Drone Attack: How We Might Willingly Embrace The Surveillance Society

It's striking how drones have passed from a mysterious weapon used to wreak destruction in distant lands to something that could well become a familiar sight in the skies of the US and Europe. Meanwhile, the technology is progressing rapidly, allowing drones to fly in synchronized swarms and even to be printed out by the sheet. But what might some of the effects on our daily lives be -- for example in the sphere of privacy? 

On Techdirt.

Spotify Finally Launches In Germany -- And Immediately Hits Data Protection Problems

The music streaming service Spotify has adopted a rather unusual pattern of launches around the world. Founded in Sweden, it spread gradually to various parts of Europe, and only later arrived in the US. The main reason for this slow rollout seems to have been difficulty striking licensing deals with the major recording companies. 

On Techdirt.

Adding Your DNA To A Biobank Is A Noble Move -- But Is It A Wise One?

One new approach to teasing apart the complex relationships between genes and common diseases such as cancer, heart disease, asthma and diabetes is by creating huge biobanks of medical data and samples. The idea is that by tracking the health and habits of very large populations across many years, and then examining their DNA, it will be possible to spot factors in common. Here's a major biobank that is shortly opening up its holdings for research: 

On Techdirt.

Argentina Building Huge Biometric Database For Use With Police's Face Recognition Technology

One of the more unfortunate consequences of Moore's Law is that technologies that erode privacy are becoming cheaper every year – and hence more attractive to governments eager to spy on their own populace. The latest to heed the siren call of mass surveillance is Argentina. 

On Techdirt.

Who Owns The Data Collected About You From Devices Inside Your Body?

People have started to wake up to the fact that companies like Google and Facebook hold huge quantities of data about their users. That raises questions about who owns what there, and to what extent users should be allowed access. Now Hugo Campos is asking the same question about a different kind of personal data – that being collected by a cardiac defibrillator implanted in his chest: 

On Techdirt.

SABAM: A Turning Point in EU Internet Law?

One of the most striking - and disturbing - trends of recent years has been the assumption by the copyright industries that protecting their intellectual monopolies outweighs the rights of the public.

On Open Enterprise blog.

Phorm Still Looking For A Large-Scale Deployment, Still Finding Investors

As a search through the Techdirt archives shows, Phorm's behavioral advertising service based on watching your Web activity was beset by problems in its early days. One of the last Techdirt posts on the company from a couple of years ago explained how Phorm was planning to expand overseas, and here's some news on how that's been going: 

On Techdirt.

Facebook Says Some of Your Personal Data Is Its 'Trade Secrets or Intellectual Property'

A few weeks back, Techdirt posted a story about a European campaign group called "Europe vs. Facebook", which is trying to find out exactly what information Facebook holds about its users. It is doing this using European data protection laws, thanks to the fact that Facebook' s international headquarters are in Ireland. 

On Techdirt.

Europeans Care About Civil Liberties: US Shocked

The leaked US cables will clearly provide a rich vein to be mined for many months to come.  I don't really have the time to go digging down there, so I was grateful that @airvpm alerted me to this particular gem from 2009.

The context is "European privacy and data protection concerns" and the tendency of those concerns to get in the way of more important issues - like making obscene profits, ensuring that people can be tortured without any of that tiresome oversight business, and generally propping up the decaying US global hegemony through any means:

European privacy and data protection concerns continue to jeopardize our commercial, law enforcement, intelligence and foreign policy objectives.

More specifically, this is the nub of the problem:

The Commission has failed to exercise a strong policy leadership role vis-a-vis other EU institutions. In this vacuum, the European Data Protection Supervisor and the Article 29 Working Party have asserted expansive roles. These bodies regularly make high-profile public statements on areas outside of their formal competence (including the HLCG and Third Pillar issues). Their interpretations of legislation tend to give primacy to civil liberties-based approaches for the EU's Single Market, consumers, or law enforcement, and have gone largely unchallenged by the Commission. 

So the Euro-trash Data Protection Supervisor and the Article 29 Working Party tasked with protecting privacy in the EU have dared to assert themselves and stand up for European citizens by giving "primacy to civil liberties-based approaches for the EU's Single Market, consumers, or law enforcement", while the US's official lapdog in Yurop, the European Commission, has somehow failed to smack them down.

Can you believe it?  I do hope we haven't hurt the feelings of our lords and masters in Washington...

Follow me @glynmoody on Twitter or identi.ca, and on Google+

HMRC's Latest IT Fail - and What to Do About It

On Monday, I called the HMRC to give them some information they wanted from me. After being placed on hold for about 10 minutes, I finally got through, and was rightly “taken through security”. After all, it's vitally important that HMRC and similar organisations establish that the person they are talking to is indeed that person. Unfortunately, security had been “upgraded”, so you probably know what is coming next....

On Open Enterprise blog.

