[Quote:]

The Ninth Circuit’s recent ruling (pdf) in United States v. Arnold allows border patrol agents to search your laptop or other digital device without limitation when you are entering the country. EFF and many civil liberties, travelers’ rights, immigration advocacy and professional organizations are concerned that unfettered laptop searches endanger trade secrets, attorney-client communications, and other private information. These groups have signed a letter asking Congress to hold hearings to find out what protocol, if any, Customs and Border Protection (CBP) follows in searching digital devices and copying, storing and using travelers’ data. The letter also asks Congress to pass legislation protecting travelers’ laptops and smart phones from unlimited government scrutiny.

[..]

In the meantime, how can international travelers protect themselves at the U.S. border, short of leaving their laptops and iPhones at home?

The EFF has many suggestions, but it really boils down to: if you’re not a US citizen, don’t travel to the US if you can avoid it. If you are a US citizen, you’re fucked.

[Quote:]

There has been outrage in Italy after the outgoing government published every Italian’s declared earnings and tax contributions on the internet.

The tax authority’s website was inundated by people curious to know how much their neighbours, celebrities or sports stars were making.

The Italian treasury suspended the website after a formal complaint from the country’s privacy watchdog.

[..]

The timing of the move, just days before the current administration hands over to incoming Prime Minister Silvio Berlusconi, was intriguing too, says our correspondent.

The outgoing government came to power promising to tackle Italians’ notoriously lax approach to paying tax.

[Quote:]

“In 2001 Jose Emilio Suarez Trashorras was jailed in a Spanish prison for drug related offences. Whilst imprisoned, Trashorras established regular contact with Jamal Ahmidan who was serving time for a petty crime. Both individuals embraced radical Islamic fundamentalist ideas within the prison and were recruited in the Takfir wa al-Hijra group, a Moroccan terrorist groups linked with al-Qaida . Following their release, Ahmidan became the leader of the terrorist cell that conducted the Madrid bombing. In a drugs-for-bombs exchange with a third party, Trashorras provided the explosives for the 13 backpack bombs that killed 191 people and injured hundreds.“

So write Vassilis and Panos Kostakos in the department of computer science and the University of Bath in the UK, who have come up with a system that they say could spot and monitor these kinds of interactions in prisons.

Their idea? Fit inmates with RFID tags that allow their positions to be monitored, and then number crunch the resulting data sets to see who spends the most time with whom.

Not exactly rocket science but the Kostakos’s have an even more frightening idea. Why not test the idea by anonymously monitoring the movements of students, residents and workers of the city of Bath by listening out for their bluetooth-enabled devices as they move around the city. And that’s what they’ve done.

What the Kostakos found is that it is straightforward to capture data on people’s encounters using bluetooth. In fact they captured data on 10,000 unique devices during the 6 month study. Yep, that’s 10,000.

Exactly how much you can tell about these encounters isn’t clear. But hey, this is only a demonstration (either that or they’re keeping schtum about the juicy details).

These days there’s less and less difference between people inside and outside prisons..

Next up: mandatory bluetooth collars for everybody.

[Quote:]

The government has refused to investigate BT’s covert wiretapping of thousands of its customers in 2006 and 2007, despite its own expert’s view that without consent Phorm’s advertising targeting technology is a breach of criminal law.

Whitehall’s willingness to turn a blind eye to the fact that tens of thousands of people were spied on by big business in order to serve up targeted marketing has angered web users. “I’m absolutely sickened and appalled,” Pete John, who has tried to interest authorities, told The Register this week.

BT customers who have attempted to report the secret listening and profiling experiments to the police have been told to approach the Home Office. One was subsequently told over email by an official: “It is important to remember that private companies such as ISPs are allowed to do certain things under section 3 of [the Regulation of Investigatory Powers Act] that Law Enforcement Agencies cannot do without permission.”

All Hallow the Corporation!

[Quote:]

The Bush administration said yesterday that it plans to start using the nation’s most advanced spy technology for domestic purposes soon, rebuffing challenges by House Democrats over the idea’s legal authority.

[..]

Sophisticated overhead sensor data will be used for law enforcement once privacy and civil rights concerns are resolved, he said.

And it will be resolved by ignoring the relevant parts of the constitution, of course.

Feel safer yet?

