A public photo pool called The Panopticon: Pictures Of Surveillance Cameras has been set up...

via Boing Boing

Tom Morris has taken matters into his hands and is asking British Library about its patron privacy policy... The conclusions are not favourable.

My opinion on this is pretty simple: it’s evil and needs rethinking. Patron privacy is one of the biggest issues for me. This won’t affect my use of the library (but I will not be requesting certain books from the BL - rather, I’ll be buying anything controversial or reading it at another library), though I will be making my opinion clear to them in the form of a formal letter. I will also try and get hold of this records management policy. Ideally, they should hold borrowing records only as long as is required for the books to be retrieved from the store, then delete them after the books are returned to the counter. Or, perhaps, a system where patrons can submit a form either online or in person asking that their records be wiped clean. Again, like all privacy concerns, this is simply about ensuring that what should remain private does remain private.

I am sure that the 'if-you-have-nothing-to-hide-you have-nothing-to-be-afraid-of' bridage would completely miss the point on this one too...

Rob Fisher blogs about Monday's USA Today front page a story about a new X-Ray machine for use in airports that can see through clothing. The machine apparently generates images that, “paint a revealing picture of a person’s nude body".

He points out that the article does not even touch on the need for such machines.

Are not current metal detectors adequate for preventing people from getting on an aeroplane with firearms?

If an airline says it wants me to walk through this machine as a condition of getting on one of their planes, that is one thing: it’s a private company deciding that this is a necessary measure to protect its customers or keep down its insurance costs. It’s their aircraft, they can quite rightly refuse to allow on anyone they feel like for whatever reason.

But if the government mandates the use of these machines, then that’s the government forcing airlines and airports into doing something they and their passengers likely don’t want to do. It’s governments yet again abusing their power to achieve nothing of value to anyone except politicians who want to look like they’re doing something useful.

Post a review of a book or other product on Amazon.com, and the information may find its way into the company's file on you. CNET has more on Amazon having been granted a patent for a system that gathers clues from reviews about customers' gift-giving habits in order to suggest future gifts and reminders.

Consumer advocates worry that the company's profiling practices may have gone too far and could exploit the giving of gifts and the sense of community that customer reviews were designed to engender.

Here's how the proposed system works, according to Amazon's patent claim: Amazon would gather information about gift recipients, including their names, addresses and items customers send them. The system would then try to guess their gender, age and the gift-giving occasion based on the type of present, messages written in gift cards, dates gifts are ordered, items on wish lists, and commentary in related consumer reviews.

The system appears particularly geared toward people buying gifts for children, with its ability to recommend "age appropriate" gifts.

Jason Catlett, founder of Junkbusters, a consumer watchdog, said:

They are building a speculative profile on you before you even know you're dealing with them, because someone sends you a gift.

He's particularly dismayed by the prospect of Amazon monitoring customer reviews for marketing purposes.

Well, so am I. But I think Catlett is onto something when he says:

People will hesitate to publish reviews if they know the result is to enlarge their profile in some secret marketing database.

Wired reports that huge spending bill signed into law by President Bush on Wednesday could create a new hot job-growth sector: chief privacy officers.

Every federal agency, regardless of size or function, will have to hire a chief privacy officer and employ an outside auditing firm biennially to ensure compliance with the nation's privacy laws, according to a little-noticed provision.

The officers will be charged with making sure new technologies do not impinge on civil liberties and that federal databases comply with fair information practices.

Washington Post analyses erosion of online privacy, this time coming from Google:

And yesterday, the omniscient-seeming search engine Google bested itself by announcing a service to probe for information both online and in your own machine. One company official called it a "photographic memory for your computer."

Richard M. Smith, an Internet security consultant says:

It's this whole new world. It's sort of like all these little details about our lives are being recorded. We love the conveniences. We love the services. But people kind of instinctively know there's a dark side to this. They just hope it won't happen to them.

ZDNet has an article about the implanted RDIF chips and the debate about its pros and cons.

Advocates of technologies like radio frequency identification tags say their potentially life-saving benefits far outweigh any Orwellian concerns about privacy. RFID tags sewn into clothing or even embedded under people's skin could curb identity theft, help identify disaster victims and improve medical care.

