Liberty News

  I Have Nothing to Fear...

...But then again, I don't live in the UK

Lets just hope that the initial usages are to expose the marital infidelities of ministers and senior police officers.

From The Independent
 
Britain is to become the first country in the world where the movements of all vehicles on the roads are recorded. A new national surveillance system will hold the records for at least two years.

Using a network of cameras that can automatically read every passing number plate, the plan is to build a huge database of vehicle movements so that the police and security services can analyse any journey a driver has made over several years.

The network will incorporate thousands of existing CCTV cameras which are being converted to read number plates automatically night and day to provide 24/7 coverage of all motorways and main roads, as well as towns, cities, ports and petrol-station forecourts.

By next March a central database installed alongside the Police National Computer in Hendon, north London, will store the details of 35 million number-plate "reads" per day. These will include time, date and precise location, with camera sites monitored by global positioning satellites.

Already there are plans to extend the database by increasing the storage period to five years and by linking thousands of additional cameras so that details of up to 100 million number plates can be fed each day into the central databank.

Senior police officers have described the surveillance network as possibly the biggest advance in the technology of crime detection and prevention since the introduction of DNA fingerprinting.

But others concerned about civil liberties will be worried that the movements of millions of law-abiding people will soon be routinely recorded and kept on a central computer database for years.

The new national data centre of vehicle movements will form the basis of a sophisticated surveillance tool that lies at the heart of an operation designed to drive criminals off the road.

The scheme is being orchestrated by the Association of Chief Police Officers (Acpo) and has the full backing of ministers who have sanctioned the spending of £24m this year on equipment.

More than 50 local authorities have signed agreements to allow the police to convert thousands of existing traffic cameras so they can read number plates automatically. The data will then be transmitted to Hendon via a secure police communications network.

Chief constables are also on the verge of brokering agreements with the Highways Agency, supermarkets and petrol station owners to incorporate their own CCTV cameras into the network. In addition to cross-checking each number plate against stolen and suspect vehicles held on the Police National Computer, the national data centre will also check whether each vehicle is lawfully licensed, insured and has a valid MoT test certificate.
 

Frank Whiteley, Chief Constable of Hertfordshire and chairman of the Acpo steering committee on automatic number plate recognition (ANPR) said: What the data centre should be able to tell you is where a vehicle was in the past and where it is now, whether it was or wasn't at a particular location, and the routes taken to and from those crime scenes. Particularly important are associated vehicles, Whiteley said.

The term "associated vehicles" means analysing convoys of cars, vans or trucks to see who is driving alongside a vehicle that is already known to be of interest to the police. Criminals, for instance, will drive somewhere in a lawful vehicle, steal a car and then drive back in convoy to commit further crimes "You're not necessarily interested in the stolen vehicle. You're interested in what's moving with the stolen vehicle," Whiteley explained.

The security services will use it for purposes that I frankly don't have access to. It's part of public protection. If the security services did not have access to this, we'd be negligent.

    Retaining Doubts

From The Register

The European Parliament has approved proposals on data retention that would compel telecom firms to keep customer email logs, details of internet usage and phone call records for between six months to two years.

The plan - designed to assist law enforcement leaves it up to individual governments to decide how long service providers will be obliged to keep data.

Police and intelligence agencies would have access to call records (including data on lost calls), location information and internet logs without getting access to the content of the information communicated. MEPs decided to drop provisions to make it mandatory for member states to reimburse telecom companies for additional costs incurred in servicing law enforcement requests.

The EU directive on data retention passed by 378 votes in favour to 197 against and 30 abstentions during its first reading on Wednesday. The measures were put forward by Britain after the 7 July bomb attacks on London.

A spokesman for the UK Internet Service Providers' Association (ISPA) said it remained to be seen how the directive will be implemented into UK law. Voluntary co-operation already exists between ISPs and UK law enforcement agencies over requests for communications data but implementation of the directive would change this from a voluntary arrangement into a mandatory code of practice. We are concerned that ISPs may have to foot the bill for mandatory data retention. ISPs are not law enforcement agencies so they should not have to pay for it all , he said.

The amounts involved are not small. ISPA cites estimates from one large UK-based ISP that it would cost £26m a year to set up data retention kit on its systems and £9m a year in running costs to service law enforcement requests.

MEPs agree with the need to retain data for the detection, investigation and prosecution of crime, but only for "specified forms" of serious criminal offences (terrorism and organised crime), and not for the mere "prevention" of all kinds of crime.

Dai Davis, a consultant lawyer at Nabarro Nathanson, said the European Parliament had fudged important issues such as how long records should be kept and who would end up footing the bill for data retention.

Safeguards (including independent oversight) have been put in place by MEPs to make sure data retention requests can't be used to trawl through databases and need to be sanctioned on a case by case basis. But Davis said that it was unclear if checks and balances established in the directive provide adequate safeguards against abuse.

    Identification Requirements Identified for Data Retention

From OfcomWatch

The latest European agreement an communications data retention is worrying those at European Digital Rights. They have identified some very worrisome snippets lurking in the small print

And in particular, they write:

The Directive requires more invasive laws. Once adopted, this Directive will prove not to be the ultimate solution against serious crimes. There will be calls for additional draconian measures including:

-the prior identification of all those who communicate, thus requiring ID cards at cybercafes, public telephone booths, wireless hotspots, and identification of all pre-paid clients;

- the banning of all international communications services such as webmail (e.g. Hotmail and Gmail) and blocking the use of non-EU internet service providers and advanced corporate services.

    Governments are Listening

From the Daily Mail

EU justice and interior ministers have agreed on plans binding telecommunications companies to retain phone call and e-mail logs for a minimum of six months for use in investigations into terrorism and other serious crimes.

It is an essential tool for law enforcement and against criminality, and that's why it's so important," said British Home Secretary Charles Clarke, who chaired the meeting. He said the majority deal among the 25 EU nations allowed governments to decide how long telecoms companies in their nations should retain the data, as long as it was between six and 24 months.

We have agreed to a system which gives flexibility to member states who want to go further , Clarke told a news conference. He said the ministers agreed to a review procedure that could increase the amount of material collected. Clarke said terrorist groups, drug dealers and people-trafficking gangs would better be targeted under the new rules. If you can discover what the network is, who they communicate with, how they operate, you can begin to make the connections, and that can make a very big difference . Clarke said he was optimistic the European Parliament would adopt the bill later this month - meaning it could come into force next year.

The Republic of Ireland and Italy had led opposition to the plan during the two day ministers' meeting. They argued setting up new EU legislation would contradict national laws that already go further.

However, at the end of the talks, only Poland, the Republic of Ireland, Slovenia and Slovakia remained opposed, not enough to block the measure.

    Government Supports Extortionists

Makes it a bit scary that the Government will be in charge of an awful lot more personal data once they set up the Nation ID database,   Clearly customers of Co-op, Kwik Save and Aldi may be best advised to shop elsewhere

From the Daily Mail

Extortionist car park operators, who are entirely unregulated, purchase the names and addresses of motorists who they wish to track down - and can then send them threatening letters to demand massive fines for alleged 'overstays'.

The revelations raise serious questions about the way personal information held by the Government is sold commercially. They will also provoke fears about the possible abuse of Tony Blair's identity card scheme, which will create a powerful database of details about everyone in Britain.

The Government's Driver and Vehicle Licensing Agency last night admitted it hands out drivers' details at £2.50 a time when provided with car registration numbers. All drivers are legally required to give the DVLA their up-to-date address, although few know this information can be sold on.

Private car park companies, however, have the right to obtain this information under obscure regulations introduced three years ago and waved through the Commons with no debate.

The Mail on Sunday investigation found one company - used by the Co-op, Kwik Save and Aldi to manage store car parks - exploits the data to send threatening letters to motorists demanding fines of up to £170. This is three times the fine local authorities typically charge motorists who fail to 'pay and display'.

Creative Car Park Management - which uses a variety of front companies to conceal its true identity and earnings - uses cameras at the entrances and exits to their sites to photograph the number plates of drivers who they allege linger beyond the 'free parking' limit. Using the information sold by the Government, the firm sends out bills - sometimes weeks later - telling motorists they will be taken to court if they fail to pay.

The secretive company even threatens to send bailiffs to drivers' homes to recover money they claim to be owed. Many motorists, fearing the firm is working alongside the DVLA, may feel they have no choice but to pay up.

The firm has been the subject of a series of complaints from drivers. Liberal Democrat MP Norman Baker has been championing the cause of shoppers caught by Creative Car Park Management in the village of Polegate in his Lewes, East Sussex, constituency.

Baker said: A private company should not be allowed to obtain information about private individuals from the State. When people provide information to the Government, they do not do so on the basis that someone is going to make a profit from it. A huge number of mistakes have been made by the company here in Lewes, all of which appear to be in their favour. It is supposed to be free parking, but a number of my constituents have received very large bills. £170 would be an extortionate amount to charge in Central London, let alone rural Sussex.

Motoring organisations claim there has been a boom in this form of 'ticket-less' parking fine, which has caught thousands by surprise. Since no tickets are placed on the windscreen, drivers can incur several fines before they even realise they have done anything wrong.

The DVLA said 157 private parking companies regularly apply to it for information on 'vehicle keepers'. The DVLA insisted that the right of parking companies to access their database predates the 2002 regulations. However, a spokesman was unable to say exactly when the DVLA began its current practice of routinely selling data.

