Surveillance

Police increasingly use Oyster card data

Monday, 13 March 2006, 12:29

Oh dear… All of my pet subjects come together in one story: The Freedom of Information Act, Radio Frequency Identification technology and the theory of the “surviellant assemblage”.

Journalists at the BBC have used the Freedom of Information Act to discover that police are increasingly using data collected using London Underground’s Oyster cards in their investigations.

The RFID-based smartcard tickets have a unique identifier and can be used to track users’ movements. This is very useful for transport management, but also very useful for police investigations. Police have requested data collected by the cards 61 times in January alone, compared with just seven requests in all of 2004.

Comments

ID Cards: ‘Secrecy for secrecy’s sake’

Tuesday, 6 December 2005, 17:55

ComputerWeekly’s paper on the implications of ID Cards, produced for the Commons Public Administration Comittee, is avaoialble online.

They are not particularly enthusiastic — particularly because the Government has so far been reluctant to publish a business case or audited assessments of the benefits.

“So far the ID card scheme has been characterised by a lack of openness, honesty and transparency,” the report says.

Secrecy — and the consequent lack of public and parliamentary scrutiny that could prevent potentially major risks ” has been a major problem in large government IT projects, the trade magazine says.

There’s one particularly despicable anecdote:

There is even some evidence of secrecy for secrecy’s sake. In May, at the government IT summit attended by the deputy information commissioner Francis Aldhouse and other notables, a civil servant went unchallenged when he told the invited audience that he and his colleagues derived pleasure from withholding information from MPs. The disclosure came during a panel discussion about ID cards and identity management. The civil servant made it clear that MPs and others will not find it easy to discover how government IT projects are progressing.

“You may think that posing the question is the easy part. It is not,” he said.

“Before the Freedom of Information Act most information was got out of government departments through parliamentary questions. As a civil servant of many years our greatest joy in a day was getting a PQ [parliamentary question] and answering exactly as it was asked, which is a way of answering the question without giving any information.”

This brought a ripple of knowing murmurs in the audience. He continued, “Collectively we have centuries of experience of doing thisÉ I actually do know this has gone on in my organisation: when we are looking at Freedom of Information enquiries we are looking at the way the enquirer is asking a question and we are seeking a way to answer that question exactly as asked and thereby withhold information.”

The contemporary Sir Humphrey seems to lives in some Whitehall IT department.

Comments

Privacy advocates embrace Revelations rhetoric

Wednesday, 20 July 2005, 22:33

Secular privacy advocates in the United States are trying to reach out to conservative Christian groups, Wired reports.

A bridge-builder in that effort seems to be Katherine Albrecht, the veteran opponant of supermarket loyalty cards and Radio-Frequency Indentification (RFID) tags:

…one aspect of Albrecht’s anti-RFID crusade has been attracting a lot of attention from other privacy groups: her religious beliefs.

Albrecht does not often discuss her religious views with reporters. But she believes that RFID technology may be part of the fulfillment of the Mark of the Beast prophesied in the Book of Revelation.

…

Bill Scannell, a privacy advocate, and Lee Tien, senior staff attorney at the Electronic Frontier Foundation, are among those who have talked to Albrecht about reaching out to Christians who take parts of the Bible literally.

“Many of us in the mainstream privacy community,” said Tien, “don’t know how to reach out to (the Christian community).”

…

With a Bible-thumper in the White House, and the popular success of the Left Behind series of Christian-themed novels, American culture may be ready to hear Albrechtrsquo;s message that RFID tags, such as the rather bizarre VeriChip implant, may become the must-have gadget for any servant of Satan.

Perhaps. But the political efficacy of this unusual alliance may be limited. That “Bible-thumper” also has friends in the RFID industry. Tommy Thompson, President Bush’s former Health and Human Services Secretary, just joined the board of the company that makes VeriChip, and plans to have one implanted under his skin.

Update: More significantly, perhaps, former Homeland Security secretary Tom Ridge has also joined the board of an RFID firm.

Hat tip to SpyBlog, who comments in an e-mail:

Obviously the forthcoming massive RFID chip and reader contract for the new US Biometric Passport, to be awarded by the Department of Homeland Security, must be just a coincidence

Comments

Matrix database system still in use

Tuesday, 19 July 2005, 09:44

Remember the Matrix database?

Matrix, the Multistate Anti-Terrorism Information Exchange, is a criminal intelligence database developed for a number of state governments’ law enforcement agencies in the United States. When it first became known last year, it was reported that database included a worrying feature: a statistical indicator of the likelyhood of an individual being a terrorist.