The End of Anonymity

One of the (few) advantages I enjoy over Bill Gates is that I can walk down the street without people recognising me. Not for much longer:

An application that lets users point a smart phone at a stranger and immediately learn about them premiered last Tuesday at the Mobile World Congress in Barcelona, Spain. Developed by The Astonishing Tribe (TAT), a Swedish mobile software and design firm, the prototype software combines computer vision, cloud computing, facial recognition, social networking, and augmented reality.

...

TAT built the augmented ID demo, called Recognizr, to work on a phone that has a five-megapixel camera and runs the Android operating system. A user opens the application and points the phone's camera at someone nearby. Software created by Swedish computer-vision firm Polar Rose then detects the subject's face and creates a unique signature by combining measurements of facial features and building a 3-D model. This signature is sent to a server where it's compared to others stored in a database. Providing the subject has opted in to the service and uploaded a photo and profile of themselves, the server then sends back that person's name along with links to her profile on several social networking sites, including Twitter or Facebook.

But of course, the "opt-in" part is just a fig-leaf. It could be done just as easily even if they don't opt in, provided you have access to their photos, from a passport application, say, and a belief that you have a right - nay, duty - to keep watch over them, purely for their own protection, you understand.

Now, who could possibly fit that description? Any ideas, Gordon?

Follow me @glynmoody on Twitter or identi.ca.

Cor! - UK Pirate Party's Smart Move

The UK Pirate Party has published its "core beliefs":

1. The reform of Copyright and Patent Laws

2. The protection of our Right to Privacy

3. The protection of our Right to Freedom of Speech

What's interesting is how tightly focussed the Pirate Party is. I think that's wise: otherwise it would just become another Raving Monster Loony Party. By restricting its message to an area that it understands, and which is crying out for reform, I'm sure it will benefit in the long run. It will also, usefully, force the other parties to frame their own responses in this domain.

Follow me @glynmoody on Twitter and identi.ca.

Why Single Sign On Systems Are Bad

Wow, here's a really great article about identity management from, um, er, Microsoft. Actually, it's a rather remarkable Microsoft article, since it contains the following sentences:

On February 14, 2006, Microsoft Chairman Bill Gates declared that passwords would be gone where the dinosaurs rest in three to four years.

But as I write this in March 2009, it is pretty clear that Bill was wrong.

But it's not for that frisson that you should read it; it's for the following insight, which really needs hammering home:

The big challenge with respect to identity is not in designing an identity system that can provide SSO [Single Sign On], even though that is where most of the technical effort is going. It's not even in making the solution smoothly functioning and usable, where, unfortunately, less effort is going. The challenge is that users today have many identities. As I mentioned above, I have well over 100. On a daily basis, I use at least 20 or 25 of those. Perhaps users have too many identities, but I would not consider that a foregone conclusion.

The purist would now say that "SSO can fix that problem." However, I don't think it is a problem. At least it is not the big problem. I like having many identities. Having many identities means I can rest assured that the various services I use cannot correlate my information. I do not have to give my e-mail provider my stock broker identity, nor do I have to give my credit card company the identity I use at my favorite online shopping site. And only I know the identity I use for the photo sharing site. Having multiple identities allows me to keep my life, and my privacy, compartmentalized.

Yes yes yes yes yes. *This* is what the UK government simply does not want to accept: creating a single, all-powerful "proof" of identity is actually exactly the wrong thing to do. Once compromised, it is hugely dangerous. Moreover, it gives too much power to the provider of that infrastructure - which is precisely why the government *loves* it. (Via Ideal Government.)

Follow me @glynmoody on Twitter @glynmoody and identi.ca.

Open Source Sensing Initiative

Here's another interesting initiative: open source sensing.

Pervasive sensing is arriving soon — we have a short window of opportunity for guiding this technology to protect both our security *and* our privacy.

This is an open source-style project with the goal of bringing the benefits of a bottom-up, decentralized approach to sensing for security and environmental purposes.

The intent of the project is to take advantage of advances in sensing to improve both security and the environment, while preserving — even strengthening — privacy, freedom, and civil liberties.

We have a unique opportunity to steer today's emerging sensing/surveillance technologies in positive directions, before they become widespread.

What's particularly noteworthy is the fact that open source sensing is seen as a way of offering security while dealing with various threats to privacy and freedom that sensor technologies obviously present. Openness may help square the circle here, is the hope.

Foolish Phorm

Earlier this year, I had some problems with a statement from the Open Solution Alliance's Anthony Gold. Here are my comments from the time...

On Open Enterprise blog.

German Court Says Data Retention is "Invalid"

As part of a global conspiracy of Glyns, Glyn Wintle has kindly pointed me to this very interesting decision from those fun-loving German judges in Wiesbaden:

As the first German court, the Administrative Court of Wiesbaden has found the blanket recording of the entire population's telephone, mobile phone, e-mail and Internet usage (known as data retention) disproportionate.

