Not Saussure

April 1, 2007

Royal Academy of Engineering report on privacy and security

Filed under: civil liberties, Politics, UK — notsaussure @ 9:27 pm

Somewhat belatedly, I’ve been looking at the Royal Academy of Engineering’s report, published last week, on Dilemmas of Privacy and Surveillance – challenges of technological change (pdf), and very interesting it is, too, particularly for a non-scientist like me. It’s a very wide-ranging study which examines the potential threats to privacy posed by the increasing use of surveillance and data collection, and the increasing power of the technology behind it, which often under-estimated, and tries to argue that, if systems are properly designed — essentially on the principle (not fully appreciated by the government, one fears) that citizens should be required to divulge the bare minimum of information necessary for a particular purpose, and that it must be kept as secure as possible — then it’s possible to design for both increased security and increased privacy, which is nice if it works.

Pleasingly, they have a couple of answers to Polly Toynbee’s spectacularly fatuous observation about ‘if Tesco knows what I buy, I am having trouble frightening myself’; it is, they suggest,

not entirely absurd to imagine that supermarket loyalty-card data might one day be used by the government to identify people who ignored advice to eat healthily, or who drank too much, so that they could be given a lower priority for treatment by the NHS. Whether this should be considered a misuse of the data is debatable, but it would certainly constitute unwelcome ‘function creep’ for the individuals whose data were initially collected for wholly different purposes. (p. 22)

and it is still less absurd to worry, particularly since so many supermarkets are diversifying into financial services, lest

If records of people’s food shopping and therefore eating habits are created and retained, could such data be accessed
and used by health insurance companies to raise premiums? Or by healthcare providers requiring unhealthy eaters to
pay the costs of treating diet-related diseases? (p 35)

This concern is widely shared by people who work in the business, by the way, which is why a lot of people who design the software for loyalty cards won’t use them. The report doesn’t so much argue that this should be stopped as that people should be aware of the implications of what may be done with their data, so they may give their informed consent, which few people, I think, are. Clearly Polly Toynbee isn’t, for example.

The whole report is well worth reading, but two things in particular struck me. One is a fascinating discussion of a technology of which I was unaware but apparently makes the potentially insecure (because it can be remotely scanned and cloned) RFID technology in the new passports redundant. There’s apparently something called Laser Surface Authentication, developed by a company called Ingenia Technology (where there’s an extensive video presentation, among other things) that

involves identifying documents, including passports, by means of their unique individual surface qualities. Paper documents and plastics such as credit cards have unique microscopic surface qualities that arise from the arrangement of paper fibres or the way that the plastic has set. These qualities cannot be controlled and cannot be copied, and they are unique in every case – rather like human fingerprints. Ingenia have devised a way of scanning documents to reveal these surface properties, which they refer to as the ‘LSA fingerprint’. The system they have created is ‘read-only’, the document is passive, it is simply scanned and a record of its surface features is recorded. This record will be put on a database alongside an appropriate description – say the details of the passport owner in the case of the passport. If the document is read again this description will be picked out.

This makes them pretty much unforgeable, since the database is trying to match the details against those recorded for the original document rather than for the purported holder, and the report also suggests that details could be held not on a database but actually on the passport itself, in the form of a bar-code that’s been strongly encrypted using the actual document’s ‘fingerprint’ as part of the key. I don’t know enough about encryption to say whether this is a good idea or not, but the RAE seem quite keen on it, and it’s certainly interesting that there’s potentially a far better and more secure technology available than the one to which we’re being committed.

The other aspect of the report I found particularly interesting is the fact, which I hadn’t really appreciated and which is discussed at length in section 6.1, that

technical changes have rendered tape-recorded surveillance an obsolete technology, and the term CCTV is now for the most part a misleading label. Modern surveillance systems are no longer ‘closed-circuit’, and increasing numbers of surveillance systems use networked, digital cameras rather than CCTV. The continued use of the term is an indicator of a general lack of awareness of the nature of contemporary surveillance, and disguises the kinds of purposes, dangers and possibilities of current technologies.

The report prefers the term ‘public webcams’ to CCTV;

Although most surveillance cameras do not broadcast to the Web, and are therefore not webcams as such, the way that they function makes them very similar to webcams. For example, they can be – and often are – linked as a network covering a wide space; their footage can be streamed to the Internet or TV; the footage is stored digitally and it can be searched using image searching technologies. These webcams are public in that they capture images from public spaces, including images of members of the public. They change private or anonymous behaviour into publicly available images, and they can potentially transmit for public consumption anything captured digitally.

In consequence,

Just as public awareness of how public webcams exist and change public spaces is lagging, so law and custom has been slow to respond. The ubiquity and power of public webcams calls for greater attention to the impact of digitisation on privacy in the public realm, and an end to complacency associated with outdated perceptions that belong in the CCTV era.

One possible solution to the problem, they suggest, is rather like one that came up in a discussion Dan Goodman, of The Samovar, and I were having here recentlyabout the way some anarchist theorists apparently want almost completely to do away with privacy because it leads to imbalances of power. The RAE seems to be thinking on similar lines, pointing with admiration to a scheme being tried out in Shoreditch, where it was apparently thought up by the residents. The idea is that

Residents in a specified area are able to access a ‘community safety channel’ showing images from surveillance cameras in the area. Any suspicious behaviour seen on the channel can be immediately reported to the police via the TV set […] Access to the surveillance footage is controlled in a number of ways. Images from the cameras will be broadcast in 30- second stints, on a loop. Residents will not be able to direct the coverage or record it. (Section 8.4.2, p 49)

As the report suggests,

Such a system might be thought to be a greater intrusion on privacy than the one we have at present. The group Liberty has already expressed concern that the system will infringe on peoples’ privacy. There is also the risk that such a public webcam would be misused. Therefore, it would have to be designed and implemented in a way that prevented it from being misused by neighbourhood ‘spies’ or stalkers, opportunist thieves, or oppressive parents or spouses.