But Edmund King, of the RAC Foundation, said: The DVLA is behaving irresponsibly by passing on sensitive information to the wrong sort of people.

Paul Watters, head of roads policy at the AA Motoring Trust, said: These companies can charge fines at what ever level they want - using personal information about motorists obtained from the Government. And there is no one monitoring what is happening.

The Mail on Sunday began investigating Creative Car Park Management after being alerted to a flurry of complaints from motorists who felt they had been treated unfairly. With its fashionable name and glossy website, it appears to be a conventionally run business. It certainly gives that impression to the dozens of well-known companies which use its services.

CCPM says it monitors about 150 car parks all over Britain on behalf of retail and property companies. But its founder and owner, Gary Wayne, goes to extraordinary lengths to hide his identity.  CCPM's structure is concealed by 'shell' companies and anonymous nominee directors who play no part in the firm's management or day-today operations - a tactic that will be outlawed under the Companies Act, due to come into force in 2007.

Its registered address turns out to be an accommodation address in Mayfair where Wayne pays £320 a year to rent a mailbox. In fact, the 35-year-old businessman runs CCPM from his four-bedroom, £400,000 home in Mill Hill, North London. After initially claiming to be only a spokesman for the company, he eventually admitted to being its founder and sole operator. He said he had always operated within the law and provided a valuable-service in preventing commuters and long-term parkers from abusing parking regulations on privately-owned land.

Asked why he was so keen to conceal his identity, Wayne said car parking was a 'sensitive issue' and added: We wish to protect the identity and security of the senior administration of the company. Inquiries by this newspaper, however, suggest that the group's 'senior administration' consists of just one man - Gary Wayne.

Wayne's customers use him because of the convenient, no fuss service he offers. Companies such as CCPM charge their clients nothing, deriving their income from the high fines they levy on car owners.

It may come as some surprise that in the era of the Data Protection Act - the law designed to restrict access to personal details kept on databases - that the DVLA is able to sell on information about drivers. However, the provision in the 2002 Road Vehicles Regulations giving car park companies the right to find out about 'vehicle keepers' overrides any earlier restrictions in the Data Protection Act.

The revelation will fuel growing concerns about the use of information held by Government departments. Ministers are planning a massive database of personal information about every adult in the UK as part of the planned ID card scheme. Ministers insist access to the data will be carefully regulated - and not sold on to private companies. However, the revelations about the way the DVLA database is exploited commercially raises fears that the much larger ID card computer could be 'raided' in a similar way.

Gareth Crossman, director of policy for civil rights group Liberty, said: I have no doubt that once the register of personal information is in place, the number of people with access to it will increase hugely.

    House Inspections

Yet more information no doubt to be linked in to the ID database. Burglars will have a field day when they can do a computer search for large properties with a large garden and only an old lady living there. The Inland Revenue will probably find it well useful in checking your home against your declared income.

From The Telegraph

Whitehall documents reveal that they will be allowed to "obtain factual information from internal inspections" as part of the enormous exercise to revalue 22 million properties in England.

Caroline Spelman, the Tories' local government spokesman, said: "Labour's council tax revaluation will mean an army of nosey clipboard inspectors invading people's homes, including their bedrooms.

She said a "Big Brother" database would include new inspection codes that would allow the Valuation Office Agency, an arm of the Inland Revenue, to check which properties had been inspected and the degree to which an internal or external inspection had been recorded.

The Valuation Office Agency sought the advice of the office of the Surveillance Commissioner on entering homes. The commissioner replied that inspectors taking photographs of properties would not contravene the Regulation of Investigatory Powers Act or the Human Rights Act, even though those laws were intended to protect citizens' privacy.

Conservatives are tabling amendments to the Council Tax Bill to try to remove the powers of the Valuation Office Agency to enter homes.

Spelman said that new "value significance codes" had been expanded in January this year to cover 66 property features, including balconies, proximity to a golf course, conservation areas, gated estates, large garden, large patio, roof terrace, sea views and views of hills or lakes. The Tories say the codes will push many homes into a higher tax bracket.

The Office of the Deputy Prime Minister said it was "ridiculous" to suggest that each of the 22 million properties would be visited. There will not be armies of people sticking cameras through your window, a spokesman said. The only time a valuer will go out [to see a property] is if you have a peculiar property. It may be - and this will be on only a very few occasions - that you receive a letter asking for a visit.

    Criminals Love ID Cards

From The Scotsman

The government's case for identity cards has been dealt a serious blow on the day of a crucial Commons vote after the software giant Microsoft warned that the proposals could generate "massive identity fraud" on a scale as yet unseen.

In an article for The Scotsman today, Jerry Fishenden, the national technology officer for Microsoft, says the proposal to place "biometrics" - or personal identifiers such as fingerprints - on a central database could perpetuate the very problem the system was intended to prevent . He says ministers should not be building systems that allow hackers to mine information so easily.

Fishenden says that, as no computer system is ever 100 per cent secure, putting a comprehensive set of personal data in one place produces a honeypot effect - a highly attractive and richly rewarding target for criminals.

Ministers propose putting 13 personal identifiers, such as iris scans, fingerprints and facial imprints, on to a central database, along with personal details such as names and addresses. But the technology expert warns that holding these details in one place "is something that no technologist would ever recommend" and could leave individuals helpless if their details were compromised.

Unlike other forms of information, such as credit card details, if core biometric details such as your fingerprints are compromised, it is not going to be possible to provide you with new ones, Fishenden says. Using the same "identifiers" every time the ID card is presented is a highly risky technical design and could inadvertently broadcast personal information to fraudsters or private companies. Having to produce this much information for every service is "unnecessary" as systems could be designed to ensure that only the relevant data is revealed each time.

Would you be happy if online auction sites, casinos or car rental company employees are given the same identity information that provides you with access to your medical records?   Fishenden writes.

    War on Citizens

From the Daily Mail

Home Secretary Charles Clarke is set to accept diluted EU anti-terror plans after losing a clash of wills with the European Commission and Euro-MPs.

His bid to use Britain's EU presidency to push for the toughest-possible to track terrorist activities through email and mobile phone data has come up against protests that the move breaches civil liberties.

The most Mr Clarke can expect is progress towards a deal to force Internet and telecoms companies to retain phone email traffic data for a maximum of one year.

    FBI to get veto power over PC software?

From CNET News

The Federal Communications Commission thinks you have the right to use software on your computer only if the FBI approves.

No, really. In an obscure "policy" document released around 9 p.m. ET last Friday, the FCC announced this remarkable decision.

According to the three-page document, to preserve the openness that characterizes today's Internet, consumers are entitled to run applications and use services of their choice, subject to the needs of law enforcement. Read the last seven words again.

The FCC didn't offer much in the way of clarification. But the clearest reading of the pronouncement is that some unelected bureaucrats at the commission have decreed that Americans don't have the right to use software such as Skype or PGPfone if it doesn't support mandatory backdoors for wiretapping. (That interpretation was confirmed by an FCC spokesman on Monday, who asked not to be identified by name. Also, the announcement came at the same time as the FCC posted its wiretapping rules for Internet telephony.)

Nowhere does the commission say how it jibes this official pronouncement with, say, the First Amendment's right to speak freely, not to mention the limited powers granted the federal government by the U.S. Constitution.

What's also worth noting is that the FCC's pronunciamento almost tracks the language of the 1996 Telecommunications Act. Almost.

But where federal law states that it is the policy of the United States to preserve a free market for Internet services "unfettered by federal or state regulation," the bureaucrats have adroitly interpreted that to mean precisely the opposite of Congress said. Ain't that clever ?

    Control Freakery is Compulsory to Labour

From The Scotsman

Biggest British firms could make ID cards compulsory for staff. The card could become a prerequisite to being hired by many of Britain's biggest employers, in a move that would undermine the supposedly voluntary nature of the controversial scheme.

Thirty of Britain's largest companies are in talks with the government about making the possession of ID cards - likely to cost at least £100 each - a central part of their employment practices.

The vast government-run database supporting the ID card system could also be tied into companies' payroll and benefits networks. Serving employees could also face identity checks against the information stored on the register.

The outcome of the discussions between the Home Office and companies including the Royal Bank of Scotland, HBOS and Tesco, could severely curtail the options for people who choose not to have a card when they are introduced on a voluntary basis in 2008.

Under pressure from his Liberal Democrat coalition partners, Jack McConnell, the Scottish First Minister, has agreed that an ID card will not be required to access public services in Scotland, as it will be in England. That has led to speculation that take-up of the cards will be lower north of the Border.

The cards' potentially pivotal role in employment decisions is emerging as the Home Office searches for possible uses for the card in the hope of encouraging voluntary applications, and to justify the huge cost of the ID scheme.

Independent estimates have put the cost of an ID card at up to £300, although the Home Office has signalled the price will be capped at about £100. The final bill to the taxpayer will be at least £8 billion.

On the government's timetable, the legislation will be passed later this year, and the first voluntary cards will be issued in 2008. Over the following five years, ministers would assess the case for making the card compulsory, based on how many people had chosen to take them up. Opponents of the plan claim that "voluntary" period is a sham and that ministers have already determined that the cards will ultimately become compulsory.

The Home Office confirmed that a "consultation group" of 35 major employers are involved in talks to discuss benefits relating to payroll and human resource management for the private sector . David Lacey, the Royal Mail executive who chairs the Private Sector User Group, told The Scotsman that major employers are "enthusiastic" about ID cards.

