understanding the importance and impact of anonymity and authentication in a networked society
navigation menu top border

.:home:.     .:project:.    .:people:.     .:research:.     .:blog:.     .:resources:.     .:media:.

navigation menu bottom border
main display area top border

« June 2005 | Main | August 2005 »

Korea: the end of online anonymity is near!

posted by:Marty // 08:13 PM // July 30, 2005 // Digital Democracy: law, policy and politics

This may have gone under the radar for some (myself included) as it came out earlier in July…

South Korea is set to release in October what is being dubbed the ‘real name system’. The real name system will be a policy mechanism implemented by the Ministry of Information and Communication (MIC).

The real name system, an initiative of Prime Minister Lee hae-chan, is the governments’ response to recent instances of online slander and harassment. The full effect of the real-name system could very well be the legislated end to online anonymity in South Korea as it would require all internet users to post their real name and resident registration numbers when posting online. Effectiveness of the system is a different matter entirely.

For more on the real name system see:

Obviously this is chilling stuff (double-entendre intended). Alarming even. What shocked me more is the thrust of an editorial in the Korean daily JoongAng Daily:

Some civic groups and Internet companies are opposing the introduction of the "real name" system. They insist that it is a very dangerous idea, because it means everyday people will be monitored as though they were criminals. Others warn that there could be serious unintended consequences, such as the theft of residential registration numbers, which are key to the system. But the threat to privacy can be prevented by developing a system that can verify a user's identity by means other than the residential registration number. At any rate, it is in the basic spirit of the Constitution that the rights of victims deserve protection as much as people's freedom of expression does.

I read this to be a call for balance, but a misguided one. In essence an alternative system of verification is still a gateway and barrier to anonymous access. Threats to privacy still pervade. But I digress. What I would like to pick upon is the debate between victims’ rights versus freedom of express (and association, privacy, etc.) that can be had here. Is the real name system an overreaction by the State to a few instances of cyberslander or harassment? If a balancing act between rights cannot be achieved, should rights still trump other rights? Considering that it, likely, will be easy to evade the real name system, thus calling into question is efficacy, should such a system really be put in place, given the messages it sends?

In thinking about this debate, keep this in mind - 80% of respondents to a MIC study support the real name system (source: Korea.net).

| Comments (0) | | TrackBack

Data - Security Bill Advances in U.S. Senate

posted by:Jennifer Manning // 09:41 PM // July 29, 2005 // Digital Democracy: law, policy and politics

WASHINGTON (Reuters) - Businesses would have to protect credit-card accounts and other sensitive consumer information and notify them when they have been exposed to identity theft, under a bill approved on Thursday by a Senate committee.

The lucrative trade in consumers' Social Security numbers would also be curtailed under a bill approved unanimously by the Senate Commerce Committee.

The vote marks the first time Congress has taken steps to improve data security following a string of breaches that have exposed some 50 million consumers to possible identity theft.

``It's important we get this moved because none of us are going to have any privacy left if we don't,'' said Florida Democratic Sen. Bill Nelson..

Dozens of retailers, universities, banks, data brokers and other institutions have disclosed breaches this year, ranging from attacks by malicious hackers to losses of backup tapes during transit to storage facilities.

The announcements were prompted by a California state law that requires institutions to make such data breaches public. Seventeen states have since passed similar laws, prompting banks and other businesses to ask Congress to set a single national standard.

Under the Commerce Committee's bill, businesses and other institutions would have to notify consumers within 45 days if they are exposed to identity theft from any security breach. They would also have to notify the Federal Trade Commission, and the FTC would publicize those that affect more than 1,000 consumers.

Consumers could also prevent credit bureaus from giving out their credit reports to deter identity thieves from getting more information.

Businesses and other institutions would not be allowed to sell consumers' Social Security numbers without permission. They also would not be allowed to collect Social Security numbers from consumers, or display them publicly.

Social Security numbers, used to track government retirement benefits, are now commonly used as a numerical identifier on everything from bank accounts to drivers' licenses, a practice that experts say makes identity theft easier.

Other committees are considering data-security bills as well.

In the Senate, leaders of the Judiciary Committee have a bill that would establish jail time for business leaders who don't tell consumers when they may be at risk of identity theft. The committee likely won't act on that bill until after the month-long break that begins on Friday.

Committee Chairman Ted Stevens, an Alaska Republican, said the committee would also have to harmonize its bill with one being developed by the Senate Banking Committee.

In the House of Representatives, the Financial Services Committee and the Energy and Commerce Committee are developing data-security bills.

| Comments (1) | | TrackBack

Privacy and Identity Integrity Meets VOIP

posted by:Jason Millar // 09:15 PM // // TechLife

Voice Over Internet Protocol (VOIP) allows voice communications to be relayed over the internet rather than the established and somewhat (in)secure phone network. Given the increased number of security threats on the internet, voice communications over that medium seems like a risky business for anyone concerned with such things.

Phil Zimmermann, the man who introduced PGP to the world of email has demonstrated his latest venture--an encryption scheme for VOIP communications. Here's the article.

| Comments (0) | | TrackBack

Big Brother Wants to Be Diet Cop

posted by:Todd Mandel // 06:48 PM // // Surveillance and social sorting

Wired News reports that New York city offiicals have proposed to monitor people with Diabetes and by "intervening ever so slightly in their care", improve their level of care and general health. Privacy advocates have responded with criticisms that, unlike contagious diseases, Diabates only affects the individual and is an intrusive entry into people's personal lives. Read the full article at:


| Comments (0) | | TrackBack

Lawful access or needless distress? How service providers feel about new high-tech surveillance proposals

posted by:Jennifer Manning // 05:07 PM // // Surveillance and social sorting

By: Mari-Len De Guzman
IT World Canada (22 Jul 2005)
In the so-called "lawful access" controversy in Canada there are almost as many sides as there are stakeholders.

The debate appears to pit law enforcement agencies here against privacy groups. Service providers – wireless, wireline and Internet – are caught somewhere in the middle, trying to juggle their twin responsibilities: ensuring subscriber privacy, while helping law enforcement catch crooks or terrorists.

Theoretically, "lawful access" refers to the legal intercept of communications, as well as search and seizure of information by Canadian law enforcement agencies. Under current criminal statutes, these seizures have to be authorized by law, usually a judicial order.

This, however, may not always be the case if the new "lawful access" proposals go through.

For instance, police, CSIS agents, and Competition Bureau agents would be empowered to obtain subscriber data – name, address, e-mail address, IP address – from telecommunications service providers (TSPs) upon mere request, without any judicial authorization or requirement for reasonable grounds to suspect wrongdoing.

In addition, TSPs would be subject to a "gag order" regarding such requests – namely, no disclosure of the content of the request, the information provided, or any other information regarding the provision of subscriber information to the police.

And it's more than ethical dilemmas that carriers have to contend with. There's the question of what compliance would cost them – in terms of money, technology and resources.

Counting the cost:

For instance, one proposal currently under review requires service providers to build into their networks communications intercept capabilities.

The question, of course, is who will foot the bill for doing that. For carriers and service providers, that's a vital issue. But until the proposed legislation provides more clarity in terms of the technology requirement, TSPs are not able to quantify the capital cost of lawful access compliance.

One thing may be certain though, according to David Elder, chair of the lawful access committee of the Canadian Association of Internet Providers (CAIP). Smaller Internet service providers (ISP) will be given "special considerations" when it comes to the carriers' financial obligations.

Click here for the article, and to see Jason Young on the cover.

| Comments (0) | | TrackBack

Death and Identity

posted by:Shannon Ramdin // 05:07 PM // // Surveillance and social sorting

Following up on Ian's "Mainstreaming Verichip" post, there was recently an article in BBC news about using RFIDs to identify the dead. Verichip advocates argue that RFIDs could have helped identify victims of the Tsunami or London bombing.

Should privacy and identity be sacrificed for the sake of convenience?

| Comments (0) | | TrackBack

Frisking the Machine

posted by:Jennifer Manning // 04:50 PM // // Surveillance and social sorting

From: Globe and Mail, by Jack Kapica

Microsoft is making new demands.

The software behemoth started a program on Monday that requires users of its Windows operating system to prove their copies are legitimate. If not, Microsoft will not let them get add-ons to Windows XP.

