Author Archive

Opposition to CCTV plans in Oxford

This past week has seen an interesting turn of events in Oxford – city of dreaming spires… and home to more than a few concerned citizens worried about the encroachment of surveillance on their everyday lives. Oxford City Council has been challenged by the Information Commissioner’s Office in England and Wales to justify the need for the city’s taxi cabs to install CCTV capable of recording passengers’ conversations. The ICO’s CCTV code of practice states that: “CCTV must not be used to record conversations between members of the public, as this is highly intrusive.” Much then hinges on whether such a capability is deemed “not excessive in relation to the purpose or purposes for which they are processed” as stated in Schedule 1 of the 1998 Data Protection Act.

Oxford City Council responded that the risk of intrusion is acceptable so long as passengers are informed: “Oxford City Council considers that so long as clear notices are provided in vehicles which inform passengers that video and audio recording may be taking place, the risk of intrusion is acceptable compared to the public safety benefits. In any event, the level of privacy reasonably to be expected in a licensed vehicle is far lower than that expected in the privacy of ones home or own car.”

Local politician Nicola Blackwood, MP for Oxford West and Abingdon, appears to share the concern that voice recording may be a step too far – and has written to Oxford City Council, noting: “CCTV plays an important role in combating crime but that has to be balanced with privacy concerns and used within common sense limits. I would need to see some very convincing evidence of a significant crime and anti-social behaviour problems in taxis that needs to be tackled by this specific measure in order to be convinced that it can be justified, and that it is in compliance with existing Data Protection legislation.”

It will be interesting to see how Oxford City Council react, and whether a compromise may be sought – perhaps CCTV in taxi cabs with just image registering (absent voice recording ). The council has suggested that notices displayed in vehicles, informing passengers that video and audio recording is taking place, is sufficient. However, the council might reflect as to whether all can indeed read such displays: consider the visually impaired, those with a limited grasp of written English, for example. How might they be duly informed of a possible privacy intrusion?

Googling and Doodling Online – At the Cost of Privacy?

How do we balance efficiency and the effective use of resources at work with concerns regarding our personal privacy? How personal should our working lives be? Should we make our diaries accessible so that others can see our availability? Productivity tools, especially where they allow others to consult, can be great at streamlining time-hogging activities such as daily scheduling of Skype calls – but at what price? Just recently I had an invite to schedule a call using Doodle (‘Easy Scheduling’ at http://www.doodle.com/)… Dig deeper into the Doodle’s privacy policy and you’ll see they’re using Google Analytics to measure web traffic on their site. Who’s to know exactly what options under the various privacy settings that Google Analytics allows have in fact been selected? Doodle notes: “A recent survey performed on behalf of Doodle shows that while there are simple tricks and tools that can be used to maintain a lean calendar, most Internet users still organize their calendars in a rudimentary way… 85% don’t use online tools for sharing calendar data or scheduling events.” See:  http://bit.ly/IvUYD3 Why people are not electing to share their calendars online is open to conjecture, but surely a primary concern for many is the thought that other parties might discover there whereabouts, their schedule and, furthermore, determine the same details of their co-workers and clients. This raises a broader question of whether those using online collaboration tools consider the privacy of their peers. Increasingly protecting our online privacy appears to be ‘social’.

EUI Conference – ‘European Internal Security’

On 25 April, Prof. Martin Scheinin (SURVEILLE coordinator) and Ms. Maria Grazia Porcedda (EUI team member) took part in the panel ‘Cyber-security and Cybercrime’ within the Jean Monnet Conference on ‘European Internal Security’ at the European University Institute.

Professor Scheinin, together with Professor Sartor, commented on the presentations given by the panelists, featuring Ms Maria Grazia Porcedda (‘Transatlantic Approaches to Cyber-security: The EU-US Working Group on Cyber-security and Cybercrime’), Mr Ben Wagner (EUI, Failing a Litmus Test? Causes and Consequences of Public Debates on Cybercrime’), Dr Giampiero Giacomello (University of Bologna, ‘Content Analysis in the Digital Age: Tools, Functions, and Implications for Security’), and Ms Francesca Bosco (United Nations Interregional Crime and Justice Research Institute, ‘Cybercrime and Organized Crime: Facing National and International Threats’).

Issues discussed in the panel included inter-disciplinarity, the securitization of cyber-security, the challenges of cybercrime, transatlantic relations, the Council of Europe Convention on Cybercrime, online child pornography, privacy and data protection.

Conference programme:   http://www.eui.eu/Documents/MWP/Conferences/20112012/EISProgramme.pdf

Ex-GCHQ head calls for a revise of RIPA to regulate social media intelligence

At the end of April the think-tank Demos issued #intelligence, a report that was co-written by Sir David Omand, who was the director of the UK Government Communications Headquarters (GCHQ) between 1996 and 1997. The report stresses the value of ‘SOCMINT’, intelligence gathered from social media, as a ‘decisive’ source of information that contributes to public safety. At the same time it stresses that the gathering and use of ‘socmint’ by the state needs to based on a ‘publicly argued and sound legal footing’ – which is currently not the case. In that context the report calls for an overhaul of the UK’s Regulation of Investigatory Powers Act from 2000, which regulates police and intelligence agencies’ access to online data. “An interdepartmental review must review what types of SOCMINT might fall under RIPA 2000 parts I and II, and the relevant degrees and type of authorisation required. Existing mechanisms of oversight for all intelligence and policing work, including the Parliamentary Intelligence and Security Committee and the independent police commissioners, need to determine how SOCMINT should relate to their current procedures and operations.” Public vs private The report also emphasised the distinction between information made openly available on social media sites by users, and that which is protected by privacy barriers such as a password. The report states that only the latter information amounts to ‘intrusive’ or ‘surveillance’ SOCMINT. Open source, ‘non-intrusive’ SOCMINT information would not be used to identify individuals, or as a means of criminal investigation, but would only be used to crowdsource information through Twitter or Facebook in order to gain for instance ‘situational awareness’ in the event of public disorder. If criminal or ‘possible criminal’ activity is found using non-intrusive socmint, state-specific powers should be used to identify individuals and access private information. Access to the latter require a warrant issued by a minister or a judge if the authorities wish to access it. Six key principles The report follows a huge public outcry over a preview of the UK government’s CCDP plans for wider state access to email and digital communications. The report proposes six principles that seem to be inspired by the Europan Court of Human Rights proportionality test, on which the use of SOCMINT by the state – including the Communications Capabilities Development Programme – should be based on. Principle 1: there must be sufficient, sustainable cause Principle 2: there must be integrity of motive Principle 3: the methods used must be proportionate and necessary Principle 4: there must be right authority, validated by external oversight Principle 5: recourse to secret intelligence must be a last resort if more open sources can be used Principle 6: there must be reasonable prospect of success The report further calls on the UK Government to publish a green paper subject to public consultation about how it plans to use and manage social media analysis in the public interest, including for the purposes of public security.

SURVEILLE Kick-off meeting marks initiation of the project

February 29th to March 1st 2012 saw the EUI hosting the SURVEILLE Kick-off meeting at Villa Schifanoia, the home of the EUI’s Department of Law. The event provided an opportunity for SURVEILLE’s project partners to meet with representatives of the European Commission and also discuss the project’s aims and objectives with members of the Advisory Board. Invited experts gave presentations based on crosscutting themes that engage surveillance-related issues.