Critics, however, say such technologies would make it easier for government agencies to track a person's every movement and allow widespread invasion of privacy. Abuse could take countless other forms, including corporations surreptitiously identifying shoppers for relentless sales pitches. Critics also speculate about a day when people's possessions will be tagged - allowing nosy subway riders with the right technology to examine the contents of nearby purses and backpacks.

The notion of embedding RFID tags in the human body, though, remained largely theoretical until the 11 September, 2001, terrorist attacks, when a technology executive saw firefighters writing their badge numbers on their arms so that they could be identified in case they became disfigured or trapped.

Richard Seelig, vice president of medical applications at security specialist Applied Digital Solutions, inserted a tracking tag in his own arm and told the company's chief executive that it worked. A new product, the VeriChip, was born.

Washington Post has an article about a test project, which aims to give frequent fliers a quicker pass through security checkpoints, is underway at four US airports. It relies on the latest biometric technologies to verify a passenger's identity with increased precision. Digital fingerprint scans and photographs are already used to identify foreigners traveling on a visa, and U.S. officials plan to encode a facial recognition technology into passports.

The program offers the first wide application of iris-scanning technology, which had previously been used only for government employees with access to classified sites or for employees with access to nuclear facilities, said Paul Mirenda, director of field operations for LG Electronics Inc., one of the TSA's contractors that makes the scanners. The technology takes a close-up photograph of the iris, which has more unique characteristics than a fingerprint, and applies digital codes to the photograph to store it as a bar code. The photograph and fingerprint are then stored in a file along with other information about the passenger.

But some security experts worry that terrorists could apply to become a registered traveler and score an easier pass through security checkpoints. "If you look at 9/11 hijackers, some of them would have qualified as frequent fliers. All they had to do is run a few tests and find out what the parameters were and get people registered."

Travelers who signed up for the program yesterday said they were impressed with the technology and were eager to be afforded special privileges at the checkpoint. None of the enrollees said they had a problem with providing the government with their personal information.

Wired has more on the government's controversial plan to screen passengers before they board a plane. The Computer Assisted Passenger Pre-Screening System II (CAPPS II) is dead - but it may return in a new form with a new name.

Homeland Security Secretary Tom Ridge bluntly told a reporter Wednesday that CAPPS II was effectively "dead" and jokingly pretended to put a stake in its heart. His comment went far beyond Tuesday's statement to members of Congress by the Transportation Security Administration's acting chief, Adm. David Stone, who said the program's main components were being "reshaped".

For its part, the American Conservative Union warned that it would oppose any successor program that is not fundamentally different from CAPPS II. ACU spokesman Ian Walter said:

Renaming a program does not satisfy the civil liberties concerns of conservatives so long as that program turns law-abiding commercial airline passengers into terrorism suspects. Civil liberties-minded conservatives will never support it.

Any new program will likely not be deployed anytime soon, as the TSA will likely need to reissue a Privacy Act notice detailing how the system will work, collect comments on the notice, issue new rules or a secret order to force airlines to provide passenger data to the system and have it certified by the GAO (General Accountability Office).

Bjarni Ólafsson of Great Auk draws our attention to an onslought on civil liberties by the Minister for Transportation, the Chief of Police in Reykjavík and the state "Traffic authority" have launched in the last two days. Böðvar Bragason, Chief of Police in Reykjavík muses:

New ways to cut the number of road accidents have to be found, and one possible way is to install computer chips in every car and thereby increase the amount of government monitoring of driving.

I want to propose an increase in the number of surveilance cameras on intersections in the city, but I also want a task force to inspect wether technology can be used in the cars themselves. I have the idea, which can easily be implemented, to put a computer chip in every single car. The Police then could stop a given car, connect with the chip and see the way the car has been driven that day, and even before that day.

Aarrrgh. We share your frustration, Bjarni.

The statist can never be happy as long as individuals have some modicum of freedom of action and travel, hence these proposals. This kind of surveilance system, coupled with a court system which allows for any and all evidence to be submitted in a criminal trial - without regard to how it was obtained (f.ex. illegal wiretaps are admissable), is a brutal attack on the personal liberties of Icelanders.

