A public photo pool called The Panopticon: Pictures Of Surveillance Cameras has been set up...

via Boing Boing

Tom Morris has taken matters into his hands and is asking British Library about its patron privacy policy... The conclusions are not favourable.

My opinion on this is pretty simple: it’s evil and needs rethinking. Patron privacy is one of the biggest issues for me. This won’t affect my use of the library (but I will not be requesting certain books from the BL - rather, I’ll be buying anything controversial or reading it at another library), though I will be making my opinion clear to them in the form of a formal letter. I will also try and get hold of this records management policy. Ideally, they should hold borrowing records only as long as is required for the books to be retrieved from the store, then delete them after the books are returned to the counter. Or, perhaps, a system where patrons can submit a form either online or in person asking that their records be wiped clean. Again, like all privacy concerns, this is simply about ensuring that what should remain private does remain private.

I am sure that the 'if-you-have-nothing-to-hide-you have-nothing-to-be-afraid-of' bridage would completely miss the point on this one too...

Rob Fisher blogs about Monday's USA Today front page a story about a new X-Ray machine for use in airports that can see through clothing. The machine apparently generates images that, “paint a revealing picture of a person’s nude body".

He points out that the article does not even touch on the need for such machines.

Are not current metal detectors adequate for preventing people from getting on an aeroplane with firearms?

If an airline says it wants me to walk through this machine as a condition of getting on one of their planes, that is one thing: it’s a private company deciding that this is a necessary measure to protect its customers or keep down its insurance costs. It’s their aircraft, they can quite rightly refuse to allow on anyone they feel like for whatever reason.

But if the government mandates the use of these machines, then that’s the government forcing airlines and airports into doing something they and their passengers likely don’t want to do. It’s governments yet again abusing their power to achieve nothing of value to anyone except politicians who want to look like they’re doing something useful.

Post a review of a book or other product on Amazon.com, and the information may find its way into the company's file on you. CNET has more on Amazon having been granted a patent for a system that gathers clues from reviews about customers' gift-giving habits in order to suggest future gifts and reminders.

Consumer advocates worry that the company's profiling practices may have gone too far and could exploit the giving of gifts and the sense of community that customer reviews were designed to engender.

Here's how the proposed system works, according to Amazon's patent claim: Amazon would gather information about gift recipients, including their names, addresses and items customers send them. The system would then try to guess their gender, age and the gift-giving occasion based on the type of present, messages written in gift cards, dates gifts are ordered, items on wish lists, and commentary in related consumer reviews.

The system appears particularly geared toward people buying gifts for children, with its ability to recommend "age appropriate" gifts.

Jason Catlett, founder of Junkbusters, a consumer watchdog, said:

They are building a speculative profile on you before you even know you're dealing with them, because someone sends you a gift.

He's particularly dismayed by the prospect of Amazon monitoring customer reviews for marketing purposes.

Well, so am I. But I think Catlett is onto something when he says:

People will hesitate to publish reviews if they know the result is to enlarge their profile in some secret marketing database.

Wired reports that huge spending bill signed into law by President Bush on Wednesday could create a new hot job-growth sector: chief privacy officers.

Every federal agency, regardless of size or function, will have to hire a chief privacy officer and employ an outside auditing firm biennially to ensure compliance with the nation's privacy laws, according to a little-noticed provision.

The officers will be charged with making sure new technologies do not impinge on civil liberties and that federal databases comply with fair information practices.

Washington Post analyses erosion of online privacy, this time coming from Google:

And yesterday, the omniscient-seeming search engine Google bested itself by announcing a service to probe for information both online and in your own machine. One company official called it a "photographic memory for your computer."

Richard M. Smith, an Internet security consultant says:

It's this whole new world. It's sort of like all these little details about our lives are being recorded. We love the conveniences. We love the services. But people kind of instinctively know there's a dark side to this. They just hope it won't happen to them.

ZDNet has an article about the implanted RDIF chips and the debate about its pros and cons.

Advocates of technologies like radio frequency identification tags say their potentially life-saving benefits far outweigh any Orwellian concerns about privacy. RFID tags sewn into clothing or even embedded under people's skin could curb identity theft, help identify disaster victims and improve medical care.

Critics, however, say such technologies would make it easier for government agencies to track a person's every movement and allow widespread invasion of privacy. Abuse could take countless other forms, including corporations surreptitiously identifying shoppers for relentless sales pitches. Critics also speculate about a day when people's possessions will be tagged - allowing nosy subway riders with the right technology to examine the contents of nearby purses and backpacks.

The notion of embedding RFID tags in the human body, though, remained largely theoretical until the 11 September, 2001, terrorist attacks, when a technology executive saw firefighters writing their badge numbers on their arms so that they could be identified in case they became disfigured or trapped.

Richard Seelig, vice president of medical applications at security specialist Applied Digital Solutions, inserted a tracking tag in his own arm and told the company's chief executive that it worked. A new product, the VeriChip, was born.

Washington Post has an article about a test project, which aims to give frequent fliers a quicker pass through security checkpoints, is underway at four US airports. It relies on the latest biometric technologies to verify a passenger's identity with increased precision. Digital fingerprint scans and photographs are already used to identify foreigners traveling on a visa, and U.S. officials plan to encode a facial recognition technology into passports.

The program offers the first wide application of iris-scanning technology, which had previously been used only for government employees with access to classified sites or for employees with access to nuclear facilities, said Paul Mirenda, director of field operations for LG Electronics Inc., one of the TSA's contractors that makes the scanners. The technology takes a close-up photograph of the iris, which has more unique characteristics than a fingerprint, and applies digital codes to the photograph to store it as a bar code. The photograph and fingerprint are then stored in a file along with other information about the passenger.

But some security experts worry that terrorists could apply to become a registered traveler and score an easier pass through security checkpoints. "If you look at 9/11 hijackers, some of them would have qualified as frequent fliers. All they had to do is run a few tests and find out what the parameters were and get people registered."

Travelers who signed up for the program yesterday said they were impressed with the technology and were eager to be afforded special privileges at the checkpoint. None of the enrollees said they had a problem with providing the government with their personal information.

Wired has more on the government's controversial plan to screen passengers before they board a plane. The Computer Assisted Passenger Pre-Screening System II (CAPPS II) is dead - but it may return in a new form with a new name.

Homeland Security Secretary Tom Ridge bluntly told a reporter Wednesday that CAPPS II was effectively "dead" and jokingly pretended to put a stake in its heart. His comment went far beyond Tuesday's statement to members of Congress by the Transportation Security Administration's acting chief, Adm. David Stone, who said the program's main components were being "reshaped".

For its part, the American Conservative Union warned that it would oppose any successor program that is not fundamentally different from CAPPS II. ACU spokesman Ian Walter said:

Renaming a program does not satisfy the civil liberties concerns of conservatives so long as that program turns law-abiding commercial airline passengers into terrorism suspects. Civil liberties-minded conservatives will never support it.

Any new program will likely not be deployed anytime soon, as the TSA will likely need to reissue a Privacy Act notice detailing how the system will work, collect comments on the notice, issue new rules or a secret order to force airlines to provide passenger data to the system and have it certified by the GAO (General Accountability Office).

Bjarni Ólafsson of Great Auk draws our attention to an onslought on civil liberties by the Minister for Transportation, the Chief of Police in Reykjavík and the state "Traffic authority" have launched in the last two days. Böðvar Bragason, Chief of Police in Reykjavík muses:

New ways to cut the number of road accidents have to be found, and one possible way is to install computer chips in every car and thereby increase the amount of government monitoring of driving.

I want to propose an increase in the number of surveilance cameras on intersections in the city, but I also want a task force to inspect wether technology can be used in the cars themselves. I have the idea, which can easily be implemented, to put a computer chip in every single car. The Police then could stop a given car, connect with the chip and see the way the car has been driven that day, and even before that day.

Aarrrgh. We share your frustration, Bjarni.

The statist can never be happy as long as individuals have some modicum of freedom of action and travel, hence these proposals. This kind of surveilance system, coupled with a court system which allows for any and all evidence to be submitted in a criminal trial - without regard to how it was obtained (f.ex. illegal wiretaps are admissable), is a brutal attack on the personal liberties of Icelanders.

James Lileks today, on where anti-Microsoft mania can lead:

So I'm not a big fan. But I will come to their defense for the anti-trust suits. Minnesota just settled a suit with the state of Minnesota, where millions of consumers were apparently forced at gunpoint to buy Windows machines. Microsoft once again promised to hand over its wallet if the kicking stopped, and agreed to remain rolled in a fetal position until the money is counted. The verdict was around eleventy trillion dollars or so. When it came to distribute the organs of the corpse the lawyers got the liver, spleen, lungs and most of the brain; the consumers got some regulatory glands, some teeth and a selection of minor toes. I think we get a certificate for ten bucks off on future Microsoft purchases. If the consumers don’t claim the money, some goes back to Bill and some goes to an education fund. The trick, of course, is to get people to claim their money. Florida lead the pack: 18 % of the consumers stepped forward. Obviously they need higher participation rates, since it looks bad when you advocate on behalf of an Inflamed Public that turns out to be utterly indifferent to the supposed offense. So the state has come up with a novel means of informing citizens that Microsoft owes them money. It was buried at the end of the story in the local paper last week.

The state will subpoena local computer resellers to learn who bought PCs.

Maybe it’s just me, but: imagine the outcry if the Justice department decided it wanted a database of computer ownership in America. Who had what. Oh no you don't would be the general reaction, even if people couldn’t quite explain why they didn’t like the idea. It smacks of typewriter-registration laws in totalitarian states, even though we all know no one will kick down the door and demand to know where you put that 386 you bought in '92. But this is the mindset of the well-intentioned government lawyer: gee, people might not claim their rebates. How about we use the power of the state to force private businesses to turn over customer lists so we can mail informational material to computer owners? It's for their own good. Who could complain?

Grrr.

Indeed.

A couple of interesting stories caught my eye.

First, the Queen is working hard to use legal means to include privacy clauses in the employment contracts with palace employees, in an effort to prevent leaks and protect the privacy of the Royal Family.

The new contracts cover more than 300 staff from gardeners and cleaners to the lord chamberlain, but will also affect those working for other leading members of the royal family such as the Prince of Wales whose accounts are published separately.

The move forms part of a broader royal strategy, including the appointment of a director responsible for internal security and vetting, aimed at halting the spate of damaging leaks in recent years.

It is a sign of the times that the palace requires a Director for Internal Security to provide them with a modicum of privacy.

Meanwhile, in another sign of the times, US airlines and the US government are under fire for privacy breaches during background checks.

Four airlines -- including Continental, Delta, America West and Frontier -- and at least two reservation systems provided the information to the government or its contractors, the acting head of the Transportation Security Administration, David Stone, told a Senate committee. Some of the companies denied that.

The agency previously had said only two airlines had done so.

Sen. Joe Lieberman of Connecticut, top Democrat on the Senate Governmental Affairs Committee, said the agency ''may have violated'' the Privacy Act, which says the government must notify the public if it intends to collect records on people.

An agency spokeswoman, Yolanda Clark, said the Homeland Security Department's privacy officer is investigating the agency's involvement in the data-sharing from airlines. The information, known as passenger name records, includes credit card numbers, travel reservation details, address and telephone number. It also could mean meal requests, which can indicate a passenger's religion or ethnicity.

The potential for abuse here seems clear, and I hope that firm action is taken to prevent a reoccurance.

Here's one I almost missed:

CCTV footage sought for TV show

According to The Publican, Sky are seeking pub landlords who can provide them with "dramatic or funny" CCTV footage. Faces of those "not involved in the incident" will, of course, be blurred out.

Which implies that faces of those who are involved will be visible. Maybe acceptable if the footage shows a crime - but what if it's just "funny"?

I don't know about you but I reckon my friends would recognise me even with a blurry face (situation normal?).

My Mum definitely would.

Most Americans do not care about exposing themselves to massive data surveillance but they should, says George Washington University law professor and New Republic legal affairs editor Jeffrey Rosen in his new book, "The Naked Crowd." Rosen discussed technology and the uneasy balance between security and privacy on April 20 at 2 p.m. on washingtonpost.com.