[Quote:]

Phorm has agreed to allow an independent software expert to inspect its source code as it continues to battle the firestorm provoked by agreements with BT, Virgin Media and Carphone Warehouse to let it build profiles of their broadband customers’ web browsing.

It seems a move by the battered firm to try to win some public trust.

As in, yep, they’re screwing over your privacy and selling you out to the highest bidder, but at least they do so with bug-free code? How would that make any difference?

Davies, a London School of Economics researcher best known as the founder of the pressure group Privacy International, has come under increasing criticism for his commercial role in the Phorm affair.

[..]

The report is dated 10 February, and Davies has since praised the system. Defending himself against criticism on the influential UK-Crypto mailing list, he wrote: “For what it’s worth, we do believe the company [Phorm] has created some extremely interesting and privacy friendly technology. And in my view the company has gone above and beyond the norm to expunge personal data from its system.”

You know what my definition of “privacy friendly technology” is? Not collecting all that shit in the first place.

Like web inventor Sir Tim Berners-Lee, 80/20 argues that Phorm would only be allowable on an opt-in basis. The logic goes that if the “service” is so great, why wouldn’t people choose to be part of it?

And, of course, the same logic can be used to reason that since Phorm has no intention to do that, they expect as much people to opt in to their system as they would expect to accept a free enema on the town square.

As one of the comments on the Register states, which part of “FUCK OFF” don’t they understand?

[Quote:]

Primary school children should be eligible for the DNA database if they exhibit behaviour indicating they may become criminals in later life, according to Britain’s most senior police forensics expert.

Gary Pugh, director of forensic sciences at Scotland Yard and the new DNA spokesman for the Association of Chief Police Officers (Acpo), said a debate was needed on how far Britain should go in identifying potential offenders, given that some experts believe it is possible to identify future offending traits in children as young as five.

The younger you tell kids they’re suspected criminals, the younger they’ll start acting like one. Tell people you don’t trust them in anything, and they’ll act like it. Break down basic trust at ages as young as five, and your society will go down the crapper.

[Quote:]

Records of journeys made by people using smart cards that allow 17 million Britons to travel by underground, bus and train with a single swipe at the ticket barrier are among a welter of private information held by the state to which MI5 and police counter-terrorism officers want access in order to help identify patterns of suspicious behaviour.

The request by the security services, described by shadow Home Secretary David Davis last night as ‘extraordinary’, forms part of a fierce Whitehall debate over how much access the state should have to people’s private lives in its efforts to combat terrorism.

[..]

Currently the security services can demand the Oyster records of specific individuals under investigation to establish where they have been, but cannot trawl the whole database. But supporters of calls for more sharing of data argue that apparently trivial snippets - like the journeys an individual makes around the capital - could become important pieces of the jigsaw when fitted into a pattern of other publicly held information on an individual’s movements, habits, education and other personal details. That could lead, they argue, to the unmasking of otherwise undetected suspects.

Or, in other words, they want to spy on you, but they aren’t sure why, yet. However, they’re sure that if they watch you long enough, they’ll find something.

[Quote:]

BT staffer Adam Liversage has quietly confirmed that the operator conducted a “very small scale technical test” (secret trial) of Phorm’s data pimping system during 2007 (original news). Liversage issued the following statement to the operator’s community forums:

BT can confirm that we conducted a very small scale technical test of a prototype advertising platform on one exchange in June 2007. The test was specifically conducted to evaluate the functional and technical performance of the platform. Absolutely no personally identifiable information was processed, stored or disclosed during this trial. As with all Service Providers, it is important for BT to ensure that, before any potential new technologies are employed, they are robust and fit for purpose.

It’s understood that the trial was tried on a live exchange first with no prior customer consultation because those that witnessed the activity on their connection and enquired were mislead by BT into thinking, ironically, that it was a DNS hijacker.

Indeed we’d question how successful such a trial could be without any information being “processed [AND OR] stored“. That would be a bit like developing an operating system and never running it, although sometimes we think Microsoft probably do that too.

[Quote:]

These machines (which, I’m told, capture the shape of your fingertip instead of your fingerprint itself) are used to keep Disney World customers from sharing or re-selling their admission tickets, and are part of a general and growing police-state climate at the parks that includes routine bag-searches at each park entrance.

