Category Archives: Privacy

Moderating RIPA (slightly)

Posted on by

When RIPA was being pushed through Parliament in 1999, some of us were very concerned at its apparent extensibility — especially (i) the scope it offered for its powers to be extended virtually without limit to any public authority in the UK, and (ii) its use for purposes other than detecting organised crime and terrorism. And lo! it came about — the Act has been used by Local Authorities to legitimise snooping in all kinds of areas, none of them connected with terrorism or organised crime.

The abuses have become so outrageous that now there’s to be a public consultation on the matter. here’s the text of the official announcement:

Regulation of Investigatory Powers Act 2000: Consolidating orders and codes of practice

Passed in 2000, the Regulation of Investigatory Powers Act (called RIPA), created a regulatory framework to govern the way public authorities handle and conduct covert investigations.

This consultation takes a look at all the public agencies, offices and councils that can use investigation techniques covered by RIPA, and asks the public to consider whether or not it’s appropriate for those people to be allowed to use those techniques.

In light of recent concerns, the government is particularly interested in how local authorities use RIPA to conduct investigations into local issues. Among other things, in order to ensure that RIPA powers are only used when they absolutely need to be, the government proposes to raise the rank of those in local authorities who are allowed to authorise use of RIPA techniques.

To respond to the consultation, reply by email to ripaconsultation@homeoffice.gsi.gov.uk

You can also reply by post to:

Tony Cooper
Home Office
Peel Building 5th Floor
2 Marsham Street
London SW1P 4DF

Wikipedia opts out of Phorm

Posted on by

Here’s the text of the memo to the Phorm administrators:

The Wikimedia Foundation requests that our web sites including
Wikipedia.org and all related domains be excluded from scanning by the
Phorm / BT Webwise system, as we consider the scanning and profiling of
our visitors’ behavior by a third party to be an infringement on their
privacy.

Good stuff. This suggests a tactic for a flash-mob operation. If millions of domain owners emailed website-exclusion@webwise.com with demands that their domains be excluded it might have an interesting effect.

Interesting to see that Amazon has already opted out.

Interesting also to see that info about opting out is pretty deeply buried on the BT Webwise site. The relevant para says:

How can I remain opted-out of BT Webwise even if I delete cookies regularly?

We provide the facility to block cookies permanently from BT Webwise so if you want to opt out permanently you can do so through a one-time only activity, by setting your browser to block cookies from the domain webwise.net. When you block this domain, the service will not put a cookie on your machine and you will not be asked to opt in or out again.

Orwellianism on the instalment plan

Posted on by

Charles Arthur has written a terrific piece in Media Guardian about the implications for journalism of the new data-retention legislation.

Want to be an investigative journalist of the future? You’ll need a pen and paper, pay-as-you-go phone, and a motorbike. We’ll explain the motorbike later. But you may be an endangered species. New regulations that came into force last week – requiring telephone and internet companies to keep logs of what numbers are called, and which websites and email services and internet telephony contacts are made – have left some wondering if investigative journalism, with its need to protect sources (and its sources’ need, often, for protection), has been dealt a killer blow.

Worries focus on the fact that every government department, local council and even quango can access this telephone and internet data, given a judge’s clearance. What will they use it for? To investigate everything from treason to flytipping. Might it also be used to find out who has been tipping off a journalist on a local paper about the misdeeds of local councillors? That’s the concern.

It’s a real worry IMHO. When the Regulation of Investigatory Powers Act was being pushed through Parilament in 1999, some of us were concerned — and warned — about its almost infinite extensibility. And in due course we found that it was being used not just to monitor alleged terrorists, but by a local authority to spy on parents suspected of giving a false address in order to get their kids into a particular school.

The new data retention laws will make it impossible to protect journalistic sources — unless totally non-electronic channels are used. And, even then, widespread use of car number-plate recognition software will make it risky to travel to a meeting in a car. So, as Charles says, use only snail mail, unlocked SIM-cards bought with cash and travel to meetings with confidential sources on a bike.