Jeffrey Rosen: The book is a response to a challenge by my friend and teacher Lawrence Lessig, who writes about cyberspace. We were on a panel about liberty and security after 9/11, and I denounced the British surveillance cameras, which I had just written about for the New York Times magazine, as a feel good technology that violated privacy without increasing security. Lessig politely but firmly called me a Luddite. These technologies will proliferate whether you like it or not, he said, and you should learn enough about them to be able to describe how they can be designed in ways that protect privacy rather than threatening it. I took Lessig's challenge seriously, and spent a year learning about the technologies and describing the legal and architectural choices they pose. The rest of the book followed naturally, and it's an attempt to think through the behavior of the relevant actors who will decide whether good or bad technologies are adopted -- that is, the public, the executive, the courts, and the Congress.

The Australian government has long desired to force ISP's and Internet content Hosts to take responsibility for the activities of their clients. An attempt to do this in 1999 was defeated, but the authorites are back for more.

The draft bill states that ISPs are required to determine whether their services are used for "illegal conduct or speech."

Paragraph 152 of the Explanatory Notes to the draft bill says that "Possible action that could be taken by ISPs and Internet Content Hosts (ICHs) so as not to facilitate use of a carriage service by another person that breaches proposed subsection 474.16(1) includes an ISP ceasing to provide Internet services to that person or an ICH ceasing to host a particular Website containing content that breaches the proposed offence."

Obviously, the implication is clear- should this measure get up, ISP's will be legally required to be much more aggressive in their surveillance of their customers; a gross breach of their privacy.

(Via Whirlpool.net.au)

Wired has a follow-up reporting on the controversy surrounding the airline companies hand-over passanger data to government contractors (TSA)designing and testing CAPPSII in 2002.

Two senators on Wednesday asked the Transportation Security Administration whether the agency violated federal rules by helping its contractors acquire passenger data, and why the agency told government investigators it didn't have such data.

The senators also pressed the TSA for an explanation of why it hadn't revealed the transfer of millions of passenger records to government contractors. Senate members had asked TSA officials directly whether they had done so, but the answer was no.

Two TSA agency spokesmen also denied to Wired News that any data transfer had taken place, saying that the project did not need data at the time.

But this week, American Airlines became the third airline to reveal that it turned over millions of passenger records to the government without informing the passengers. JetBlue and Northwest Airlines had earlier revealed that they too had transferred passenger records to government contractors. For the past eight months, TSA officials and spokesmen have repeatedly denied that any data transfer occurred. Two senators, Susan Collins (R-Maine) and Joe Lieberman (D-Connecticut) wrote:

We are concerned by potential Privacy Act and other implications of this reported incident. Moreover, TSA told the press, the General Accounting Office and Congress that it had not used any real-world data to test CAPPS II.

American Airlines has now indicated that it provided over 1 million passenger itineraries at TSA's request, which raises the question of why agency officials told GAO that it did not have access to such data.

And there was much fudging as you can read in the article...

The news just goes from bad to worse on the RFID front. Trevor Mendham quoted Tesco CEO Sir Terry Leahy as saying that RFID tracks products, not people, but American tech company Applied Digital Solutions, through it's subsidiary Verichip Corporation, has already broken through that barrier.

They have developed a RFID product that is implanted in the victim.

The VeriChip minaturized Radio Freqency Identifcation (RFID) Device is the core of all VeriChip applications. About the size of a grain of rice, each VeriChip contains a unique verification number, which can be used to access a subscriber-supplied database providing personal related information. And unlike conventional forms of identification, VeriChip cannot be lost, stolen, misplaced or counterfeited.

Once implanted just under the skin, via a quick, painless outpatient procedure (much like getting a shot), the VeriChip can be scanned when necessary with a proprietary VeriChip scanner. A small amount of Radio Freqency Energy passes from the scanner energizing the dormant VeriChip, which then emits a radio frequency signal transmitting the individuals unique verification (VeriChipID) number. The VeriChip Subscriber Number then provides instant access to the Global VeriChip Subscriber (GVS) Registry - through secure, password protected web access to subscriber-supplied information. This data is maintained by state-of-the-art GVS Registry Operations Centers located in Riverside, California and Owings, Maryland.

It's a password protected website- anyone with knowlege of the internet knows that password protected websites are not that secure; anyone that says that they can guarantee the security of such a webserver is whistling in the wind.

It's rather like that dreadful George Lucas film, The Phantom Menace, where the slaves are fitted with a tracking device. Verichip Corp. doesn't have slaves in their sights as a target market- they have a wider target market in mind.

VeriChip products are being actively developed for a variety of security, defense, homeland security and secure-access applications, such as authorized access control to government and private sector facilities, research laboratories, and sensitive transportation resources, including the area of airport security.

In these markets, VeriChip is able to function as standalone
personal verification technology or it is able to operate in conjunction with other security devices such as ID badges and advanced biometrics.

In the financial arena, VeriChip has enormous potential as a personal verification technology that could help curb identity theft and prevent fraudulent access to banking and credit card accounts.

In other words, they are after a world where everyone is fitted with these devices. Does Big Blunkett own shares in this company? At the moment, they are working with gun manufacturers. Who will be next?

Plenty of people around the world by now know of the allegations of philandering made against the English footballer David Beckham, based on claims made to the media, and also on transcripts of SMS phone messages that are said to have been sent between Beckham and one Rebecca Loos.

The ins and outs of the affair are none of our concern, but what did concern me was this explainatory article in The Advertiser:

He apparently even has offered to produce his mobile phone records to prove his innocence. It may surprise some mobile phone users that some carriers retain details of text messages.

In Australia, Telstra keeps SMS messages for up to 28 days and Optus keeps theirs for three days.

I have three questions here. First, why are telephone companies keeping records of these things at all, and second, why is there such a large difference between Telstra, the dominant company that is still half owned by the government, and Optus (which is now owned by Singtel, the phone arm of the Singaporean government.) And thirdly, why are these messages apparently so insecure?

As a follow up on the issue of privacy and personal data protection, here is an article that is a part of a special report on Protecting your ID by Silicon.com. Their conclusion is on the timid side but deserves to be noted:

It is tempting to say data will leak, as sure as vulnerabilities in complex software will be discovered or spam will be sent. But let's not be fooled. Sensible data protection regimes around the world - and the UK should be applauded for its progress in this area - can make a difference. They will do much to protect some of our most valuable assets - the information that relates to us.

Mark Cornish of Adam Smith Blog has a post on privacy with very pertinent comments on consumer loyalty cards.

Rather than worrying about businesses using data in order to make their shopping experience more tailored to individual customers, we should be worrying about the number of civil servants allowed to snoop on their fellow citizens. According to the Foundation for Information Policy Research police and other officials are making around a million requests for access to data held by net and telephone companies each year. Customs and Excise have 200 staff authorised to use the snooping authority and had sought access 35000 times in the last year. The Inland Revenue accessing such data a further 11700 times in the last year. Do we allow too much snooping, or is it important for fighting crime?

I have not yet got around to everyday bashing of these everyday invasions of privacy. Some would say it is a trade-off - you get a discount and they get your data - but the balance of power is certainly not even. I especially detest the Nectar card that is a joint effort to collect customer data by Sainsbury's, BP, Debenhams and Barclaycard, with Vodafone, Ford, Threshers, Victoria Wine, Wine Rack, Bottoms Up and Adams, Childrenswear, London Energy, Seeboard Energy, SWEB energy, All:sports joining gradually.

You can see why this line of apparel appeals to me...

No, that's not some sick April Fool joke. In fact it's a headline from the respected silicon.com

The article reports that civil liberties groups worldwide are objecting to plans by the International Civil Aviation Organisation (ICAO) to incorporate biometrics and RFID chips in all passports. This would be linked to a global identity database.

The plans, to be discussed by the ICAO next week, would make biometrics and tagging compulsory by 2015.

The ICAO's preferred biometric is facial recognition, which was recently described by the Economist Intelligence Unit as having the potential to ensure that "privacy, as it has existed in the public sphere, will in effect be wiped out".

Cross-posted from The RFID Scanner

The BBC reports that the European Parliament's civil liberties committee has rejected the EU Commission's agreement to automatically pass personal information about transatlantic passengers to US authorities. The committee concluded that:

"The agreement with the United States is not on a level that... gives enough protection to EU citizens"

Unfortunately, as the BBC article points out, the infamous EU democratic deficit means that "The parliament's opinion has no legal force".

Wired writes about the case of a Nevada rancher who covets his privacy. Dudley Hiibel refused to hand over his identification to a police officer in 2000, an act which landed him in jail and his name on the U.S. Supreme Court's docket.

At issue in the case, which will be heard March 22, is whether individuals stopped during an investigation of a possible crime must identify themselves to the police. Nevada state law says that individuals must do so if a police officer has reasonable suspicion that a crime has been or will be committed.

Hiibel's attorneys argue that in such situations, known as Terry stops, individuals already have the right to not answer questions and that requiring individuals to show identification violates the Fourth and Fifth Amendments' protections against unreasonable searches and self-incrimination.

The case runs as follows: Police responded to a report of an altercation between Hiibel and his daughter in Hiibel's pickup parked on the side of the road. Hiibel was outside the pickup when deputies arrived and asked for his identification before asking about the alleged fight. A tape of the incident shows Hiibel refused 11 requests to produce identification, after which the deputy arrested him for impeding a police officer.

Police then arrested Hiibel's daughter, Mimi, when she protested the arrest of her father. Both her charge of resisting arrest and the domestic violence charges against Hiibel were later dismissed. He was, however, found guilty of obstructing a police officer and fined $250, but the public defenders on the case appealed the conviction to a district court and the Nevada Supreme Court. Hiibel said:

I feel quite strongly I have a right to remain silent and I didn't commit a crime. (The deputy) demanded my papers. I exerted my rights as a free American and I was cuffed and taken to jail.

Harriet Cummings, one of three Nevada public defenders working on the case, said that while the case might seem like "no big deal," the legal issues at stake are huge.

This goes to the very nature of what our society is going to be like. We believe that exercising your right to remain silent should not be something that can cause you to be imprisoned.

If an officer acting under suspicion that a crime has been committed comes up to a person, starts asking questions and demands identification, and if the person, as Mr. Hiibel did, declines that demand, they can be hauled off to jail. And we think that is not something that should happen in a free society.

Solicitor General's Office and the National Association of Police Organizations also filed briefs supporting the identification requirement, arguing that it was a necessary and not overly intrusive tool in fighting crime and terrorism. Here we have it, crime and terrorism wheeled out yet again...

Though the hearing is still weeks away, the case is already being widely debated in the blogosphere, thanks to the publicity efforts of privacy advocate Bill Scannell.

And on the topic of databases and governments - the Electronic Privacy Information Center's brief ties the identification requirement to large-scale law enforcement databases, such as the FBI's criminal database. The problem, according to EPIC staff attorney Marcia Hofmann, is not just that a police officer can use a driver's license to pull up reams of data on a person from massive databases. It's also that the encounter itself will be added to the system, Hofmann said.

Every little time something like this happens, the police question you and want to know who you are, it's an incident that gets put into a database. And there will be a record of it thereafter, regardless of whether you did anything wrong.

Quite.

Logistics company Excel has announced an RFID trial with the UK retailer House of Fraser. RFID tags will be "attached directly to garments providing the scope to track shipment movements at item level".

No comment is made as to whether the tags will be disabled and/or removed at point of sale.

Press release available here.

Cross-posted from the shiny new RFID Scanner

Here is an interesting piece about the impact of the Data Protection Act on the world of higher education. As so often, the attempt to suppress badness results in the suppression of, if not goodness, then at least the entirely reasonable.

Government invasion of privacy - for example via Identity Cards - is high profile. Arguably a greater danger is when society itself ceases to respect privacy and believes it OK to breach it as a matter of course.

I've recently learned via the Liberty discussion board and handbag.com about an organisation called Millenium AuPairs.

I must stress that as far as I know this organisation is entirely reasonable and above board. Unfortunately their application form is not. See here:

Millenum AuPairs registration form

Now, the question about weight might be non-PC, but that's not the issue. Scroll down and you see that they are asking prospective nannies if they have "ever been a victim of sexual, emotional or physical abuse?". And "If you have answered yes to any of the above, please give details". Details!

This is outrageous. Why ask? Are they assuming that victims of abuse are more likely to be abusers? I don't know. What I do know is that this question is an invasion of privacy.

As chocalatedrop put it on handbag.com:

can you imagine someone asking if you'd ever been raped on an application form in as many words, because this is what is being asked.

OK, this probably doesn't affect you today. But imagine if this sort of intrusive question becomes accepted practice on any application form...