James Lileks today, on where anti-Microsoft mania can lead:

So I'm not a big fan. But I will come to their defense for the anti-trust suits. Minnesota just settled a suit with the state of Minnesota, where millions of consumers were apparently forced at gunpoint to buy Windows machines. Microsoft once again promised to hand over its wallet if the kicking stopped, and agreed to remain rolled in a fetal position until the money is counted. The verdict was around eleventy trillion dollars or so. When it came to distribute the organs of the corpse the lawyers got the liver, spleen, lungs and most of the brain; the consumers got some regulatory glands, some teeth and a selection of minor toes. I think we get a certificate for ten bucks off on future Microsoft purchases. If the consumers don’t claim the money, some goes back to Bill and some goes to an education fund. The trick, of course, is to get people to claim their money. Florida lead the pack: 18 % of the consumers stepped forward. Obviously they need higher participation rates, since it looks bad when you advocate on behalf of an Inflamed Public that turns out to be utterly indifferent to the supposed offense. So the state has come up with a novel means of informing citizens that Microsoft owes them money. It was buried at the end of the story in the local paper last week.

The state will subpoena local computer resellers to learn who bought PCs.

Maybe it’s just me, but: imagine the outcry if the Justice department decided it wanted a database of computer ownership in America. Who had what. Oh no you don't would be the general reaction, even if people couldn’t quite explain why they didn’t like the idea. It smacks of typewriter-registration laws in totalitarian states, even though we all know no one will kick down the door and demand to know where you put that 386 you bought in '92. But this is the mindset of the well-intentioned government lawyer: gee, people might not claim their rebates. How about we use the power of the state to force private businesses to turn over customer lists so we can mail informational material to computer owners? It's for their own good. Who could complain?

Grrr.

Indeed.

A couple of interesting stories caught my eye.

First, the Queen is working hard to use legal means to include privacy clauses in the employment contracts with palace employees, in an effort to prevent leaks and protect the privacy of the Royal Family.

The new contracts cover more than 300 staff from gardeners and cleaners to the lord chamberlain, but will also affect those working for other leading members of the royal family such as the Prince of Wales whose accounts are published separately.

The move forms part of a broader royal strategy, including the appointment of a director responsible for internal security and vetting, aimed at halting the spate of damaging leaks in recent years.

It is a sign of the times that the palace requires a Director for Internal Security to provide them with a modicum of privacy.

Meanwhile, in another sign of the times, US airlines and the US government are under fire for privacy breaches during background checks.

Four airlines -- including Continental, Delta, America West and Frontier -- and at least two reservation systems provided the information to the government or its contractors, the acting head of the Transportation Security Administration, David Stone, told a Senate committee. Some of the companies denied that.

The agency previously had said only two airlines had done so.

Sen. Joe Lieberman of Connecticut, top Democrat on the Senate Governmental Affairs Committee, said the agency ''may have violated'' the Privacy Act, which says the government must notify the public if it intends to collect records on people.

An agency spokeswoman, Yolanda Clark, said the Homeland Security Department's privacy officer is investigating the agency's involvement in the data-sharing from airlines. The information, known as passenger name records, includes credit card numbers, travel reservation details, address and telephone number. It also could mean meal requests, which can indicate a passenger's religion or ethnicity.

The potential for abuse here seems clear, and I hope that firm action is taken to prevent a reoccurance.

Here's one I almost missed:

CCTV footage sought for TV show

According to The Publican, Sky are seeking pub landlords who can provide them with "dramatic or funny" CCTV footage. Faces of those "not involved in the incident" will, of course, be blurred out.

Which implies that faces of those who are involved will be visible. Maybe acceptable if the footage shows a crime - but what if it's just "funny"?

I don't know about you but I reckon my friends would recognise me even with a blurry face (situation normal?).

My Mum definitely would.

Most Americans do not care about exposing themselves to massive data surveillance but they should, says George Washington University law professor and New Republic legal affairs editor Jeffrey Rosen in his new book, "The Naked Crowd." Rosen discussed technology and the uneasy balance between security and privacy on April 20 at 2 p.m. on washingtonpost.com.

Jeffrey Rosen: The book is a response to a challenge by my friend and teacher Lawrence Lessig, who writes about cyberspace. We were on a panel about liberty and security after 9/11, and I denounced the British surveillance cameras, which I had just written about for the New York Times magazine, as a feel good technology that violated privacy without increasing security. Lessig politely but firmly called me a Luddite. These technologies will proliferate whether you like it or not, he said, and you should learn enough about them to be able to describe how they can be designed in ways that protect privacy rather than threatening it. I took Lessig's challenge seriously, and spent a year learning about the technologies and describing the legal and architectural choices they pose. The rest of the book followed naturally, and it's an attempt to think through the behavior of the relevant actors who will decide whether good or bad technologies are adopted -- that is, the public, the executive, the courts, and the Congress.