Even though the U.S. federal Government has cut funding for Matrix and the pilot project was discontinued, the Associated Press now reports that similar projects are still going ahead. Florida, Ohio, Connecticut and Pennsylvania are still using the software.

The law enforcement officials who are in favour say it’s just a search engine:

…law officers bent on keeping the Matrix alive say the information already is out there anyway for companies to use for less noble purposes. Law enforcement always has used such information; it just never had a big computer search tool to quickly find links between people and places.

“The media uses that data; attorneys use it; banks use it,” said Mark Zadra, the Florida Department of Law Enforcement agent in charge of the system. “We’ve been using online data like that for 10 to 15 years. What this does is link those. … What took law enforcement so long to use technology and get into the 21st century?”

Created by Florida law enforcement officials working with a one-time drug-running pilot-turned-millionaire computer whiz named Hank Asher, it was conceived as a way for states to combine data they have on people — driving records and criminal histories, for example — with similar records from other states.

In one of the classic characteristics of what is sometimes called the “surveillant assemblage” of many Little Brothers, the system combines data from once-discrete sources, some public, some private:

The company that Asher founded but no longer works for, Seisint, also added to Matrix information gathered in the private sector, including some of what credit card companies collect, such as names, addresses and Social Security numbers — though actual credit histories were not included.

However the politics of this particular project pan out, I have little doubt that this is the direction we’re heading. What Google has done for the Internet, other people with problems to solve will do for proprietary databases and sensitive public records about individuals.

Comments

Pentagon compiling database of high school students

Tuesday, 5 July 2005, 20:59

The Pentagon is creating a database of all 16-to-18-year-old high school students in the United States in an effort to improve dwindling recruitment efforts.

Update: The Associated Press has a story about parents who are resisting the Pentagon’s efforts, which also includes a quote from a military spokesperson saying that the new database is merely a consolidation of recruitment information-gathering that the different branches of the military used to do seperately.

Comments

Nobody is watching you: Why “privacy” talk obscures the real issues

Friday, 17 June 2005, 19:44

Jeff Jarvis wants blogs to use more cookies to keep track of readers and anticipates a reaction from techies wont to mount a “privacy” challenge:

Privacy is the boogeyword of the age. It is tech’s version of politically correct idiocy. All you have to do is invoke the spectre of “privacy” against someone and they’re assumed to be evil. It’s a particularly comical form of nerd McCarthyism: I have in my hand a list of cookies!

Jarvis is right: threats to “privacy” are an overhyped risk — but only because “privacy” is so badly defined. Traditionally we have thought of privacy as an intrusion into an individual’s personal space or affairs. But cookies, like most of the technologies that have recently been flagged as invading “privacy” don’t actually do anything to intrude on individuals in the traditional sense. Unless they have a very, very sophisticated database of personal details about you (that you have volunteered), like, say, Amazon.com, there is little to link you and your cookie anyway.

The surviellance facilitated by cookies, RFID tags, supermarket loyalty cards, credit card transaction records is used primarily to create classes of people to be used for marketing purposes, risk assessment, targeted political electioneering or various forms of subtle forms of social control.

So get over yourself. The cookies don’t care about you. They care about grouping you with others like you in a database that is not being watched over by any nosy big brother.

This is problematic for all sorts of reasons, but invasion of individual privacy is not one of them. Contemporary surviellance technologies affect indivduals through the advantages or disadvatages that organisations place on the category that the data has placed that indivudual in.

This all seems wonderful when Amazon.com predicts what books or CDs you might like to read based on your previous purchases &madsh; or hard-up bloggers can offer advertisers a sophisticated reader segmentation. It gets more problematic when different people start being offered different prices for similar products based on their previous spending patterns or credit history. Think health insurance or credit ratings if you want the nightmare scenario of ever more sophisticated data profiles.

The indivdualist-libertarian critique implied whenever someone starts talking about “privacy” is usually misplaced. The real issue today is about group discrimination — and how new technologies are facilitating this.

Comments

ID cards: why they matter

Thursday, 2 June 2005, 12:28

Thought the British blogosphere was as one in opposition to the introduction of national identity cards? Nope. Monjo provides some dissent by posting in defence of ID cards, interestingly by deploying the very slippery slope argument many use to reject the same policy:

…I wonder mostly what benefits the ID card could bring. I think there must be a lot of fake claims for social security, I think there must be a lot of banking fraud, identity theft crimes are one of the fastest-growing and economically most damaging areas or crimes we now face. I also see a lot of inconvenience in having to carry varying identity documents anyway: national insurance number, driving licence (well if I could drive), passport, documents to prove my address, etc. There is a lot of rigmarole in opening up bank accounts, applying for passports, and numerous other daily concerns for millions of Brits.