However, argues the report,

Several options are available for this. Like the footage available to residents in Shoreditch, it should not be within the power of the individual to control the cameras, by directing them or zooming in on particular areas. However, community members should be able to complain about and thereby alter the positioning of a camera, if they believe the camera is watching over an area where it is not needed, or is excessively intrusive. The images to which the public have access could be limited to those taken from some height, so that whilst an overview of an area is available, revealing whether there are people around, their general behaviour and so on, it is not possible to ‘spy’ on exactly what one’s neighbour or teenage offspring is up to. If these options are still deemed to be too intrusive, a more limited system would allow the community to access intermittent stills taken from the cameras. This would show where the cameras are positioned, without allowing them to be used to watch one’s neighbours for extended periods of time.

I can see the argument that this surveillance is going to happen anyway, given our successive governments’ obsession with video surveillance and, if people know the extent of the surveillance, and know it’s their neighbours watching, the extent to which we’re willing to tolerate will be much more limited. However, I think there’s a major flaw; the main practical use of CCTV/public webcams is, in general, to provide evidence after a crime’s been committed, either when the police are investigating it or when it comes to trial. The idea of the operator spotting trouble and dispatching the police to deal with it (or the resident of Shoreditch seeing it on the TV and phoning 999) is all very well, but rather depends having officers available to attend to the emergency and this is not always the case. Unless we’re going to have a public system, which anyone in the area may access, and a private one, which we trust the authorities only to use with good reason, then I don’t see that the system’s going to be much practical use. People will see trouble going on in the street, phone the police and wait for them to arrive. And wait… But at least they’ll have something to watch while they’re waiting.

Such reservations aside, the report is very much worth reading. Too much of the discussion of security and privacy is, as the report makes clear, conducted without any detailed knowledge of the technology and its implications. Our government is, it will come as no surprise, apparently sadly deficient in such knowledge, as is evidenced by its handling of major IT projects in what the RAE considers (like most people who’ve looked at it) complete defiance of most known database design and project management principles.

Technorati Tags: , , , ,

Advertisements

5 Comments »

  1. If you haven’t come across the term, you might like to look up “sousveillance”. It’s a useful concept.

    I haven’t read this report yet although I should. Did you read the ICO surveillance society report? I wrote three entries about it which you might find of some interest, starting here.

    Comment by Dan Goodman — April 2, 2007 @ 4:00 am

  2. The RAE report does, in fact, talk about ‘sousveillance,’ in a very negative way:

    However, the danger more likely in present times is that if technology continues to evolve along current lines, ‘Big Brother’ will end up being more powerful than Orwell envisaged (in the sense that we will have far less individual privacy), though it may not be government that will be empowered. In a world of matchbox-sized camcorders and camera-phones, of always-on broadband and RFID, ordinary people (not a government agency, supermarket or the police) will be the nemesis of privacy. The Internet has the potential to democratise and decentralise Big Brother, as it democratises and decentralises many other phenomena; Big Brother may be ‘us’, not ‘them’.

    This form of ‘ground-level’ surveillance has been called “sousveillance”. By its nature it is not under control and there are no transparently obvious ways to bring it under control. If a major retailer were to abuse customers’ privacy, those customers could at least look to an industry code or to a watchdog to do something about it. If a government department does something irresponsible with personal data, there is recourse to complain to an ombudsman. But if someone with a camera – phone takes a picture of a businessperson going to a sensitive meeting and then e-mails it to a competitor, it is hard to imagine what could be done about it.

    Sadly, some people will find the temptation to do such things as putting a Trojan horse on a neighbour’s TV or in a colleague’s PC overwhelming. It is not only blackmailers or tabloid journalists that will be tempted to look at a celebrity’s medical records or a politician’s itemised phone bill. This is hardly a far-future speculation; the state of PC and Internet security is often so poor that it is already easy to do. A vision of the future can be found in the 2005 scandal in Israel, in which a number of businesses-including a TV company, a mobile phone operator and a car importer – apparently used a Trojan horse (believed to have been written in the UK) to spy on business rivals. (section 3.2.1)

    Seems to me that the term is too widely used to be much use; it can mean anything from filming CCTV cameras as a means of protesting against their ubiquity to snooping on and harassing people you don’t like, be they identifiable individuals (employees of companies that conduct experiments on animals, for example) or whole groups; I think in Texas loads of people were perfectly happy to watch live webcam feeds of the border so they could alert the authorities to illegal immigrants trying to enter the US and, even the other day, the profoundly bonkers Michelle Malkin seems to have got in on the act with a form of sousveillance that boils down to ‘let’s harass Muslims’.

    I’d read parts of the ICO report — I look forward to reading your articles on it.

    Comment by notsaussure — April 2, 2007 @ 10:55 pm

  3. Yes, it’s definitely not straightforwardly clear that sousveillance is a good thing. Still – worth knowing about anyway.

    Comment by Dan Goodman — April 2, 2007 @ 11:15 pm

  4. […] under: UK, Uncategorized — notsaussure @ 11:23 pm Sorry, no blogging today, partly since Dan Goodman has had me looking up sousveillance, about which I may be writing shortly, but I can’t […]

    Pingback by What the papers say « Not Saussure — April 2, 2007 @ 11:23 pm

  5. “Equiveillance” is an interesting contrast to sousveillance, and an idea worth exploring I think.

    Nice comments on the RAEng report.

    Comment by Ian Brown — April 14, 2007 @ 3:24 pm


RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Create a free website or blog at WordPress.com.

%d bloggers like this: