Archive for the ‘Governments’ Category

Electronic surveillance includes your physical location

Wednesday, August 12th, 2009

Not everyone realizes that “electronic” surveillance can include not just what we think of as electronic information (email, etc.) but physical data as well. In an EFF article on the UK’s half million intercepts of communications data in 2008 — which has no judicial review — this is explained:

These orders can reveal lists of websites visited, email headers, name and address lookups, and, perhaps most controversially, the real-time location of a particular mobile telephone.

So your cell phone is continually reporting your location, which in the UK sounds like pretty easy info for authorities to get. This is a lousy idea from a civil liberties perspective, to put it mildly. For those of you who trust the authorities in your own country, think of the ones elsewhere that you don’t trust: they could have this technology too. (Credit: Mark Finnern) —Chris Peterson

The main reason to care who gets sensing data about you

Tuesday, August 11th, 2009

An ITU paper spells out the main reason to care who gets sensing data about individuals:

From a political standpoint privacy is generally considered to be an indispensable ingredient for democratic societies. This is because it is seen to foster the plurality of ideas and critical debate necessary in such societies…

• Privacy is also a regulating agent in the sense that it can be used to balance and check the power of those capable of collecting data…

Lessig’s list of reasons for protecting privacy belongs to what Colin Bennett and Charles Raab have called the ‘privacy paradigm’—a set of assumptions based on more fundamental political ideas: ‘The modern claim to privacy … rests on the pervasive assumption of a civil society comprised of relatively autonomous individuals who need a modicum of privacy in order to be able to fulfil the various roles of the citizen in a liberal democratic state.’

So the main reason is to protect our political freedom. This is why I hope to find an alternative to the word ‘privacy’ in our discussions. While a useful word, it has connotations of guilt or shame, which are inappropriate in this discussion of how to preserve and strengthen our freedoms. Any ideas on alternative terms? —Chris Peterson

Intuitive control, by you, of data sensed about you

Wednesday, August 5th, 2009

David Kotz over at Dartmouth has been doing some interesting work on helping individuals control data sensed about us:

As pervasive environments become more commonplace, the privacy of users is placed at increased risk. The numerous and diverse sensors in these environments can record users’ contextual information, leading to users unwittingly leaving “digital footprints.” Users must thus be allowed to control how their digital footprints are reported to third parties. While a significant amount of prior work has focused on location privacy, location is only one type of footprint, and we expect most users to be incapable of specifying fine-grained policies for a multitude of footprints. In this paper we present a policy language based on the metaphor of physical walls, and posit that users will find this abstraction to be an intuitive way to control access to their digital footprints. For example, users understand the privacy implications of meeting in a room enclosed by physical walls. By allowing users to deploy “virtual walls,” they can control the privacy of their digital footprints much in the same way they control their privacy in the physical world. We present a policy framework and model for virtual walls with three levels of transparency that correspond to intuitive levels of privacy, and the results of a user study that indicates that our model is easy to understand and use.

Sounds great! One quibble about “Users must thus be allowed to control how their digital footprints are reported to third parties” — who is the second party, and how do users control what that party gets? The sensor itself, or the sensor operator? In either case, that is also something to address up front.

I was interested and admittedly surprised to see that this research was funded by the Bureau of Justice Assistance at the U.S. Department of Justice. —Chris Peterson

Tracking the sensor revolution, for big bucks or for free

Thursday, July 23rd, 2009

Wireless Sensor Networks report cover

Tracking what’s happening with sensors today is an intimidating task. If you have US$2700 you can get a big report on Wireless Sensor Networks from Bharat Book Bureau, which appears to be based in India. If you don’t have this amount to spare, you can get a feel for what’s happening by just reading the long ad for the report, including the detailed table of contents. The summary has helpful orientation material:

Many now refer to traditional active RFID as First Generation. Examples of this include the device that opens your car from a distance and the device in your car windshield that uses a battery to incur and record non-stop tolling charges. Another example is the widespread tracking of military supplies and assets by electronically recording when they have been near an electronic device that reads the tag using radio waves. Real Time Location Systems RTLS, that continuously interrogate the tag from a distance, are called Second Generation active RFID and WSN is called Third Generation because it works in yet another completely different manner to provide its unique benefits…

Progress is now rapid and the much smaller size of the latest WSN tags is one indication of this. While the original concept was for billions or even trillions of tags the size of dust, the first ten years of development of USN has more often seen expensive tags, some the size of a videotape or, more recently, palm sized. However, further miniaturisation and cost reduction are now imminent.