The readers aren’t very effective at stopping admission cheats. You can choose not to register your fingertip, and to use photo ID for admission instead (I’m thinking of having a random piece of photo identification made with the words “OFFICIAL BOGUS SECURITY IDENTIFICATION FOR HOTELS, THEME PARKS AND OTHER JUNIOR G-MEN” printed on it). So it would be very easy to share your pass: the person named on the pass enters with his ID, and the person with whom he’s sharing the card uses a fingertip — you could visit with your sister’s family and half of you could use the tickets in the morning while the other half hung around the pool and relaxed, then switch at lunch: the morning crew uses fingertip, the afternoon uses ID.

What these readers are effective at is conditioning kids to accept surveillance and routine searches and identity checks without particularized suspcion. One morning at Epcot Center, as we offered our ID to the castmember at the turnstile and began to argue (again — they’re very poorly trained on this point) that we could indeed opt to show ID instead of being printed, a small boy behind us chirped up, “No you have to be fingerprinted! Everybody has to be fingerprinted!”

[Quote:]

Mass fingerprinting, biometric passports, identity cards and international identity databases will not protect Britain and other European countries from terrorists or criminals.

This startling admission comes in a leaked European Commission report prepared for Home Secretary Jacqui Smith and other EU Home Affairs Ministers.

The report undermines Gordon Brown’s claims about the need for controversial new passports and identity cards to protect the country from terror attacks.

It raises new questions about the true purpose of Government databases, which will store intimate details of everyone in Britain, including their picture, fingerprints and confidential personal information.

The EU report, obtained by The Mail on Sunday, says most people behind terror attacks in the UK and Europe were living in the EU legally and so would not be affected by increased security measures.

It says: “None of the policy options contribute markedly to reducing terrorism or serious crime.

[Quote:]

The government will announce plans tomorrow to give every English child an identifying number and a database entry of their school qualifications.

The idea, if that’s not too strong a word, is that the database will include a mini-CV which employers will be able to check.

Every child of 14 will get a Unique Learning Number, different from the Unique Pupil Number which is deleted when you leave school, and different from the national ID database. This number will allow them to access the online database, known as managing Information Across Partners (MIAP). Potential employers will get a different password giving them limited access to a person’s record.

The government is supposed to be in the middle of reviewing the security of all the data it keeps on UK citizens, but the Department of Innovation, Universities and Skills was unable to tell us what impact this review has had or might have on the thinking behind the database. Most of the information on the database is already held somewhere, but not in one place.

People already have CVs that they send to prospective employers, right? What is this database for?

[Quote:]

The debate isn’t security versus privacy. It’s liberty versus control.

You can see it in comments by government officials: “Privacy no longer can mean anonymity,” says Donald Kerr, principal deputy director of national intelligence. “Instead, it should mean that government and businesses properly safeguard people’s private communications and financial information.” Did you catch that? You’re expected to give up control of your privacy to others, who — presumably — get to decide how much of it you deserve. That’s what loss of liberty looks like.

It should be no surprise that people choose security over privacy: 51 to 29 percent in a recent poll. Even if you don’t subscribe to Maslow’s hierarchy of needs, it’s obvious that security is more important. Security is vital to survival, not just of people but of every living thing. Privacy is unique to humans, but it’s a social need. It’s vital to personal dignity, to family life, to society — to what makes us uniquely human — but not to survival.

If you set up the false dichotomy, of course people will choose security over privacy — especially if you scare them first. But it’s still a false dichotomy. There is no security without privacy. And liberty requires both security and privacy. The famous quote attributed to Benjamin Franklin reads: “Those who would give up essential liberty to purchase a little temporary safety, deserve neither liberty nor safety.” It’s also true that those who would give up privacy for security are likely to end up with neither.

[Quote:]

Gobby TV presenter Jeremy Clarkson has been forced to reverse his position after he lost money after publishing his bank account details in a newspaper column.

The Top Gear presenter rather rashly published his account details in a column in The Sun to back up his claims that the child benefit data loss furore, which resulted in the loss of unencrypted CDs containing bank details of 25m people, was a lot of fuss about nothing.

Clarkson published his bank account number and sort code, along with clues to his address, insisting that the worst that could happen was that someone could pay money into his account.