The program, called Windows Genuine Advantage, will frisk your machine to see if it's running an authentic version of Windows. If it detects a counterfeit copy, it will offer two options — users can fill out a piracy report, provide proof of purchase and send in the counterfeit CDs to get a free copy of Windows Home Edition or Windows Professional; or those who just submit a piracy report — telling when, where and from whom they got the software and send in the counterfeit copy — will get either version of Windows at half price.

In the spirit of further generosity, Microsoft will allow users of unauthorized Windows programs to install security-related updates, which are used to plug software flaws exploited by viruses and hackers.

Privacy advocates are looking at the situation closely, but aren't likely to find much beyond theoretical concerns. Microsoft has been collecting information like this for some time, starting with Service Pack 2 for Office 2000, when the company's then-new authentication system not only recorded your Office serial number, but also took a look at the hardware in your machine.

This time, the company seems to have broadened its list of things to look for, scanning your machine not only for product keys, software authorization codes and operating-system version, but also for details on the flow of data between the operating system and other hardware, such as printers.

This latest wrinkle has been tested as an option for the past 10 months on some 40 million users, Microsoft says, and it was such a success that the company has decided to drop the "option" part.

Microsoft has assured users that no personal data is being collected for the validation process, and information will remain completely anonymous. All that will happen is the user of the software in question will be denied upgrades.

This all sounds reasonable, even though the company is broadening its definition of what information it wants from PC users while much of the Western world is passing legislation designed to increase privacy protection in an increasingly digital world.

There are, however, legitimate concerns with Microsoft's actions, such as how the company will extract our consent to divulge the information (most complaints about privacy involve the issue of "valid consent," I'm told by Philippa Lawson, executive director of the Canadian Internet Policy and Public Interest Clinic). There are also concerns about how long Microsoft will keep the information, and whether the company might decide to use that information in the future for purposes not outlined (or even foreseen) in the current agreement.

But I will assume for the moment that Microsoft's intentions are beyond reproach. That leaves me with other concerns.

First, this validation process is being done in the name of stopping software piracy, which is a very real concern in the digital age, especially with the level of mass piracy in the Asia-Pacific region, Eastern Europe, the Middle East and other places. But I have long suspected that the Business Software Alliance, an industry group against software theft, has greatly inflated the dollar value of corporate losses. The BSA — and the Canadian Alliance Against Software Theft, its counterpart here — has issued press releases for some years estimating colossal economic losses to piracy; all appear to operate on the assumption that every piece of pirated software represents a lost sale, and things like lost salaries of software salespeople are folded into the calculation, plumping up the outrage.

Yet much of what constitutes piracy in the more civilized corners of the world is largely the result of the atmosphere that computer users breathe. Software is constantly being upgraded and fixed, security holes are patched and new versions reissued so frequently that every piece of software ultimately behaves as though it's an unfinished version of what's to come next.

It has become an act of courage and expense to upgrade our software — especially operating systems — and wary buyers have come to see themselves as beta testers, always waiting for a finished version. So they approach buying software differently from, say, the way they buy TV sets, which do not need weekly visits to the repair shop. People are naturally chary of spending large sums of money on software that will offer them an unending string of security holes to patch, and then be urged to upgrade entirely within a year or two.

If software companies want to cut piracy, their strategy should include finishing their products, and not treating their customers so cavalierly or so carelessly. That way, buyers might start to consider software as something of value that they're investing in, rather than as a half-baked "beta" product that happens to come in a box.

My other concern is that Microsoft is, after all, a member of the BSA, which includes Adobe, Apple, Autodesk, Avid, Bentley Systems, Borland, Cadence, Cisco Systems, CNC Software/Mastercam, Dell, Entrust, HP, IBM, Intel, Internet Security Systems, Macromedia, McAfee, Inc., PTC, RSA Security, SAP, SolidWorks, Sybase, Symantec, UGS Corp. and Veritas Software, which merged with Symantec earlier this year. BSA members finance anti-piracy strategies, and presumably share the information collected.

Is Microsoft sharing the information it collects using Windows Genuine Advantage with other members of the BSA? The company hasn't said, although I'd be surprised if Microsoft didn't share it with its worthy allies. At least we should know about it, and have the member companies listed in any agreement we are asked to make.

Perhaps the BSA should spend more effort earning the respect of its customers before frisking us all as though we are thieves.

| Comments (0) | | TrackBack

Health Information Technology Summit

posted by:Hilary Young // 10:02 AM // // Digital Democracy: law, policy and politics

Those interested in health information technology and privacy may want to attend the Second Health Information Technology Summit in Washington D.C. from Sept7-9. There will be a number of privacy-related panels, including "Privacy law and compliance" and a Roundtable on the Role of Privacy and Security in Health Information Technology Initiatives.

See http://www.hitsummit.com/

| Comments (0) | | TrackBack

Bush government "undermines protection of medical privacy"

posted by:Hilary Young // 10:02 AM // // Digital Democracy: law, policy and politics

This is old news by the standard of our blog (it dates from June), but it may nevertheless be of interest. The Office of Legal Counsel (OLC) of the American Department of Justice released an opinion in June on the application of the US Health Insurance Portability and Accountability Act (HIPAA). Essentially, the opinion states that the criminal provision for violating health privacy under the act only applies to hospitals and health insurers and not to individuals.

In the article linked below, Peter Swire argues against this finding saying it undermines the protection of health privacy in the US.


| Comments (0) | | TrackBack


posted by:Ian Kerr // 10:01 AM // // Surveillance and social sorting

those who have been following this blog will know of my concern about an uncritical mainstream adoption of human microchip implantation.

in this context, it has been interesting to watch the verichip go mainstream. but when the chief information officer at the
harvard cinical research institute
and one of america's best known bioethicists downplay the privacy considerations, i start to get a bit concerned...

john halamka, an emergency physician and chief info officer, has had a verichip on his shoulder (well, close enough...) for some time now. recently, he was reported as saying: "If a chip could also serve as a GPS, reporting my location, or act as an emergency transponder, requesting rescue, I would definitely upgrade". halamka has made quite a name for himself touting the chip. this week, he published on the subject in the new england journal of medicine.

bioethicist arthur caplan also expressed an interest in the verichip as a medical device. according to caplan:

"You are more likely to die or be harmed by lack of medical information about you than by people knowing too much about your medical information," he says. "In an emergency, it's important for doctors to know what your allergies and medical problems are, who your relatives are and how to reach them, your blood type, and so on."

today caplan was reported as describing those who distrust this application of rfid technology in the following way:

"The idea of putting something in your head or in your arm frightens people and stirs up privacy worries, even if they don't make a lot of sense," he says. "Americans have an almost obsessive drive to protect their personal privacy."

Q - am i "obessed" if i want us to slow down and critically evaluate the implications of implanting devices that can be used to create unique identifiers for individuals and link them to networks of various sorts prior to any decision to adopt them in sensitive areas such as the healthcare setting?

i get it when halamka says that it is easier for emergency docs to do their jobs when they don't have to rely on patients to give them vital information. but isn't it obvious that there is more at play here? wouldn't it also be easier for subway security to do their jobs on the same basis?

what do others think?!

| Comments (2) | | TrackBack

Privacy vs. Security

posted by:Rafal Morek // 05:14 PM // July 27, 2005 // Surveillance and social sorting

Last week a CBC journalist was stopped by a security guard while on her way to buy a tea at Starbucks on the ground floor of an office building in Ottawa. She was asked to submit to a random bag search. When she refused, the guard let her carry on, but it sparked an interest on her part in increasing intrusions into personal privacy, allegedly over concerns about national security. The CBC interviewed Daphne Gilbert this morning on the incident. If you want to listen to the interview (about nine minutes), you can find it under CBC Ottawa Morning Top Story (for Wednesday). It will stay on the site until Tuesday, August 2nd. Daphne made the point that people should be concerned about security searches like this one, and that we as a society should be wary of our decreasing expectations in privacy.

| Comments (0) | | TrackBack

Privacy Invasion and Conjunction Interferences with the Person

posted by:David Matheson // 11:00 PM // July 26, 2005 // ID TRAIL MIX

(Revised August 17)


Often, Warren and Brandeis's famous 1890 piece on the legal right to privacy is characterized in terms of their appeal to the more general "right to be let alone." Personally, I find it more illuminating to focus on their alternate descriptions of that more general right as "the right to inviolate personality" and "the right to the immunity of the person."