The Australian government has long desired to force ISP's and Internet content Hosts to take responsibility for the activities of their clients. An attempt to do this in 1999 was defeated, but the authorites are back for more.

The draft bill states that ISPs are required to determine whether their services are used for "illegal conduct or speech."

Paragraph 152 of the Explanatory Notes to the draft bill says that "Possible action that could be taken by ISPs and Internet Content Hosts (ICHs) so as not to facilitate use of a carriage service by another person that breaches proposed subsection 474.16(1) includes an ISP ceasing to provide Internet services to that person or an ICH ceasing to host a particular Website containing content that breaches the proposed offence."

Obviously, the implication is clear- should this measure get up, ISP's will be legally required to be much more aggressive in their surveillance of their customers; a gross breach of their privacy.

(Via Whirlpool.net.au)

Wired has a follow-up reporting on the controversy surrounding the airline companies hand-over passanger data to government contractors (TSA)designing and testing CAPPSII in 2002.

Two senators on Wednesday asked the Transportation Security Administration whether the agency violated federal rules by helping its contractors acquire passenger data, and why the agency told government investigators it didn't have such data.

The senators also pressed the TSA for an explanation of why it hadn't revealed the transfer of millions of passenger records to government contractors. Senate members had asked TSA officials directly whether they had done so, but the answer was no.

Two TSA agency spokesmen also denied to Wired News that any data transfer had taken place, saying that the project did not need data at the time.

But this week, American Airlines became the third airline to reveal that it turned over millions of passenger records to the government without informing the passengers. JetBlue and Northwest Airlines had earlier revealed that they too had transferred passenger records to government contractors. For the past eight months, TSA officials and spokesmen have repeatedly denied that any data transfer occurred. Two senators, Susan Collins (R-Maine) and Joe Lieberman (D-Connecticut) wrote:

We are concerned by potential Privacy Act and other implications of this reported incident. Moreover, TSA told the press, the General Accounting Office and Congress that it had not used any real-world data to test CAPPS II.

American Airlines has now indicated that it provided over 1 million passenger itineraries at TSA's request, which raises the question of why agency officials told GAO that it did not have access to such data.

And there was much fudging as you can read in the article...

The news just goes from bad to worse on the RFID front. Trevor Mendham quoted Tesco CEO Sir Terry Leahy as saying that RFID tracks products, not people, but American tech company Applied Digital Solutions, through it's subsidiary Verichip Corporation, has already broken through that barrier.

They have developed a RFID product that is implanted in the victim.

The VeriChip minaturized Radio Freqency Identifcation (RFID) Device is the core of all VeriChip applications. About the size of a grain of rice, each VeriChip contains a unique verification number, which can be used to access a subscriber-supplied database providing personal related information. And unlike conventional forms of identification, VeriChip cannot be lost, stolen, misplaced or counterfeited.

Once implanted just under the skin, via a quick, painless outpatient procedure (much like getting a shot), the VeriChip can be scanned when necessary with a proprietary VeriChip scanner. A small amount of Radio Freqency Energy passes from the scanner energizing the dormant VeriChip, which then emits a radio frequency signal transmitting the individuals unique verification (VeriChipID) number. The VeriChip Subscriber Number then provides instant access to the Global VeriChip Subscriber (GVS) Registry - through secure, password protected web access to subscriber-supplied information. This data is maintained by state-of-the-art GVS Registry Operations Centers located in Riverside, California and Owings, Maryland.

It's a password protected website- anyone with knowlege of the internet knows that password protected websites are not that secure; anyone that says that they can guarantee the security of such a webserver is whistling in the wind.

It's rather like that dreadful George Lucas film, The Phantom Menace, where the slaves are fitted with a tracking device. Verichip Corp. doesn't have slaves in their sights as a target market- they have a wider target market in mind.

VeriChip products are being actively developed for a variety of security, defense, homeland security and secure-access applications, such as authorized access control to government and private sector facilities, research laboratories, and sensitive transportation resources, including the area of airport security.