We’re building an Orwellian state on the instalment plan.

New Labour’s dream: the national surveillance state

Posted on by

This morning’s Observer column.

There’s a delicious moment in Alastair Beaton’s satirical film, The Trial of Tony Blair, in which the former prime minister is finally arrested for war crimes on a warrant from the international criminal court. One scene shows the standard police procedure as Blair is inducted by the desk sergeant in a London station. Towards the end of the rigmarole, the policeman moves to take a saliva swab from him.

Blair is aghast, asks him what he is doing and – after the policeman has explained that he’s taking a DNA sample – asks who brought in such a stupid law. “You did, sir,” is the response…

The IT infrastructure of a national security state

Posted on by

Ross Anderson, Ian Brown and colleagues have just released their report on the Database State (available as a pdf from here). They surveyed the central databases that hold information on every aspect of our lives, from health and education to welfare, law–enforcement and tax. Their conclusion (in a nutshell) is that:

All of these systems had a rationale and purpose. But this report shows how, in too many cases, the public are neither served nor protected by the increasingly complex and intrusive holdings of
personal information invading every aspect of our lives.

Ross had a brisk exchange with Michael Wills (a classic New Labour apparatchik) on Radio 4’s Today programme this morning.

UK Photographers’ Rights

Posted on by
Paternoster Square (image from Wikipedia)

Paternoster Square (image from Wikipedia)

Given the increasing tolerance of security goonery in Mr Broon’s National Surveillance State, lots of photographers are reporting unpleasant harassment by officials and private-sector goons. The latest example I’ve heard about is of security guards confronting someone taking pictures in Paternoster Square in front of St Paul’s Cathedral in London and threatening to confiscate his camera if he didn’t stop taking pictures of the buildings lining the square. And A-level photography students at my daughter’s school report harassment of the same kind in other parts of London.

Most photographers don’t know what their legal position is, so this guide to UK Photographers Rights by a lawyer, linda Macpherson, is very useful and welcome. It’s designed as a short guide to the main legal restrictions on the right to take photographs and the right to publish photographs that have been taken. Worth printing a copy of the pdf and keeping it in your bag.

McCain-Palin: everything must go — including all those private cellphone numbers

Posted on by

A Fox reporter went to the everything-must-go sale at McCain-Palin campaign HQ. And, guess what?

We saw laptops ranging between $400 and $600 with logins like “WARROOM08.” We couldn’t log on without a password, but staffers assured us the hard drive would be zapped before it was sold, and the computer would probably work.

The hottest item? Blackberry phones at $20 a piece. There were only 10 left. All of the batteries had died. There were no chargers for sale. But people were snatching them up. So, we bought a couple.

And ended up with a lot more than we bargained for.

When we charged them up in the newsroom, we found one of the $20 Blackberry phones contained more than 50 phone numbers for people connected with the McCain-Palin campaign, as well as hundreds of emails from early September until a few days after election night.

We traced the Blackberry back to a staffer who worked for “Citizens for McCain,” a group of democrats who threw their support behind the Republican nominee. The emails contain an insider’s look at how grassroots operations work, full of scheduling questions and rallying cries for support.

But most of the numbers were private cell phones for campaign leaders, politicians, lobbyists and journalists.

We called some of the numbers.

“Somebody made a mistake,” one owner told us. “People’s numbers and addresses were supposed to be erased.”

“They should have wiped that stuff out,” another said. But he added, “Given the way the campaign was run, this is not a surprise.”

We called the McCain-Palin campaign, who says, “it was an unfortunate staff error and procedures are being put in place to ensure all information is secure.”

Source: McCain Campaign Sells Info-Loaded Blackberry to FOX 5 Reporter.

Dyson on anonymity

Posted on by

From an interview by Internet Evolution:

Internet Evolution: You’ve had a front-row seat for the commercialization, regulation, and funding of the Internet. What’s been the biggest surprise for you about how the Internet has evolved? And what’s been your biggest disappointment?