Let's suppose that there is a corresponding human or moral right to the immunity of the person, one that legal entrenchments (e.g. the talk of a "right to life," broadly construed, in the US Constitution, and the talk of a "right to the security of the person" in our Canadian Charter) are meant to reflect in one way or another. What is the good to which this moral right entitles the individual? What is it, in other words, to have immunity of the person?

Well, as the name suggests, immunity of the person involves freedom from outside interference or tampering with one's own person. This is not the same as freedom from outside interference with one's actions. Nor is the same as freedom from outside interference with one's possessions. Hence the distinction between the right to the immunity of the person and those other two fundamental moral rights, the right to liberty and the right to property. (I realize the latter has no official entrenchment in our Charter. But never mind; it doesn't matter for present purposes.)


Taking another lead from Warren and Brandeis's legal essay and applying it to the present context of moral theory, we should be careful to distinguish between physical and psychological interferences with the individual's person. An individual can have her physical person --her body-- interfered with in at least three general ways. First, she can suffer the removal of some of its parts or elements. Second, she can have those parts unduly rearranged. These two sorts of interferences include much of what we would describe as physical battery and assault. But there is yet another form of interference with the individual's physical person, involving the individual's body being brought into an unwanted association or conjunction with other bodies: consider, for example, unwanted physical contact that does not necessarily lead to the removal or rearrangement of bodily parts; or consider the individual being forced to put in a physical appearance at certain social gatherings. We might capture these three broad ways of interfering with the individual's physical person by saying that there are loss of parts interferences, rearrangement of parts interferences, and conjunction interferences.

A similar threefold classification applies to interferences with the individual's psychological person. If she is deprived of access to a work of art, she may thereby suffer the loss of certain elements of her psychological person --her psyche-- that she once had, e.g. certain emotions and experiences elicited by her previously unimpeded access to the work of art. This would amount to an interference with her psychological person of the loss of parts sort. If her peace of mind or chain of thought is disrupted by excessively loud noise or inconsiderately timed telephone calls, she may suffer an interference of her psychological person of the rearrangement of parts sort: what was once a harmonious balance between, or a natural flow among parts of her psyche has now been put out of joint. And if she is brainwashed into giving her allegiance to an ideological movement, or forced to share her expert knowledge of a topic though a public lecture, say, she may thereby be said to suffer interference with her psychological person of the conjunction variety: her affections, or knowledge, or other elements of her psyche, are unduly "hooked up" to others.

So: the moral right to the immunity of the person entitles the individual to freedom from interference with her person. Interferences with her person might be either physical or psychological in nature. In each case, there can be at least three forms of interference. Interference with her physical person can take the form of loss of parts interference, rearrangement of parts interference, or conjunction interference. Similarly, interference with her psychological person can take the form of loss of parts interference, rearrangement of parts interference, or conjunction interference. What I want to do now is lay out how diminishments of an individual's informational privacy (hereafter, simply "privacy") fit into this scheme.


A good way to think about privacy (cf. Parent 1983) is as a kind of exclusive knowledge -- exclusive knowledge of personal facts about oneself. Of course, just as privacy is relative to other individuals --I can have privacy relative to you with respect to certain personal facts about me, but lack it relative to my wife, for example-- so too is the exclusiveness in question: my knowledge of certain personal facts about me may be exclusive relative to you, but not relative to my wife. Moreover, it is not merely intuitive, but well defended on the current philosophical scene (in, e.g., Williamson 2000) to suppose that knowledge is a psychological state. Since one's psychological states are parts or elements of one's psychological person, we can say that one's privacy --exclusive knowledge of personal facts about oneself-- is a part of one's psyche.

Bearing this in mind, what happens when one's privacy is lost or diminished relative to another person? Well, the exclusive knowledge of which it consists ceases to be exclusive relative to the other person, and so one is put into a position where part of one's psyche is now made part of the other person's as well: the knowledge of the personal facts is now shared by both.

But that means that diminishments of an individual's privacy fall into that third category of interference with her person mentioned above -- interferences of the conjunction sort. For by having what was one exclusively an element of one's psyche rendered non-exclusive, one's psyche is conjoined with another's in a way it formerly was not. So it turns out that whenever an individual experiences a diminishment of her privacy, she thereby experiences an interference with her psychological person, of the conjunction sort.


Of course, not all conjunction interferences are morally illicit. When an individual voluntarily effects contact with another's body, or voluntarily puts in a physical appearance at a social gathering, there may be no grounds for complaint of a violation of rights. In the same way, if an individual voluntarily relinquishes her privacy by voluntarily sharing knowledge of personal facts about her, or if such knowledge is acquired by agents of the state so as clearly to secure her or others' well-being, no rights violation may occur. But when we talk about the invasion of an individual's privacy, we are talking about conjunction interferences that violate rights and that are, accordingly, illicit.

So there you have it: if you want to know why I treat privacy invasion as a very serious business, the answer is that privacy invasion is a form of morally unacceptable conjunction interference with an individual's own person. Invade someone's privacy and you thereby do something comparable, morally speaking, to certain conjunction interferences of the physical sort.


Parent, W. (1983). "Privacy, Morality, and the Law." Philosophy and Public Affairs 12: 269-88.

Warren, S. & L. Brandeis (1890). "The Right to Privacy." Harvard Law Review 4: 193-220.

Williamson, T. (2000). Knowledge and Its Limits. Oxford: Oxford University Press.

| Comments (0) |

Behind-the-Scenes Battle on Tracking Data Mining

posted by:Rafal Morek // 10:47 PM // July 24, 2005 // Digital Democracy: law, policy and politics

Bush administration officials are opposing an effort in Congress to force the government to disclose its use of data-mining techniques in tracking suspects in terrorism cases.

See The New York Times.

| Comments (0) | | TrackBack

Security and Privacy

posted by:Marc Rotenberg // 11:30 PM // July 20, 2005 // Core Concepts: language and labels

Following on Ian's comments below about CCTV and London, it might be worth considering the relationship between two key concepts - security and privacy. Daniel Solove and I coauthor a textbook on privacy law which we revised this year. We had an exchange about a section of the book that discusses the relationship between privacy and security. Dan was of the opinion that there is a trade-off between the two, but I believe that security is a form of privacy. To support my position, I went back to the text of the Fourth Amendment which says:

The right of the people to be *secure* in their persons, houses,
papers, and effects, against unreasonable searches and seizures,
shall not be violated, and no Warrants shall issue, but upon
probable cause, supported by Oath or affirmation, and particularly
describing the place to be searched, and the persons or things to be

Notice the use of the word "secure" in the opening clause. (Section 8 of the Canadian Charter of Rights and Freedoms follows a similar formula: "Everyone has the right to be *secure* against unreasonable search or seizure."). Now here is the interesting point: the key clauses in the US Bill of Rights and the Canadian Charter of Rights and Freedoms view "security" as the right to be protected against unreasonable searches or seizures *by one's own government.* Returning to the cameras in London (or in Washington or in Ottawa), it is at least worth considering whether we advance "security" by allowing the government to engage in routine surveillance of the public.

| Comments (4) | | TrackBack


posted by:Ian Kerr // 05:53 PM // // Walking On the Identity Trail

almost everyone knows of steve mann's work on sousveillance. today, it was covered in the washington post.

| Comments (0) | | TrackBack


posted by:Ian Kerr // 05:05 PM // // ID TRAIL MIX

seems that when some innocents die all we can offer them is a page in a some magazine. too many cameras and not enough food 'cause this is what we've seen

sting, driven to tears

in a recent post, marc rotenberg asked us to consider the lessons we might draw from the terrible tragedy in london. as he put it, “the most surveilled city in the world was also the site of one of the most significant terrorist attacks that ever occurred.” and so marc asks, “is surveillance the solution?”

unfortunately, i fear that most canadians will not recognize this as a rhetorical question.

as i tap away on my keyboard, law enforcement officers in london are analysing more than 6,000 closed circuit television (cctv) tapes from a city that has more than a half million cameras, while UK policy wonks arm wrestle over which is a better expenditure: spending piles of ca$h on scanners that can allow operators to “see” through clothing, or piloting facial recognition technologies that use cctv to make realtime matches between faces-in-the-crowd and mugshots of known suspects (potential IQ test – name the antonym for “known suspect”).

public safety is an important social goal, as is emergency preparedness. that said, i must confess, i have never been clear on the relationship between cameras and public safety.