Many of the firms in the group - which also includes British Airways, BP, Lloyds TSB and Shell - see the cards as a means of accelerating their assessment of job applicants, and cutting the costs involved in such screening.

The Royal Mail, for instance, currently takes about six weeks to check job applicants' criminal records and immigration status. With an ID card, Lacey estimates, that could be cut to 72 hours. It saves us money, and it's better for the person applying for the job as well , he said.

    Dreddful Idea

From The Guardian

Britain's top police officer was accused last night of paving the way for "Judge Dredd law" by proposing that officers should be allowed to by-pass the courts and confiscate driving licences, seize vehicles and issue anti-social behaviour orders on the spot.

The Metropolitan Police Commissioner Sir Ian Blair said "modernisation" of the force should be carried forward by introducing "an escalator of powers" for the dispensing of instant justice: One idea is to have some police officers - paid more and with more powers - to impose an interim anti-social behaviour order, for instance, or suspend a driving licence.

However, Shami Chakrabarti, the director of the human rights group Liberty, said Sir Ian was behaving like Judge Dredd, the post-apocalyptic comic book law enforcer whose catchphrase is "I am the law". She added: This is more like summary justice which has no place in a democracy. He's supposed to be the Met Commissioner, not Judge Dredd. Sir Ian should concentrate on the difficult job of running the Metropolitan Police rather than working on political speeches arguing for ever more draconian laws.

But Sir Ian, addressing the annual conference of the Police Superintendents' Association, said it was unsatisfactory that a disqualified driver could be arrested and released, and immediately get back in a car. In such cases, officers should be able to seize the offender's vehicles.

He conceded that such powers should be dispensed with care and without turning the place into a police state, which would be unfortunate. I don't want to see this as a massive widening of powers. It is to deal with some very specific issues.

However, colleagues were not convinced. Rick Naylor, the president of the association, said: We police with consent and part of that is because the public see us as being approachable. If the public fear us more because of increased powers that approachability will be damaged.

    Big Brother's Club

From The Guardian

Tesco is quietly building a profile of you, along with every individual in the country - a map of personality, travel habits, shopping preferences and even how charitable and eco-friendly you are. A subsidiary of the supermarket chain has set up a database, called Crucible, that is collating detailed information on every household in the UK, whether they choose to shop at the retailer or not.

The company refuses to reveal the information it holds, yet Tesco is selling access to this database to other big consumer groups, such as Sky, Orange and Gillette. It contains details of every consumer in the UK at their home address across a range of demographic, socio-economic and lifestyle characteristics, says the marketing blurb of dunnhumby, the Tesco subsidiary in question. It has added intelligent profiling and targeting to its data through a software system called Zodiac. This profiling can rank your enthusiasm for promotions, your brand loyalty, whether you are a "creature of habit" and when you prefer to shop. As the blurb puts it: The list is endless if you know what you are looking for.

This publicity material was, until recently, available on the website of dunnhumby, but now appears less forthcoming. Attempts by a number of Guardian reporters to retrieve their own personal information under the Data Protection Act led to a four month battle; the request was ultimately denied so the Guardian has appealed to the Information Commissioner. Tesco has provided some personal data held by Clubcard, the loyalty scheme that monitors members' shopping and which has been credited with fuelling the supermarket group's astronomical growth in the past decade.

But as far as Crucible is concerned, the company admits it has put great effort into designing our services so information is classed in a way that circumvents disclosure provisions in the Data Protection Act. Clues about the content of dunnhumby's database have appeared in the company's marketing literature. Crucible, it says, is a "massive pool" of consumer data. In the perfect world, we would know everything we need to know about consumers. We would have a complete picture: attitudes, behaviour, lifestyle. In reality, we never know as much as we would like. But Crucible, it suggests, has got much further than rival systems by pooling data from several sources and then using the vast Clubcard data pool to profile customers.

Together, Crucible and Zodiac can generate a map of how an individual thinks, works and, more importantly, shops. The map classifies consumers across 10 categories: wealth, promotions, travel, charities, green, time poor, credit, living style, creature of habit and adventurous.

How does Tesco get the information? Clubcard is used to target promotions at particular cardholders. But Crucible is separate and Tesco insists that while loyalty scheme data is used by Crucible it does so anonymously rather than a house-by-house, name-by-name basis.

Dunnhumby's chairman, Clive Humby, offers a few more clues. Companies such as Experian, Claritas and Equifax have databases on individuals and Crucible collects from them all. Any questionnaire you may have completed, any reader offers you responded to, are bought to build up a picture of attitudes and habits. Crucible also trawls the electoral roll, collecting names, ages and housing information. It uses data from the Land Registry, Office for National Statistics and other bodies to generate a profile of the area you live in. Zodiac is employed to provide a more detailed profile.

    Nothing to Fear...

Unless you haven't quite told your boss or partner the whole truth about where you are going

From The Telegraph

Black boxes in cars to help police discover the causes of accidents are being considered by ministers, it was announced yesterday.

They are also thinking of introducing financial incentives for those willing to install devices that keep vehicles within the speed limit.

The proposals, regarded by ministers as being at an embryonic stage, are based on a report produced by the Motorists' Forum at the request of Alistair Darling, the Transport Secretary. They formed part of a wide-ranging package unveiled by Stephen Ladyman, the roads minister, who gave it a cautious endorsement. Describing Britain's roads as among the safest in the world, Ladyman said the Government would be "aggressive" in trying to further reduce fatalities.

Whitehall believes it can build on technology which is already in use. Many cars have computers providing information to garages about how they have been driven. Norwich Union has offered motorists pay-as-you-drive insurance based on data collected by a black box it installs in the car.

Similar technology is being used on a far wider scale in the United Arab Emirates, which plans to install black boxes in 700,000 official cars. These tell the driver when the speed limit is being broken. If a warning is ignored, it tips off the nearest police patrol car by text message and alerts a control centre, which issues a speeding ticket.

Black boxes would be used to help police understand why an accident happened by providing information on how the car was driven in the moments before a collision. Ladyman said extensive consultation would be needed before legislation gave police access to these data.

Technology to prevent cars exceeding the speed limit has been developed by researchers at Leeds University.
Companies such as Siemens believe "intelligent speed adaptation technology" could appeal to motorists with several points on their licence who want to avoid a ban. It is based on marrying satellite navigation technology and speed limiters commonly fitted to lorries and coaches.

With the Government keen to encourage rather than coerce motorists, one option would be for drivers to be given an incentive to buy safer cars through the tax or - if it is introduced - road-pricing system. Incentives are already in place for fuel-efficient vehicles. Even without government intervention, ministers hope the insurance industry would provide incentives for drivers willing to buy safer cars.

    Justice to be Encrypted and Locked Away Forever

They could stitch up anyone. Just find a long forgotten encrypted file on a computer, ask for the (forgotten) key and bang them up for 10 years.

Many messaging encryption services are based on session keys where they key is deleted after use to decode the message. The encrypted message may still exist on GCHQ message traces but no amount of 10 year threats can re-create a deleted key.

From The Guardian

Electronic checks that could identify terrorist suspects before they board a plane to Britain may be rushed in amid heightened concerns over port security in the wake of the suicide bombings.

The 'e-borders' scheme - under which passengers' details will automatically be scanned against police, intelligence and immigration watchlists before they reach the boarding gate - is not due to be introduced until 2008. However, ministers are investigating whether the programme, which also keeps an electronic record of people leaving Britain, can be speeded up because of its potential usefulness as a weapon against terrorism.

Speculation that an al-Qaeda mastermind had arrived via the Suffolk port of Felixstowe not long before the 7 July bombings has concentrated attention on port security. Although the Felixstowe incident turned out to be a case of mistaken identity, there are particular concerns that small seaports and airports, viewed as the lowest priority for introducing e-borders, are now being targeted by immigration offenders and criminals.

One government source said e-borders was now considered 'crucial' to the fight against terrorism and waiting until 2008 was too long. There are concerns, however, that speeding up its introduction would leave too little time to iron out any glitches in its computer system.

The system would also provide an automatic list of those who have overstayed visas - making it easier to find and deport illegal immigrants.

The move comes as Home Office ministers review their long-term responses to terrorism. Sir Ian Blair, Commissioner of the Metropolitan Police, will this week propose a 10-year mandatory minimum sentence for anyone refusing to provide police with details of how to access encrypted information on their computers.

Dozens of computers have been seized in the UK and Italy in the wake of the recent bombings. At present, police can hold suspects for a maximum of 14 days under terrorism legislation, often insufficient time to break into whatever information their computers may contain.

'A lot of the stuff that we have on computers is encrypted, and for that reason I am interested in creating an offence of refusing to reveal an encryption key,' Blair said. 'It has to be punishable by a term of at least 10 years.'

However, the civil rights group Liberty says the proposals are 'like suggesting that the police should be able to steam open your mail after you've put it in the post box'.

The Association of Chief Police Officers has called for new offences to tackle use of the internet, such as blocking terrorist websites. However, senior officers believe the threat is sometimes overplayed, arguing much online information is unreliable. If I was in the business of making highly volatile explosives, I would not be relying on the internet as my only source of information,' one detective said. 'It is more important to go after the preachers of hatred who stand on street corners and stir up trouble.