Silicon.com reports that the controversial radio frequency ID (RFID) tracking tags will become ubiquitous in consumer goods but privacy issues, standards and cost need to be addressed first, according to a senior executive of UK supermarket chain Safeway.

Safeway ran an RFID pilot with Unilever last year on 40,000 cases of Lynx deodorant tracking them from the factory through to the shelves of three stores and, in an exclusive interview with silicon.com, Safeway CIO Ric Francis said that while the company has no immediate plans to use RFID, the pilot did enough to convince him that the technology is absolutely key to the future of the retail sector.

We see that as a long-term investment. RFID is clearly going to be hugely important to the retail business. My biggest fear about RFID is that if we all try and do independent things we’ll end up with a range of standards that is not sustainable for the industry as a whole.

As and when it becomes cheap enough it will be important from the consumer point of view as well. That will start, I think, with higher value items and will come down and down throughout the sales portfolio. If these things end up being a penny a go, which I’m sure they will be at some point in time, then that will be a route to implement in a ubiquitous nature.

A kind reader provided a link to an article by the BBC warning that snooping powers given to more than 600 public bodies look set to create a small industry of private firms that will help process requests for information about who people call, the websites they visit and who they swap e-mail with. One firm, called Singlepoint, has been specifically created to act as a middleman between the bodies that want access to data and the net service providers and phone operators that hold it.

We saw an opportunity for a business or a facility that could provide secure processing for the data requests that will come out of this legislation.

Singlepoint spokesman explained that without Singlepoint it would be more difficult and costly for public authorities to request data as they would have to set up relationships with all of the UK's communication service providers. Instead, Singlepoint was setting up a system that would automatically route requests for information to relevant net or phone firms.

The Home Office estimates that up to 500,000 requests per year are made for information about who pays for a particular phone or web account. About 90% of these requests are for subscriber information. Singlepoint estimates that there could be millions of requests per year. Most of these requests are made by the police but approximately 4% are made by the many public authorities that have had new powers granted under RIPA (Regulation of Investigatory Powers Act).

Other firms are starting to set themselves up as trainers for people within public bodies involved with investigations.

the Home Office was keen to get firms offering courses because the police did not have the resources to take on the training of these public body workers itself.

Bodies granted snooping powers include the Serious Fraud Office, all local authorities and councils plus other organisations such as the Charity Commission and the Centre for Environment, Fisheries and Aquaculture Science.

When proposals to grant these snooping powers were first aired in mid-2002 they were greeted with alarm by privacy advocates and civil liberty groups.

A campaign co-ordinated by the FaxYourMP website prompted the government to withdraw its proposals. However, following a consultation exercise the proposals were resurrected and the powers granted in a series of statutory instruments issued in November 2003.

Wired reports that the companies and organizations behind radio-frequency identification tags are scrambling to improve their image by promising to protect the privacy rights of consumers, after they were caught trying to dig up dirt about one of their most effective critics. They also announced development of devices that disable RFID tags, which they are placing on everything from shampoo bottles to suit jackets in the United States and Europe.

Privacy groups, led by Consumers Against Supermarket Privacy Invasion and Numbering (or CASPIAN), fear that businesses and governments can use those signals to track individuals' movements inside stores and in public places. One organization may have been shamed into soliciting CASPIAN's advice, however. The Grocery Manufacturers of America this week inadvertently sent an internal e-mail to CASPIAN suggesting it was looking for embarrassing information about the group's founder, Katherine Albrecht.

The e-mail, written by a college intern at GMA, reads:

I don't know what to tell this woman! 'Well, actually we're trying to see if you have a juicy past that we could use against you.'

Wal-Mart, which tested RFID tags and readers in at least two of its stores last year, said it would adhere to the RFID privacy guidelines published by EPCglobal, the EPC standards body. The guidelines require companies to publicly state how they plan to use data collected from the EPC tags. Wal-Mart spokeswoman Sarah Clark insists:

We understand and care about the concerns that some of our customers have about privacy and, as always, we put our customers' needs first.

CASPIAN's Albrecht said she welcomes tag-killing technologies, as well as the overtures by RFID users who want to work with her.

I just hope they're looking for a real dialogue about the implications of this technology and not simply trying to appear concerned.

The Toronto Star story is here.

Oh dear. It seems that they have a privacy "czar" in those parts. I don't think of czarism as being especially good for the rights of the citizenry, do you? Be careful you don't ever get accused of violating it, no matter how sensibly or blamelessly.

USA Today reports that face-scanning technology designed to recognize registered sex offenders and missing children has been installed in a Phoenix school in a pilot project that some law enforcement and education officials hope to expand.
Two cameras, which are expected to be operational next week, will scan faces of people who enter the office at Royal Palm Middle School. They are linked to state and national databases of sex offenders, missing children and alleged abductors.

Maricopa County Sheriff Joe Arpaio, a tough-talking sheriff who has previously gained notoriety for his chain gangs and prison-issued pink underwear said:

If it works one time, locates one missing child or saves a child from a sexual attack, I feel it's worth it.

Civil libertarians have raised red flags about the idea, pointing to potential privacy violations, and biometrics experts say facial recognition programs are not foolproof.

Wired has an article about the Supreme Court hearing on whether the federal government should reimburse individuals whose sensitive data was disclosed illegally, even if no harm can be proven.

At issue before the court, according to privacy advocates, is how valuable privacy really is. The Privacy Act of 1974 prohibits the government from disclosing private information intentionally, without the individual's consent, and provides for a $1,000 minimum fine if the individual is "adversely affected."

Marcia Hoffman, staff counsel at the Electronic Privacy Information Center, argues that Congress preset the penalty precisely because it is so hard to put a price on an abstract concept such as privacy or to prove damages in absence of others' misuse of that data.

If your Social Security number is disclosed, there is a real potential harm from identity theft.

Lucy Dalglish, executive director of the Reporters Committee for Freedom of the Press, argues that if the government has to pay damages in the case of any improper release of someone's Social Security number, then reporters will not get information from the government that they need and are entitled to.

In the spirit of releasing as much information to the public as possible, we think he should have to prove damages. If every time you release information about an individual, you are going to be threatened with this $1,000-per-record fine, you are going to have agencies so nervous that they are going to err on the side of not turning over something. Government guardians of information are going to be way overly cautious.

And we would not want the government agencies nervous, would we...?

There's a Reason online article here, and comments about it all on the Reason blog here, about this:

One night a few weeks ago, I was half-watching a black-and-white, early '60s episode of The Andy Griffith Show on TV LAND (Episode 60, "The Bookie Barber"), when, all of a sudden, the homespun wisdom of Griffith as Sheriff Andy Taylor touched on today's heated debate over how to balance individual privacy with security. Andy responded to a suggestion by his deputy Barney Fife by saying: "You can't ask a private citizen to become a police spy. It's too dangerous. Something could go wrong." The statement jolted me, and I thought, if only Sheriff Taylor had been there to offer this profound piece of advice to the Republicans and Democrats writing the USA PATRIOT Act.

Title III of the act, which contains provisions to counter money-laundering, requires a host of private businesses to become "police spies" on their customers. These little-known provisions of the much-talked about law draft a substantial number of private-sector employees as citizen soldiers in the war on terrorism as well as on the broadly-defined crime of "money laundering."

Says commenter James Merrit:

A free people, empowering a government that acts consistent with the ideals of freedom, will have the minimum to fear from terrorists. It won't be a perfect world, or a world without danger, but it will be the best we can hope for. We need to reject the fear-based policies and concentrate on freedom-based ones, starting as soon as possible. Do not empower the fascists; do not empower the socialists. We've seen where their roads lead. Empower those who uphold the principles of freedom in word and deed. Making a good start really is as simple as that.

We have similar money laundering stuff here in Britain as well, as David Carr explains.

And turning traders into government stooges has also been here a long time. If you buy a TV, the shop you buy it from has long wanted to know who you are so that it can tell the government and the government can check that you've got a TV license. If you refuse to say who you are, you are liable to end up not buying the TV, as Michael Yardley explains in the latest Spectator:

They changed tack. ‘You’ve got to give us your name and address or you can’t have the television.’ ‘But I’ve paid for it.’ ‘You can’t have it.’ At this point, perhaps I should have walked out of the shop with the television and risked prosecution for some unspecified offence in Kafkaesque Britain. I went for the less dramatic option. ‘Well, I’ll have my money back.’ The first response from the shop staff was that this was impossible. They backed down when I pressed the point. I was directed to ‘customer services’. A credit was made to my card. I left without a television. What a palaver.

Driving home, I thought back to the last time I had bought a television, ten years or more ago. I had a dim memory of being asked for my name and address ‘for the guarantee’. It wasn’t for that purpose, I now knew. It was a ploy to get the information for the faceless ones. …

Googling "privacy" took me to this piece about the problem of junk mail sent to dead people.

After this scribe found black humor last year at the ceaseless stream of direct mail advertising directed at my recently deceased partner, an admonition arrived from a reader who lost her husband in 1999.

"Write about this again in a year," she said. "The junk will just keep arriving, and by then you may have stopped laughing."

Yes it really isn't that funny, especially as the failure to find good ways to stop junk mail (and junk email) will mean bad ways, i.e. ways that don't stop the junk, but stop other things which are good, like, I don't know, freedom of communication.

Wired reports that Congress delayed the planned takeoff of a controversial new airline passenger-profiling system until an independent study of its privacy implications and effectiveness at stopping terrorism can be completed.

A congressional conference committee, which was reconciling the Senate and House versions of the Department of Homeland Security's budget for next year, opted to keep the Senate's stronger language that prohibits deployment of the Transportation Security Administration's CAPPS II program until the General Accounting Office certifies to Congress that the system will not finger too many innocent passengers.

The study will also check whether the system will effectively pinpoint terrorists, and whether an appeals system is in place for those delayed or prohibited from flying. CAPPS II is intended as a high-tech replacement for the current system, which simply checks passenger names against a list of suspected terrorists.

The new system will require passengers to provide airlines with additional information, which the agency will check against commercial databases and a watch list of suspected terrorists and people wanted for violent crimes. The system will then color-code each passenger, according to decisions made by the system's pattern-matching algorithms.

An ideologically diverse coalition of civil-liberty advocates oppose the project, saying the system would be Big Brotheresque and ineffective.

This is far from won but at least it is a step in the right direction. Most likely the GAO study will be done, the boxes ticked and the next terrorist attack will result in yet another series of knee-jerk reactions from governments. But I would like to be proven wrong.

From dc.internet.com:

U.S. Rep. Ed Markey (D.-MA) introduced legislation Thursday to allow cell phone customers to choose at no cost to not have their numbers listed in a national wireless directory. Although there is currently no such service, the wireless industry hopes to roll out directories next year similar to the landline 411 call assistance service.

The bill, known as the Wireless 411 Privacy Act, would require wireless carriers to have "clear pre-authorization" before listing an existing customer's name and number in a directory. New customers would have to be given a "clear conspicuous mechanism" to decline to participate in any wireless directory assistance database.

The legisation further requires that no fee be charged for opting out of a national wireless directory.

Clearly this is White Rose Relevant, but taht last bit bothers me. "Choosing at no cost" sounds to me like loading costs onto other people.

More RFID coverage in the Chicago Sun-Times:

RFID chips could make your daily life easier, but they also could let anyone with a scanning device know what kind of underwear you have on and how much money is in your wallet

But these same super-small computer chips might also, for the convenience of retailers, be tucked into every shirt you wear, every book you buy and even every dollar bill you put in your wallet – and that could inadvertently create a profound threat to your personal privacy. A clever snoop, armed with a scanner that can read the radio signals coming from the microchips, could size you up in an instant while just strolling past you on the street.

Spooky. (Actually it sounds rather fun. Sorry. Sorry.)

Courtesy of COMUSNAVEUR Security Staff, via my sources I received the following warning:

You are advised that hotel room keys that look like a credit card will contain personal information, including:

1. Customers (your) name
2. Customers partial home address
3. Hotel room number
4. Check in date and check out date
5. Customers (your) credit card number and expiration date.
6. In Europe, passport numbers are also frequently recorded onto the cards.

When you turn them in to the front desk your personal information is there for any employee to access by simply scanning the card in the hotel scanner. An employee can take a handfull of cards home and using a readily available scanning device, access the information onto a laptop computer and go shopping at your expense. Simply put, hotels do not erase these cards until an employee issues the card to the next hotel guest. It is usually kept in a drawer at the front desk with YOUR INFORMATION ON IT!