In these markets, VeriChip is able to function as standalone
personal verification technology or it is able to operate in conjunction with other security devices such as ID badges and advanced biometrics.

In the financial arena, VeriChip has enormous potential as a personal verification technology that could help curb identity theft and prevent fraudulent access to banking and credit card accounts.

In other words, they are after a world where everyone is fitted with these devices. Does Big Blunkett own shares in this company? At the moment, they are working with gun manufacturers. Who will be next?

Plenty of people around the world by now know of the allegations of philandering made against the English footballer David Beckham, based on claims made to the media, and also on transcripts of SMS phone messages that are said to have been sent between Beckham and one Rebecca Loos.

The ins and outs of the affair are none of our concern, but what did concern me was this explainatory article in The Advertiser:

He apparently even has offered to produce his mobile phone records to prove his innocence. It may surprise some mobile phone users that some carriers retain details of text messages.

In Australia, Telstra keeps SMS messages for up to 28 days and Optus keeps theirs for three days.

I have three questions here. First, why are telephone companies keeping records of these things at all, and second, why is there such a large difference between Telstra, the dominant company that is still half owned by the government, and Optus (which is now owned by Singtel, the phone arm of the Singaporean government.) And thirdly, why are these messages apparently so insecure?

As a follow up on the issue of privacy and personal data protection, here is an article that is a part of a special report on Protecting your ID by Silicon.com. Their conclusion is on the timid side but deserves to be noted:

It is tempting to say data will leak, as sure as vulnerabilities in complex software will be discovered or spam will be sent. But let's not be fooled. Sensible data protection regimes around the world - and the UK should be applauded for its progress in this area - can make a difference. They will do much to protect some of our most valuable assets - the information that relates to us.

Mark Cornish of Adam Smith Blog has a post on privacy with very pertinent comments on consumer loyalty cards.

Rather than worrying about businesses using data in order to make their shopping experience more tailored to individual customers, we should be worrying about the number of civil servants allowed to snoop on their fellow citizens. According to the Foundation for Information Policy Research police and other officials are making around a million requests for access to data held by net and telephone companies each year. Customs and Excise have 200 staff authorised to use the snooping authority and had sought access 35000 times in the last year. The Inland Revenue accessing such data a further 11700 times in the last year. Do we allow too much snooping, or is it important for fighting crime?

I have not yet got around to everyday bashing of these everyday invasions of privacy. Some would say it is a trade-off - you get a discount and they get your data - but the balance of power is certainly not even. I especially detest the Nectar card that is a joint effort to collect customer data by Sainsbury's, BP, Debenhams and Barclaycard, with Vodafone, Ford, Threshers, Victoria Wine, Wine Rack, Bottoms Up and Adams, Childrenswear, London Energy, Seeboard Energy, SWEB energy, All:sports joining gradually.

You can see why this line of apparel appeals to me...

No, that's not some sick April Fool joke. In fact it's a headline from the respected silicon.com

The article reports that civil liberties groups worldwide are objecting to plans by the International Civil Aviation Organisation (ICAO) to incorporate biometrics and RFID chips in all passports. This would be linked to a global identity database.

The plans, to be discussed by the ICAO next week, would make biometrics and tagging compulsory by 2015.

The ICAO's preferred biometric is facial recognition, which was recently described by the Economist Intelligence Unit as having the potential to ensure that "privacy, as it has existed in the public sphere, will in effect be wiped out".

Cross-posted from The RFID Scanner

The BBC reports that the European Parliament's civil liberties committee has rejected the EU Commission's agreement to automatically pass personal information about transatlantic passengers to US authorities. The committee concluded that:

"The agreement with the United States is not on a level that... gives enough protection to EU citizens"

Unfortunately, as the BBC article points out, the infamous EU democratic deficit means that "The parliament's opinion has no legal force".

Wired writes about the case of a Nevada rancher who covets his privacy. Dudley Hiibel refused to hand over his identification to a police officer in 2000, an act which landed him in jail and his name on the U.S. Supreme Court's docket.

At issue in the case, which will be heard March 22, is whether individuals stopped during an investigation of a possible crime must identify themselves to the police. Nevada state law says that individuals must do so if a police officer has reasonable suspicion that a crime has been or will be committed.