    Liberty Retained but no Thanks to Clarke

It seems a very expensive way to check if people are downloading spanking films

From The Scotsman

Charles Clarke, the Home Secretary, failed to win European Union backing for a plan to retain phone and e-mail data to help combat terrorism. Clarke's hopes of an agreement at a summit in Newcastle were dashed as EU members, including Germany, stood by their objections on civil rights grounds, and telecoms companies warned that such a scheme would saddle them with enormous costs.

In the wake of the London terrorist attacks, Clarke wants to use the UK's presidency of the EU - which runs until January - to agree a common rule obliging telecoms firms to retain communications data for possible use by the security services in tracking suspected terrorists.

Clarke had convened the meeting of EU justice and home affairs ministers in the hope of overcoming other countries' doubts. But despite insisting that an agreement is still possible, Clarke appeared to make little headway towards that end.

As well as long-held concerns over state surveillance, some EU ministers raised doubts about who would pay for the technology involved in storing the communications data. Industry will take the position that this is something the state must pay for, said Brigitte Zypries, the German justice minister.

And the European Telecommunications Network Operators' Association, which represents most of the EU's phone and internet firms, yesterday delivered a warning that the total cost of the plan could easily exceed £100 million a year. We think it's a rather unsophisticated approach to a complex problem , said Michael Bartholomew, the head of the lobbying group. The implications of this total package are very considerable, and it seems to me that we're talking about hundreds of millions of euros on a pan- European basis.

After the meeting broke up without an agreement, Clarke insisted that neither civil liberties nor costs should stand in the way of his plan: We don't think either of those issues are justified, though we understand them.

The Home Office has set aside £6 million to compensate firms for additional costs, and has already signed at least one contract with a mobile phone firm.

    Mug Shots for the Surveillance State

Presumably for the new facial recognition surveillance technology that the UK is so keen on.

From Pattaya Today

The British embassy in Thailand has announced a tightening of the regulations for the two identical photographs when UK nationals apply for a new passport. They must have been taken in the last month, be exactly 45 mm x 35 mm in size, printed on plain, white photo quality paper (not embossed or watermarked), produced against an off-white, cream or light grey background and show you with a closed mouth and a neutral expression. The full details can be found on the embassy’s website www.brithishembassy.gov.uk/Thailand

    Community Snoops

From Silicon

A draft of the European Directive on data retention has been leaked, revealing that Brussels will be asking for all communications records to be held for a minimum of six months.

The latest version of the Directive, made public by the European Digital Rights organisation, aims to standardise the amount, type and length of time communications services providers will have to store details about their customers' phone calls, emails, faxes, SMSes, IMs and other electronic communications, including location details of mobile phone calls.

The Directive, if passed, will force telecoms companies to store information on "traditional fixed and mobile electronic communication services" for one year and IP-based communications for six months.

For calls made between two VoIP users, information will be retained for six months. However, for calls that originate over IP but connect to a normal landline or mobile, data will be held for a year.

While the data held by communications companies won't include the content of the calls or emails themselves, it will ensure that law enforcement agencies can identify the sender and recipient and, for mobile calls, the location of the caller.

According to the EU, there will be a "limited invasion of privacy" and "a limited impact on the competitiveness of the electronic communications industry", as telecoms companies across Europe will have to capture and retain large amounts of data on their customers. The EU, however, has said ISPs and the like should be compensated for any additional expense they incur as a result of the directive.

The European Commission said the measures are now "urgent" and necessary for the "prevention, investigation, detection and prosecution" of criminals and terrorists.

A number of human rights and civil liberties organisations have banded together to oppose the mandatory retention of data and are petitioning the EC to drop the plans, in a petition which reads: No research has been conducted anywhere in Europe that supports the need and necessity of creating such a large-scale database containing such sensitive data for the purpose of fighting crime and terrorism.

A similar conclusion was reached last month by the European parliament, which adopted a report questioning the necessity of a separate but similar data retention proposal, put forward by four EU member states.

The European parliament's report confirmed it had sizeable doubts concerning the choice of legal basis and proportionality of the measures and was concerned it place "enormous burdens" on the telecommunications industry, which it put at around €180m initial expense and €50m per year running costs per firm.

The EU's plan for data retention will also necessitate the creation of a new body of law enforcement agents, the tech world and data protection authorities, which will be charged with translating the directive for emerging technologies.

The EC is expected to formally propose the directive this month and, if it becomes law, will review the directive's performance after three years and analyse how useful the retained information has been to police and intelligence services.

    Retaining Disrespect for Liberty

From The Guardian

'Our values will long outlast theirs" is a powerful proclamation against terrorism with which the government should be rightly pleased. But whether Tony Blair's words are anything more than a catchy slogan will be put to the test today when Charles Clarke meets his European counterparts in Brussels to thrash out a response to the London bombings.

In recent days the home secretary has been touting the notion that our phone, email and internet records should be archived for at least a year for use by security services and police. Clarke believes that mobile and internet service providers should create databases containing information on who we email, who emails us, who we phone, where we use our mobile, our account details and the internet sites we visit. That information would then be made available to police in other EU countries. The idea is known as "communications data retention", and has for many years been a contentious law-enforcement ambition.

Is this proposal a measured and appropriate response to the atrocities? Definitely not: mass surveillance at this scale would be unlawful, unworkable, disproportionate and ridiculously expensive. It is yet another insane technology fixation conceived in a vacuum and nurtured on rhetoric. Legal opinions from the European commission and the European parliament's legal affairs committee both indicate the complete lack of a legal basis for such proposals.

Sure, the government can argue that the proposal could dodge human rights law under the national security exemption. But it is not good enough to merely claim an exemption; the claim must be comprehensively established and rigorously documented. The government has never provided quantifiable evidence that retention of this personal information is anything more than a shameless grab for greater surveillance. It has published no discussion paper, no research findings, and no risk or opportunity assessment.

In a report published last month by Erasmus University in Rotterdam, researchers reviewing 65 relevant police investigations concluded that data retention was unnecessary. In just about every case police could use existing account and billing information from service providers - as British officers could with the four alleged suicide bombers responsible for the London attacks. Based on the Erasmus findings, the government does not have a leg to stand on with its argument that the proposals are "essential" for policing and national security.

The Dutch justice minister has ventured down an almost identical road, only to be slated by members of his own party and by all opposition parties; the government had not established that the proposals were necessary and it had failed to consider less invasive alternatives. Importantly, it had also failed to conduct any valid investigation into the effectiveness, costs and economic impact of its proposal.

Full retention of and access to this level of data requires, in effect, a full internet wiretap on every user. Christian Democrat MP Hans Franken cited calculations amounting to a €7m initial investment for a small Dutch internet service provider with a 2.5% market share. This equates to a cost burden of hundreds of millions of pounds to UK service providers, which will be passed on to the consumer.

Despite these drawbacks the UK government has been relentlessly pushing for data retention since August 2000, more than a year before the events of September 11. The proposals have been rejected time and time again, both at home and in Brussels.

When the government drafted the regulation of investigatory powers bill, designed to extend and harmonise police powers, the retention idea provoked uproar in the House of Lords, schisms in the Commons, and an icy response from business and civil-liberties groups. It was withdrawn.

Two years later, backed by continuing police submissions, David Blunkett again dipped his toe in the water, only to have it bitten off by an unexpectedly hostile public reaction (remember the "snoopers' charter"?). Now Clarke is attempting to resurrect the idea. He believes the bombings provide justification for a third attempt. The error in his argument is that the terrorist threat has never provided a practical, moral or legal foundation for the proposals that will be put forward today.

Blair has been unequivocal on one point: "all the surveillance in the world" could not have prevented the London bombings. Why then is Clarke hellbent on pursuing retention as a means of countering terrorism?

We should see the UK proposals for what they really are: a desperate political stunt to give a pretence of leadership in Europe.

    Biometrics a Passport to Nowhere Quickly

From Reuters

The United States said on Wednesday it would give 27 mainly European states an extra year to put computer chips into their passports because many of the countries said they would miss the 26 October deadline.

But the Americans stood firm on the introduction of digital photographs, saying the 27 nations taking part in a visa-free travel scheme must meet the deadline if they want to ensure their citizens can enter the United States without a visa.

Biometric data, such as digital photographs and fingerprints in passports, are seen as a key measure in preventing terrorists, illegal migrants and criminals from travelling with fake documents.

Last week, the Financial Times reported that the US government was about to ease up on the e-passport restrictions. Washington had set the deadline for allies to update their passports but many countries said they would miss it, raising the prospect of delays for travellers.

Speaking at a meeting of G8 justice and home affairs ministers in the north of England, US homeland security secretary Michael Chertoff announced the partial relaxation of the deadline: We want to make sure we have adequate time to get it right but to do it with all possible speed. We are going to continue to adhere to the deadline with respect to photos, he added, saying most countries were confident they could meet it.

The US risked losing billions of dollars in spending by tourists and business travellers if it had stuck rigidly to its original timetable. Thirteen countries, whose citizens make up about 80 per cent of all visa waiver travellers - between 13 and 15 million travellers per year - had said they would miss the deadline, according to US officials.

    You're Nicked...Maybe

From www.pledgebank.com/refuse

Britain's most senior police officer warned the Government yesterday that its proposed identity card scheme would fail unless the technology was "almost perfect".

