA database to include profiles of everyone arrested, whether found guilty or not. The author, Michael Seringhaus, make the case for that the national DNA database ought to hold profiles on everybody not just those who are arrested.

He argues that at present, DNA databases are 'fraught' with problems of discrimination, the disproportionate bias towards racial minorities already having prompted one commentator to dub it 'Jim Crow's database'. This is exacerbated by the use of profiling methods and 'familial DNA search' - searching among the relatives of partial DNA matches as potential suspects when full matches cannot be found.

Instead, he recommends the far more just solution of placing everybody's DNA profile on the database:

Your sensitive genetic information would be safe. A DNA profile distills a person’s complex genomic information down to a set of 26 numerical values, each characterizing the length of a certain repeated sequence of “junk” DNA that differs from person to person. Although these genetic differences are biologically meaningless — they don’t correlate with any observable characteristics — tabulating the number of repeats creates a unique identifier, a DNA “fingerprint.”


The genetic privacy risk from such profiling is virtually nil, because these records include none of the health and biological data present in one’s genome as a whole. Aside from the ability in some cases to determine whether two individuals are closely related, DNA profiles have nothing sensitive to disclose.



He thinks this would be relatively easy to administer, requiring only the introduction of a mandatory sample taking either at birth, or as prerequisites to a drivers licence or social security card. Samples taken at this point would be used only to produce one of these 26 numbered profiles, after which they would be destroyed. I think there may still be objections to make here, however, that derive simply from the administrative scale of the proposal. It seems plausible to me to worry about DNA samples being taken for the purposes of creating a profile being destroyed in a timely fashion and being kept securely in the interim. I can well believe that the process would be secure and efficient much of the time, for much of the country, but if the proposal is to take samples from every single citizen I suspect its inevitable that there will be some malfunction of the sort that has become all too familiar - the information is placed on a CD or laptop that is left on a train, or some disgruntled employee decides to start selling the information on.

One part of his argument I find even more interesting is what he has to say about how this would change people's attitudes to the security and integrity of such a database:

Since every American would have a stake in keeping the data private and ensuring that only the limited content vital to law enforcement was recorded, there would be far less likelihood of government misuse than in the case of a more selective database.

I'm sympathetic to this line of thought, but I'm not wholly convinced that it would change people's priorities as much as Seringhaus thinks: 'everybody' has been quite vulnerable to clumsy losing of private government held data on previous occasions without it turning into an enormous issue. Furthermore, malfunctions in the security of such a system might easily be localised to particular areas or sectors of the community. For example, suppose that the function of generating profiles becomes the responsibility of those issuing driving licenses or birth certificates and that these are matters for local authorities. Some will fulfil this function much better than others and thus, the security of the DNA may be much lower in areas where these local authorities perform poorly. In such a case a majority could remain unconcerned about the risk the policy poses to a minority.

Friday, February 12, 2010

Millimetre Wave Scanners and Mastectomies

There's an interesting discussion piece on politicsdaily.com by a woman who whose breast surgery confused TSA officials following a 'full body scan' prompting further examination.

She is not upset about her experience, concluding simply that 'the takeaway here is, if you have fake body parts, you should be prepared to explain them to the full-body screening folks at the TSA.' However, a number of comments left underneath her article report terrible experiences of insensitive, and wholly avoidable treatment. A selection:

"Wow, I thought I was the only one. TSA in Tampa held me on display for about 20 minutes while they tried to figure out was was on my chest. I was put through the full body scanner also sans shoes. After I was finished, I was told "DO NOT MOVE!" "Ok, but can I please have my sandals, they have already been scanned?" 'DO NOT MOVE." I suppose they were busy, scanning another woman's BARE FEET." Ok, they were having communication problems with the guys in the little room. I figured they were laughing so hard at the scan they could not respond. I am a 66 year old grandmother, the scan had to be really exciting. After 20 minutes the "gentleman" returned and announced to all who were within a 100 foot radius, "There is something on her left breast." They must be fixated on left breasts. At that point I realized they were talking about my breast prothesis. I am a breast cancer survivor. I explained this and was told "DO NOT MOVE!" At this time, the TSA moron told another that she would have to pat me down. No, would you please step into a private area, just pat her down. I offer to whip it out. He was not happy with that idea. I understand security, but please, a little consideration. Would they stop a man with a penal implant? Doubtful. After all, this was a bomb of a boob."

"Okay, I have to comment. I had the same problem. When they did a biopsy to diagnose my breast cancer, they inserted a few metal clips to mark the place of the tumor. Because I went out of state for my mastectomy and reconstruction, I had to fly. And I had the same thing happen. Stopped at security for setting off a metal detector (this was before the full body scans) and then "searched" with the wand right there in the airport, in front of everyone...and she kept waving it over my left breast (yeah - my left, too) and saying, "It's something here." I kept telling them it was probably the surgical clip. I finally had to take out my mammograms (I'd brought the films for my surgeon, and thankfully, they were in my carry-on) and show them it was just a clip. It helped that my neighbor, who works for TSA, showed up about then and told them he knew me."



Thursday, February 11, 2010

News: European Parliament Says No to US Bank Access

From BBC News: By 378-196 with 31 abstentions, the European Parliament has voted down the agreement to continue allowing the United States' counter-terrorism authorities access to the SWIFT database of European banking transactions, citing concerns at the 'inadequate privacy safeguards'. The deal, agreed by EU governments, would have granted US access for another nine months and follows intensive lobbying on the part of the American government:

Last week the Greens' home affairs expert, Jan Philipp Albrecht MEP, said that in backing the new deal the European Commission and EU governments had "not respected the fundamental criticism about the lack of sufficient protections with regard to privacy and the rule of law".