Hiibel's attorneys argue that in such situations, known as Terry stops, individuals already have the right to not answer questions and that requiring individuals to show identification violates the Fourth and Fifth Amendments' protections against unreasonable searches and self-incrimination.

The case runs as follows: Police responded to a report of an altercation between Hiibel and his daughter in Hiibel's pickup parked on the side of the road. Hiibel was outside the pickup when deputies arrived and asked for his identification before asking about the alleged fight. A tape of the incident shows Hiibel refused 11 requests to produce identification, after which the deputy arrested him for impeding a police officer.

Police then arrested Hiibel's daughter, Mimi, when she protested the arrest of her father. Both her charge of resisting arrest and the domestic violence charges against Hiibel were later dismissed. He was, however, found guilty of obstructing a police officer and fined $250, but the public defenders on the case appealed the conviction to a district court and the Nevada Supreme Court. Hiibel said:

I feel quite strongly I have a right to remain silent and I didn't commit a crime. (The deputy) demanded my papers. I exerted my rights as a free American and I was cuffed and taken to jail.

Harriet Cummings, one of three Nevada public defenders working on the case, said that while the case might seem like "no big deal," the legal issues at stake are huge.

This goes to the very nature of what our society is going to be like. We believe that exercising your right to remain silent should not be something that can cause you to be imprisoned.

If an officer acting under suspicion that a crime has been committed comes up to a person, starts asking questions and demands identification, and if the person, as Mr. Hiibel did, declines that demand, they can be hauled off to jail. And we think that is not something that should happen in a free society.

Solicitor General's Office and the National Association of Police Organizations also filed briefs supporting the identification requirement, arguing that it was a necessary and not overly intrusive tool in fighting crime and terrorism. Here we have it, crime and terrorism wheeled out yet again...

Though the hearing is still weeks away, the case is already being widely debated in the blogosphere, thanks to the publicity efforts of privacy advocate Bill Scannell.

And on the topic of databases and governments - the Electronic Privacy Information Center's brief ties the identification requirement to large-scale law enforcement databases, such as the FBI's criminal database. The problem, according to EPIC staff attorney Marcia Hofmann, is not just that a police officer can use a driver's license to pull up reams of data on a person from massive databases. It's also that the encounter itself will be added to the system, Hofmann said.

Every little time something like this happens, the police question you and want to know who you are, it's an incident that gets put into a database. And there will be a record of it thereafter, regardless of whether you did anything wrong.

Quite.

Logistics company Excel has announced an RFID trial with the UK retailer House of Fraser. RFID tags will be "attached directly to garments providing the scope to track shipment movements at item level".

No comment is made as to whether the tags will be disabled and/or removed at point of sale.

Press release available here.

Cross-posted from the shiny new RFID Scanner

Here is an interesting piece about the impact of the Data Protection Act on the world of higher education. As so often, the attempt to suppress badness results in the suppression of, if not goodness, then at least the entirely reasonable.

Government invasion of privacy - for example via Identity Cards - is high profile. Arguably a greater danger is when society itself ceases to respect privacy and believes it OK to breach it as a matter of course.

I've recently learned via the Liberty discussion board and handbag.com about an organisation called Millenium AuPairs.

I must stress that as far as I know this organisation is entirely reasonable and above board. Unfortunately their application form is not. See here:

Millenum AuPairs registration form

Now, the question about weight might be non-PC, but that's not the issue. Scroll down and you see that they are asking prospective nannies if they have "ever been a victim of sexual, emotional or physical abuse?". And "If you have answered yes to any of the above, please give details". Details!

This is outrageous. Why ask? Are they assuming that victims of abuse are more likely to be abusers? I don't know. What I do know is that this question is an invasion of privacy.

As chocalatedrop put it on handbag.com:

can you imagine someone asking if you'd ever been raped on an application form in as many words, because this is what is being asked.

OK, this probably doesn't affect you today. But imagine if this sort of intrusive question becomes accepted practice on any application form...

Silicon.com reports that the controversial radio frequency ID (RFID) tracking tags will become ubiquitous in consumer goods but privacy issues, standards and cost need to be addressed first, according to a senior executive of UK supermarket chain Safeway.