Sir Ian Blair, the Metropolitan Police commissioner, a supporter "in principle" of ID cards, was accused during the election of backing Tony Blair on the scheme by expressing his support when it had become a political issue. But he is the latest influential voice to raise questions about the reliability of the biometric techniques, including facial, fingerprint and iris recognition, to be used in the system. The cost of the proposed scheme has soared and research has suggested that nearly a third of checks based on facial recognition may be false.

Addressing the London Assembly, Sir Ian said that identity cards would be effective in tackling terrorism and serious crime only if the recognition of biometric indicators was almost perfect.

He said he did not want to see his officers "demanding to see people's papers" at random in the street. However, it was "a present danger to the state" that the Government had no idea who some people in the country were, he said. Identity theft was also increasing "day by day" and effective ID cards could be the answer.

Sir Ian told assembly members: "Identity cards are only going to work if we have a biometric answer. That may be iris recognition but it is unlikely to be facial recognition because that changes because of diet and beards and everything else ."

To minimise the risk of false readings of ID cards, the Government has decided that everyone registered on the national identity database will have to provide three biometrics: a digital photograph, fingerprints and an iris print.

However, a trial conducted on behalf of the UK Passport Service of 2,000 people happy to have their biometric details taken showed that when the database was used to verify their identities the success rate varied markedly. The highest, at 96 per cent, was for iris recognition and the lowest, 69 per cent, was for facial recognition.

    Just Say No

I have a feeling that the authorities will tie ID card requirements to passports or money such that it will be hard to refuse an ID card. I surely support the setting up of a fighting fund though. 

From www.pledgebank.com/refuse

Say NO to ID cards and the database state!

Polls have shown for some time that 3 - 4 million people across the UK strongly oppose the Government's plans to introduce ID cards and a National Identity Register. Were this many of us refuse to cooperate then the scheme would be doomed to failure.

If the Government do manage to force through the ID cards legislation, this pledge will not only demonstrate the level of solidarity amongst opponents of the scheme - it will form the basis of a fighting fund* and support network for all those who refuse to comply.

NO2ID continues to campaign against the introduction of ID cards and the National Identity Register on all fronts, for more information on what you can do NOW, please visit www.no2id.net

Phil Booth, NO2ID National Coordinator

If you would like to make the pledge then follow the following link:

"I will refuse to register for an ID card and will donate £10 to a legal defence fund but only if 10,000 other people will also make this same pledge".

Deadline: 9 ^th October 2005 . As of June 15th 2,481 people have signed up, 7519 more needed

*all monies pledged will be held in trust for use in defending those individuals who are prosecuted for resisting registration

    Biometrics a Passport to Nowhere

From The Register

Rules requiring Irish citizens to carry high-tech passports when visiting the US are to be dropped because the technology behind the scheme is seen as unreliable. The US Department of Homeland Security had previously set an October 2005 deadline for the inclusion of biometric information chips in the passports of European citizens who avail themselves of the Visa Waiver programme. This programme allows people to make short-term visits to the US without a visa. The chips would have included a variety of biological information about the passport holder, such as their fingerprints and retina scans.

But according to a report in the Sunday Times, Ireland has shelved plans to include biometric chips in passports amid expectations that the US is to abandon its biometric passport requirements.

Biometrics are just a tool, the real concern is that the information would be used for more than immigration control, said Aisling Reidy, director of the Irish Council for Civil Liberties, speaking to ElectricNews.net. There is also a significant risk of false positives, that people could be wrongly identified, because the technology is not reliable.

The Sunday Times, meanwhile, quoted a spokesperson from the Irish Department of Foreign Affairs, who said that the US has now recognised the technical challenges involved in implementing biometric information.

Trials carried out in the UK last year, for the purposes of introducing a biometrics-based UK national identity card, showed significant levels of failure in the registration and verification of iris, fingerprint and facial recognition trials involving 10,000 British citizens.

Under a new arrangement, holders of passports that include digital photographs could continue to avail of the visa waiver programme. The latest Irish passports include a secure digital photograph, but do not include biometrical information.

The new arrangement is understood to have been devised following discussions between the US and the European Commission. European officials believe the Americans have taken on board concerns that the move would reduce the number of people traveling to the US for business and leisure purposes.

Biometric passports have been under consideration since 2002, when US legislators passed a law requiring the 27 countries in the Visa Waiver programme to start issuing high-tech passports by October 2004. The deadline was subsequently extended to October 2005.

    Snoop Retention

From The Register

The European Parliament has voted overwhelmingly to back calls for proposed laws on data retention to be scrapped. If it were passed, the law would require ISPs and telcos to retain at least three years of data about their customer's communications. But the proposal has been widely criticised for being unworkable, expensive to implement, invasive, and unnecessary.

However, although Parliament's vote has been hailed a victory by organisation representing ISPs, the reality is that the body has no power over the future of the proposal. This is because it is a Pillar 3 proposal, that is, it was set in motion by member states, not the European Commission.

The Parliament was just being "consulted" on the proposal under the Consultation Procedure and consequently has no power, explains Joe McNamee, EU policy director at the Political Intelligence consultancy.

Justice and home affairs ministers argue that this legislation is primarily focused on combating terrorism, and thus the need to act quickly justifies the circumventing of parliamentary scrutiny , notes Kathalijne Buitenweg, Green MEP for the Netherlands. We do not agree, and the European Commission shares our view that this costly and hard-to-execute proposal, which has severe implications on privacy rights as well as business, deserves an appropriate legal base.

So what does this mean for the future of the bill? Is it dead, alive or merely wounded?

As the Commission believes that the proposal is illegal, it is unlikely that it will proceed any further , McNamee told us. That said, the Commission is producing its own proposal on data retention, which is unlikely to be substantially different. This is expected within weeks.

    Fuelling the Big Brother State

Labour must be in drooling of this idea. Not only do they get the congestion charge, they also: reduce tax seepage due to accidentally exaggerated business mileage claims; they can issue far more speeding tickets for impossibly rapid journeys, they can halve police numbers as it will be easy to round up the usual suspects of cars in the vicinity of the time of a crime. They will even get increased profits tax from divorce lawyers as business trips to Darlington are found to be pleasure trips to Brighton.

From the BBC

Drivers could pay up to £1.34 a mile in "pay-as-you go" road charges under new government plans. The transport secretary said the charges, aimed at cutting congestion, would replace road tax and petrol duty. Alistair Darling said change was needed if the UK was to avoid the possibility of "LA-style gridlock" within 20 years.

Every vehicle would have a black box to allow a satellite system to track their journey, with prices starting from as little as 2p per mile in rural areas. We have got to do everything we can during the course of this parliament to decide whether or not we go with road pricing. Darling said.

If public reaction is favourable, a pilot scheme planned for the Leeds area could be rolled out nationwide within the next 10 years.

    Snooping out of Proportion

From Silicon

The European parliament could reject proposals next week for laws to retain the data of telephone and internet service providers (ISPs) for three years.

Legal and civil liberties committees in Strasbourg have already slammed the proposals after German Free Democrat MEP Alexander Alvaro published a report urging EU countries to veto the recommendations.

The proposals were put forward by France, Ireland, Sweden and the UK to aid in the prevention, investigation and prosecution of terrorist acts .

In the report, Alvaro wrote: There are sizeable doubts concerning the choice of legal basis and the proportionality of the measures. It is also possible that the proposal contravenes Article 8 of the European Convention on Human Rights... Should the Council's proposal unexpectedly obtain a majority, the requirement for a review of the measures in the form of an evaluation after three years in force should be incorporated into the text, so that the actual effectiveness of the measures can be established and the act of data retention justified.

Under the initiative, ISPs and phone service providers would be forced to retain data between 12 and 36 months. This would include details of time and dates as well as the location of communications, although the content of communications may not be retained. The laws would govern how companies operate SMS, telephone (including voice over IP) and internet services.

The European parliament will debate the matter on Tuesday.

    State Predators Preying on our Youngsters

We clearly need better education for our children. It needs to be drummed into children from the age of two that they must be aware of the corrupting influences and dangers in society. They must be taught that when approached by predatory and interfering social workers that they must unhesitatingly kick them in the bollocks and tell them to fuck off.

From The Guardian

New guidelines obliging professionals to pry into the sex lives of teenagers will do more harm than good. The latest example of this preoccupation with monitoring children is the newly published Working With Sexually Active Young People Under the Age of 18 - A Pan-London Protocol. This circuitously titled set of guidelines extends surveillance into the most intimate aspects of a teenager's life - and is likely to be rolled out nationally. It requires all professionals in contact with young people to do risk assessments on "any person under 18 they know who is, or is likely to be, sexually active", a term defined so broadly in the Sexual Offences Act 2003 that there will be few teenagers who are exempt. The risk assessment should be very detailed, covering physical and emotional health and education, and safeguarding needs in the context of the sexual relationship . The assessment should include, as standard, a police check on the partner; details of that child or adult will then be stored on the police computer. If someone is considered to need protection, he or she should be referred to social services or the police, who will devise a protection plan.

The protocol stems from the Bichard inquiry into the Soham murders, and comes with the emotive appeal that anything that prevents another tragedy is justified. But it is very hard to see how it will prevent abuse or murder and very easy to see how it will cause harm.

Any screening service needs to have an accurate way of telling which people are at risk, but in this case professionals are given the confusing task of deciding whether the behaviour of the sexual partner amounts to "grooming for sexual exploitation", as opposed to normal seduction.

