Are the watchers being watched?

Not even MPs are exempt from the surveillance state they have created, notes regular columnist Bill Thompson.

Two conversations between Tooting MP Sadiq Khan and his constituent and childhood friend Babar Ahmad were apparently recorded in the prison where Mr Ahmad is being held.

He is on remand while awaiting deportation to the United States on charges relating to his support for terrorism. Mr Ahmad faces no charges in the UK.

The real problem for MPs, of course, is not that they will be specifically targetted for surveillance but that they will inevitably be caught up in operations against other people.

This doesn't seem to be the case here, as special arrangements were made to seat the two men at a "talking table" in the prison visiting area, but many MPs must have found themselves chatting to someone who was being constantly watched.

Perhaps it's time to teach our elected representatives how to use the latest encryption and anonymising tools so that they can protect themselves from the surveillance state they have created?

Just as few of us believe that employers really do stop reading employee e-mails when they realise that they are personal, although that is what the law would require, it is hard to imagine that the secret service turn off their microphones when an MP enters the room.

The problem is not, however, restricted to specially installed listening devices, and MPs concerned about bugs might want to look again at the laws which control how online communications of all kinds are monitored, stored and analysed, since this affects them as much as it affects the rest of us.

Phone companies and internet service providers keep records of all text messages, phone calls, e-mails, IP addresses, websites visited, and times logged on to instant messaging services, collectively known as "traffic data".

The content of e-mails and chats or details of web searches are not stored, so it takes a warrant to read someone's e-mail, monitor their online chats or install bugging software on their laptop so you can listen in to their Skype conversations.

But the information that is retained is enough to know who you are calling or e-mailing, when you're chatting and which websites you are visiting, the sort of thing that most of us would consider private and expect to be kept confidential.

The immunity for MPs dates from the days of Labour PM Harold Wilson

According to the Interception of Communications Commissioner Sir Paul Kennedy over 250,000 requests for access to this data were made in the first nine months of 2007, an appalling extension of the state's powers of surveillance, and one that few of us are aware of.

And nearly 800 separate bodies can ask to see some or all of it.

Apart from the police and secret services the Food Standards Agency, health service trusts and even the Post Office can ask to see who you've been exchanging e-mails with.

The information gathered will inevitably include details of correspondence between MPs and their constituents, lists of websites visited from MPs offices and home computers and details of which instant messaging services they have been accessing.

Currently net service firms retain data for about six months

At least it puts them in the same bag as the rest of us. Journalists don't even have the fig-leaf of protection against being watched that MPs have claimed for themselves, and I tell every one of my students at City University to assume that all of their e-mails, phone calls and online chats could be read by the authorities.

Most of the time, of course, what we're doing is not of sufficient interest to justify the effort of monitoring a journalist - or even an MP - but being aware of the possibility is vitally important in case a story suddenly becomes high-profile. The same would apply if a constituent becomes "of interest" to the authorities.

MPs might be unhappy to find out that their supposedly confidential chats to constituents are being listened in to by MI5, but surely they should be just as worried that the Food Standards Agency can find out that the owner of the dodgy takeaway in the local high street has been sending them e-mails?

Perhaps it's time to teach our elected representatives how to use the latest encryption and anonymising tools so that they can protect themselves from the surveillance state they have created?

Or perhaps they would like to do us all a service and dismantle it.

Source from: news.bbc.co.uk

Read More..

Are the watchers being watched?

Not even MPs are exempt from the surveillance state they have created, notes regular columnist Bill Thompson.

Two conversations between Tooting MP Sadiq Khan and his constituent and childhood friend Babar Ahmad were apparently recorded in the prison where Mr Ahmad is being held.

He is on remand while awaiting deportation to the United States on charges relating to his support for terrorism. Mr Ahmad faces no charges in the UK.

The real problem for MPs, of course, is not that they will be specifically targetted for surveillance but that they will inevitably be caught up in operations against other people.

This doesn't seem to be the case here, as special arrangements were made to seat the two men at a "talking table" in the prison visiting area, but many MPs must have found themselves chatting to someone who was being constantly watched.

Perhaps it's time to teach our elected representatives how to use the latest encryption and anonymising tools so that they can protect themselves from the surveillance state they have created?

Just as few of us believe that employers really do stop reading employee e-mails when they realise that they are personal, although that is what the law would require, it is hard to imagine that the secret service turn off their microphones when an MP enters the room.

The problem is not, however, restricted to specially installed listening devices, and MPs concerned about bugs might want to look again at the laws which control how online communications of all kinds are monitored, stored and analysed, since this affects them as much as it affects the rest of us.

Phone companies and internet service providers keep records of all text messages, phone calls, e-mails, IP addresses, websites visited, and times logged on to instant messaging services, collectively known as "traffic data".

The content of e-mails and chats or details of web searches are not stored, so it takes a warrant to read someone's e-mail, monitor their online chats or install bugging software on their laptop so you can listen in to their Skype conversations.

But the information that is retained is enough to know who you are calling or e-mailing, when you're chatting and which websites you are visiting, the sort of thing that most of us would consider private and expect to be kept confidential.

The immunity for MPs dates from the days of Labour PM Harold Wilson

According to the Interception of Communications Commissioner Sir Paul Kennedy over 250,000 requests for access to this data were made in the first nine months of 2007, an appalling extension of the state's powers of surveillance, and one that few of us are aware of.