Days later Clarkson was forced to admit he was wrong after an unidentified prankster set up a £500 direct debit from the presenter’s account in favour of charity Diabetes UK, the BBC reports.

“The bank cannot find out who did this because of the Data Protection Act and they cannot stop it from happening again,” Clarkson said in a column published in the Sunday Times. “I was wrong and I have been punished for my mistake.”

Clarkson, never one to shy away from colourful or controversial commentary, is now hopping mad over the data loss. “Contrary to what I said at the time, we must go after the idiots who lost the discs and stick cocktail sticks in their eyes until they beg for mercy,” he said.

My response:

(Aside from the laugh, I have some respect for the man. He was wrong, admits it and, having learned from his mistake, is quite happy to change his opinion.)

Just when you think Sears was having a bad day…

[Quote:]

“Hey Dad, did you guys by any chance buy a new sewing machine from Sears on September 30th?”

“We did. How did you know that?”

“I just found it listed on a Sears web site. It looks like they have another privacy problem.”

[Quote:]

This system, the Electronic Travel Authorization (ETA, there’s a weird coincidence) will effectively be a pre-authorisation system for US entry, or, as Chertoff puts it, “a passenger will, in effect, make a reservation with the United States.” It will apply to all travellers, with those passing being clear to board, while the rest can be flagged for more detailed investigation or simply refused. So although it will not be a visa system as such, the kind of information and checks involved will be similar to those used in a visa application. As and when it’s operational it will be a visa-like system, operating on-the-fly (as it were).

There’s no actual visa involved, so it can still be claimed that the visa is waived, but the extent of the information required, the checking involved and the pre-authorisation means that it can also be viewed as a ‘visas for all’ programme. Chertoff himself makes this a little clearer: “We can no longer afford to assume that all citizens of VWP countries represent lesser security threats, and that all citizens of non-VWP countries represent greater threats. Instead, we need a program that screens for risks on a passenger-by-passenger.” So really, it’s the VWP ‘whitelist’ of countries that’s toast.

What’s Frattini’s stance on this? He lobbies strongly for the new EU States to be included in the VWP, and quibbles some aspects of the new US rules. Visa reciprocity and readmission, where the new rules require that VWP members accept all their national for readmission “soon after they are issued a final order of removal”, are he stresses matters of “EU competence”, which is code for ‘please stop trying to negotiate separate deals with EU Member States. Chertoff responds with: “DHS is pleased to have already begun discussions of these new security measures with some of the Roadmap countries that will be eligible for admission under the modified program. We also look forward to discussions over the next two years with existing VWP members, many of which have already implemented security measures similar to the new VWP requirements which may ultimately be deemed to satisfy these obligation.”

This is code for ‘go screw yourself, Franco.’

Frattini is however an unconvincing defender of the status quo anyway, because he really wants to build the EU an ETA of its own, so that the EU and US can happily engage in mutual invasive biographical data sharing. Frattini is already deploying an EU Passenger Name Record (PNR) system in response to the personal data grab the US prepared earlier, and now: “In particular we would be interested in being informed and consulted on the planned Electronic Travel Authorization system (ETA) for all travellers coming to the US. The EU may consider the introduction of a similar reciprocal system at the EU level. Close cooperation and consultation with the US on characteristics, compatibilities and other aspects of both systems would therefore be very useful.”

He likes it and wants one, doesn’t he? And: “In this context EU citizens already provide information to the US through embarkation cards and API [Advance Passenger Information] and PNR data. We would open to further consideration of bilateral arrangements on data exchange at the European level, as suggested by the draft Visa Waiver Programme legislation.”

[Quote:]

The government has told head teachers to lighten up after one British school told children in the dinner queue that if they didn’t give their fingerprints they wouldn’t get any food.

The Department for Education and Skills said this week in a statement to the BBC Radio 4 Programme You and Yours that schools who refused school dinners to kids who won’t scan their fingerprints might be in breach of the law, contrasting with the long-overdue guidance note it issued on school fingerprinting in the summer.

This draconian application of fingerprint technology at Morley High School, Leeds, had forced one parent to make her child packed lunches, since the school provided no alternative way for children to get their dinner.

John Townsley, head teacher of Morley High School, told You and Yours: “We have given parents an opt out. The opt out is that you don’t have to have anything to do with the system whatsoever and that you then have the responsibility as a mum, dad or carer to provide a very healthy alternative to your child.”