Police and social workers are expected to create protection plans, but quite how they will protect a 17-year-old girl from a relationship she wants to maintain is left a mystery.

Finally, any screening service should not cause undue harm, but this protocol will cause harm in both direct and indirect ways. The risk assessment is likely to be offensive and distressing to many teenagers since it requires intimate details of their relationship. There is no mention of obtaining their consent; if they disagree with the professional concern, this is seen as another risk factor.

It will also be a major deterrent to teenagers who would like advice or help with sexual relationships but, as we know well, want confidentiality. They may now find themselves subjected to detailed questioning, as well as having their confidences broken and partners' names put on a police computer.

Teenagers are at some risk from sexual predators, but the stranger who uses force to abuse is relatively rare. Most abuse is carried out by relatives or friends who have a relationship with the victim. We would help teenagers more by providing advice when asked and with the confidentiality they prize. This would allow open discussion of the complexities of sexual relationships, helping them make sense of their experiences, recognise exploitation and receive the support needed to protect themselves.

Teenagers at present are causing considerable anxiety to adults, but these preoccupations tell us more about adult anxieties than teenage needs. Professionals are anxious to avoid blame, and detailed procedures offer a form of security to them. But in the complex area of developing happy sexual relationships, they do not offer security to teenagers. Faced with adults who offer help in ways that either demonise or infantilise them, teenagers with a normal range of concerns about sexual relationships are likely to shun all professionals as unhelpful. What they need is a positive message about sex as a natural and enjoyable part of a relationship. They need to learn from experience and they will probably have some miserable or embarrassing times. They might well then appreciate confidential support from an adult as they develop self-confidence and the maturity to know what they want or don't want from relationships.

Professional surveillance is a weak defence against sexual predators. The safest teenager is the one with the confidence to say no.

    Snoops Banned in Australia

From CNET News

Australia's most populous state, New South Wales, moved on Wednesday to outlaw employers from snooping on workers' private e-mails as part of anti-spying legislation aimed at stopping bosses from covertly observing employees.

In an Australian first, the New South Wales state government introduced surveillance legislation to outlaw unauthorized spying on employees using technologies including e-mail, video cameras and tracking devices. We don't tolerate employers unlawfully placing cameras in change rooms and toilets, Attorney General Bob Debus said in a statement. Likewise we should not tolerate unscrupulous employers snooping into the private e-mails of workers.

Australia has national privacy laws but they do not cover e-mail monitoring. The legislation is expected to be passed by next week, the minister's spokesman said. Penalties would include a fine of 5,500 Australian dollars ($4,278) for individuals, or for each director of a corporation.

Trade unions welcomed the move as a victory against "big brother" monitoring by employers, which they said has been on the rise. The e-mail is the modern version of the telephone and I think that most employees would reasonably say that their phones shouldn't be tapped at work automatically, and I think that should apply to the Internet, " said Bill Shorten, secretary of the Australian Workers Union.

Westminster Council are Listening

From The Telegraph

Westminster council is planning to attach 24-hour surveillance microphones to its lamp posts in a move that raises the spectre of George Orwell's Big Brother on Britain's streets.

The first microphones, which are linked wirelessly to Westminster council's headquarters, are designed to monitor rowdy bars and nightclubs in central London. They will also be installed in housing estates in an attempt to stop nuisance neighbours.

Shameful Westminster council said the microphones, which will be installed next to existing wireless CCTV cameras, would not be used to snoop, BUT... would allow its inspectors to take prompt action against anti-social behaviour.

Steve Harrison, its assistant director of community protection, said the microphones would first be tested in Soho. The devices would be programmed to trigger an automatic alert if noise levels get too high. By the time someone rings us up to tell us about a noise problem and we have decided whether to visit, that event could be lost to us. This is about trying to instantly capture an image and audio that goes with it to let us know what's going on. Then we can almost in real time make that assessment of whether to go out.

Recordings could also be used in evidence at a licensing committee or magistrates' court, he said. Within a few months, microphones will also be put in at least two housing estates to monitor communal areas, the council said.

The microphones will be housed in 3ft-long boxes attached to lamp posts. A foam cover and spike to deter pigeons will protrude from the casing, Harrison said.

    Europe Retaining a Bad Attitude to Data

Has anybody ever come across the idea of a screen saver that continually and randomly spiders the web emulating a perpetual surfer. It would have the following advantages:

• It would generate an awful lot of data for Big Brother to store, especially for always on Broadband
• Big Brother would not be able to determine which sites you actually viewing from all the dross recorded
• It may make an interesting screen saver in its own right

Thanks to alan who suggests Web Collage

From The Register

The European Council has quietly proposed pan-European data retention laws that will require communications service providers to keep all user data for a minimum of a year, and possibly indefinitely.

The draft framework will apply to data generated by an exhaustive list of comms architectures and protocols: phone, text, MMS, email, Voice over IP, and Web communications among them.

It has been rather hastily published in line with the European Council declaration that followed the bombings in Madrid. In this declaration, the Council said it would bring forward the debate around data retention. The fact that this document surfaced so quickly suggests, some say, that it has been floating around for some time.

The draft is very broad in its scope, and very loose in its definitions, which may sound familiar. The stated aim is not to store content, just the data generated by the flow of traffic, and its associated user information. However, as Joe McNamee of lobbying group Political Intelligence points out, at no point does this draft specify exactly what constitutes content, and what constitutes traffic data.

Consider article 2.3, part(c). This states that service providers will be required to retain FTP logs. Are these content, or traffic data? This question needs to be resolved, especially as (in article 2.4) the draft makes the provision that it will cover all future communications technologies too.

It is also noticeably imprecise about how long the information must be kept for: article 4.1 provides a time bracket of between 12 and 36 months, but goes on to say that it may be kept for longer if the member state feel it is necessary.

Draconian, you might think. Bound to get the civil libertarians up in arms? But wait: 4.2 contains the get-out clause. It says that any member state can derogate from 4.1 (i.e. ditch it), should they feel it is unacceptable. Sometime the most effective thing you can do, politically, is not be rigid , McNamee says. This clause is very clever. It gives a perfect counter-argument to any criticism without actually backing down: the Council can always argue that it is not forcing the legislation on any of its member states, even though it is extremely unlikely that any will actually take advantage of the option.

In the covering letter, the writers explain that although this kind of retention of data may constitute an interference in the private life of an individual , this doesn't violate European law, provided the interference is appropriate and strictly proportionate .

But what of those innocent citizens whose digital movements will be tracked? Everything you do online must be recorded: that means that FTP logs about images you download, even in a spam email, are kept on a database somewhere. If I was Joe Public, I don't think that would make me feel very secure, McNamee concludes.

    Housing Bullies

A worrying trend to ram peoples arms up behind their back and then make them sign a contract. Such contracts should at least be considered morally worthless both by the bullied individual and the community.

From The Telegraph

New tenants on a housing estate are being required to sign a legally-binding contract not to swear in public. The move is aimed at curbing anti-social behaviour that has plagued the Hollingdean estate in Brighton for years.

New council or housing association tenants will have to sign the agreement, which also outlaws loud music, fly tipping and careless driving. Persistent rule-breakers face losing their homes.

Faye Cooper, the estate's safety co-ordinator who has helped negotiate the agreement with housing associations, the city council and police, said: There are 10 housing associations and the council providing accommodation on this estate, so we wanted everyone to be following the same rules. We want to help people who are causing problems to change their behaviour before we need to enforce the rules but there is now a legal back-up if we need it. The estate has its fair share of harassment, noise, fly tipping and groups of young people who aren't necessarily bad but aren't behaving properly. All these things can create a bad atmosphere, which is what we want to tackle."

    CAPPS: Computer Assisted Passenger Persecution System

I think that the US job will be an awful lot easier when they require Europeans to get visas from inaccessible embassies. Only the terrorists will be arsed to make the effort to go.

From The Register

The US Transportation Security Administration (TSA) is behind schedule in developing a new anti-terrorist database system called Secure Flight.

After confronting the obvious defects in the old pre-9/11 CAPPS (computer-assisted passenger pre-screening system), which allowed 19 violent terrorists to board flights on a single morning, the TSA set out to develop CAPPS-2, supposedly an improvement. When that project failed to result in a working system, TSA announced that it would re-work the entire scheme.

Proposed improvements included letting the government, rather than airlines, administer the system, so that secret counter-terrorist intelligence could be used, and merging airline passenger data with commercial data such as that stored by privacy invasion outfits like ChoicePoint.

TSA got off to a strong start, successfully changing the system's name, for example, but has since fallen behind on lower-priority modifications, such as establishing privacy standards, and basically making it work.

Congress established ten milestones that Secure Flight must pass before its intended roll-out in August. Of these, nine remain to be satisfied. So the chance that this scheme will actually be implemented in August is very slim, especially when one considers the extraordinary capacities that it is expected to have.

According to a report, the required system capabilities are: Comparison of data contained in the passenger's reservation (PNR) with information contained in government watch lists; Matching information in the PNR to CAPPS I rules to identify individuals who should be subject to additional security screening; Checking PNR data against commercial databases to assist in confirming the passenger's identity; Matching PNR data against lists of international fugitives and government 'wanted lists' to identify known criminals; Using algorithms developed through intelligence modeling to identify previously unknown terrorists; Maintaining a list of individuals, who have been previously cleared under credentialing programs, to minimize the volume of passengers that must be prescreened; Providing the capability to create a temporary watch list based on information extracted from current intelligence reports, such as blocks of stolen passports."