You should always destroy the card. NEVER leave it behind in the room and NEVER turn them in to the front desk when you check out of a room. The hotel will not charge you for the card.

Statewatch reports that legal opinion says that under the ECHR mandatory data retention is disproportionate, contrary to the rule of law and cannot be said to be necessary in a democratic society

Privacy International (cannot find a link to this on their site) have obtained a Legal Opinion from the international law firm Covington and Burling which presents a devastating critique of plans by EU governments and the Council of the European Union to introduce the mandatory retention of communications data. The Opinion examines in particular the draft EU Framework Decision on communications data retention and access to it leaked by Statewatch in August 2002.

The Opinion concludes that:

The data retention regime envisaged by the (EU) Framework Decision, and now appearing in various forms at the Member State level, is unlawful.

...

The indiscriminate collection of traffic data offends a core principle of the rule of law: that citizens should have notice of the circumstances in which the State may conduct surveillance, so that they can regulate their behaviour to avoid unwanted intrusions. Moreover, the data retention requirement would be so extensive as to be out of all proportion to the law enforcement objectives served. Under the case law of the European Court of Human Rights, such a disproportionate interference in the private lives of individuals cannot be said to be necessary in a democratic society.

The Telegraph reports that a police force is recruiting driving instructors, milkmen and delivery drivers to be its "eyes and ears" on the streets in response to criticism over lack of visible policing.

West Midlands police said that as "trouble spotters", they will be urged to report crimes and traffic accidents, and will be issued with clipboards and asked to write down any activity they believe needs investigating.

Rising crime and paperwork for officers has meant that beat officers and roving patrol cars are seldom seen.

Twenty instructors have already joined the pilot scheme in Halesowen, which will be expanded across the force.

Maria of Crooked Timber has posted this, warning that there are proposals afoot to oblige those who register domain names to give lots of personal information.

Here is a clip from Maria's post:

Next week the body that oversees the technical co-ordination of the internet, ICANN, meets at Carthage in Tunisia. The top item on the agenda, for anyone who cares about privacy and freedom of expression, is the WHOIS database. This is the set of data of domain name owners which was originally collected so that network administrators could find and fix technical problems and keep the internet running smoothly.

Of course no collection of personal data can remain long without various interests campaigning to open it up to a variety of unintended uses. In this case, those interests include IP rights holders, law enforcement, oppressive regimes, stalkers, and of course spammers.

While the first two groups have some legitimate interests in this data [Some of us here might disagree re law enforcement - NS], the others clearly do not. (I have blogged before about the unholy alliance of law enforcement and IP holders on this issue.) But instead of pushing for proportionate lawful access requirements, the latter are demanding that the entire database be policed for accuracy and published on the internet for all to see. Which means that if A.N. Other wants to publish a website, he/she must be content for his email and postal address to be made completely public. There are plenty of good and legitimate reasons to want to publish a website anonymously (and you don’t have to be a Chinese dissident to think of them)..."

The rest of the post includes some sample letters to the bods at ICANN. I am not sure I would sign up to every word in them, but it does look to me as if now might be a good time to register our protest.

In Australia it is common for voters to receive letters from their political representatives, and these letters are becoming more and more sophisticated in targeting the interests of the individual voters.

The two major political parties are able to do this because they have established databases. The inner workings of the databases have been somewhat elusive, but Wayne Errington and Peter van Onselen have written an academic paper (warning- PDF file) on how these databases work. The implications for the privacy of voters are odious, especially considering the temptations for political parties in government to cross check their party databases with government ones.

I found this via Ken Parish, and check out the comments on his post where Wayne Errington makes some further good points about the database's operation. He says the saving grace (so far) is that the political parties are actually rather slack in maintaining their databases; however, as time goes on, you can expect the party machines to become more professional in this matter.

PRIVACY INTERNATIONAL

15th October 2003

EMBARGOED UNTIL 11 PM, WEDNESDAY 15th OCTOBER 2003

Details of a legal Opinion announced today has dealt a blow to Home Office plans to snoop on the phone and Internet activity of the UK population.

The Opinion, which relates to an EU framework directive on the retention of communications data, has profound ramifications for ten EU states that have implemented, or are planning to implement, measures to place communications users under blanket surveillance. The UK is in the early stages of implementing such measures.

A series of regulations (Statutory Instruments) recently laid before the UK Parliament intends to create a legal basis for comprehensive surveillance of communications. The regulations will allow an extensive list of public authorities access to records of individuals' telephone and Internet usage. This "communications data" -- phone numbers and e-mail addresses contacted, web sites visited, locations of mobile phones, etc. - will be available to government without any judicial oversight. Not only does government want access to this information, but it also intends to oblige companies to keep personal data just in case it may be useful.

The twenty-page legal Opinion was commissioned by Privacy International and was provided by the international law firm Covington & Burling. It has unequivocally concluded that such plans would be unlawful.

The Opinion states: "The data retention regime envisaged by the (EU) Framework Decision, and now appearing in various forms at the Member State level, is unlawful.

"Article 8 of the European Convention on Human Rights (ECHR) guarantees every individual the right to respect for his or her private life, subject only to narrow exceptions where government action is imperative. The Framework Decision and national laws similar to it would interfere with this right, by requiring the accumulation of large amounts of information bearing on individuals' private activities. This interference with the privacy rights of every user of European-based communications services cannot be justified under the limited exceptions envisaged by Article 8 because it is neither consistent with the rule of law nor necessary in a democratic society.

The Opinion continues: "The indiscriminate collection of traffic data offends a core principle of the rule of law: that citizens should have notice of the circumstances in which the State may conduct surveillance, so that they can regulate their behaviour to avoid unwanted intrusions. Moreover, the data retention requirement would be so extensive as to be out of all proportion to the law enforcement objectives served. Under the case law of the European Court of Human Rights, such a disproportionate interference in the private lives of individuals cannot be said to be necessary in a democratic society."

The Opinion details a lengthy history of case law that clearly rules against the use of indiscriminate surveillance of communications.

Privacy International today warned that it intends to pursue test cases in at least two EU countries where mandatory retention has been implemented. It is currently seeking litigants from within the communications industry.

The Opinion – along with the substance of the government's proposals – will be debated at a public meeting hosted by the London School of Economics on Wednesday October 22nd (see http://www.privacyinternational.org/conference/sfs7/ for details and registration information). The meeting will involve speakers from the Home Office, the Department of Constitutional Affairs, the Department of Works & Pensions, Local authorities and ACPO, together with industry representatives and parliamentarians.

In two parallel actions, Privacy International today lodged a complaint with the Information Commissioner alleging that the government's regulations and voluntary code on retention breaches at least three of the core Data Protection principles enshrined in the Data Protection Act. The complaint requests the Commissioner to take urgent action to alert the appropriate Parliamentary committees, and to support a referral to the Parliamentary Joint Committee on Human Rights Committee.

The complaint argues that the blanket retention of communications data breaches the principle of proportionality, that the practice flouts the specificity principle, and that the existence of a voluntary code for communications providers takes no account of the consent principle.

Privacy International has today also lodged an Open Government request for disclosure of the government's legal advice relating to the regulations before the Parliament.

Simon Davies, director of Privacy International, said: "This is an important legal analysis. It clearly exposes the government's intention not only to snoop unnecessarily on innocent people, but also to force unwilling companies to be complicit in an unprecedented and disproportionate surveillance regime".

"The government's plans are illegal. We are calling on all communications providers to support their customers' rights by ignoring the government's proposals".
_____

Simon Davies of Privacy International can be reached for comment on 07958 466 552 (from the UK) or on (+44) 7958 466 552 (from outside the UK). Email simon@privacy.org

Copies of all documents mentioned in this release can be obtained by contacting Simon Davies.

Privacy International (PI) (www.privacyinternational.org) is a human rights group formed in 1990 as a watchdog on surveillance by governments and corporations. PI is based in London, and has an office in Washington, D.C. Together with members in 40 countries, PI has conducted campaigns throughout the world on issues ranging from wiretapping and national security activities, to ID cards, video surveillance, data matching, police information systems, and medical privacy, and works with a wide range of parliamentary and inter-governmental organisations such as the European Parliament, the House of Lords and UNESCO.

Here's a White Rose Relevant speech in the House of Representatives, from April 16th of this year, by Representative Ron Paul of Texas. Apologies if it's already been flagged up here, but I don't believe it has. Paul is not the kind of man who gets to decide the law, but his opinions still count for something.

First two paragraphs:

Mr. Speaker, I rise to introduce the Patient Privacy Act. This bill repeals the misnamed Medical Privacy regulation, which went into effect on April 14 and actually destroys individual medical privacy. The Patient Privacy Act also repeals those sections of the Health Insurance Portability and Accountability Act of 1996 authorizing the establishment of a “standard unique health care identifier” for all Americans, as well as prohibiting the use of federal funds to develop or implement a database containing personal health information. Both of these threats to medical freedom grew out of the Clinton-era craze to nationalize health care as much as politically possible.

Establishment of a uniform medical identifier would allow federal bureaucrats to track every citizen's medical history from cradle to grave. Furthermore, as explained in more detail below, it is possible that every medical professional, hospital, and Health Maintenance Organization (HMO) in the country would be able to access an individual citizen’s records simply by entering an identifier into a health care database.

STL today.com reports that Charter Communications Inc., third largest cable provider in the United States, filed a suit on Friday seeking to block the recording industry from obtaining the identities of Charter customers who allegedly shared copyrighted music over the Internet. Charter filed papers in U.S. District Court in St. Louis in a bid to quash subpoenas that the Recording Industry Association of America issued seeking the identities of about 150 Charter customers.

"We are the only major cable company that has not as yet provided the RIAA a single datum of information," said Tom Hearity, vice president and associate general counsel for Charter.

Via Slashdot

This is like something out of a comic novel:

The players know who they are, the media knows who they are and, thanks to the internet, millions of members of the public know who they are.

But yesterday, despite fears that fans of the clubs involved in the Premiership rape allegations would publicly finger the suspects at the tops of their voices, football crowds showed uncharacteristic restraint.

Just to make sure, sound engineers turned down microphones to prevent obscene chanting being heard by television viewers and radio listeners. But there was no need. Football fans, armed obviously with a better working knowledge of the law of contempt of court than the editors of some of the websites and papers they read, kept any taunting of the players involved in the 17-year-old girl's claims to themselves.

So, no chanting on matters that are sub judice.

Patrick Crozier reflects on the privacy dilemmas of celebs, in this case the soccer celebs who are being accused of gang rape.

He concludes: (1) privacy for such people is dead ("I found out the name of the club involved in 10 minutes"), (2) for a celeb simply being cleared is not enough, (3) this affects the club(s) hugely (well yes! - BM), and (4) If Patrick were an accused celeb he'd tell the truth in public (either way) quickly.

The whole thing (not that much longer than this) is here.

Today's New York Times has a useful piece comparing and contrasting the legally enforced privacy (and unprivacy) implications of various different kinds of cable TV, internet use, etc. What are the powers of the IRS? What are the legal rights of the music industry as they go after music piracy? That kind of thing. If that's what you want, go here.

The New York Times has an article today on the pros and cons of Radio Frequency Identification (RFID) being attached to products in supply chains and in stores. A couple of highlights.

Tags with the technology known as radio frequency identification, or R.F.I.D., transmit a digital response when contacted by radio signals from scanning devices. Older versions of the technology have been around for decades, but now major manufacturers and retailers and the Defense Department are pushing to speed the development of a new version that could be read by scanners anywhere in the world, making it cheaper and more efficient to track the flow of goods from global suppliers to consumers.

The Defense Department expects to issue a statement in the next few days calling on suppliers to adopt the new version of the technology by 2005. Wal-Mart Stores Inc. made a similar announcement in July when it said it was requiring its top 100 suppliers to place tags with the new technology on cartons and pallets shipped to its stores by the end of 2004.

The Department of Defence. A government mandate for doing business with that part of the government. One doesn't have to be cynical, here. There are obvious reasons why the DoD needs and wants this technology that have nothing to do with taking away people's privacy. (It simply allows them to run their logistics better, and potentially to keep track of what is going on on a battlefield). However, these are not the sorts of people I expect to want to put protections in place that safeguard my privacy, either.

Ms. Albrecht and other critics say that companies and government agencies will be able to monitor what people read or where they assemble from radio tags embedded in their books or woven into clothing. Unlike bar codes, which cannot be scanned unless a laser has a direct line of sight to them, the radio tags can be read through walls, and multiple tags can be read in an instant.