But the DfES said: “Schools have a legal duty to provide meals for pupils who want them. So telling concerned parents to provide pack lunches if they were unwilling to sign up to the fingerprint system, as Morley High was doing, might amount to a breach of the Education Act 2002.”

[Quote:]

In a ruling, dated March 27, 2007, which has only now been published and is likely to have legal ramifications, the local court of the Berlin district of Mitte has barred the Federal Ministry of Justice from retaining personal data acquired via its website beyond the periods associated with the specific instances of use of the site. Thus IP addresses in particular may no longer be filed away. Given these Web markers “it is even today possible in most cases, without any elaborate effort being required, to identify Internet users by merging personal data with the help of third parties,” the judges declared. The local court also opposed the view espoused by operators and some data privacy watchdogs that security reasons justify a recording regime that over short periods of time maps the behavior of all Net users and allows individual users to be picked out.

As the recording of behavior – in the form of logfiles or clickstreams, say – that allows individual users to be identified has meanwhile become common practice, the court’s decision, which is now no longer subject to appeal, is, according to Patrick Breyer, a lawyer associated with the German Working Group on Data Retention, who was the plaintiff in the above case, something of a signal for the Internet industry as a whole. Large commercial net portals such as Google, Amazon and eBay were not prepared to dispense with recording regimes of this kind, he observed. “Even the Deutsche Bundestag [the lower chamber of Germany's Federal Parliament] is at present — in violation of its own legislation — logging the behavior of the users of its Internet portal on a just-in-case basis,” Mr. Breyer pointed out. He called on all public authorities, departments and agencies of the German Federal State and of the federal states comprising the Federal Republic to abandoned their “illegal data retention policies” by the end of this year at the very latest. “Otherwise additional lawsuits will have to be filed,” he added. The lawyer has made a model complaint available on his website.

[Quote:]

These days, data about people’s whereabouts, purchases, behaviour and personal lives are gathered, stored and shared on a scale that no dictator of the old school ever thought possible. Most of the time, there is nothing obviously malign about this. Governments say they need to gather data to ward off terrorism or protect public health; corporations say they do it to deliver goods and services more efficiently. But the ubiquity of electronic data-gathering and processing—and above all, its acceptance by the public—is still astonishing, even compared with a decade ago. Nor is it confined to one region or political system.

[..]

If the erosion of individual privacy began long before 2001, it has accelerated enormously since. And by no means always to bad effect: suicide-bombers, by their very nature, may not be deterred by a CCTV camera (even a talking one), but security wonks say many terrorist plots have been foiled, and lives saved, through increased eavesdropping, computer profiling and “sneak and peek” searches. But at what cost to civil liberties?

Privacy is a modern “right”. It is not even mentioned in the 18th-century revolutionaries’ list of demands. Indeed, it was not explicitly enshrined in international human-rights laws and treaties until after the second world war. Few people outside the civil-liberties community seem to be really worried about its loss now.

That may be because electronic surveillance has not yet had a big impact on most people’s lives, other than (usually) making it easier to deal with officialdom. But with the collection and centralisation of such vast amounts of data, the potential for abuse is huge and the safeguards paltry.

Ross Anderson, a professor at Cambridge University in Britain, has compared the present situation to a “boiled frog”—which fails to jump out of the saucepan as the water gradually heats. If liberty is eroded slowly, people will get used to it. He added a caveat: it was possible the invasion of privacy would reach a critical mass and prompt a revolt.

If there is not much sign of that in Western democracies, this may be because most people rightly or wrongly trust their own authorities to fight the good fight against terrorism, and avoid abusing the data they possess. The prospect is much scarier in countries like Russia and China, which have embraced capitalist technology and the information revolution without entirely exorcising the ethos of an authoritarian state where dissent, however peaceful, is closely monitored.

On the face of things, the information age renders impossible an old-fashioned, file-collecting dictatorship, based on a state monopoly of communications. But imagine what sort of state may emerge as the best brains of a secret police force—a force whose house culture treats all dissent as dangerous—perfect the art of gathering and using information on massive computer banks, not yellowing paper.

And if you think Roe vs Wade is about abortions, you’re wrong.