we are about to hear more and more about the crucial role that cctv plays in apprehending suspected terrorists.

but it is important to remember the reason those cameras where installed in the first place. it wasn’t to apprehend bombers. as one route director for the tube described the raison d’être not too long ago, "[w]e are determined to get rid of graffiti and delays caused by vandalism."

well … unless those camera’s have automated spray guns filled with paint remover, i take it the point of the cameras was to provide a kind of placebo against petty crime; to provide a deterrent to the misguided and a corollary perception of safety to the public. as marc’s rhetorical question rightly implies, the cameras failed to achieve the former, providing instead a false sense of the latter.

in spite of the counterfactual that the london tragedy provides, i am afraid that we are about to see (not to mention pay for) more and more cameras -- and not just in the UK. along with those purchases will be a call for new laws extending the length of time that video capture can be stored. (in fact, there will be a general push for a mandatory data retention of all sorts of digital records in the public and private sectors)

it has been reported that
the toronto transit commission is already planning to install more surveillance cameras. and montreal plans to add another 1000 to its subway.

i have little doubt that canada’s minister of public safety and emergency preparedness isn't scratching her head, thinking about doing the same sort of thing.

last year i lived in spain and was traveling through madrid’s train station the week it was bombed. i gather that they have since installed some 5000 cameras. (potential IQ test #2: how many trained experts does it take to monitor 5000 camera monitors?)

cameras don’t stop crime. if they make some people feel safe – that seems to be the goal – then i recommend instead my favorite comfort food: pizza. pizza is a much better crime deterrent than cameras. studies have shown that feeding pizza to law enforcement agents results in better than average on-the-job performance than a diet of cameras alone.

if you’re thinking that i am being unfair because deterrence is not the reason for installing the cameras (ie, we do it to catch people who have committed crimes), then we should be asking ourselves, yet again, what price we are willing to pay to “smoke ‘em outta their holes.”?

| Comments (0) | | TrackBack

The Privacy "Movement"

posted by:Marc Rotenberg // 11:29 PM // July 19, 2005 // Digital Activism and Advocacy

So, I am often asked whether there is a privacy "movement," like the environmental movement or the civil rights movement. The short answer is "no." Privacy is too diffuse, there are too many issues, and too much change to find the clear historical milestones and political achievements that helped to define earlier movements. Still, it is worth taking a moment to recognize some of the people who have had enormous success bringing public attention to privacy concerns. At the top of my list would be Simon Davies, the founder of Privacy International. It is hard to say exactly what makes Simon the brilliant organizer that he is. He is wonderful with the press, lacks pretense, and enjoys drinking with his friends when he is not battling Big Brother. Credit Simon with the ingenious Big Brother Awards and an extraordinary campaign taking place right now in Britain against the national ID card. Many international organizations have large budgets, fancy offices, and a decent cappuccino machine. Privacy International has Simon Davies, Gus Hosein, Dave Banisar, and a few other privacy stalwarts. If history is smart, it will side with them.

There are a lot of people I should know by name but I don't. I will say that when I sit down each year to review the draft of our annual Privacy and Human Rights report, I am struck by the courage and the decency of people all around the world who find a way to express their views about privacy, to join with others, and to make real political change. I think about teachers in South Korea who opposed a database on schoolchildren, activists in Peru who stopped the installation of camera surveillance, protesters in Germany who stood up against RFID, and local officials in Japan who objected to the creation of a national ID card.

Maybe there are many privacy movements. And maybe that is as it should be.

Good night. I'll be back tomorrow.


| Comments (1) | | TrackBack

On the Bookshelf - Judge Posner and 9/11

posted by:Marc Rotenberg // 10:12 PM // // Surveillance and social sorting

For a person who has struggled a bit with the demands of acadamic writing, contemplating the work of Judge Richard Posner is a bit like imagining that one's notepaper doodles are going to end up in the Louvre. It isn't going to happen. He is in one world, the rest of us in another. Judge Posner can probably write faster than most people can read. And he probably writes as frequently as most people breathe.

But among all of Judge Posner's writings, one of the most provocative was surely his review of the 9-11 Commission report for the New York Times Book Review. Posner, who obviously ignores the political memos and talking points that are widely circulated in Washington in case anyone forgets what to say when there is dead air time, put forward the radical views that (1) the 9-11 terrorists outsmarted us, (2) terrorists will outsmart us in the future, and (3) the radical restructuring of the US intelligence community (which is to say, the consolidation and centralization of decisionmaking authority) may not have been the smartest move if our concern is with a nimble and determined enemy.

I haven't finished Posner's book, which elaborates on the NY Times essay, but I was thinking about it last week when I attended a briefing for the new Homeland Security Secretary Michael Chertoff at the Ronald Reagan building in downtown Washington (surrounded by the national security community and various federal contractors, I had a Hunter Thompson moment and joked with the FBI field agents seated next to me. Btw, a Blackberry 7290 appears to be standard issue for those defending the homeland from foreign threats and charges for extra minutes.)

Posner is, of course, also the father of the law of economics movement (to every social problem, there is an equation that defines risk, reward, cost and benefit, and whether to split 5's if the dealer is showing an 8. Answer: Don't do it). And to Posner, and apparantly to the new Secretary of Homeland Security, the problem of defending against terrorists comes down to ecomomic analysis. Sure, 40 people might die in a subway station, but subway cars don't fly into office buildings. So, we should be more concerned about security for airplanes than for the metro. I won't go into all the federal/state politics that may also be at issue, but needless to say, the states are on their on when it comes to future terrorist threats.

I'm not a huge fan of Posner. He sure can write a lot. And he has said some interesting things about privacy. (In a 1978 law review article, he wrote about mailing lists, Coase, and opt-in v. opt-out. In the Economic of Justice (1982), he gave us a nice instrumental argument for confidentiality. And he's written some remarkable privacy opinions as a federal appellate judge in the last few years.) But the problem with economics is that everything is up for sale. Including individual rights. Let's say we had an equation which said that we could increase public safety by 10% if we diminished personal freedom by 10%. How much freedom would you trade? What if you could gain a 10% increase in safety with only a 5% sacrifice in personal freedom? If you accept my premise that you can trade freedom for safety, I suspect there is some number where you would say "ok." But what if I suggest that your freedom helps ensure your safety? That open government, privacy protection, respect for the rights of the individual actually promotes public safety? What become of our economic analysis? I'll say more about this in a later post, but consider the lessons we might draw from the terrible tragedy in London. The most surveilled city in the world was also the site of one of the most significant terrorist attacks that ever occurred. Is surveillance the solution?

| Comments (0) | | TrackBack

Shout out to Canada

posted by:Marc Rotenberg // 09:07 PM // // Commentary &/or random thoughts

Those of us in the United States have the unpleasent habit of telling the rest of the world what to think and what to do. Now, on some things we are absolutely correct (baseball). But on other matters, we are seriously confused (Iraq). In the privacy world, we have a lot to learn from others. Don't get me wrong. On my short list of US privacy contributions: the Fourth Amendment, Justice Brandeis, our federal wiretap law (before the Patriot Act), and Fair Information Practices. But there is a lot we could learn from our neighbors to the North, which is to say the readers of this blog.