"R.F.I.D. certainly has value in the supply chain and in inventory management," said Beth Given, director of the Privacy Rights Clearinghouse in San Diego. But she added that "there are so many potential issues once it gets beyond the point of sale that consumer protections need to be written into law."

(Link via slashdot).

In America, the airline Jet-Blue Airways is now facing several lawsuits for illegally handing over the passenger data of more than a million customers to a Pentagon contractor. The contractor, trying to set up a programme to enhance security at military bases, wanted access to commercial databases in order to assess the risk of a person turning out to be a terrorist.

Jet-Blue Airways has apologised for the surrender of the information, while at the same time trying to drag back a little dignity by saying that at least it did not pass the details on to a government body - scant consolation to anyone who has just had their secrets stolen from them.

The general point of this episode is that whenever a new intrusion into privacy emerges - entitlement cards, identity cards, Customs' swaggering taste for impounding cars and goods - the Government defence comes down to the old adage, "the innocent have nothing to fear".

Well, that just plain isn't true when the system breaks down because of incompetence or malice. Those little boxes in adverts saying "Tick if you would prefer that your details are not passed on to other organisations" aren't always watertight.

The BBC reports on the latest application of RFID technology: London Undergound's new "Oyster" cards.

These are smart cards that will replace existing season tickets. The advantage is that they don't even have to be swiped through a gate and will hopefully speed passenger flow through the stations.

The disadvantage is that they will be personalised to you and will - surprise, surprise - record full details of every journey you make on a central database. This information will be retained for "a number of years".

Even more worrying, there have been suggestions that the people responsible for these cards are keen to extend them to "other applications".

An anonymous card will be available, but will cost more. An estimated £200 pa for an average commuter.

So the question for London commuters is: Are you willing to sell your privacy for 200 quid?

Cross-posted from The Chestnut Tree Cafe

Ministers are preparing legislation for the next session of parliament to make local authorities create files on every child in England, including intimate personal information about parents' relationships with other partners and any criminal record, alcohol or drug abuse in the extended family. The files will be available to teachers, social workers, NHS staff and other professionals dealing with children to help them piece together symptoms of neglect or abuse that might require intervention by the authorities.

The green paper produced as a response to the murder of Victoria Climbié, an eight-year-old who died in London in 2000 after months of torture and neglect, said the need to protect children had to be balanced against preserving the privacy of parents. But Charles Clarke, the education secretary, said yesterday that the interests of children "absolutely" took precedence over the civil liberties of adults.

Mark Littlewood, the campaigns director of Liberty, said Mr Clarke's remarks were even more disturbing than the green paper.

We have to make sure social workers are sharper, smarter and better focused. That's done by better training, not by casting the net so wide that every child in the country will be in it. That creates the danger that investigations will be triggered by supposition, guesswork, gossip and rumour. Our concern is that there will be witchhunts rather than protection of the relatively small number of children in real danger.

It's one thing to promise not to pass on data to other organisations, and it's another thing again not to pass on data to other organisations:

JetBlue Airways passengers, more than a million of them, have been unsuspecting guinea pigs in a Defense Department contractor's experiment in mining commercial databases to assess the risk of a person turning out to be a terrorist. The airline admits it violated its own privacy policy when it acceded to the Pentagon's request to give passenger records to Torch Concepts, a private technology business that was ostensibly creating a program to enhance security at military bases.

That's paragraph one of a New York Times story today. This is the final para:

This misstep only feeds legitimate consumer fears that companies and governments are too quick to use private data in unauthorized ways. It is worrisome, in this regard, that the Homeland Security Department has already backtracked from its original vow to use its passenger-profiling program only to fight terrorism. There is now talk of turning it into an all-purpose law-enforcement tool. For its part, in addition to ascertaining what actually took place, Congress may also need to consider new legal protections for consumers' privacy.

Mission creep, in other words.

Silicon.com reports that police and Internet service providers (ISP) in the UK have started working together to combat crime on the Internet. Private seminars held behind closed doors later this month aim to identify which electronic evidence could - and should - be made available to police investigating a crime. Detective chief superintendent Keith Akerman, chair of the Computer Crime Group set up by the Association of Chief Police Officers (ACPO), said:

We aim to cover all crimes. We will publish working guidelines on how evidence is gathered, its integrity, and its presentation in court

The actual content of emails is expected to remain private, in all circumstances, in line with Akerman's statement that the new guidelines will follow the Data Protection Act's existing laws for telephone operators. Those laws state that police may access details of the timing of a phone call, and who participated, but not the content of the call. "Content is not at issue here," Akerman added.

The emotive issue of child pornography and internet 'grooming' represented the biggest headache for ISPs. While they would never wish to be seen to be condoning such crimes, they risked a serious backlash if they were to implement the more wide-ranging surveillance and monitoring measures which would have been required.

Reuters reports that Britain has become the second country in Europe to criminalise spam, that unwanted barrage of e-mail and mobile phone text messages that promise get-rich-quick schemes, cheap home loans and a better sex life.

The unsolicited messages, which industry groups say account for more than half of all e-mails sent, have become the scourge of Internet users everywhere. Under the new UK law, spammers face a 5,000 pound fine if convicted in a magistrates court. The fine from a jury trial would be unlimited. Spammers would not face prison, according to the new law, which was introduced by Communications Minister Stephen Timms.

The law does not however cover workplace e-mail addresses. Anti-spam proponents had been calling for a blanket law that would criminalise all forms of spam. Steve Linford, founder of anti-spam group Spamhaus Project says:

To say it is permissable to spam somebody at work but not at home could put an extremely large burden on British businesses. It says it's okay to spam companies.

The biggest spammers are based in the United States and Asia. Strenuous anti-spam laws there are seen as key to shutting off the valve.

The BBC reports that Tesco branches in Sandhurst and Leicester are running trials of the controversial Radio Frequency Identification (RFID) chips.

These chips - each of which contains a unique identification number - will be attached to the packaging of almost every DVD in the stores.

What makes this trial unacceptable is that the chips will not be deactivated when the customer leaves the shop. Instead they will remain functional and will be broadcasting the customers' purchase details wherever they go until they dispose of the packaging.

A useful reference regarding RFID is notags.co.uk.

Cross-posted from Chestnut Tree Cafe

The Guardian reports that the charity commission will be given powers to use covert informants, track individuals and obtain email and telephone records under controversial legislation dubbed a "snooper's charter" by civil liberties groups.

Orders laid before parliament last Friday will include the commission in the list of public bodies given powers under the Regulation of Investigative Powers Act 2000 (RIPA).

The orders will allow the commission to mount "directed surveillance operations" - monitoring people's movements - use "covert human intelligence sources" - undercover agents and informers - and to obtain limited information about email, phone and postal communications, for the purpose of preventing and detecting crime.

Chris Stalker, head of campaigns at the National Council for Voluntary Organisations, said:

While NCVO welcome measures that will ensure greater trust, confidence and the integrity of charities, the use of RIPA by the charity commission does cause us some concern.

While the commission's power to investigate is crucial to its work, we will be monitoring the use of this new legislation closely to ensure it remains proportionate to its role as regulator of the charitable sector.

Privacy International and the Electronic Privacy Information Center released Privacy and Human Rights 2003 on 5 September. The report reviews the state of privacy in 55 countries around the world. Issues covered include data protection, surveillance, anti-terrorism efforts and new technologies. This is what it has to say about the UK:

The privacy picture in the UK is mixed. There is, at some levels, a strong public recognition and defense of privacy. Proposals to establish a national identity card, for example, have routinely failed to achieve broad political support. On the other hand, crime and public order laws passed in recent years have placed substantial limitations on numerous rights, including freedom of assembly, privacy, freedom of movement, the right of silence, and freedom of speech.

It's like a cancer that we can battle against but never truly defeat. As it creeps purposefully through our national lymph system some of us can summon up the courage to fight it back and, for a while, it can appear as if we are in remission. But then comes the hoping and the praying for the final 'all clear' that signals a rebirth and a new lease of disease-free life.

It never comes. The cells are corrupted again and the cancer returns to devour us:

Sweeping powers for Government agencies to carry out covert surveillance, run agents and gather the telephone data of private citizens were contained in legislation published yesterday.

State bodies ranging from the police, intelligence services and Whitehall departments to local councils, the Postal Services Commission and the chief inspector of schools will be able to authorise undercover operations.

The measures were activated by David Blunkett, the Home Secretary, under the controversial Regulation of Investigatory Powers Act, which became law three years ago. They need to be approved again by both Houses of Parliament before they can be used.

These horrors first made their appearance about a year ago and set off a call-to-arms that, in turn, caused the Home Office to drop the proposals. Or, at least, they made an appearance of dropping them because, like that lurking cancer, they never really went away. They were merely stacked neatly in the pending trays until an another opportune moment presented itself. Seems that the moment is now.

Shami Chakrabarti, director of Liberty, said the British people were "the most spied upon in the Western world".

I reckon that's a pretty fair prognosis. But why? Why are our political elites so determined to construct this panopticon? Why are they so single-minded about this project that they appear immune to sweet reason, protest or appeals to decency? What exactly is driving them? Are they so riddled with paranoia and insecurity that they see monsters and assassins lurking behind every curtain? Is that how they see us? I cannot think of any other reason why a democratically elected government would come to think of themselves as colonial occupiers of their own country.

What has led to this calamitous collapse of trust? Is it repairable? I rather fear that it is not.

Questions, questions. Answers may come in due course but I suspect none will be satisfactory or stop the cancer from spreading. Time for palliative surgery?

[This has been cross-posted from Samizdata.]

That's RFID as in Radio Frequency Identification for Business.

News.com's Eric Peters explains the point which RFID has now reached:

Earlier this summer, Wal-Mart announced that by January 1, 2005, radio frequency identification technology would become a requirement for doing business with the world's largest retailer. A line was drawn in the sand: RFID was going to happen.

More recently, Wal-Mart said it would not put RFID technology in retail stores, and a flurry of "not ready for prime time" RFID responses followed. But Wal-Mart's retreat from shelf RFID tags neither suggests a retreat on its earlier commitment to RFID nor a signal for the halt of adoption.

Product level RFID tagging may be years away, but a technology inflection point has been reached. Many companies are now extremely interested in the technology, and the potential is just too attractive to ignore. Globally, RFID will not sell more razors or bars of soap. What it can do, however, is redistribute the market share of the different companies that sell razors and bars of soap.

The costs of not making your supply chain RFID-compliant far outweigh the costs and obstacles of implementation. As with other high-impact technologies, the early adopters will get a disproportionate share of the wealth, and the laggards will be the companies who suffer lost market share.

So RFID (like surveillance cameras) is (are) here to stay, and will have to be lived with.

My thanks to David Sucher of City Comforts Blog for emailing me about this piece.

Maria at Crooked Timber writes:

Today, EPIC & Privacy International launch 'Privacy and Human Rights 2003, an international survey of privacy laws and developments'. It is a meaty tome that summarises developments in privacy law and policy in 55 countries during the past year.

This year’s review "finds increased data sharing among government agencies, the use of anti-terrorism laws to suppress political dissent, and the growing use of new technologies of surveillance." Familiar themes to readers of my entries …

And to readers here.

Maria adds:

By way of disclosure – I did the chapter on Ireland and bits and pieces on the UK, EU and electronic surveillance.

Sounds like a person White Rose should stay tuned to.

News about Italian spam:

Senders of unsolicited junk e-mails in Italy will now face jail sentences of up to three years, according to Italian media reports.

The country's privacy watchdog issued the ruling in an attempt to limit the huge amount of advertising and promotional material sent online.

Sending e-mails without the permission of the receiver is against the law in Italy.

Offenders now risk fines of up to 90,000 euros and between six months and three years in prison, if it is proved that they did it to make a profit.

The ruling follows estimates by the European Commission that spam e-mails cost EU companies approximately 2.25bn euros in lost productivity last year.

EU legislation banning unwanted e-mail is due to come into force on 31 October, but correspondents say that, given the global nature of the internet, it may have little effect.

Most spam comes from the United States and China, and will be outside its reach.

If that's so, you wonder what the real point of this is. Expect calls for world government to deal with this. Sorry: "global governance".