It is sure to be full of bad data that will repeatedly flag and inconvenience the wrong travellers. (The existing CAPPS system didn't stop the 9/11 hijackers, although it did catch US Senator Edward Kennedy and former singer Cat Stevens, for example.)

So it comes as no surprise that TSA should have fallen behind in developing a system intended to do the impossible. The only odd thing here is the fact that the law enforcement establishment, the public, and Congress foolishly persist in believing that "information technology" is the answer to real-world security problems.

    A Chip on the Shoulder About Liberty

From the Toronto Star

Currently, no legislation governs the implanting of technology in the human body and, according to the European Group on Ethics in Science and New Technologies (EGE), an advisor to the EC, it's a situation that needs to be addressed.

The European Commission this week adopted an opinion on the ethical aspects of ICT implants in the human body, declaring they should only be given to those in need rather than those who wish to enhance their faculties. Efforts should be made to make sure that such ICT implants are not used to create a two-class society. Access to ICT implants for enhancement should only be for the purpose of bringing children or adults into the 'normal' range for the population... A second permissible purpose would be to improve health prospects, such as enhancing the immune system to be resistant to HIV, for example."

What, however, is not acceptable is using such implants to track individuals or to discover data about them. ICT implants due to their network capability could be misused in several ways for all kinds of social surveillance or manipulation... In some cases, the implantation of microchips with the potential for individual and social forms of control is already taking place. The EGE stresses the importance that not only the individual has the right to protect his or her own personal data but that society should take care that online and surveillance systems, where they are permitted, should not become systems of untenable restriction.

The EC, however, believes that using implants as surveillance tools is acceptable, as long as government has legislated for it first. The EGE insists that surveillance applications of ICT implants may only be permitted if the legislator considers that there is an urgent and justified necessity in a democratic society and that there are no less intrusive methods.

The EGE also recommends that an independent adjudicator be appointed to monitor rulings in such cases.

    Who Authorises Internet Snoops and Who Pays?

From The Register

German ISPs may have to provide customer data to law enforcement agencies without a court order. The latest issue of the German specialist journal New Law Weekly cites a ruling by the District Court in Stuttgart, in which telecom giant T-Online was asked to hand over details of an unknown customer who was suspected of trading porn. All the police had was an IP address.

Initially, T-Mobile refused to hand over details, arguing there was no written court order, which is mandatory under the German Telecommunications Act. The District Court, however, rejected the complaint and said there was enough reason to believe that the person behind the IP address was responsible for the distribution of porn.

The implications of this ruling are uncertain. The big question is whether ISPs in the future may have to bow to the demands of holders of music or video rights. So far, that hasn't been the case. Recently, the German Higher Regional Court in Frankfurt-on-the-Main rejected the claim by a music group to hand over the name of a customer who allegedly ran an illegal music server.

Meanwhile an Internet Service Provider is suing the Dutch government to recover the costs of the requirement to snoop its customers. Under Dutch law ISPs are entitled to claim for the administrative cost of each individual wiretap, but not for the cost of equipment which makes such snooping possible.

XS4ALL is claiming €500,000 - the amount it says it has spent since 2001 to ensure its network is accessible to police. Apart from getting back the money invested in its network XS4ALL wants to set a precedent to establish who pays for law enforcement - government or industry. It warns that the European Council of Justice and Home Affairs is debating measures to make telecom providers store all traffic data for between one and three years. Again the expense of providing such storage will be met by industry

According to XS4all, providers in other European countries including Austria, Italy, Finland, France and the UK are already fully reimbursed for the expense of installing wiretaps.

    Passports to Crime

It is a little alarming if passports are to be readable and unencrypted at a distance without the holder knowing. There are all sorts of criminal opportunities. A scan of outgoing passengers could be made to produce a list of burglary targets. Just knowing where people are going must be good for espionage, marital infidelity investigation, papparazzi hassles etc. A little bit of advance information would be good to set up mugging opportunities or tourist scams etc.

From The Economist

At America's insistence, passports are about to get their biggest overhaul since they were introduced. They are to be fitted with computer chips that have been loaded with digital photographs of the bearer (so that the process of comparing the face on the passport with the face on the person can be automated), digitised fingerprints and even scans of the bearer's irises, which are as unique to people as their fingerprints.

A sensible precaution in a dangerous world, perhaps. But there is cause for concern. For one thing, the data on these chips will be readable remotely, without the bearer knowing. And—again at America's insistence—those data will not be encrypted, so anybody with a suitable reader, be they official, commercial, criminal or terrorist, will be able to check a passport holder's details. To make matters worse, biometric technology—as systems capable of recognising fingerprints, irises and faces are known—is still less than reliable, and so when it is supposed to work, at airports for example, it may not. Finally, its introduction has been terribly rushed, risking further mishaps. The United Sates want the thing to start running by October, at least in those countries for whose nationals it does not demand visas.

The idea is similar to that of the radio-frequency identification (RFID) tags that are coming into use by retailers, to identify their stock, and mass-transit systems, to charge their passengers. Dig deeper, though, and problems start to surface. One is interoperability. In mass-transit RFID cards, the chips and readers are designed and sold as a package, and even in the case of retailing they are carefully designed to be interoperable. In the case of passports, they will merely be designed to a vague common standard. Each country will pick its own manufacturers, in the hope that its chips will be readable by other people's machines, and vice versa.

That may not happen in practice. In a trial conducted in December at Baltimore International Airport, three of the passport readers could manage to read the chips accurately only 58%, 43% and 31% of the time, according to confidential figures reported in Card Technology magazine, which covers the chip-embedded card industry. (An official at America's Department of Homeland Security confirmed that “there were problems”.)

A second difficulty is the reliability of biometric technology. Facial-recognition systems work only if the photograph is taken with proper lighting and an especially bland expression on the face. Even then, the error rate for facial-recognition software has proved to be as high as 10% in tests. If that were translated into reality, one person in ten would need to be pulled aside for extra screening. Fingerprint and iris-recognition technology have significant error rates, too. So, despite the belief that biometrics will make crossing a border more efficient and secure, it could well have the opposite effect, as false alarms become the norm.

The third, and scariest problem, however, is one that is deliberately built into the technology, rather than being an accident of its present inefficiency. This is the remote-readability of the chip, combined with the lack of encryption of the data held on it. Passport chips are deliberately designed for clandestine remote reading. The ICAO specification refers quite openly to the idea of a “walk-through” inspection with the person concerned “possibly being unaware of the operation”. The lack of encryption is also deliberate—both to promote international interoperability and to encourage airlines, hotels and banks to join in. Big Brother, then, really will be watching you. And others, too, may be tempted to set up clandestine “walk-through inspections where the person is possibly unaware of the operation”. Criminals will have a useful tool for identity theft. Terrorists will be able to know the nationality of those they attack.

Belatedly, the authorities have recognised this problem, and are trying to do something about it. The irony is that this involves eliminating the remote readability that was envisaged to be such a crucial feature of the system in the first place.

One approach is to imprison the chip in a Faraday cage. This is a contraption for blocking radio waves which is named after one of the 19th-century pioneers of electrical technology. It consists of a box made of closely spaced metal bars. In practice, an aluminium sheath would be woven into the cover of the passport. This would stop energy from the reader reaching the chip while the passport is closed.

Another approach, which has just been endorsed by the European Union, is an electronic lock on the chip. The passport would then have to be swiped through a special reader in order to unlock the chip so that it could be read. How the European approach will interoperate with other countries' passport controls still needs to be worked out. Those countries may need special equipment or software to read an EU passport, which undermines the ideal of a global, interoperable standard.

Sceptics might suggest that these last-minute countermeasures call into doubt the reason for a radio-chip device in the first place. Frank Moss, of America's State Department, disagrees. As he puts it, “I don't think it questions the standard. I think what it does is it requires us to come up with measures that mitigate the risks.” However, a number of executives at the firms who are trying to build the devices appear to disagree. They acknowledge the difficulties caused by choosing radio-frequency chips instead of a system where direct contact must be made with the reader. But as one of them, who preferred not to be named, put it: “We simply supply all the technology—the choice is not up to us. If it's good enough for the US, it's good enough for us.”

Whether it actually is good enough for the United States, or for any other country, remains to be seen. So far, only Belgium has met America's deadline. It introduced passports based on the new technology in November. However, hints from the American government suggest that the October deadline may be allowed to slip again (it has already been put back once) since the Americans themselves will not be ready by then. It is awkward to hold foreigners to higher standards than you impose on yourself. Perhaps it is time to go back to the drawing board.

    Brother Bruce

No doubt they are using software as provided by the likes of MI5 & GCHQ

From The Courier Mail

The Australian Northern Territory Government is keeping a secret database of people who criticise the Government or its policies, it was learned last night.

The files viewed by the Northern Territory News contained hundreds of names, party affiliations, their jobs or roles and a record of their comments to talkback radio.

Opposition Leader Denis Burke yesterday accused the Martin Government in Parliament of acting like 'Big Brother'. It's one thing keeping files on politicians but it's another keeping files on ordinary people. It's like 'Big Brother'. What about privacy? We certainly never had anything like this when we were in government.