Four great things about Canada (from a privacy perspective):
- The comparative study of privacy law. Before folks like David Flaherty and Colin Bennet, no one thought much about comparing privacy laws and practices in different countries. Privacy scholarship focused on the experiences of particular countries. But David's book "Protecting Privacy in Surveillance
Societies" (Chapel Hill 1989 - I really know this) and Colin's 1992 book got everyone thinking in serious political science terms about how privacy laws could be assessed and compared.This was a big deal for EPIC. We started publishing the Privacy and Human Rights report in 1998. We looked at privacy practices all around the world. We borrowed a bit from the US State Department Annual
Human Rights report and followed the lead of traditional human rights organizations, such as Amnestry International and Human Rights Watch. By 2004, our annual privacy report was up to 800 page and 4,000 footnotes, and cost me a week of vacation in Athens. But that's a different story. In any case, thanks go to David Flaherty for reminding us all that privacy is worldwide issue.
- Privacy commissioners. I'm a big fan of the Canadian privacy commissioners. Jennifer Stoddart, Ann Cavoukian, David Loukidales, Bruce Philips, John Grace, and the rest. You are very lucky in Canada to have people in public office looking out for your privacy. In the US, we mostly have people who want to open our mail, listen to our phone calls, track our Internet activity, and report on what we read in libraries. Well, it may not be that bad. But you get the idea. It is a remarkable thing to have a privacy commissioner, and a genuine tragedy that 30 years after passage of the Privacy Act, the US has still failed to act on this central requirement.
- Privacy research. I'm also a big fan of such Canadian privacy scholars as Michael Gesit, David Lyons, Andrew Clement, and Richard Rosenberg. But special recognition goes to Ian Kerr for organzing the Anonequity project. Around the time that Ian approached me about the Anonequity project, I had also been approached to work on one of the projects that would be funded by John Poindexter's Total Information Awareness program. In the US, the idea seemed to be to enable mass public surveillance but with a privacy happy face attached. In Canada, the goal was to develop new techniques to protect privacy. I picked Canada and Ian's project. And so should other researchers who are serious about privacy. There is no integrity in placing a privacy sticker on a device that routinely records our private lives.
- My wife. Sorry to get personal, but I have a special affection for Canada because I met my wife-to-be at a financial privacy conference in Ottawa in 1991. She started talking about the application of the Coase Theorem to privacy protection, and I was smitten.
So, there it is. Four great things about Canada, from a privacy perspective. And P.S., Anna made me skate the canal, and I barely survived.

| Comments (0) | | TrackBack

The Next Supreme Court Justice

posted by:Marc Rotenberg // 08:39 PM // // Commentary &/or random thoughts

We are about 15 minutes from President Bush's announcement of a nominee for the US Supreme Court. Early speculation focused on Judge Edith Brown Clement. But the recent (like, in the last hour) news is that it will be John G. Roberts, an appellate judge here in Washington. Now, here is the weird Internet part. I went to check wikipedia to see the entry about John Roberts and the Interent encyclopedia had already reported that Roberts was nominated by Bush! And the official announcement still hasn't happened. Does anyone think it is strange when an encyclopedia reports world events before they have occurred? Seems odd to me. But in any case, the big issue from the EPIC perspective is what will the nominee say about privacy? This turns out a complicated question. In the US, when Supreme Court nominess are asked their views on "privacy," people often have in mind the Roe v. Wade decision, which said that the states could generally not prohibit abortion. (It's more complicated, but I'm blogging. So, cut me some slack). But there is another sense of privacy (which the readers of this blog know a lot about) and that is "informational privacy" or, as the German Constitutional Court said back in 1983, the right of "informational self-determination." (It's even longer in German!) EPIC has a special interest in this topic and took some time to review the record of Justice Sandra Day O'Connor's (whose retirement created the opening on the Court). I'll have more to say about Supreme Court nominees and the significance of privacy in a future post.

| Comments (0) | | TrackBack

Do Privacy Advocates Blog?

posted by:Marc Rotenberg // 08:33 PM // // Walking On the Identity Trail

Ian Kerr kindly asked if I would guest blog at blog-on-nymity. We discussed dates, annnouncements, format. Then I just decided to show up. Sorry. I'm going to spend the next week expressing views on privacy, EPIC, and a bunch of other stuff. I don't like long entries. So, I'll try to be brief. And interesting. And informative. Check back here. It should be fun.

| Comments (0) | | TrackBack

A Pass on Privacy?

posted by:Jennifer Manning // 11:33 PM // July 18, 2005 // Surveillance and social sorting

New York Times Magazine, July 17 2005
Christopher Caldwell

Anyone making long drives this summer will notice a new dimension to contemporary inequality: a widening gap between the users of automatic toll-paying devices and those who pay cash. The E-ZPass system, as it is called on the East Coast, seemed like idle gadgetry when it was introduced a decade ago. Drivers who acquired the passes had to nose their way across traffic to reach specially equipped tollbooths -- and slow to a crawl while the machinery worked its magic. But now the sensors are sophisticated enough for you to whiz past them. As more lanes are dedicated to E-ZPass, lines lengthen for the saps paying cash.

The case for "implantable personal verification systems":
"Once implanted just under the skin, via a quick, simple and painless outpatient procedure (much like getting a shot), the VeriChip can be scanned when necessary with a proprietary VeriChip scanner. . . . VeriChip is there when you need it. Unlike traditional forms of identification, VeriChip can't be lost, stolen, misplaced or counterfeited."
Source: VeriChip Corporation

E-ZPass is one of many innovations that give you the option of trading a bit of privacy for a load of convenience. You can get deep discounts by ordering your books from Amazon.com or joining a supermarket ''club.'' In return, you surrender information about your purchasing habits. Some people see a bait-and-switch here. Over time, the data you are required to hand over become more and more personal, and such handovers cease to be optional. Neato data gathering is making society less free and less human. The people who issue such warnings -- whether you call them paranoids or libertarians -- are among those you see stuck in the rippling heat, 73 cars away from the ''Cash Only'' sign at the Tappan Zee Bridge.

Paying your tolls electronically raises two worries. The first is that personal information will be used illegitimately. The computer system to which you have surrendered your payment information also records data about your movements and habits. It can be hacked into. Earlier this year, as many as half a million customers had their identities ''compromised'' by cyber-break-ins at Seisint and ChoicePoint, two companies that gather consumer records.

The second worry is that personal information will be used legitimately -- that the government will expand its reach into your life without passing any law, and without even meaning you any harm. Recent debate in Britain over a proposed ''national road-charging scheme'' -- which was a national preoccupation until the London Tube bombings -- shows how this might work. Alistair Darling, the transport secretary, wants to ease traffic and substitute user fees for excise and gas taxes. Excellent goals, all. But Darling plans to achieve them by tracking, to the last meter, every journey made by every car in the country. It seems that this can readily be done by marrying global positioning systems (with which many new cars are fitted) with tollbooth scanners. The potential applications multiply: what if state policemen in the United States rigged E-ZPass machines to calculate average highway speeds between toll plazas -- something easily doable with today's machinery -- and to automatically ticket cars that exceed 65 m.p.h.?

There is a case to be made that only a citizenry of spoiled brats would fret over such things. Come on, this argument runs, anyone who owns an anti-car-theft device -- LoJack in the United States or NavTrak in Britain -- is using radio tracking to make a privileged claim on government services. If your LoJack-equipped Porsche is stolen, you can call the local police department and say, in effect, ''Go fetch.'' Stolen cars with such devices are almost always recovered. Car theft has fallen precipitously, which benefits us all.

For some time, the United States has required commercial trucks to register their mileage and routes. Last year, Germany initiated a new, more efficient G.P.S.-based truck-tracking system that seems intrusion-proof. Authorities discard the records after three months, which means they can't use them to arrest criminal truckers or dun deadbeat ones. Can such forbearance last?

In Germany, where history makes lax surveillance seem the lesser evil, yes. But not in the United States. Since the Warren Court, voters have, again and again, risen up against any libertarian trammeling of government in its fight against crime. People waver on whether to trade privacy for convenience, but they're pretty untroubled about trading privacy for security. On occasion, E-ZPass records have been used to track down criminal suspects.

When such crime-fighting aids are available, people clamor for them. In October, the F.D.A. approved, for medical use, the VeriChip, a device the size of a grain of rice. It can be implanted under a patient's skin and activated to permit emergency personnel to gain access to personal medical records. It's extremely useful when patients are unconscious, but there is a suspicion that the real application lies elsewhere. Similar devices can easily be fitted with other types of transmitters. ''Active'' implants are already being put to other uses: to trace livestock and lost pets and, in Latin America, to discourage kidnappings. Those who can put two and two together will find this VeriUnsettling. Monitoring can quickly change from convenience to need. Would you support a chip-based security system for nuclear power plant employees? If you were in the Army Special Forces, wouldn't you want a transmitter embedded in you?