Reading the motoring section of the Sunday Times on the weekend, I found the following extraordinary letter to the editor from a Maurice Hyman of London

We recently booked a Volkswagen Golf hire car for a four-day break in Norfolk and arrived at the depot in London to pick it up, expecting to sign the papers and leave on our holiday.

...

However, the supervisor asked that we wait a moment for a few formalities.

Suddenly, and without asking, he pointed a camera at us, linked to a computer, explaining that the picture would be transferred to the database at head office, making future dealings easier. We were then required to give our fingerprints for appending to the agreement.

He explained that because there was so much identity theft these days insurance companies were insisting on these procedures.

But according to the new laws it is merely necessary to verify that the name and address are genuine — no mention is made of photographs and fingerprinting. I had difficulty believing I was in Britain!

There are a couple of issues here. The first is simply that I find these procedures to be unbelievably heavy handed. In my life, nobody has ever needed to take my fingerprints. I like it that way. I believe that rental car companies do have the right to impose conditions like this on their customers. However, if they do, I also have the right to rent my car from another company, or to not rent a car at all. Therefore, if I book a car or pay in advance, then I must be informed in advance of any such conditions. Springing them on me at the last minute when cancelling the booking and going to another car company has been made difficult and when I haven't been informed in advance is wrong. Taking someone's photograph for this kind of purpose without clearly informing them and giving them a chance to object is also wrong. (Of course the reason they present it to you at the last moment is to increase the hassle to you of objecting. If they mentioned it up front, they would lose business).

Finally, the strategy of blaming somebody else (often the government, but here the insurance companies) for having to take away people's liberties seems to be becoming more and more common. It very likely is the policy of the rental company, but saying "It is all the fault of the insurance company" is a way of shifting the blame and avoiding responsibility. Probably if you ask the insurance company they will blame the car rental agency.

Presumably, if the car goes missing the rental company will share this information with the police. Even if it doesn't, one can see lots of ways in which your fingerprints could end up in all sorts of databases. And once such databases exist, it is hard to imagine the police not ending up with access to them.

The final point is a positive one. Being photographed without being asked first and being asked to give fingerprints is something that annoys people like Maurice Hyman, sufficiently to cause him write a letter to the Sunday Times about it. (I don't know whether he agreed to be fingerprinted. He didn't say). Whatever may be said for that newspaper, its editors care sufficiently about such things to print the letter. My Hyman's words were that it made him feel like he was not in Britain. Traditionally, the British people have had more civil liberties than people in many other countries, and they are proud of this and they think Britain is a better country because of this. They notice and are bothered when people try to take them away. If the government fails to take note of this, it will likely learn it the hard way.

Another good excuse for infringing our privacy that governments are wont to provide is efficiency. In such cases, the best bet is to challenge the government agency in question to spell out exactly how these efficiencies are going to be achieved.

The latest gambit in Australia is to provide an electronic health records database. The government claims that this will improve the safety and quality of health care delivery. How, the newspapers do not say.

In another gambit to get this through, the government says there will be no electronic identification numbers, and that patient involvement was voluntary.

Both these gambits need to be challenged. If there are no numbers, one wonders how they propose to deal with the many people known as “Smith” in our country. Not everyone has a unique surname like Wickstein.

And one wonders how ‘voluntary’ this scheme will be in five years time. No doubt, after the scheme has been up and running for a few years, we will be told that to be more ‘efficient’ the scheme needs to be made universal (read, compulsory).

Privacy Commissioner Mal Crompton noted that people might be reluctant to reveal details about themselves if they had doubts about the privacy of their medical records.

There are of course sound medical reasons for the sharing of medical records with, for example, hospitals. But electronic records can stray far and wide.

I don't think I'd have any real objections to this scheme as it stands now. However, we've seen in the past how one government agency likes to dig in the files of another, and frankly, I don't trust the Australian health system to keep my details private.

How does this matter? Well, how would you like the Tax office auditing you and having access to your medical history? I wouldn't like the creep auditing me and giving my financial records the third degree knowing my medical details.

CNET News.com reports that the labs at RSA Security on Wednesday outlined plans for a technology they call blocker tags, which are similar in size and cost to radio frequency identification (RFID) tags but disrupt the transmission of information to scanning devices and thwart the collection of data.

According to Ari Juels, a principal research scientist with RSA Laboratories. Blocker and RFID tags are about the size of a grain of sand and cost around 10 cents.

RFID technology uses microchips to wirelessly transmit product serial numbers to a scanner without the need for human intervention. While the technology is potentially useful in improving supply chain management and preventing theft in stores, consumer privacy groups have voiced concerns about possible abuses of the technology if product-tracking tags are allowed to follow people from stores into their homes. Many retailers view RFID as an eventual successor to the barcode inventory tracking system, because it promises to cut distribution costs for manufacturers and improve retailing margins.

RSA's technique would address the needs of all parties involved, according to Juels. Other options, such as a kill feature embedded in RFID tags, also are available, but with blocker tags, consumers and companies would still be able to use the RFID tags without sacrificing privacy.

I don't think that this article from August 13th, by Paul Craig Roberts, has had any mention here. If it has, apologies for not noticing. If not, better very late than never, I hope you agree.

Opening paragraphs:

When will the first lawyer be arrested, indicted and sent to prison for failing to help the government convict his client? You can bet it will be soon. Once the Securities and Exchange Commission, Internal Revenue Service and U.S. Department of Justice (sic) complete their assault on the attorney-client privilege, they will rush to make an example of a lawyer, lest any fail to understand that their new role in life is to serve as government informants on their clients.

Just as government bureaucrats used the terrorist attacks of Sept. 11 to assault the Bill of Rights and our constitutional protections, they are now using "accounting scandals" and "tax evasion" to assault the attorney-client privilege, a key component of the Anglo-American legal system that enables a defendant, whether guilty or innocent, to mount a defense against the overwhelming power of the state.

This is the sort of thing that David Carr has been writing about in Britain, for some time now.

Layman's Logic has a brief summary of some of the issues surrounding RFID tags (radio transmitters in products), which soon may be in most goods in large stores. One issue is quite how kooky a number of the opponents of the tags are. Another is persistent rumours Euro bills with have tags in in the future. Another is what to do about them:

"[W]hat I need to know is how to kill the tags when I get them. I don't care that people can see what I'm buying when I use cards - they can see that anyway if they can access credit info, and they want to track stock. Not a problem. On the other hand, I would like to know how to kill the tags the moment I've bought something to avoid any nasty privacy surprises. Fortunately, Slashdot seem to have identified a few possibilities"

In more traditional police-states, citizens may be blissfully unaware that they have done wrong until they are woken in the wee small hours by an ominous rapping on their front doors. In modern police-state Britain, the knock on the door is to be replaced by the thud on the doormat.

If this report from the UK Times is accurate (and it is just about creepy enough to be true) then it may be time to think about buying a bicycle:

EVEN George Orwell would have choked. Government officials are drawing up plans to fit all cars in Britain with a personalised microchip so that rule-breaking motorists can be prosecuted by computer.

Dubbed the “Spy in the Dashboard” and “the Informer” the chip will automatically report a wide range of offences including speeding, road tax evasion and illegal parking. The first you will know about it is when a summons or a fine lands on your doormat.

The plan, which is being devised by the government, police and other enforcement agencies, would see all private cars monitored by roadside sensors wherever they travelled.

Who the bloody hell are the 'other enforcement agencies'? And the very notion of an informer in every vehicle! Saddam Hussein could only dream about that level of control.

Police working on the “car-tagging” scheme say it would also help to slash car theft and even drug smuggling.

The same old, same old. Every accursed and intrusive state abuse is sold to the public as a cure for crime and 'drug-dealing'. The fact that it still works is proof that we live in the Age of Bovine Stupidity. A media advertising campaign showing seedy drug-dealers and leering child-molesters being rounded up as a result of this technology will have the public begging for a 'spy in the dashboard'.

Having already expressed my doubts about the viability of new government schemes here I should add that the fact that this relies on technology rather than human agency means it just might.

The next step is an electronic device in your car which will immediately detetct any infringement of any regulation, then lock the doors, drive you to a football stadium and shoot you. HMG is reported to be very interested and is launching a feasibility study.

[This item has been cross-posted on Samizdata.]

The State of California has, I'd guess almost unnoticed, passed new financial privacy laws that require banks and other financial service providers to obtain their customer's consent before passing or selling on their client's financial details.

It shows that it is still possible to get legislators to pay attention to privacy issues, but, as this interview with the new law's proposer, State Senator Jackie Speier reveals, you do have to be persistent.

Still, it's good to see hard work paying off.

If only to have something of interest up here today, here's a New York Times article from yesterday about a TV show which specialises in harrassing celebs.

It seems to me that what viewers of this show are likely to witness is techniques of harrassment and privacy violation applied to somewhat secondary and somewhat unpopular "fair game" type celebrities, which will thereby be established as reputable, or at least excusable, or okay, or done before so what are you fussing about? – for later use by anyone, against anyone.

Television is an efficient biosphere where the perfect predator evolves for every species in the food chain. If reality shows are the coral reef of prime time, then the television-oriented Web site, the Smoking Gun, is its crown-of-thorns starfish.

It was the Smoking Gun (thesmokinggun.com) that revealed in 2000 that Rick Rockwell, the beau ideal of the hit FOX show "Who Wants to Marry a Multimillionaire," had once been under a restraining order from a former girlfriend. The Smoking Gun, which digs up arrrest records, mug shots, show business contracts and divorce papers, became a tip sheet for journalists and a cult Web site for reality show aficionados. It managed to embarrass seemingly squeaky-clean contestants on reality shows from CBS's "Survivor" to Fox's "Joe Millionaire." (Most memorably, it uncovered the early bondage films of a bachelorette, Sarah Kozer.)

Whoever she is. Which is my exact point. Next in line: non-celebs. Yes, these people are probably fair game. If they can't take the heat they shouldn't be prancing about in the kitchen. But who's next?

I'm not saying shut the damn show down. I'm just, you know, saying.

Telegraph reports that Tesco, a British supermarket chain, is taking pictures of everyone buying razors in a bid to cut down on shoplifting.

The experiment, at a Tesco store in Cambridge, has been condemned by civil liberty campaigners. Demonstrators have gathered outside the supermarket calling for a boycott until the "Big Brother" scheme is dropped.

Gillette razors in the company's Newmarket Road branch are being tagged with individual microchips developed by Cambridge University's Auto-ID Centre.

When anyone removes a product from the Mach 3 display, the chip triggers an in-store CCTV camera which takes a picture of the shopper.

Greg Sage, a spokesman for Tesco, said that the scheme was designed to keep track of its products within the store and stressed that the chips would have no further use once the products left it.

We would never compromise the privacy of our customers.

Police are said to be "impressed" with the images taken of shoppers, but civil rights activists claim that the microchips could soon be placed on a much wider range of products.

Instapundit hates Microsoft Word, because it can reveal more about you than you want revealed. It violates your privacy, you might say.

Here's a Washington Post story which shows that merely passing a law which makes privacy compulsory is not the whole answer to the problem of maintaining privacy:

The transplant patient was recovering well when doctors discovered that his new heart might have been infected with bacteria before the operation. When the doctors sought more information so they could give the man the right antibiotics, the hospital where the donor had died refused, citing new federal patient privacy rules.

"It was ridiculous. The only live part of the donor was in our patient," said Deeb Salem, chief medical officer at the Tufts-New England Medical Center in Boston.

As it turned out, Salem's patient was in no danger from the infection. But because the donor's hospital refused to release any information, doctors were forced, as a precaution, to put the man on multiple antibiotics, potentially exposing him to dangerous side effects.

"It cost our patient the risk of being on multiple antibiotics for 12 to 15 hours, not to mention a lot of money," Salem said.

Thanks to privacy.org for the link.

Creepy stuff in Florida:

The Florida Department of Law Enforcement is putting together a computer network that would allow police to analyze government and commercial records on every Florida resident, and the agency is planning to share that information with police in at least a dozen other states.

Critics say the system – known as the Multistate Anti-Terrorist Information Exchange, or MATRIX – is an Orwellian technology that would allow police to assemble electronic dossiers on every Floridian, even those not suspected of crimes.

Here's all of the story from the Gainsville Sun.

"Everybody makes this out to be more than it is," said Clay Jester, MATRIX program director for the Institute for Intergovernmental Research, a nonprofit group that is helping FDLE find grant money to fund the system.

"Really, this isn't very different from doing a Lexis-Nexis search on someone," he said.

Right.