The ToC lists many intriguing projects and companies worth a web search. There is a section on Impediments, which includes privacy concerns as the first listing. We can help with that! —Chris Peterson

Mass vehicle surveillance: the wrong way and the less-wrong way

Thursday, July 16th, 2009

Roger Clarke has a paper titled The Covert Implementation of Mass Vehicle Surveillance in Australia which looks at Automated Number Plate Recognition (ANPR), which he finds being done two different ways:

This paper outlines two alternative architectures for ANPR, referred to as the ‘mass surveillance’ and ‘blacklist-in-camera’ approaches. They reflect vastly different approaches to the balance between surveillance and civil liberties.

Basically it sounds like the wrong way is to collect all vehicle data in a centralized location regardless of whether the vehicle is suspected, and the less-wrong way is to have a list in the camera of numbers being looked for. About the latter:

Further key requirements of the ‘Blacklist in Camera’ design include: certified non-accessibility and non-recording of any personal data other than that arising under the above circumstances

This requirement is the kind of thing that Open Source Sensing advocates: note the word “certified”.

Apparently something somewhat similar to the latter method is done in Canada, but Australia is headed in the wrong direction, according to the author. —Chris Peterson

EU document celebrates surveillance state

Wednesday, July 15th, 2009

Charles Nevin writes in Intelligent Life, a culture magazine published by The Economist, comparing progress toward the surveillance state in the UK, Germany, and Romania. The Brits are ‘winning’:

Britain had the worst result in Europe, falling into the category of “endemic surveillance societies” alongside Russia and China.

Nevin quotes a policy paper presented by the Portuguese presidency of the EU Council:

Every object the individual uses, every transaction they make and almost everywhere they go will create a detailed digital record. This will generate a wealth of information for public security organisations, and create huge opportunities for more effective and productive public security efforts.

Worth reading. —Chris Peterson

Role of privacy in protecting political freedoms

Tuesday, June 30th, 2009

Josh Hall brings to our attention an article in Technology Review by Simson Garfinkel. While the article focuses on online privacy, below are some excerpts that may be useful for our purposes here:

Privacy gives us the right to meet and speak confidentially with others—a right that’s crucial for democracy, which requires places for political ideas to grow and mature. …

Collectively, we made things worse by not building strong privacy and security guarantees into our information systems, our businesses, and our society…

Another law, the Video Privacy Protection Act of 1988, makes it illegal for Netflix to disclose the movies you rent…

A Nixon administration advisory committee then developed the Code of Fair Information Practice, a guiding set of principles that underlies the majority of U.S. privacy laws passed since.

This code is surprisingly straightforward. There should be no secret data banks; individuals must be able to view their records; there must be a way to correct errors; organizations maintaining data banks must make sure they’re reliable and protect them from unauthorized access; and information collected for one purpose must not be used for other purposes…

Congress, however, opposed TIA on the grounds that it treated everyone in the country as a suspect, and because it feared that a massive data surveillance system might be used for purposes other than catching terrorists. This prospect was not so hypothetical: in 1972 Richard Nixon had ordered the IRS to investigate his political opponents, including major contributors to George McGovern’s presidential campaign…

For more than 100 years, American jurisprudence has recognized privacy as a requirement for democracy, social relations, and human dignity. For nearly 50, we’ve understood that protecting privacy takes more than just controlling intrusions into your home; it also requires being able to control information about you that’s available to businesses, government, and society at large. Even though Americans were told after 9/11 that we needed to choose between security and privacy, it’s increasingly clear that without one we will never have the other.

Simson’s proposal for a government-issued online identity will be very controversial—see Bruce Schneier for the opposite view—but his discussion of the role of privacy in protecting freedom is useful separately from that.

I increasingly feel we need a different term than “privacy” for what we are trying to protect. Privacy has negative connotations. Any ideas? —Chris Peterson

Korea starting ‘Ubiquitous Sensor Network’

Tuesday, June 9th, 2009

Kim Tong-hyung of The Korea Times brings news of a new sensor project in that country:

The idea is to combine the sensors and closed-circuit camera (CCTV) information under a broadband convergence network (BcN), or a planned massive IP providing connection speeds between 50 to 100 megabytes per second (mbps), the Internet protocol version 6 (IPv6) and other next-generation Internet platforms.

The gathered information would be accessible anytime and anywhere by mobile, through the country’s advanced second and third generation (3G) wireless networks and WiBro, the local variant of mobile WiMAX…

Seoul will look to explore the possibility of using IP-USN for providing real-time traffic information, and monitoring road conditions and bus movements, while also evaluating air pollution levels. The information will be managed through the WiBro network.

Chuncheon is planning to use IP-USN to construct a “smart well-being leisure city,” using sensors to provide pulse monitoring and other health information to joggers through mobile devices, and the network for monitoring air pollution.

That does indeed sound pretty thorough. Maybe we could get this project to collaborate with us here on openness and data-handling issues? —Chris Peterson