And nearly 800 separate bodies can ask to see some or all of it.

Apart from the police and secret services the Food Standards Agency, health service trusts and even the Post Office can ask to see who you've been exchanging e-mails with.

The information gathered will inevitably include details of correspondence between MPs and their constituents, lists of websites visited from MPs offices and home computers and details of which instant messaging services they have been accessing.

Currently net service firms retain data for about six months

At least it puts them in the same bag as the rest of us. Journalists don't even have the fig-leaf of protection against being watched that MPs have claimed for themselves, and I tell every one of my students at City University to assume that all of their e-mails, phone calls and online chats could be read by the authorities.

Most of the time, of course, what we're doing is not of sufficient interest to justify the effort of monitoring a journalist - or even an MP - but being aware of the possibility is vitally important in case a story suddenly becomes high-profile. The same would apply if a constituent becomes "of interest" to the authorities.

MPs might be unhappy to find out that their supposedly confidential chats to constituents are being listened in to by MI5, but surely they should be just as worried that the Food Standards Agency can find out that the owner of the dodgy takeaway in the local high street has been sending them e-mails?

Perhaps it's time to teach our elected representatives how to use the latest encryption and anonymising tools so that they can protect themselves from the surveillance state they have created?

Or perhaps they would like to do us all a service and dismantle it.

Source from: news.bbc.co.uk

Read More..

Technology's challenge to privacy

A single fingerprint caused the biggest buzz at the meeting

The International Data Protection and Privacy Commissioner's conference brings together hundreds of privacy commissioners, government regulators, business leaders, and privacy advocates who spend three days grappling with emerging issues.

The theme of this year's conference, held in Montreal, Canada, was "Terra Incognita," a reference to the unknown lands that typify the fear of the unknown in a world of rapidly changing technologies that challenge the core principles of privacy protection.

Yet despite a dizzying array of panels on new technologies such as ubiquitous computing, radio frequency identification devices (RFID), and nanotechnology, it was a reference by United States Secretary of Homeland Security Michael Chertoff to a simple fingerprint that struck the strongest chord.

Privacy threat

Canada last hosted the conference in 1996 and it quickly became apparent that privacy has become virtually unrecognisable in the intervening eleven years.

The technological challenges were on display throughout the event including eye-opening presentations on the privacy impact of popular children's websites such as Webkinz and Neopets, on genetic innovation that is pushing the boundaries of science without regard for privacy, and on the continual shift toward tiny devices that can be used to collect and disclose personal information.

Chertoff seemed to say there is a known reality about our future course and there is little that the privacy community can do about it.

The conference placed the spotlight on the growing "toolkit" of responses, including privacy audits of both public and private sector organisations, privacy impact assessments that are used to gauge the effect of new regulations and corporate initiatives, trust seals that include corporate compliance programs, and emphasis on global cooperation in a world where personal data slips effortlessly across borders.

While the effectiveness of these measures has improved in recent years, there remained a pervasive sense that these responses are inadequate.

Part of the unease arises from the growing realisation that the legal foundation of privacy law is being rendered increasingly irrelevant.

Privacy and data protection laws have long relied on the twin pillars of notice and consent whereby consumers are notified of, and consent to, the collection, use, and disclosure of their personal information.

Critics argue that both notice and consent are today little more than legal fictions, as consumers ignore overly complex notices and shrinking technology makes it virtually impossible to obtain informed consumer consent.

Moreover, privacy law has also emphasised the distinction between personally identifiable information - information that can be traced to a particular person and is therefore deserving of legal protection - and non-identifiable information that does not enjoy any legal protection.

Technology threatens the ability to easily distinguish between the two as powerful computers and ever-expanding databases make it easier to identify individuals from what was once thought to be non-identifiable information.

Addressing these legal shortcomings will command the privacy community's attention for the foreseeable future; however, it was Chertoff's keynote address that crystallised the challenge to global privacy protection.

'Chilling future'

In a room full of privacy advocates, Chertoff came not with a peace offering, but rather a confrontational challenge.

Michael Chertoff said the US intends to expand its fingerprinting

He unapologetically made the case for greater surveillance in which governments collect an ever-increasing amount of data about their citizens in the name of security.

For example, in support of his security agenda, he noted that US forces in Iraq once gathered a single fingerprint from a steering wheel of a vehicle that was used in a bombing attack and matched it to one obtained years earlier at a US border crossing.

He added that there was a similar instance in England, where one fingerprint in a London home linked to a bombing was matched to a fingerprint gathered at a US airport (the identified person was actually innocent of wrongdoing, however).

Chertoff explained that in the autumn the US intends to expand its fingerprinting collection program by requiring all non-Canadians entering his country to provide prints of all ten fingers (it currently requires two fingerprints).

In the process, his vision of a broad surveillance society - supported by massive databases of biometric data collected from hundreds of millions of people - presented a chilling future.

Rather than terra incognita, Chertoff seemed to say there is a known reality about our future course and there is little that the privacy community can do about it.

As privacy advocates lamented the remarks, warning of creeping surveillance and urging commissioners to take action, delegates were left to wonder whether the privacy world will again be unrecognisable when the Data Protection and Privacy Commissioner's conference next convenes in Canada.

Source from: news.bbc.co.uk

Read More..