Most of us are fortunate enough to live our lives in peaceful obscurity. Not many of us do things that attract attention from more then our circle of friends and family.

There are those though that either through their skill or through opportunity attract unwanted attention. While Brian writes about the attention that Prince William is getting, in Australia, we who make princes of our sportsmen are debating the latest scandal involving cricketer Shane Warne.

Warne is one of the most gifted bowlers in the history of the game, but away from the field he is a rather unsavoury man who has gathered a well earned sleazy reputation.

An enterprising South African woman has tried to cash in on that reputation by making allegations against Warne. It seems that for once there is little truth to the story, and indeed she’s been charged by the South African police with extortion. Whatever the truth of this sordid affair, the media spotlight is once again firmly on Shane Warne. Sometimes that spotlight steps over the boundary of what is acceptable by the media after News Corporation’s flagship newspaper “The Australian” took a photograph of Warne having a smoke in his backyard.

While in general little sympathy need be wasted on Warne, in this case, I feel for him. His response to the affair has been to keep as low a profile as possible, and every person has the right not to be photographed if they don’t want to be.

Governments are notoriously inquisitive about the private matters of their citizens, but they are not the only intrusive Big Brother out there.

CNET News.com reports:

Lawmakers in California have scheduled a hearing for later this month to discuss privacy issues surrounding a controversial technology designed to wirelessly monitor everything from clothing to currency.

Sen. Debra Bowen, a California legislator recently on the forefront of an antispam legislation movement, is spearheading the August 18 hearing, which will focus on an emerging area of technology known as radio frequency identification (RFID), a representative for Bowen has confirmed.

RFID tags are miniscule microchips, which already have shrunk to half the size of a grain of sand. They listen for a radio query and respond by transmitting their unique ID code. Retailers adore the concept, which enables them to automatically detect the movement of merchandise in stores and monitor inventory in warehouses using millions of special sensors. CNET News.com wrote about how Wal-Mart and the U.K.-based grocery chain Tesco are starting to install "smart shelves" with networked RFID readers.

According to Declan McCullagh of CNET News.com Proponents hail the technology as the next-generation bar code, allowing merchants and manufacturers to operate more efficiently and cut down on theft. The privacy threat comes when RFID tags remain active once you leave a store. That's the scenario that should raise alarms - and currently the RFID industry seems to be giving mixed signals about whether the tags will be disabled or left enabled by default.

Further, unchecked use of RFID could end up trampling consumer privacy by allowing retailers to gather unprecedented amounts of information about activity in their stores and link it to customer information databases. They also worry about the possibility that companies and would-be thieves might be able to track people's personal belongings, embedded with tiny RFID microchips, after they are purchased. Katherine Albrecht, the head of Consumers Against Supermarket Privacy Invasion and Numbering, a fierce critic of RFID technology says:

If you are walking around emanating an electric cloud of these devices wherever you go, you have no more privacy. Every door way you walk through could be scanning you.

Policy makers in Britain are also starting to ponder the privacy implications of RFID. A member of Britain's Parliament has submitted a motion for debate on the regulation of RFID devices when the government returns from its summer recess next month.

In the factory where I work we have been given magnetic swipecards to enter and exit the factory through the new security gates. The main point of these security gates is to protect the car park, which was targeted by a gang of thieves late last year. They do a good job- it's going to take a fair effort to get in the carpark now. The carpark is also monitered by a security camera.

Some of the lads have made joking remarks to the effect that we are now 'inside'; as if it was a prison environment, but no one really objects, as we all want our cars to be there and in one piece when we finish our shifts.

Some other employers though use far more extensive surveillance in their working areas. I used to work in an internet datacentre, and the company that operated it had security cameras operating over every part of the centre where our customers might go. These cameras recorded everything on magnetic tape. Part of my job in the Network Operations Center was to monitor these cameras for anything that might be a security breach.

There was one camera that covered the front door to our building which faced the street. This was by far the most interesting camera, as the datacentre was just around the corner from Crown Casino, a huge entertainment complex in Melbourne. Nothing livened up a dull nightshift as watching throngs of drunks, strays and vagabonds doing their thing at 5am.

There was one time, when I was safely on dayshift as it was, when the cameras recorded an assault right outside our building. As I remember it, the fellow who was on shift called the police and volunteered the tape to help identify the assailant.

This raises the issue of privacy. While it might be reasonable to help the police in dealing with a criminal offence, there were other times and other scenes that, while not criminal, might well have been of interest to a wider viewing audience, and would have been of great embarrassment to the participants, who were not aware of the well hidden camera.

Private companies operate transport services and many sports stadiums have cameras strategically placed to film the public. I wonder about what rights and obligations these private entities have to protect the privacy of the people that they film.

I think that Big Brother is big enough and doesn't need any little helpers.

There's a White Rose angle to the Pfizer drugs story, and of course Pfizer aren't the only drugs company involved. They just seem to have a higher profile.

The present situation is that the Canadian government is making it a condition of sale for the drugs companies that in Canada they must charge less for their drugs than they would like to. In the USA no such rule applies, and the prices charged for their drugs are higher. So, some Canadian retailers of drugs are, as predicted, making money by selling on some of the drugs they buy at the cheap rate, back to the USA.

This has caused the drug companies to intensify their already elaborate product tracking efforts so that they can spot Canadian retailers who are doing this.

Drug companies have sophisticated means of controlling imports. Data-tracking companies keep close tabs on doctors' prescriptions, so companies are keenly aware of actual local demand in much of the industrialized world. The companies also closely track buying trends. When drug orders at a particular pharmacy spike in the absence of a similar jump in nearby doctors' prescriptions, executives investigate.

Drug wholesalers also help manufacturers track these trends. "Together with the manufacturers, we have worked to identify the pharmacies that have been shipping back illegally," said Larry Kurtz, a spokesman for the McKesson Corporation, one of the largest drug wholesalers in the United States and Canada.

The general point: when an economy is working without state interference, a seller is glad to sell to anybody, so long as the seller is willing to pay the asked-for price. Once he has, great. The buyer can then do with the product anything he likes, including resell it to someone else. The seller, in other words, will have no motive to spy on buyers to see what they do with the product. But in an interfered-with market, sellers do have a motive for such tracking.

Well, correction. Sellers often do want to know what buyers do with products. It's called market research. But if a customer wants to buy a product, but doesn't want to cooperate in such market research, the seller usually takes the money and does the business, and lays off with the market research.

Not so, with these errant Canadian drugs retailers. They definitely don't want to tell the drugs companies how they are using their products, if they are using them by reselling back to the USA. But the drugs companies really want to know about this. If that makes for a fight, too bad. The drugs companies still want to know. The retailers are playing dirty if they resell to the USA. The drugs companies will also want to play rather dirty, to find out, the way they never would to do mere market research. It all makes for bad vibes, and creates a drugs-companies-lead demand for further intrusive and creepy product tracking systems which normally they might shun, on the grounds that regular customers might not like such arrangements.

From WorldNetDaily:

Congressional investigators say they can't assure the public that individuals' personal data is being adequately protected from unauthorized reading, alteration or disclosure.

In a survey of 25 federal agencies and departments, the General Accounting Office, the investigative arm of Congress, found a lack of compliance with the federal Privacy Act of 1974 significant enough to conclude "the government cannot assure the public that individual privacy rights are being protected."

"Federal agencies are not following the law and, as a result, the personal data of citizens may be improperly collected and poorly protected," Brase adds, "One system of records holds data on 290 million people. If that system happens to be one of the systems that's out of compliance, the privacy rights of every citizen have already been violated, perhaps many times."

Declan McCullagh has a commentary on CNET News.com about privacy in the post-9/11 US. He concludes:

It's unclear what will happen next. One possibility is that Americans honestly may be so fed up with privacy invasions that they demand that their elected representatives do something. The tremendous interest in the national do-not-call list supports that idea, as does the conspicuous lack of congressional support for the Justice Department's proposed sequel to the USA Patriot Act.

Another possibility is that the report on Sept. 11--prepared by the two most clandestine committees in Congress and released last week--may lead to more efficient surveillance techniques. Two key findings say the National Security Agency did not want others to think it was conducting surveillance domestically, so it limited its eavesdropping, even against spooks or terrorists inside the United States. The report concludes that the NSA's policy "impeded domestic counter-terrorist efforts."

What the report doesn't say is what should be done about terrorism--and whether that would swing the privacy pendulum back in the other direction.

A fascinating story. John Gilmore is incensed about the requirement of showing identification to fly. And he is furious about something that happened to him recently, when a lapel button landed him and his travelling companion on the tarmac.

My sweetheart Annie and I tried to fly to London today (Friday) on British Airways. We started at SFO, showed our passports and got through all the rigamarole, and were seated on the plane while it taxied out toward takeoff. Suddenly a flight steward, Cabin Service Director Khaleel Miyan, loomed in front of me and demanded that I remove a small 1" button pinned to my left lapel. I declined, saying that it was a political statement and that he had no right to censor passengers' political speech. The button, which was created by political activist Emi Koyama, says "Suspected Terrorist". Large images of the button and I appear in the cover story of Reason Magazine this month, and the story is entitled "Suspected Terrorist".

The narrative is good and the point made brilliantly. You can just picture the Station Manager who had to deal with the 'unruly' individuals, we all met her type at one time or another. The truth is that it is people at the ground level, so to speak, that help to impose the rules of a potential police state in the name of convenience and other peoples' well-being. Without them even the most oppressive government would not last long...

Via Cassel: Civil Liberties Watch

Privacy conscious operators now use shredders. So welcome to the world of the unshredder.

As Instapundit often says, the New York Times may be a bit bonkers at the front, but the science and technology coverage can be excellent.

At present I am not in the market for a longer penis, or for more energy when my mind turns to the sexual as opposed to urinary use of the penis that I already have, so most junk emails are for me just that: junk. Delete. However, I got one this morning, and I'm sure millions of others did too, which interested me, White Rose wise, and (although in the years to come I will probably mark this moment as the one when my life stopped working and went to hell, my identity stolen, my bank account emptied, my hard disc and that of all my friends virused, etc.) I pressed this link.

For the benefit of those wiser or more cautious or more internet savvy than me, the link leads to a website devoted to a computer programme which enables you to learn everything there is to learn about all of your friends and all of your enemies.

Now, once downloaded to your computer, the INTERNET INVESTIGATOR quickly sorts through the maze of over 800 million web pages and other information sources, easily and effortlessly, and turns your personal computer into a POWERFUL information goldmine.

The democratisation of joined-up government, you might say. Everyone can be a member of the surveilling class. (And by the way I think "surveilling class" or maybe "surveilling classes" is a meme with a future.)

As with current strength surveillance cameras, the actual effectiveness of this particular programme as of now – it sounds to me a lot like an old fashioned search engine (but what do I know?) – is not really the big point here, or not the point that interests me. What I think is the big point is that, sooner or later, such programmes surely will do what this one promises to do.

Not surprisingly, the same web site also pushes another programme called "Privacy Protector", which, I guess, enables you to defend yourself against Internet Investigator. Maybe Privacy Protector is the real product, and Internet Investigator only exists to scare up business for Privacy Protector.

Whatever. It all has the smell of the new battles that people are going to be fighting in this brave new twenty first century. And they won't just be government-people or people-government battles, they'll be people-people battles.

I am in the process of researching and writing a (long) piece on the story of how Australia came within a hair's breadth of introducing compulsory ID cards in 1987, which will be posted either here or to my own blog in the next couple of days. However, while researching this, I ran the following 1986 quotation from then Australian (Labor) Health minister Dr Neal Blewett, who was in charge of the ID card plan at the time.

... we shouldn't get too hung up as socialists on privacy because privacy, in many ways is a bourgeois right that is very much associated with the right to private property.

Yes, that's right. This was meant as an argument in favour of ID cards.

On the issue of the (ultimately defeated) proposal for ID cards in Australia, I strongly recommend this article, which was written at the time and gives a thorough overview of what happened. The early stages of the then Australian government's efforts to introduce the card seem eerily similar to anyone who has been watching the recent efforts of the British government. The later stages - a long drawn out battle on the part of the government to pass the enabling legislation which was blocked by the Australian senate, rising opposition to the scheme as the public learned more and more about the proposal and eventually a defeat for the government due to flaws in the drafting of the legislation - are much less likely here due to the lack of the strong bicameral system, sadly.