…

The important thing is to realise this is a mere first step. The scheme can (and will) be extended to become more encompassing over time. For instance, the cards could eventually contain digital signatures (for online purchasing), or be used, in combination with a thumb print scanner, to enter buildings, get into one’s own home, or start a car. Combined with GPS, car insurance, road taxes and car theft detection could be revolutionised.

There is the possibility for so much. And it doesn’t bother me. I don’t even care about the cost. If it is done over someone’s lifetime it may be £2500 per person in today’s money, but that’s only £30 a year. Even if we assume it may not have any direct financial savings, there will be indirect ones — things people haven’t imagined yet. The fact each card will be unique and will be linked to a centralised database should also secure the system against forgery. Though who guards the guards?

There is a lot to disagree with here. First, there is the issue of financing ID cards with a fee. Monjo may not, but I care about this cost. Paying for a compulsory ID card is the functional equivalent of a poll tax. If the Government wants to do this, they should at least pay for it out of general taxation.

More substantially, though, Monjo is right to criticise the vague Orwellian invocations used against the ID card scheme. In the age of the decentralised “surveillant assemblage”, as Kevin Haggerty and Richard Ericson called it, the notion of a monolithic Big Brother is outdated and unhelpful way to conceptualise contemporary surviellance. Far more agencies than just those of the state will make use of a centralised database.

It’s also a mistake to frame opposition to centralised databases of people around a liberal-individualist concern about privacy. The big problem with surviellance technologies today is that they facilitate “social sorting” — the use of databases to create classes of people for the purposes of precision marketing, selective electioneering, or all sorts of economic discrimination that undermine the equality of citizens. In other words, you don’t matter nearly as much as the database categories you will fall into.

A central database linked to biometric identity cards will create a definitive primary key linking individuals’ bodies to all manner of data about them. This will facilitate social sorting by making many existing databases interoperable.

David Lyon, a sociologist at Queen’s University in Canada is one of the leading academic researchers on the social consequences of surviellance technologies. Everybody should be reading his paper on ID cards and social sorting (PDF). Here’s the rub:

With the use of biometric ID cards, the codes that determine the status of those who hold (or do not hold) the cards are increasingly related to bodily and behavioural characteristics. This further abstracts from the narratives of ordinary life and struggle experienced by those who are most vulnerable. As Didier Bigo (2004) suggests, biometric ID cards produce not so much a panopticon as a banopticon. In other words, they are not meant to put all under scrutiny, but to single out the exceptions as quickly as possible. Profiling to discover differences, the banopticon channels flows of information in order to control at a distance any who deviate from the coded norms.

So Monjo is right: the ID card system will facilitate all sorts of things in the future. While some of those will be benefitial and convenient, however, some are likely to have negative social consequences. Enthusiasm about possible future applications of the centralised identity register can be an argument for ID cards, but worry about them is equally a good reason to oppose the plan.

Comments

Real ID cards, on both sides of the Atlantic

Saturday, 14 May 2005, 01:39

Congress has passed the Real ID Act, which creates a de facto national identity card in the United States. The battle there will not end when President George W. Bushsigns the bill, however. Some of the state governments, who will be charged with implementation, are not thrilled by the new law and are preparing to challenge it.

British bloggers should pay attention to all the debate in the blogosphere about the American ID card scheme because many of the same arguments will be raised in the coming weeks as Britain’s own controvertial national identity card scheme is re-introduced to Parliament.

One of the best posts on this topic comes from How Not To Blog, which explains why Real ID is not jusy an identification card ,but a national surveillance infrastructure.

Comments

National identity cards are back

Tuesday, 10 May 2005, 13:04

The UK government’s national identity card project was rudely interupted by the general election.

No so in the United States, where a bill that would mandate federal minimum standards for state Identity documents — creating a de facto national ID card — has been quietly winding its way through Congress.

The Senate is due to vote on the Real ID Act today, and opposition is gathering on the Net.

Update: Security expert Bruce Schneier weighs in with some arguements that opponants of the UK ID card scheme might find interesting, too.

Comments

BT may not bid for ID cards

Friday, 31 December 2004, 12:36

BT may not bid for the huge contract for implementing the UK identity card because it fears being labeled a “Big Brother company”. (Via The Register)

Meanwhile, in the Netherlands, all people will be required to carry ID beinginning on 1 January. According to Agence France-Presse, ldquo;Dutch citizens will be required to carry an identity card, a passport or a driver’s license. Foreigners will need a passport, identity card or official immigration papers.”

Comments