In more and more walks of life, if what you want to do is not trackable, you can't do it. Most consumers have had the experience of trying to buy something negligible -- a pack of gum, say -- and being told by a cashier that it's impossible because ''the computer is down.'' It now seems quaint that after the Oklahoma City bombing in 1995, Congress argued over whether ''taggants'' should be required in explosives to make them traceable. Today everything is traceable. Altered plant DNA is embedded in textiles to identify them as American. Man-made particles with spectroscopic ''signatures'' can be used, for example, as ''security tags'' for jewels. The information collected about consumers is the most sophisticated and confusing taggant of all. It is a marvelous tool, a real timesaver and a kind of electronic bracelet that turns the entire world into a place where we are living under house arrest.

| Comments (0) | | TrackBack


posted by:Ian Kerr // 11:30 AM // // Surveillance and social sorting

many of those following the work of the On the Identity Trail project will know about PRIME (Privacy and Identity Management for Europe).

the PRIME project proposes building a user-controlled system for managing identities, positioning the relevant actors and their technology platform. the platform, they hope will address "the full range of needs of the users and privacy law."

in a recently released white paper, the PRIME consortium fosters debate on the privacy issues, seeking to build a consensus regarding acceptable solutions.

i'd be curious to hear what people think of the white paper....

| Comments (1) | | TrackBack

Identity Theft Consultation

posted by:Rafal Morek // 01:30 PM // July 17, 2005 // Digital Democracy: law, policy and politics

The Consumer Measures Committee , a forum of federal, provincial and territorial government representatives, is holding a public consultation on identity theft from July 6, 2005 to September 15, 2005.

Working Together to Prevent Identity Theft, A Discussion Paper, explores a number of options to amend federal, provincial and territorial laws to curb identity theft and to make it easier for victims to recover from the experience.

Click here to see the Consultation Handbook and find information on submission methods.

| Comments (0) | | TrackBack

Why Does Privacy Matter for Friendship?

posted by:David Matheson // 03:09 PM // July 15, 2005 // Core Concepts: language and labels

I have for some time been convinced that privacy is important for friendship. But exactly how it is important -- why privacy matters for friendship -- is far from clear to me.

In the eighth book of his Nicomachean Ethics, Aristotle suggests that friendship involves both intimacy and a corresponding mutual affection. Affection for Aristotle amounts to desiring the well-being of another. And intimacy in his view seems merely to be epistemic closeness -- having personal knowledge of each other, or knowing certain personal facts about each other. Thus, we might capture Aristotle's account of friendship along the following lines:

The Aristotelian Account of Friendship

A and B are friends just in case
(1) A and B have personal knowledge of each other [=Intimacy as Epistemic Closeness], and
(2) A and B desire each other's well-being at least partly in virtue of this knowledge [=Mutual Affection Based on Intimacy].

This account allows for different specific varieties of friendship, depending on the different sorts of intimacy and corresponding mutual affection involved. Thus, for example, what we might call "fun friendship" occurs when A and B desire each other's well being because each knows that the other is pleasant to be around in various ways (e.g. witty, amusing), and each naturally wants to be around pleasant people. "Practical friendship" involves A and B desiring each other's well being because each knows that the other is useful for the advancement of certain practical goals. (Think here of the sort of friendship involved in business partnerships.) "Deep friendship" occurs when A and B desire each other's well being because they each know the other to be a good (virtuous, noble, etc.) person, and prefers the society of such people.

There's a lot to be said for this account of friendship, but what I'd like to draw attention to is that fact that the possession of privacy nowhere enters into it. More particularly, even if A and B had virtually no privacy -- not just with respect to each other, but with respect to everyone else in their society -- they could still meet conditions (1) and (2), and hence still be friends on the Aristotelian account.

Yet, against this, it's common in the privacy literature to find claims to the effect that the reason why privacy is important for friendship is that it is required for -- a necessary condition on -- friendship. Without privacy, so the thought goes, there simply could be no friendship. Here's a representative passage from Charles Fried:

...friendship...involve[s] the voluntary and spontaneous relinquishment of something between friend and friend.... The title to information about oneself conferred by privacy provides the necessary something. To be friends...persons must be intimate to some degree with each other. Intimacy is the sharing of information about one's actions, beliefs or emotions, which one does not share with all.... (Fried, An Anatomy of Values, Harvard University Press, 1970, p. 142)

I take it that someone like Fried would agree that friendship involves both intimacy and a corresponding mutual affection. Where he would disagree with Aristotle, it would seem, is over what the intimacy involved in friendship amounts to. Fried, like other advocates of the friendship-requires-privacy thesis, seems to think that intimacy amounts not merely to epistemic closeness --not merely to (1) above-- but further to epistemic exclusivity. There must not merely be a sharing of personal information between friends, but the personal information shared between friends must not be shared with others, as Fried puts it. So, in place of the Aristotelian account of friendship, defenders of the friendship-requires-privacy thesis would seem to be endorsing something like the following view:

The Friendship-Requires-Privacy Account of Friendship

A and B are friends just in case
(1*) A and B have personal knowledge of each other that other people do not have [=Intimacy as Epistemic Exclusivity], and
(2) A and B desire each other's well-being at least partly in virtue of this personal knowledge [=Mutual Affection Based on Intimacy].

It's pretty easy to see how this account of friendship, where the intimacy involved in friendship requires not just epistemic closeness but further epistemic exclusivity, makes privacy a necessary condition on friendship. After all, if friendship requires the likes of (1*), then A and B cannot be friends unless they have privacy about their personal information relative to other individuals (even though they lack it relative to each other).

I'd like it if this second account of friendship were the right one, simply because it would make clear to me why privacy seems to matter for friendship. But the more I think about it, the less convinced I am that this second account is right; it seems to me that Aristotle was right to suppose that friendship merely requires intimacy in the sense of epistemic closeness, not epistemic exclusivity, and hence that friendship does not require privacy.

To illustrate, suppose that A and B are children growing up in a community that affords them very little privacy. It's a religious community, say, that believes very strongly in the importance of supervising children so as to inculcate in them exemplary moral dispositions. A and B play with each other on a regular basis, but never away from the watchful, attentive eye of supervising parents. Over time, A and B get to know a lot about each other, and come to like each other very much as a result. Doesn't it seem quite right to say that A and B are friends? I think so. But notice that although A and B meet condition (1), they fail condition (1*). Any personal knowledge they have of each other is not exclusive to themselves -- it's always shared by some supervising parent.

It seems to me, accordingly, that the Aristotelian account of friendship is preferable to the Friendship-Requires-Privacy account. So, while I still have the suspicion that privacy matters for friendship, I'm no longer inclined to think that it matters because it is a necessary condition on friendship.

| Comments (4) |

I’ll get that to go: HyperSonic Sound technology and the right to be left alone

posted by:Catherine Thompson // 08:34 PM // July 12, 2005 // ID TRAIL MIX

Imagine a technology that would have the ability to focus sound in a beam, rendering it inaudible to all but a few select individuals. Now imagine enabling communication between this technology and existing identification technologies, such as RFID. The result: direct advertising in public spaces. While such technologies are interesting to ponder from a marketing perspective, there is no need to ponder them from the perspective of the technologies. HyperSonic Sound technology (HSS) already exists.

1. What might the deployment of such technologies mean for anonymity?

Alan Westin defines anonymity as occurring “when the individual in is public places or doing public things but still seeks, and finds, freedom from identification and surveillance.” Westin also noted in his seminal 1967 work, Privacy and Freedom, that privacy in part serves to distinguish those places and times when we are supposed to socialize. Despite our desire to be left alone in public, we also desire to socialize. However, if we learn to fear entering the public sphere as a consequence of HSS technology, we could suffer diminished civil life participation.

2. HSS

HSS was developed by the American Technology Corporation. It calls HSS “the most revolutionary sound reproduction system of this century.” The technology is able to focus sound into a beam like light from a flashlight. The applications are numerous, but one vision is the ability to directly speak to specific individuals in a crowd. As its website says, “[t]hink about the ability to focus sound into a crowd of people on a football field and talk only to a selected few.” Put in terms of its marketing potential, as one journalist describes, “[m]otion-sensitive HSS emitters can flog Doritos on one end of the snack aisle and hawk Cracker Jack on the other.” [Christopher Helman, “Now Hear This” Forbes 172:5 (September 2003)]

Until now, we have had to rely on loudspeakers and their decibel settings to get a message across a large space. However, scientists have found a way to control sound waves in the air from far away. HSS itself is beyond human hearing until it hits a surface. Accordingly, when the beam is focused on an individual, she or he hears only the sound around her or his head -- and not from any particular direction. A reporter describes what HSS technology is like: “Suddenly I heard the sound of birds chirping. The noise didn’t seem to emanate from his device; I felt like it was generated inside my noggin.” [David Sparrow, “Hypersonic Sound” Popular Science 261:6 (December 2002)]. Another journalist had a similar description:

He flicks a switch on an ordinary looking amplifier, and you become vaguely aware of a tinny beat, as though there's someone on the other side of the room listening to salsa music on leaky headphones. Then he swings the disc towards you, until you're facing it full on, and something extraordinary happens. The air around your head explodes with music. It's as if the Buena Vista Social Club has sneaked up behind you and burst into action. [He] motions for you to walk towards the disc. You take a few steps forward, and the music follows you like a swarm of bees. Then he tilts the disc away and the sound blips out of existence. [Graham Lawton, “They’re playing my tune” New Scientist 167:2255 (September 2000)]

3. Who will use HyperSonic Sound technology?

Marketers are one potential user of the technology. As one reporter puts it: “Marketers have always dreamed of whispering into the ears of individual shoppers.” [Helman]. The American Technology Corporation says HSS emitters are not for sale to the general public: “Please note, the current S220A is targeted towards professional, commercial, and point of sale applications. This model is not intended as a consumer product.” However, my On the Identity Trail colleague Alex Cameron recently sent me a link to an HSS emitter being sold on E-Bay available for purchase without restriction to the highest bidder. Therefore, it is unclear who will be using HSS emitters in the future or how its use will be controlled.