That said, the lesson that the more that is known about such proposals the less the public like them is surely an important one. In Britain, we really need to get the message out as fast and as comprehensively as possible. The other encouraging thing about the Australian example is that by the end of the fight the public was so against the idea that no Australian government has even dreamed of suggesting an ID card since, and none will any time soon. (This hasn't prevented the government constructing extensive databases of information on its citizens, however).

I'm afraid I don't have a link for this - the FT's web-site wouldn't let me find the story. One of their columnists suggested a way to beat spam: this is roughly the gist:

Each ISP identifies mail addressed to more than, say, 100 receipients. An employee retained for the purpose glances at the mail, and accepts or rejects the mail. This should be relatively easy, as most spam is readily spotted, compared to mailing list entries, etc.

The employee reviews, say, 1 a minute, for 7 hours a day, stopping 60 * 7 * 100 = 42,000 pieces of spam a day. Over a 200 day working year, and at a salary of say £20,000, that works out at about a quarter of a penny per spam stopped.

The author went on to suggest given the global volume of spam, only a couple of people would be needed to stop it all. This seems fallacious, as EACH ISP would need to employee their own blockers.

I think most people reading this site would see the implications for privacy - ISPs would (perhaps be legally required to) read any mail sent to large numbers of individuals. This is not something I'd look forward to.

Hopefully, the idea will die the death of a thousand rapidly knocked up columns, but it's worrying that privacy didn't even strike the writer (or his editor) as an issue. Particularly as, once the proposal had been brought in, there would be a natural pressure to reduce the number of receipients that "triggered" checking. Spammers would drop the size of their mailings, and so the checkers would have to look at an ever higher proportion of mails to have any effect.

At the advanced age of 41 I have some pretty old fashioned ideas. One of these is an absolute belief in the importance of personal privacy.

Invading the privacy of celebrities is a long-standing media tradition and one could argue they deserve it. The danger is when ordinary individuals start to lose their privacy - and welcome that loss.

It probably started with US daytime TV shows of the Oprah variety. Being "on TV" was so important for people that they were willing to share their most personal secrets with the world. As these shows spread and multiplied, hanging one's dirty linen out in public started to become a goal in life for some. Privacy was willingly sold for a few minutes of fame.

Reality TV shows took this a stage further. People became used to the idea that privacy was something so unimportant that it could be given up in the name of entertainment. Big Brother worked initially because it was new and shocking; now it is commonplace. Most of the "contestants" are canny enough to know they're playing to the cameras. The danger is the viewing public who come to accept the whole concept as a harmless bit of fun.

These attitudes spread throughout society as a whole. Michael Jennings wrote an interesting piece about bag searches in Australia. We don't have those here without probable cause, however we almost got to the stage where they were unnecessary. A while back there was a fad for using transparent carrier bags and rucksacks so that the whole world could see your baggage. Even that most sacred of receptacles the woman's handbag was being exposed to all.

Why does this matter? What dirty secrets am I trying to hide?

Privacy is essential for individuality and diversity. Lack of privacy makes it more difficult to be "different", it drives people towards uniformity and conformity. If "no privacy" becomes the norm then those of us who insist on privacy will be automatically branded as "suspicious".

Lack of privacy leads to a bland, safe, boring world. No colours, just shades of grey. A stagnant society that is easily led - and easily sold to. A perfect world for government and big business.

Which is one reason I'm vehemently against compulsory National Identity Cards. People say "if you're innocent you've nothing to fear". I fear loss of privacy. Where I go and what I do is not illegal, it's just no business of the police, the government or anyone else.

I don't want Big Blunkett watching me.

Cross-posted from An It Harm None

The Telegraph reports:

A woman who was strip-searched when she went to visit her son in jail asked five law lords yesterday to create a new law of personal privacy. Lawyers for Mary Wainwright, 49, from Leeds, hope the House of Lords will overturn decisions by lower courts that there is no right to privacy in English common law.

Mrs Wainwright visited her elder son Patrick at Armley Prison, Leeds, in January 1997. She was accompanied by her younger son, Alan, who suffers from cerebral palsy with a degree of mental impairment. Before the visit could go ahead, Mrs Wainwright and Alan were strip-searched for concealed drugs. The searches were more intrusive than was permitted by prison guidelines.

A judge in Leeds decided that their privacy had been infringed but this ruling was overturned by the Court of Appeal in December 2001. Three judges, headed by the Lord Chief Justice, held that there was no right to personal privacy in English law.

Reason's Hit and Run blog links to this article in the Washington Post about companies who promise not to sell information about you. And they keep their promise. They don't. They rent it instead.

Original link here.

.

If you walk into a large store of virtually any kind in Australia, you will see a sign just outside the door saying. "It is a condition of entry to this story that customers allow us to inspect the contents of their bags on leaving the shop". Typically, when you leave the shop, there is a security guard outside the door who asks to inspect the contents of your bag. Virtually all customers open their bag, the guard looks inside the bag, and then the customers go on their way.

When growing up in Australia, I simply thought that this was the natural order of things. I never really thought about this as a violation of my privacy until I spent some time living in England in the 1990s. In England, such searches do not occur, presumably because either the British interpretation of the law is that they are not legal or the law is different. (I think that we are likely dealing different interpretations of the same common law here). When I returned to Australia, I suddenly became much more aware of bag searches in stores than had been the case before. And I became much more protective of my rights. I found that I was very unwilling to let anyone look in whatever bags I might be carrying.

Legally, the case for allowing such bag searches is flimsy. Without probable cause (which in practice usually means someone will have to have seen you take something off the shelf of the shop and put it in your bag) the shop has no right to detain you or to look in your bag. However, they can ask to look in your bag. You then have the right to refuse. If you refuse the shop can then ask you to not come back to the shop again, but they have no way of actually compelling you to open your bag for them.

In commemoration of Orwell's 100th birthday, Neuromancer author William Gibson had an op-ed piece in Wednesday's New York Times, in which he discussed Orwell's vision, and how it was influenced by its time. In particular, Gibson believes that Orwell's vision was influenced by the broadcast nature of the media at the time: radio and the nascent invention of television were highly centralised.

The surveillance scheme (and the totalitarian states) envisioned in 1984 were centralised in the same way, from some giant central security apparatus. Gibson believes that today's world, and the world of the future, is different. Greater surveillance will be mixed with much greater freedom of information. People with access to all this new information will consist of many non-state as well as state actors. We will live in a world with much less privacy, but not necessarily much less freedom.

Surveillance states without this fancy new technology were pretty effective, and still are pretty effective in places (from North Korea to Burma to Cuba) where old technological paradigms still apply. Would these states have been more oppressive if the people runing them had PCs? It's hard to say. Would the presence of PCs in the security apparatus in East Germany rather than mountains of paper records have prevented the end of European communism? It's doubtful. Changing surveillance technology is taking us somewhere new, it may be that the vision of Orwell provides a good guide as to what it is.

After quickly observing that Gibson sounds rather like Brian Micklethwait, I will observe that Gibson is at least partly right. The greater freedom of information that results from many to many communications networks changes things dramatically. We saw glimpses of this in the 1980s with the invention of the fax machine, which more or less removed the mass media's ability to bury a story that the people were not supposed to know about. (The key story was something tawdry: a transcipt allegedly of the Prince of Wales talking to his mistress). This reached every office in London seemingly in minutes. The media and hence the courts could no longer supress things like that. With the invention of e-mail and SMS text messaging, such communications became more ubiquitous, and no longer tied to the home or office.

We are suddenly in a world where a great deal of information is being collected on us and transmitted to other places, and yet at the same time, we are collecting a lot of information on ourselves, and transmitting it voluntarily, and to some extent this controls the flow. Much of this information is and will continue to be cultural rather than political in content. Like Brian, I am fascinated by this phenomenon, which can also be for the good. Due largely to the use of SMS messaging, the Chinese government this year completely failed to keep information secret about the spread of the SARS virus in China. People throughout the country knew far more about what was going on than the government wanted them to know. The Chinese government now seems to know that it cannot keep things secret like this any more, and as today's Economist discusses, the consequences could be profound.

An observant reader told us of what he saw in Bristol when staying at a hotel there last weekend. A notice in the Travel Inn proclaims words to the following effect:

In order to comply with police requests and to improve security, all guests paying for their rooms in cash will be required to provide ID and proof of address.

Our gentle reader's reaction?

You WHAT?!....So, if I refuse to provide you with information you have no right to, I don't get my room. If I do, you... Do what with it, precisely? Pass it on to the police as a "potential terrorist"? Breach my personal privacy for your own amusement? Send me incessant advertising garbage? Store it in contravention with the Data Protection Act?

Can you tell he was not impressed?

This is a well spotted 'minor' occurrence. No police state can maintain its hold over society without its little helpers, who function, not exactly as the hand of the state, but certainly its 'dainty' prying and sticky fingers, deep in the everyday life of those around them. They exist in every society and although Britain is not a police state, I would not want to underestimate their reach, especially given the current government policies in the UK. Big Brother seems to have many cousins...

Guardian argues that the key question about ID cards is not whether we have to carry them but what will be on the national database:

Now it is about how much information the government has on each of us, what the authorities want to do with it, and what rights are lost by those who don't have what is, after all, officially being called an "entitlement" card. The real dangers now are over "function creep" and what will happen to a new cardless underclass who could be called the sans plastiques - a new British cousin for the French sans papiers.

Already function creep is beginning to surface, even though the cabinet is only now getting down to discussing the fine detail of the legislation to be introduced this autumn. In fact, as Blunkett's white paper last July made clear, the proposal is really about setting up the first national central database of all people over 16, including foreign nationals, who are legally resident in Britain. It is this register, and not the bit of plastic in our wallet, that causes the real anxiety.

The white paper makes clear that one of the aims of the scheme is to "establish for official purposes a person's identity so that there is one definitive record which all government departments can use if they wish".

Some commenters have already complained about the bovine and passive nature of the British public, so this should just confirm their views:

The real problem is that we are only too willing to sell our privacy cheap. We will happily give a supermarket our entire personal lifestyle profile simply to get a plastic loyalty card. We are going to help the government create an immensely powerful personal database on each of us, not because of some damnable Whitehall conspiracy but because we couldn't wait to get our hands on a new piece of plastic.

Also, an earlier Observer article calls for outright abandonment of the whole idea of identity cards:

The arguments against are clear and unchanging. Identity cards create new crimes and criminals while being blunt and ineffectual weapons against fraud and identity theft. They are expensive (Mr Blunkett bypasses Treasury objections only by suggesting we pay £25 for the privilege of holding records of our own fingerprints). Above all, a regime of ID cards, whether kept in a drawer or carried on our person, will create new tensions between police and ethnic minority communities, undoing much positive progress. The divisive 'sus' laws will be back with a vengeance.

The Home Secretary hopes to bring forward legislation after a general election. We hope the Cabinet will change his mind.

Criminals carrying fake or stolen documents -- such as passports and driving licences -- will face up two years in jail under the new law. Home Office Minister Beverley Hughes will tell a conference in London entitled Combating Identity Fraud today:

This new offence will enable the police to crack down hard on criminals involved in identity fraud. False identities are commonly used by those engaged in organised crime and terrorism. The new offence would provide the police with the means to disrupt the activities of organised criminals and terrorists in the early stages of their crimes.

The Home Office Minister added the legislation was not solely targeted at organised crime and terrorism.

Phil Zimmermann, the man who in the early 90s developed the Pretty Good Privacy (PGP) encryption product, believes that Moore's Law and surveillance cameras make for a particularly dangerous cocktail, as reported by ZDNet.

Moore's Law represents a "blind force" that is fuelling an undirected technology escalation, referring to what he sees as the threat to privacy from the increased use of surveillance cameras.

The human population does not double every 18 months but its ability to use computers to keep track of us does. You can't encrypt your face.

Zimmerman sees surveillance as the biggest threat to civil liberties and nowhere, he believes, is this more egregious than in the UK.

You have millions of CCTV cameras here. Every citizen is monitored, and this creates pressure to adhere to conformist behaviour. The original purpose of cameras was to catch terrorists, but to my knowledge they haven't caught many terrorists using cameras.

Another problem with using technology for surveillance according to Zimmermann is that while laws that are brought in during times of a perceived increase in threats to national security, they can be relatively easily repealed. I find it hard to believe that anything can be more inert and irrepealable than laws but his point about technology still holds:

The technology market doesn't work that way. It has more inertia, and is more insidious. When you put computer technology behind surveillance apparatus, the problem gets worse.