Chief Minister Clare Martin said the information-tracking system was the same as that used by governments - including the previous CLP government - and private companies all over Australia.
It is simply an electronic record of publicly-made comments, which have been made in newspapers, radio, TV and the like, on matters being discussed in the community. This same system was used by the CLP government and is a common practice throughout Australia - both in government and the private sector.

Even ordinary people who called talkback radio to complain, or commend, the NT Government were also included in the file.

    Greek Brother Backs Off

Greek bosses can no longer snoop on their workers' e-mails and Internet surfing activities following a decision by the country's privacy watchdog, which was made public yesterday.

The Authority for the Protection of Personal Data (APPD) decided that it was illegal for employers to read e-mails sent by their staff and to keep a record of, or monitor, the websites they view on their computers at work.

Bosses will also face criminal charges if they collect and use data from phone calls or other forms of communication, such as e-mail, which their employees engage in.

Lastly, the watchdog ruled that workers will have to be fully informed if Virtual Network Computing (VNC) software, which allows third parties to monitor and have access to their computers via a network, is installed on their PCs. APPD said its ruling was a logical extension of the law that bans bosses from reading their staff's correspondence.

    FBI Don't Like Due Judicial Process

American law enforcers clearly don't like it when they have to obey the law themselves

From Silicon

An FBI special agent has hit out at the regulation of the UK-based units of large global ISPs and the role they play in allowing the perpetuation of cybercrime through a lack of co-operation with law enforcement.

Speaking at the Computer and Internet Crime Conference in London, Special Agent Ed Gibson, who is the assistant legal attaché to the US Embassy, expressed concerns that national boundaries are still too much of an obstacle to law enforcement.

Gibson said such obstacles can delay law enforcement efforts by months at a time and singled out the ISPs and their regulation for doing too little to ease the process.

Many of the large US-based ISPs are hiding behind domestic laws and distancing themselves from their UK responsibilities, he said.

Why on earth do we not require that ISPs conform with the laws of this country? asked Gibson, who said UK law enforcement are unable to go into businesses registered in the US and make use of the Regulation of Investigatory Powers Act (RIPA) to access information that could aid an investigation.

According to Gibson, 80 per cent of global email traffic, including the majority of the spam scams which circulate, comes via the webmail services of providers such as AOL, MSN and Yahoo! so finding a way to tap into the relevant data they could provide would prove invaluable.

But he said law enforcement often hit a brick wall when dealing with such companies. The firms can insist on due judicial process - the equivalent of an online search warrant, which can take four to six months - before they will comply with providing data for investigations.

Gibson said the regulation of web hosting companies is also to blame for high levels of online crime.

Why do we allow hosting companies to take credit card details from an individual and let that person put up a website without knowing who they are or what they are doing?

The FBI's Gibson urged companies to adopt a "know your customer" policy and said such an approach would eliminate a lot of the anonymity which facilitates many forms of cybercrime and likely prove an important move in combating it.

    Paying for State Snoops

I suggest that we all run web spider screen savers then it'll be tough for state to tell the wood from the trees.

From The Register

The EU council of ministers is currently working on a framework document that could mean ISPs and telcos having to capture and retain details about their customers, including who they phone, text or email, and even the location of a call.

And that, according to LINX, is unlikely to be funded by the government - pushing up costs for ISPs. Those costs will end up being siphoned out of consumers' wallets, the association has warned.

While ISPs do collect some data on their users for billing and administrative costs, the EU legislation could oblige internet service providers to monitor slabs of white elephant information.

Malcolm Hutty, regulation officer at LINX, said that ISPs who provide 'always on' broadband connections to users could have to monitor precisely when the connection is being used - all for the benefit of the EU.

The European Union recently amended the legislation to remove the time limits individual governments can demand ISPs retain the data for.

In a separate data retention spat, the US government had asked transatlantic airlines to keep data on their passengers for 50 years, although were pressured to accept a three and a half year limit by Europe.

The EU has said it wants to track internet and phone user information to help law enforcement and intelligence authorities.

    Not So Smart Cards

From The Register

The European Union is poised to accept that its current plans for biometric visas are unworkable, reports Statewatch. Last year a Council of Ministers technical group concluded that multiple RFID chips in passports would render the whole snooping match unreadable, which effectively killed a plan everybody had been poised to sign off. Now the Luxembourg incoming Council presidency has accepted this, and tentatively recommended two possible ways forward that were proposed by the technical group.

Both of these are silly, each in its own way. Option one keeps the visa RFID away from the passport by putting it onto a separate smart card. Thus, instead of having the visa tidily stuck or printed into your passport as currently, your honest visiting non-EU passport holder would get a visa in two bits, one sticker in the passport and one piece of plastic that's going to get lost. Or broken. You could of course make it harder to lose it if you kept it (and any other biometric smartcard visas you might have collected on your travels) alongside your passport in a nice wallet. So it'd be sitting next to the RFID chip in the passport and all of the other visas and then none of them would work.

Option two takes its cue more from the UK ID scheme's central non-virtue, and unhappily - as it appears to involve putting things off for a bit - it currently seems to be the more attractive one to "the majority of the delegations." This option abandons the RFID biometric visa in the passport, and instead relies on the biometric data that will be held centrally in Europe's Visa Information System, which is due to come into service in 2007, but which probably won't.

Accepting this option would mean that, if biometrics were to be checked on entry to the EU, this would have to be done via an online check. Rationally, one would expect this option to result in checks being the exception rather than the rule for many years to come, because the infrastructure wouldn't be there, because checks would introduce major delays, and because the central visa database is unlikely to be complete, at least for its early years and quite possibly forever.

    Low Level Radiation, Low Level Attitude

I don't know about you, but my dentist cowers in the corner with a very long lead control lead whenever he uses his X-Ray machine.

From The Register

A Register reader passes us an eye-witness account of progress with the see through clothes scanner currently being tested at Heathrow Terminal 4.

Queuing for the metal detector our informant spotted a machine with a Secure 1000 nameplate, and this rang a bell: I noticed women being pulled out of line and being asked to go through it. Obviously you couldn't see them walk through it, but once through they were then escorted straight to the front of the line for the metal detector.

Bell clearly rung, I'd hardly finished telling my wife to refuse to go through it when she too was pulled aside. After a bit of quick thinking from my wife, who's just as game for winding up people as I am, the following conversation went something like this...

Wife: what is it?
Staff: it's a low-dose x-ray machine
Wife: what does it do?
Staff: it's a security check
Wife: is it mandatory?
Staff: [not actually answering the question] if you don't go through it, when you set off the metal detector you'd be subject to a pat down.
Wife: that's fine, I don't mind a pat down
Staff: but it's only a low-dose x-ray machine
Wife: I'm a woman of child-bearing age, I'd rather not go through it
Staff: it's no more dangerous than having an x-ray at the dentist
Wife: and I decline those
Staff: well, you use a cell phone don't you?
Wife: yes, but they're radio waves affecting my brain, not x-ray's affecting my reproductive organs."

Note that staff appear not to be briefed to provide subjects with a clear statement of risks and dosage levels, nor to draw their attention to particular individual considerations which might make it inadvisable for someone to go through the machine. The x-ray levels from one of these are low enough to be generally harmless, but they might not be for all people, so the procedures being operated are, first, negligent in that they might result in someone being harmed because they believed the claim that the machine was harmless, and second, very very careless, because expensive lawsuits arise from this kind of behaviour.

But instead of giving a fair presentation of the facts, the machine staff are coming up with guff clearly designed to persuade people to go through the machine. We checked with our informant about it being only women being pulled out of the line, but he tells us that there only seemed to be women staff working at the machine. This conforms to acceptable procedure, after a fashion, because as the machine sees through clothes (which the staff seem, erm, not to have mentioned), the general concept of modesty dictates that only people of your own sex get to take pervy looks at you. But it does kind of undermine any method that may underlie the choice of subject.

Our informant's wife, incidentally, didn't get scanned but was sent to the front of the queue anyway. Which tells you some more about the effectiveness of the security staff, and the foolishness of attempting to cede security to automated systems.

    No Celebrations for Big Brother

From The Times

Some unkind souls have suggested that the pathetic New Year’s Eve celebrations in London this year (a ten-minute firework display followed by an orderly dispersal and a free Tube ride straight home to bed) proves that Ken Livingstone could not organise a piss-up in a brewery. On the contrary, it confirms that the Mayor of London’s party would be a strictly organised affair, where everybody was allowed one small alcohol-free lager before being shown the brewery door under police escort.

A couple of years ago, somebody from the mayor’s office memorably announced: “New Year’s Eve is not an event. It is a public order problem.” This joyless, pinched attitude might seem typical of Mr Livingstone, yet it now extends far beyond his London panopticon. Everywhere the fashion is to tighten controls on the celebrations, to impose a stand-there-and-do-as-you-are-told atmosphere and to throw a wet safety blanket over proceedings. Newcastle upon Tyne, the party city, has replaced its midnight firework display with a “winter festival” focused on “family entertainment” (code for no adult fun) and planned to “culminate” at 5.30pm.

Last year even Edinburgh, self-styled Hogmanay capital of the world, cancelled its ticket-only street party at the last minute on the ground of public safety — even though thousands had gathered, ready to brave the bad weather and party, safely or not.

Now The Times reports on plans to introduce a punitive tax on crowds having fun. A proposed licensing system would mean that any large event going on late or serving alcohol will have to pay thousands to local councils for health and safety checks. That should make many of these annoying “public order problems” disappear faster than a baton charge.