4. American approach: The right to be left alone in public spaces

The U.S. Constitution’s First Amendment protects freedom of speech. However over time, American judges have carved out another right to be balanced against it; the right to be left alone in public spaces.

The first cases to do so began in the late 1940s with what was then a new technology: the loudspeaker. Many municipalities banned their use in public spaces and the constitutionality of those by-laws was challenged by loudspeaker owners. Although the right did not gain ground in its first case (Saia v. New York, 1949), the justices in the minority raised the issue by saying:

[M]odern devices for amplifying the range and volume of the voice, or its recording, afford easy, too easy, opportunities for aural aggression. If uncontrolled, the result is intrusion into cherished privacy. The refreshment of mere silence, or meditation, or quiet conversation, may be disturbed or precluded by noise beyond one’s personal control.

Loudspeaker cases developed under the more general heading of ‘captive audience cases.’ The 1974 case of Lehman v. City of Shaker Heights traced the concept back to a 1932 statement made by Warren Brandeis in Packer Corp. v. Utah: “[t]he radio can be turned off, but not so the billboard or street car placard.” In other words, the right to speak must involve a willing audience, not a captive one. If the listener is not able to decline listening to the message, that will violate the individual’s right to be left alone. In the loudspeaker context, the balance struck with free speech saw loudspeaker use continue, but also limited with regards to the type of area the broadcasting occurred. For example, loudspeaker use can be restricted to daytime hours if it is within earshot of a residential area (Kovacs v. Cooper, 1949). It has yet to be seen what kind of balance would be struck in the case of HSS technology.

5. Canadian law

Unlike the United States, Canadian Constitutional protection of rights does not extend to the private sector. Therefore, if HSS technology became popular in Canada, the government could not prevent its use on that basis. Even if Constitutional rights were extended to include the private sector, we do not have a similar right to be left alone in public spaces that we could enforce.

Canada has private sector legislation aimed at restricting the collection, use and disclosure of personal information in the marketplace. However, it is not clear whether these laws could the prevent HSS technology from being used, even if the message emitted is tailored through the collection of your information without consent. More interesting is whether we can prevent the collection and use of information we send out by the very fact of being human. As Gary Marx says:

To be alive and a social being is to automatically give off signals of constant information – whether in the form of heat, pressure, motion, brain waves, perspiration, cells, sound olifacteurs, waste matter, or garbage, as well as more familiar forms such as communication and visible behaviour. [Colin J. Bennett & Rebecca Grant, eds., Visions of Privacy: Policy Choices for the Digital Age (Toronto: University of Toronto Press, 1999) at 40].

Private sector legislation protects information about an identifiable individual. For example, telephone numbers are considered personal information because they can be easily linked with a particular individual [Case 99]. However, if an emitter is able to determine that you are a middle-aged, Armani suit wearing male with the flu, an ad could target you without the technology identifying you specifically. This would not meet the definition of personal information.

6. Suggestions

The principles underlying privacy and anonymity would suggest that there is something worth protecting here. The American approach is able to do so by maintaining a sphere of privacy around the individual. Canadian legislation, on the other hand, protects data and is therefore not always able to fit itself to new data flow or technological scenarios. Commissioners and lawmakers should keep this in mind, not only with regards to current assessments of potentially privacy invasive technologies, such as RFIDs and HSS, but also vis-à-vis technologies that have yet to be imagined. Normative fences around individuals are the most stable way to ensure consistent privacy protection in the future.


I would like to thank Prof. Kerr for all his enthusiasm and encouragement. I would also like to thank Chris Hoofnagle, Associate Director of the Electronic Privacy Information Center, for first alerting me to this new technology.

| Comments (1) | | TrackBack

biometrics in airline tickets touted as making 'the process quicker'

posted by:Dina Mashayekhi // 06:17 PM // July 07, 2005 // Surveillance and social sorting

nice of them to do this just to make things more convenient for us -- heck i'll give 'em my dna so i can wait in line 2 minutes less.

i just wonder -- how long will the line take to encode your ticket with fingerprint data...

Airline tests biometric tickets

BERLIN (AP) -- The German airline Lufthansa has started testing tickets encoded with passengers' thumbprint data in hopes of speeding up check-ins without compromising security.

The 14-day trial started Monday with Lufthansa employees trying out the system, spokesman Thomas Jachnow said. If all goes well, the airline wants to roll it out in 2006.

Though people will still be able to check in for flights using the "classic system," the voluntary use of biometric data would make the process quicker, Jachnow said.

Passengers would get tickets encoded with their thumbprint data, then check themselves in by placing their thumbs on a machine. Frequent fliers would have their thumbprint data encoded on their frequent flier cards instead of their tickets, Jachnow said.

The German government is also starting to make use of biometric data in travel documents and will start issuing passports embedded with facial data in November. A fingerprint will be added in March 2007.

From Canoe

| Comments (3) | | TrackBack

be careful next time you 'borrow' that wireless signal

posted by:Dina Mashayekhi // 09:27 AM // // Digital Democracy: law, policy and politics

Florida man charged with stealing Wi-Fi signal

St. Petersburg, Fla. — Police have arrested a man for using someone else's wireless Internet network in one of the first criminal cases involving this fairly common practice.

Benjamin Smith III, 41, faces a pretrial hearing this month following his April arrest on charges of unauthorized access to a computer network, a third-degree felony.

Police say Mr. Smith admitted using the Wi-Fi signal from the home of Richard Dinon, who had noticed Mr. Smith sitting in an SUV outside Mr. Dinon's house using a laptop computer.

The practice is so new that the Florida Department of Law Enforcement doesn't even keep statistics, according to the St. Petersburg Times, which reported Mr. Smith's arrest this week.

Innocuous use of other people's unsecured Wi-Fi networks is common. But experts say that illegal use often goes undetected, such as people sneaking on others' networks to traffic in child pornography, steal credit card information and send death threats.

Security experts say people can prevent such access by turning on encryption or requiring passwords, but few bother or even know how to do so.

Wi-Fi, short for Wireless Fidelity, has enjoyed prolific growth since 2000. Millions of households have set up wireless home networks that allow people to use the web from their backyards but also reach the house next door or down the street.

Prosecutors declined to comment, and a working phone number could not be located for Mr. Smith.

See Globe and Mail

| Comments (0) | | TrackBack

Keystroke logging a no-no in Alberta

posted by:Jennifer Manning // 07:44 AM // // Surveillance and social sorting

Wednesday, July 6, 2005

Canadian Press

Lacombe, Alta. — A Privacy Commissioner's ruling against an Alberta library that electronically monitored an employee's computer use means employers have lost one objective way of measuring workers' performance, says the library's director.

Patricia Silver, director of the Parkland Regional Library, ordered the installation of keystroke logging software on the computer of an employee whose productivity was questioned.

When the employee discovered that he had been monitored, he lodged a complaint with Alberta's information and privacy commissioner.

In a decision released last week, Commissioner Frank Work ruled that the library collected personal information about the employee in contravention of the Freedom of Information and Protection Privacy Act.

The employee, who was not named, worked as a computer technician for six months in 2004. Ms. Silver said it was a job where productivity was hard to measure.

“We thought that using an objective check through the computer would be the most fair and objective way to do that,” she said Wednesday.