Safeway ran an RFID pilot with Unilever last year on 40,000 cases of Lynx deodorant tracking them from the factory through to the shelves of three stores and, in an exclusive interview with silicon.com, Safeway CIO Ric Francis said that while the company has no immediate plans to use RFID, the pilot did enough to convince him that the technology is absolutely key to the future of the retail sector.

We see that as a long-term investment. RFID is clearly going to be hugely important to the retail business. My biggest fear about RFID is that if we all try and do independent things we’ll end up with a range of standards that is not sustainable for the industry as a whole.

As and when it becomes cheap enough it will be important from the consumer point of view as well. That will start, I think, with higher value items and will come down and down throughout the sales portfolio. If these things end up being a penny a go, which I’m sure they will be at some point in time, then that will be a route to implement in a ubiquitous nature.

A kind reader provided a link to an article by the BBC warning that snooping powers given to more than 600 public bodies look set to create a small industry of private firms that will help process requests for information about who people call, the websites they visit and who they swap e-mail with. One firm, called Singlepoint, has been specifically created to act as a middleman between the bodies that want access to data and the net service providers and phone operators that hold it.

We saw an opportunity for a business or a facility that could provide secure processing for the data requests that will come out of this legislation.

Singlepoint spokesman explained that without Singlepoint it would be more difficult and costly for public authorities to request data as they would have to set up relationships with all of the UK's communication service providers. Instead, Singlepoint was setting up a system that would automatically route requests for information to relevant net or phone firms.

The Home Office estimates that up to 500,000 requests per year are made for information about who pays for a particular phone or web account. About 90% of these requests are for subscriber information. Singlepoint estimates that there could be millions of requests per year. Most of these requests are made by the police but approximately 4% are made by the many public authorities that have had new powers granted under RIPA (Regulation of Investigatory Powers Act).

Other firms are starting to set themselves up as trainers for people within public bodies involved with investigations.

the Home Office was keen to get firms offering courses because the police did not have the resources to take on the training of these public body workers itself.

Bodies granted snooping powers include the Serious Fraud Office, all local authorities and councils plus other organisations such as the Charity Commission and the Centre for Environment, Fisheries and Aquaculture Science.

When proposals to grant these snooping powers were first aired in mid-2002 they were greeted with alarm by privacy advocates and civil liberty groups.

A campaign co-ordinated by the FaxYourMP website prompted the government to withdraw its proposals. However, following a consultation exercise the proposals were resurrected and the powers granted in a series of statutory instruments issued in November 2003.

Wired reports that the companies and organizations behind radio-frequency identification tags are scrambling to improve their image by promising to protect the privacy rights of consumers, after they were caught trying to dig up dirt about one of their most effective critics. They also announced development of devices that disable RFID tags, which they are placing on everything from shampoo bottles to suit jackets in the United States and Europe.

Privacy groups, led by Consumers Against Supermarket Privacy Invasion and Numbering (or CASPIAN), fear that businesses and governments can use those signals to track individuals' movements inside stores and in public places. One organization may have been shamed into soliciting CASPIAN's advice, however. The Grocery Manufacturers of America this week inadvertently sent an internal e-mail to CASPIAN suggesting it was looking for embarrassing information about the group's founder, Katherine Albrecht.

The e-mail, written by a college intern at GMA, reads:

I don't know what to tell this woman! 'Well, actually we're trying to see if you have a juicy past that we could use against you.'

Wal-Mart, which tested RFID tags and readers in at least two of its stores last year, said it would adhere to the RFID privacy guidelines published by EPCglobal, the EPC standards body. The guidelines require companies to publicly state how they plan to use data collected from the EPC tags. Wal-Mart spokeswoman Sarah Clark insists:

We understand and care about the concerns that some of our customers have about privacy and, as always, we put our customers' needs first.

CASPIAN's Albrecht said she welcomes tag-killing technologies, as well as the overtures by RFID users who want to work with her.

I just hope they're looking for a real dialogue about the implications of this technology and not simply trying to appear concerned.

The Toronto Star story is here.

Oh dear. It seems that they have a privacy "czar" in those parts. I don't think of czarism as being especially good for the rights of the citizenry, do you? Be careful you don't ever get accused of violating it, no matter how sensibly or blamelessly.