The decision published today by the Working Group on Data Retention (decision of 27.02.2009, file 6 K 1045/08.WI) reads: "The court is of the opinion that data retention violates the fundamental right to privacy. It is not necessary in a democratic society. The individual does not provoke the interference but can be intimidated by the risks of abuse and the feeling of being under surveillance [...] The directive [on data retention] does not respect the principle of proportionality guaranteed in Article 8 ECHR, which is why it is invalid."

Now, IANAL, and certainly not a German one, but it seems likely to me that the Administrative Court is not the highest authority in the land (which would be something like the Federal Constitutional Court), so there's probably lots of to-ing and fro-ing still to come on this before a definitive decision is reached. But it's certainly a good start since the that judgment is in tune with commonsense: that data retention is disproportionate and violates privacy.

EU Telecoms Promote "Legitimate" Content

Interesting initiative from the European Telecommunications Network Operators' Association (ETNO):

ETNO is launching a new online content web site today, to raise awareness of attractive online offers put on the market by its members throughout Europe to download music, films or watch TV. ETNO members believe that offering a wide choice of online services is the best way to promote a legitimate use of the Internet and fight against illicit file-sharing.

"The rapidly growing choice of legitimate online content services illustrates the increasing cooperation between e-communications providers and content owners in order to respond to consumer demand for price-worthy, secure and user-friendly services”, says Michael Bartholomew, ETNO Director.

The new ETNO web site gives a non-exhaustive overview of services available including IP TV, video on demand or music downloads, offered by ETNO members through different platforms and devices to meet user’s demands.

"User-demand for content is the basis of our actions. ETNO members develop and promote business models for content online offers, including music, films and TV. This list will of course need to be continuously updated,” says Patrik Hiselius, TeliaSonera, Chair of ETNO’s Content Working Group.

Increasing choice of legitimate content online and raising awareness among users are the best instruments to fight against illicit file sharing.

“Illicit file sharing represents a major burden for all stakeholders, including internet service providers. Education is key. Users should not be unreasonably criminalised or stigmatised. Through this new web site, ETNO members show their commitment to play their part and cooperate with rightsholders under the existing legal framework, in a scenario where choice and availability for the consumer, and rights and privacy for the citizen are all fully guaranteed”, added Bartholomew.

ETNO calls on policy makers and stakeholders to work together in order to ensure the wide availability of legitimate content offerings and to enable new creative market-driven business models to emerge.

This isn't perfect - I have problems with this "illicit file sharing", and the phrasing of "users should not be unreasonably criminalised or stigmatised", but what's interesting is that it shows an awareness of the broader issues, and of the fact that customers have rights as well as holders of intellectual monopolies. It suggests to me that the telecoms companies are beginning to understand that things are changing, and are beginning to change their own stance in response too.

Not so FAST....

FAST is seriously losing it:

More worrying is how organizations like FAST feel that somehow they should be able to shortcut, bypass or change the law to suit their needs. “One argument,” said Lovelock, “is that personal data relating to a given IP-address may be given to the rights holder on request, without a court order being needed, which is arguably gold plating.”

Sure, let’s just scrap due process and the Data Protection Act. They just complicate things.

Why do these self-important little organisations think that they can override fundamental rights and legislation simply because they are too lazy to come up with a new business model to cope with the changing environment?

It's called "absence of scarcity": get used to it.

W(h)ither the UK Database Nation?

Interesting:

The court’s view was that health care staff who are not involved in the care of a patient must be unable to access that patient’s electronic medical record: “What is required in this connection is practical and effective protection to exclude any possibility of unauthorised access occurring in the first place.” (Press coverage here.)

A “practical and effective” protection test in European law will bind engineering, law and policy much more tightly together. And it will have wide consequences. Privacy compaigners, for example, can now argue strongly that the NHS Care Records service is illegal.

To say nothing of the central ID card database that permits all kinds of decentralised access....

Do As I Say, Not As I Do

I've noted several times on this blog the tension between openness and privacy, but reading the excellent Your Right to Know blog - which, to my shame, I've only come across recently - another dimension became apparent.

This is the interesting contrast between what UK politicians want to do to us in terms of constant surveillance and intrusion into our private lives, and their own - outraged - refusal to allow us to do the same, even when it concerns them spending our money through their extremely generous allowances. For example, try this for hypocrisy:

However, I should tell those who press and press such issues that, sooner or later, the allowances will be rolled into our salary, handed out without any claim mechanism or dealt with under some other device, because it is intolerable that this intrusion into Members’ private lives should have to be endured or should be permitted, and something will happen to prevent it from going too far. We can see what will happen: local news reporters and local political opponents will start trying to air these issues in public, which will be demeaning, as well as reducing the stature of Parliament and damaging our democracy. It cannot be right that things should reach such lengths.”