Esther Dyson: Well, surprise and disappointment are the same… There are two big things: First, I was a much bigger fan of anonymity then than I am now. I thought it was cool. And it is, but it turns out anonymity really encourages bad behavior. I’m not in favor of the government tracking everybody and so forth, [but] at least persistent pseudonyms and communities and stuff like that makes everything a nicer place.

It’s like a lot of things. I’m pro choice, but I think abortion is an unfortunate thing. I think the same thing about anonymity: Everybody should have the right to it, but it’s not something one wants to encourage. And that’s not weasel words, that’s the reality of it.

[Anonymity] should be allowed. People should be able to make that choice, and there are many reasons to make that choice. If you live in an oppressive regime, you may well want people to be able to remain anonymous or have secret communications. But at the same time, it should not be encouraged, and it should be acknowledged that it’s a response to a bad situation.

Source: Internet Evolution – Dialogue – Esther Dyson, Chairman, EDventure Holdings.

Google’s predictive power (contd.)

Posted on by

The story continues. Here’s Bill Thompson’s distinctive take on it.

As we have seen with flu trends, sometimes the “interesting” knowledge that can be extracted is well-concealed until comparisons can be made with other sources, as it was the correlation between some search terms and the real-world data that mattered.

Of course Google has not revealed which search terms it analysed because doing so would undermine the model’s effectiveness.

Unfortunately it is being equally reticent about how it has ensured that the data its uses is properly anonymised so that users cannot be identified on the basis of their queries.

A letter from the Electronic Privacy Information Center (EPIC) and Patient Privacy Rights to Google boss Eric Schmidt has not been answered, leaving those concerned with online privacy uncertain over the broader implications of the project.

But as Cade Metz points out in an insightful article in The Register, we may all be happy to know that a ‘flu outbreak is coming, but what happens when the disease involved is more life-threatening and the government asks Google for the names and IP addresses of anyone whose search terms indicate that they are infected?

It’s not that I don’t trust Google. I don’t trust any company, government department or individual without a good reason to do so.

In the case of search engines that claim to protect my privacy I want to know just how they do it and will not accept vague reassurances.

New Labour’s database nation

Posted on by

Cory Doctorow is one of this country’s most valuable immigrants. But, as this scarifying essay reveals, he will be leaving if Brown’s ID Card scheme is implemented.

A few years later, I was living with my partner, and had fathered a British daughter (when I mentioned this to a UK immigration official at Heathrow, he sneeringly called her “half a British citizen”). We were planning a giant family wedding in Toronto when the news came down: the Home Secretary had unilaterally, on 24 hours’ notice, changed the rules for highly skilled migrants to require a university degree…

My partner and I scrambled. We got married. We applied for a spousal visa. A few weeks later, I presented myself in Croydon at the Home Office immigration centre to turn over my biometrics and have a visa glued into my Canadian passport. I got two years’ breathing room. My family could stay in Britain.

Then came last week’s announcement: effective immediately, spousal visa holders (and foreign students) would be issued mandatory, biometric radio-frequency ID papers that we will have to carry at all times. And I started to look over my shoulder…

Now, we immigrants are to be the beta testers for Britain’s sleepwalk into the surveillance society. We will have to carry internal passports and the press will say, “If you don’t like it, you don’t have to live here – it’s unseemly for a guest to complain about the terms of the hospitality.” But this beta test is not intended to stop with immigrants. Government freely admits that immigrants are only the first stage of a universal rollout of mandatory biometric RFID identity cards. What happens to us now will happen to you, next.

Not me, though. If the government of the day when I renew my visa in 2010 requires that I carry these papers as a condition of residence, the Doctorows will again leave their country and find a freer one. My wife – born here, raised here, with family here – is with me. We won’t raise our British daughter in the database nation. It’s not safe.”

I’ve never voted Tory in my life, but next time I will if this proposal isn’t dropped. And so, I hope, will most of the country.

Many thanks to Ray Corrigan for pointing me to Cory’s article, which I’d missed in all the guff about the banking crisis.