USA Today reports that face-scanning technology designed to recognize registered sex offenders and missing children has been installed in a Phoenix school in a pilot project that some law enforcement and education officials hope to expand.
Two cameras, which are expected to be operational next week, will scan faces of people who enter the office at Royal Palm Middle School. They are linked to state and national databases of sex offenders, missing children and alleged abductors.

Maricopa County Sheriff Joe Arpaio, a tough-talking sheriff who has previously gained notoriety for his chain gangs and prison-issued pink underwear said:

If it works one time, locates one missing child or saves a child from a sexual attack, I feel it's worth it.

Civil libertarians have raised red flags about the idea, pointing to potential privacy violations, and biometrics experts say facial recognition programs are not foolproof.

Wired has an article about the Supreme Court hearing on whether the federal government should reimburse individuals whose sensitive data was disclosed illegally, even if no harm can be proven.

At issue before the court, according to privacy advocates, is how valuable privacy really is. The Privacy Act of 1974 prohibits the government from disclosing private information intentionally, without the individual's consent, and provides for a $1,000 minimum fine if the individual is "adversely affected."

Marcia Hoffman, staff counsel at the Electronic Privacy Information Center, argues that Congress preset the penalty precisely because it is so hard to put a price on an abstract concept such as privacy or to prove damages in absence of others' misuse of that data.

If your Social Security number is disclosed, there is a real potential harm from identity theft.

Lucy Dalglish, executive director of the Reporters Committee for Freedom of the Press, argues that if the government has to pay damages in the case of any improper release of someone's Social Security number, then reporters will not get information from the government that they need and are entitled to.

In the spirit of releasing as much information to the public as possible, we think he should have to prove damages. If every time you release information about an individual, you are going to be threatened with this $1,000-per-record fine, you are going to have agencies so nervous that they are going to err on the side of not turning over something. Government guardians of information are going to be way overly cautious.

And we would not want the government agencies nervous, would we...?

There's a Reason online article here, and comments about it all on the Reason blog here, about this:

One night a few weeks ago, I was half-watching a black-and-white, early '60s episode of The Andy Griffith Show on TV LAND (Episode 60, "The Bookie Barber"), when, all of a sudden, the homespun wisdom of Griffith as Sheriff Andy Taylor touched on today's heated debate over how to balance individual privacy with security. Andy responded to a suggestion by his deputy Barney Fife by saying: "You can't ask a private citizen to become a police spy. It's too dangerous. Something could go wrong." The statement jolted me, and I thought, if only Sheriff Taylor had been there to offer this profound piece of advice to the Republicans and Democrats writing the USA PATRIOT Act.

Title III of the act, which contains provisions to counter money-laundering, requires a host of private businesses to become "police spies" on their customers. These little-known provisions of the much-talked about law draft a substantial number of private-sector employees as citizen soldiers in the war on terrorism as well as on the broadly-defined crime of "money laundering."

Says commenter James Merrit:

A free people, empowering a government that acts consistent with the ideals of freedom, will have the minimum to fear from terrorists. It won't be a perfect world, or a world without danger, but it will be the best we can hope for. We need to reject the fear-based policies and concentrate on freedom-based ones, starting as soon as possible. Do not empower the fascists; do not empower the socialists. We've seen where their roads lead. Empower those who uphold the principles of freedom in word and deed. Making a good start really is as simple as that.

We have similar money laundering stuff here in Britain as well, as David Carr explains.

And turning traders into government stooges has also been here a long time. If you buy a TV, the shop you buy it from has long wanted to know who you are so that it can tell the government and the government can check that you've got a TV license. If you refuse to say who you are, you are liable to end up not buying the TV, as Michael Yardley explains in the latest Spectator:

They changed tack. ‘You’ve got to give us your name and address or you can’t have the television.’ ‘But I’ve paid for it.’ ‘You can’t have it.’ At this point, perhaps I should have walked out of the shop with the television and risked prosecution for some unspecified offence in Kafkaesque Britain. I went for the less dramatic option. ‘Well, I’ll have my money back.’ The first response from the shop staff was that this was impossible. They backed down when I pressed the point. I was directed to ‘customer services’. A credit was made to my card. I left without a television. What a palaver.

Driving home, I thought back to the last time I had bought a television, ten years or more ago. I had a dim memory of being asked for my name and address ‘for the guarantee’. It wasn’t for that purpose, I now knew. It was a ploy to get the information for the faceless ones. …

Googling "privacy" took me