The leader of the Socialist group, Martin Schulz MEP, said: "We want a new and better deal with proper safeguards for people's privacy."

Monday, February 8, 2010

Comment: Gambetta on In Flight Terror

Diego Gambetta, well known for his social scientific studies of the Mafia and organised crime, has an interesting article in the Guardian about why terrorists continue to target aeroplanes when other, less well protected targets might seem more attractive.

Admitting the necessarily speculative nature of the endevour, he discusses purely practical issues: the fact that only a small amount of explosive, for example is needed to cause the intended chaos and the fact that flights, as they involve both an origin and a destination, raise questions and fears in two countries at once. He goes on to make a vivid case for the symbolic value of successfully hitting 'the enemy' in exactly the spot where most effort and resources have been expended in the name of security:


My hunch is that a reason to target air travel is precisely because it is the area in which the west has concentrated its maximum overt security efforts after 9/11. Piercing the thick barriers of checks all passengers have to go through to board a plane is in itself a success. It amounts to defying the toughest challenge, freshening up memories of 9/11, showing that even a puny David, farcically armed with just a pair of explosive underpants, can hit Goliath right where he feels strongest.

Umar Farouk Abdulmutallab failed to kill, but succeeded in making the west quake in its boots, engendering a hysterical worldwide security response, shaming the US security services, and inducing Obama to resurrect the dismal and counter-productive rhetoric of "we are at war against al-Qaida", which one hoped had departed with Bush. Had Abdulmutallab succeeded in killing, the global havoc caused would not have been that much greater. He could never have achieved that by aiming at softer targets.


I think there is always a danger in trying to infer to much about the intentions of actors from the effects of their actions, particularly in the case of violence. I do, however, think its interesting to reflect on governments' (and societies') reactions to terrorism and the calculus of risk - while countries targetted by terrorists have a necessarily limited ability to stop terrorism from happening its at least plausible to think they have more control over how they choose to respond to such events.

Friday, February 5, 2010

U.S. Mobile Phone Provider Received Some 8 Million Requests for Geo-Locational Data

Chris Soghoian has an interesting blog post from December. While attending the ISS World conference (Intelligence Support Systems for Lawful Interception, Criminal Investigations and Intelligence Gathering), Chris heard some surprising things. Counsel for the US telecom company Sprint Nextel indicated in a presentation that, within the space of a year, the company had received some 8 million requests from law enforcement for geo-locational data associated with mobile phones on the company’s network. In the comments on the post, one person conjectures that those don’t represent requests on 8 million distinct individuals, and that supposition is corroborated by another Sprint representative. This makes sense since typically police will want to know a single suspect’s location at various times throughout the course of an investigation. They may even want to check location continuously at regular intervals, say, every 1-2 minutes, in order to essentially track the suspect’s every move. Given the price lists associated with obtaining this information from telecoms (see Chris' post), a question for economists is whether that kind of electronic tracking is more cost effective than simply assigning a police officer to tail the suspect. The answer may depend on the particular level of crime incidence within the police force’s jurisdiction. Where crime incidence is higher, it may be more “economical” to assign officers to walk the beat and be available for incident response as opposed to conducting surveillance. It’s also unclear whether the +/- 8 million requests include emergency calls, where the location of the caller is revealed in the event that he or she is unable to give locational details verbally. But another interesting revelation related to the 8 million or so requests concerns how those requests were made and processed: evidently, Sprint has set up a special network interface to allow police agencies to submit geo-locational queries via computer.

Wednesday, February 3, 2010

News: European Parliament due to Decide on SWIFT Soon

From the Financial Times: We have reported on the issue of US access to the SWIFT banking transactions database before. The agreement provisionally came into force on February the 1st, but is subject to confirmation by a European Parliament vote in the plenary session of 8th-11th of February next week. The FT reports that the Parliament, long concerned at the privacy implications of US access, is likely to vote down the agreement in the face of strong objections from the US:


Adam Szubin, director of the Office of Foreign Assets control at the Treasury, said the intelligence programme processing the Swift data "provides perhaps the most important source on terrorism financing".


The European parliament looks set to block an interim agreement negotiated by the European Commission and representatives of the member states. "It's very unlikely to go in favour of the Swift agreement," one diplomat said.


Monday, February 1, 2010

News: 'Climate Change Emails a Foreign Intelligence Hack'

The lead story on the Independent today: Former chief scientific advisor to the Blair government David King says that the climate change emails leak bears all the hallmarks of a foreign intelligence agency operation:


Quite simply, it's the sophistication of the operation. I know there's a possibility that they had a very good hacker working for these people, but it was an extraordinarily sophisticated operation. There are several bodies of people who could do this sort of work. These are national intelligence agencies and it seems to me that it was the work of such a group of people," he said.

More than 1,000 emails, and some 2,000 documents, were stolen from a university back-up server where remote access is difficult. This represents a small fraction of the total number of emails for the period from 1996 to 2009, suggesting they had been selected for the most incriminating phrases relating to possible scientific misconduct and breaches of the Freedom of Information Act. The leak of the emails in the weeks running up to the climate change conference in Copenhagen appeared to be carefully timed to destabilise the meeting.



He does not draw concrete conclusions about who might be responsible, but responding to the fact that the emails appeared on a Russian company's server he speculates:


"If it was a job done on behalf of a government, then I suppose there is the possibility that it could be the Russian intelligence agency," he said.


"If it was a maverick group then I suppose it could be the Americans, but I am hazarding a guess as much as anyone else. The only thing is, I've worked within government and I've seen this in operation," Sir David added. "It was a sophisticated and expensive operation. In terms of the expense, there is the American lobby system which is a very likely source of finance. Right now, the American lobbyists are a very likely source of finance for this, so the finger must point to them," he said.