“If you have something like a cataloguing clerk, if they only catalogue one book a day, you notice. If they catalogue 100, you notice. With that kind of job, it's easy to say either ‘You're doing great work' or ‘You need to be more productive' or whatever. But that's not true of all the areas of our operation.”

Ms. Silver disputed Mr. Work's finding that the library collected personal information on the employee, saying managers never looked at any of the computer files that were logged. She said she believed the keystroke logging would be allowed under a clause in the act that permits collection of information that is necessary for an operating program or activity of a public body.

“Mr. Work felt that it was too intrusive on the employee, and certainly we accept his interpretation and would abide by it in the future,” she said.

“But beyond our case, it raises the question of how do you look at people's productivity and the quality of their work in certain occupations where it's hard to tell, given the technology nowadays?

“We are responsible for taxpayers' money in our organization and we do like to think we give good value in terms of productivity of our staff. So I think that remains a question.”

Mr. Work said the library could have used “less intrusive means” to get the information needed to manage the employee.”

He noted that other library information technology employees weren't similarly monitored.

“This lack of even-handedness further undermines the public body's explanation for the collection,” Mr. Work said.

He dismissed an argument from the employee that the collected information had not been adequately protected.

Mr. Work said he didn't have the jurisdiction to rule on whether or not the employee was dismissed as a result of his complaint. Ms. Silver confirmed the employee no longer works at the library but said his departure had nothing to do with the privacy complaint.

| Comments (0) | | TrackBack

Tim, Tom, Private Sector, Public Sector

posted by:David Loukidelis // 10:18 PM // July 06, 2005 // ID TRAIL MIX

Because my time working in privacy oversight is up I can’t resist writing a piece that looks back, although I also hope to offer a forward-looking perspective on state co-option of the private sector. This is because when thinking about privacy developments over the last six years, I can’t ignore the obvious, can’t overlook signs that the state’s power is being applied more and more to corral or recruit the private sector into surveillance activities.

Before privacy laws or the Charter, there was little if anything to stop police or national security operatives from cajoling or coercing information from private sector organizations. A civic-minded government department or company could blab all it wanted about its customers or employees.

Our privacy laws changed this, although they didn’t really try to put a stop to it. In BC, our public sector privacy law gives public bodies discretion to disclose personal information for law enforcement purposes, without warrant, but there are (some would argue, weak) constraints on this. The same can be said for our private sector privacy law. Still, these laws, together with the Charter, have until recently insulated against over-enthusiastic private sector co-operation with all and sundry state inquiries. Is this still true? If it is, how long will this last?

After the 9/11 attacks, governments everywhere felt compelled to act, and to be seen to act. This was in an important sense responsible of government. It was also mandated by political Darwinism. But a profoundly important aspect of the post-9/11 changes is the blurring of lines between collection and use of personal information for law enforcement purposes under criminal and other penal laws and use for national security purposes. A defining characteristic of police states is the blurring of distinctions between law enforcement and national security functions, the danger being that the rule of law eventually gives way to arbitrary decision-making by law enforcement authorities and the rights of ordinary citizens lose meaning. Democracies depend on clear and effective rules suited to the state activities that the rules are intended to govern and that reflect the essential values of a free society.

In Canada, post-9/11 amendments to the Customs Act and regulations authorize officials to require private sector organizations to provide border officials with extensive advance information about arriving passengers. These changes expanded the federal government’s ability to use and share that information, not only for national security purposes, but also for ordinary law enforcement and other purposes, including (according to government statements in 2002) public health surveillance. The information-sharing authority includes a broad ability to share personal information about Canadians and others with foreign governments. The amendments don’t restrict information-sharing arrangements to national security uses—they could easily include ordinary law enforcement or other purposes defined on a case-by-case basis or in an agreement with another nation.

Also, Public Safety Act amendments to the Aeronautics Act allow the RCMP Commissioner to require any air carrier or operator of an air reservation system to, for the purposes of transportation security, disclose specified information in its control to any person the Commissioner designates. Despite the Public Safety Act reference to “transportation security”, the amendments allow this data to be matched with other data and to be disclosed to assist in executing certain outstanding arrest warrants. This effectively compels the private sector to assist the state, in the absence of a warrant or court order, in surveillance of all air travellers for the broader general purposes of both national security and ordinary law enforcement.

Consistent with these powers to conscript the private sector into both national security and law enforcement activities, Public Safety Act amendments to the Personal Information Protection and Electronic Documents Act (PIPEDA) permit private sector organizations to collect personal information without an individual’s knowledge or consent in circumstances that amount to an invitation to, and in some cases compulsion of, the private sector to assist the state in surveillance for both general national security and ordinary law enforcement purposes.

The Public Safety Act also amended the Proceeds of Crime (Money Laundering) and Terrorist Financing Act to authorize the Financial Transactions and Reports Analysis Centre of Canada to collect information it considers relevant to money laundering or financing of terrorist activities from publicly available information, including “commercially available databases”. FINTRAC is also authorized to obtain, under information-sharing agreements, information maintained by federal or provincial governments for law enforcement or national security reasons.

FINTRAC’s expanded powers point to the fact that, when it comes to co-opting the private sector, 9/11 can’t be blamed for everything. Laundering of dirty money was of sufficient concern before 9/11 to lead to extensive transaction-reporting requirements for banks and others. You can easily find other examples of legislative responses to individually pressing policy challenges that draft private sector organizations into state service in the name of public safety or order. One example is the current federal government lawful access proposals, some of which would apparently require ISPs to hand over at least identifying customer information––and perhaps more––on simple request by state officials, and for a pretty broad range of uses.

Also, at the local level, at least in BC, we see more and more local government bylaws compelling businesses to hand customer information over to police for a variety of reasons. Pawnshop reporting requirements have been around for a long time, but now we’re seeing bylaws requiring businesses to regularly give police information, without request, in a variety of situations (such as information who’s been buying pepper spray, hydroponic supplies or chemicals that could be used to make drugs and who’s been renting mailboxes at commercial mailbox centres).

And governments are now large purchasers of personal information from the private sector. So far this is being seen mostly in the US––think of Total Information Awareness, MATRIX, Secure Flight and so on––but it’d be naïve to think that our own governments will ignore the expanding private sector trove of electronic personal information much longer.

As databases proliferate, become more comprehensive and become lifelong, it’ll be harder and harder to resist those who say that, since the information is out there, the state should be able to use it. Time and time again over the last six years I’ve been told by middle-aged, middle class Caucasian males that they have nothing to hide, so why should anyone else feel differently? Let the government have the information it needs to protect us, they say.

Now, I don’t doubt the good faith of BC’s police agencies––not for a minute. But, thinking thirty or fifty years down the road to a time when the lines between national security and law enforcement have blurred to vanishing, will there be any meaningful rules? If not, will our belief in the good faith of state officials, set adrift without guiding rules, be enough to sustain our privacy and other rights?

David Loukidelis is the Information & Privacy Commissioner of British Columbia.
| Comments (1) | | TrackBack

Don't Let Data Theft Happen to You

posted by:Rafal Morek // 09:55 AM // July 02, 2005 // Digital Identity Management

M.P. Dunleavey never expected to become a victim. In his article in the New York Times, he admits that maybe he should have. Companies like Citigroup, Bank of America, ChoicePoint and LexisNexis have lost, misplaced or otherwise exposed the personal information of tens of millions of people. Dunleavey offers the following tips to protect yourself:

- Curtail electronic access to your bank accounts. Pay bills through snail mail. Avoid linking your checking to savings. Use a credit card for purchases rather than a debit card.

- Protect your home computer with a firewall, especially if you have a high-speed connection.

- Restrict the access to your personal data by signing up for the National Do Not Call Registry (www.donotcall.gov); remove your name and address from the phone book and reverse directories - and, most important, from the marketing lists of the credit bureaus to reduce credit card solicitations. The site www.optoutprescreen.com can help.

- Consider freezing your credit report, an option available in a growing number of states. Freezing prevents anyone from opening up a new credit file in your name (a password lets you gain access to it), and it doesn't otherwise affect your credit rating.

- Rein in your Social Security number. Remove it from your checks, insurance cards and driver's license. Ask your bank not to use it as your identification number. Refuse to give your Social Security number to merchants, and be careful even with medical providers.

Click here for the rest of the article.

| Comments (0) | | TrackBack

main display area bottom border

.:privacy:. | .:contact:.

This is a SSHRC funded project:
Social Sciences and Humanities Research Council of Canada