Children & UK DNA Database

Among the hi-tech tools used by the police in their work is the DNA database. Most countries have or desire one but few have implemented this desire as effectively and frighteningly as Great Britain with their National DNA database.

The Guardian reports that Britain’s National DNA database “is proportionately the biggest in the world and includes the profiles of more than 7% of the population, according to Home Office figures. Almost everyone arrested for a recordable offence is required to provide a DNA sample. Whether or not criminal proceedings follow, DNA records stay on file until the person reaches their 100th birthday.”

Considering the number of innocent (legally not necessarily morally) children stored in the database the 100 year old limit is possibly ageism. The Guardian again:

Genetic information taken from nearly 1.1 million children is now stored on the national DNA database, official figures show, and campaigners believe that as many as half of them have no criminal convictions… The figures show that 1.09 million DNA profiles of people aged under 18 were held on the database with 337,000 under 16.

Of course the police want to keep this tool, and yes the tool is much more effective when more DNA samples are available but maintaining samples of innocent people in this way is, according to the European court of human rights a violation of citizens rights – the courts stated that the methods “…could not be regarded as necessary in a democratic society” (BBC & Privacy International)[1].

Terri Dowty, of Action on Rights for Children, said: “Many children get arrested, have their DNA taken and there is no further action against them or they get a reprimand or final warning. We are collecting massive amounts of data on children, including how likely they are to be criminals, and it runs the risk that we will prejudge them.”

It is more than a little bit scary that despite the protests and criticism the police and politicians in Britain struggle to maintain a system which clearly violates human rights not only of children but even of adults. Since the protesters are now focusing on the negative effects on children it almost feels as if the struggle for innocent adults stored DNA is a losing battle.

[1] European Court Rules DNA Retention Illegal (04/12/2008) Decision of the Court (Doc), Press release from the Court (PDF) & Privacy International amicus brief to the Court (PDF)

Online privacy: rhetoric and reality

What people do and what people say is a notoriously difficult paradox to integrate. Technology Liberation Front writes about the rhetoric and reality of online privacy.

In a nutshell, ask anyone if they care about their privacy and almost 100% of them will say, yes, absolutely. But then ask them about what they do both online and offline on a daily basis and most of them will reveal a very different set of preferences or values when it comes to what “protecting privacy” would mean in practice.

My experience reflects this. Some users are unaware of the privacy implications of their actions (they don’t read the EULA). Other users are disinterested in their privacy even if they say that they are concerned. Still others are concerned about their privacy but are unwilling to pay the price of protecting it.

What this shows is not that privacy is unimportant. It shows that people need help to do the right thing. Compare privacy concerns to dental hygiene: almost everyone claims to be interested and concerned about dental hygiene but do you all floss daily?

A year in New York

Oo! Imagine spending a year in New York. Well Helen Nissenbaum, who does interesting and cool computer ethics (focus on privacy work), is looking to fill a research fellowship:

Areas of focus: Multidisciplinary study of privacy, security, social dimensions of digital networks, values in computing and information system design

The NYU Department of Media, Culture, and Communication is pleased to announce a Research Fellowship/Scientist opportunity in the philosophy and politics of computing, digital media, and information systems, with a special focus on NSF funded research in privacy, security, and social dimensions of networking.

This one-year postdoctoral position is renewable for a second year and carries a teaching load of one course per year, or possibly two, as preferred.

Thanks Michael Zimmer for the heads-up!

Quotable

The Australian Senator John Faulkner seems to be a highly quotable person. Here are two quotes from the New Zealand website Stuff.co.nz

A Facebook posting or a YouTube video, like an ill-considered tattoo, can linger forever.

and

Trying to legislate to control technological development or the ways people use technology is not perhaps ordering the tide to not come in, but it is certainly like trying to empty a bathtub with a teaspoon.

Now that’s a man with a sense for metaphors! The Australian Law Reform Commission recently handed the Government Australian Privacy Law and Practice (ALRC Report 108) a three-volume, 2694-page report which contains 275 recommendations to improve privacy laws. It is being considered by the Government.

Buzzing with FRA

The whole of Sweden is buzzing with the new surveillance law entering into effect in 2009. Or at least many of the Swedish blogs I follow. The outside world is a mystery to me since I am stuck inside writing. Paddy K has written an English version of what’s going on that is well worth reading. Not only that he also lightens my guilt of not actually being more active in publicising the anti-FRA to the non-Swedish speaking world, which is most of you out their since there are only 9 million swedes.

Paddy K also includes the brilliant line:

I guess politicians have short memories. Or scriptwriters with a developed sense of irony.

Thanks I needed a laugh!

The Swedish wikipedia has a good background on FRA. For more about this in English check out EDRIgram, jill/txt, English wikipedia and the Economist.

Universities pimp out students

Information and news tends to come from many strange source but I was really surprised to find a nasty piece of news in the Göteborg Uni student newspaper. To put it bluntly Göteborg University has made a series of larger or smaller errors. Some just bad ideas while others really bad ideas.

In order to ensure that all students can be reached and to be able to take full advantage of information technology someone decided to provide all students with “official” emails ending with @student.gu.se – on the face of it this may seem like a good idea but I really have no idea why. It would have been better to allow/demand/require all students to register an email address but I don’t want to get into that part right now.

The second mistake was to decide to manage the email system themselves. Which resulted in a couple of years of mismanagement, a lot of frustration and a final collapse of the whole system. Ok, so I am exaggerating it was not a collapse but basically the university admitted defeat – and it is here where the local student newspaper comes in – and have handed the administration of the email to Google.

Now this is a development which has been happening without much fuss all over the world Trinity College Dublin, Arizona State University and Linköping University (another Swede) but it kind of hits me square in the nuts when my home university adopts the scheme.

So why does it bother me that Google has taken over student email at Göteborg Uni? Why does it seem that I am the only one who is bothered by what is supposed to be a comforting fact that the students will still have @student.gu.se as their mail?

What really bugs me is that the university has basically sold its students. Not only that, but the university is a public authority and as such should not be promoting a private company in this way. The University of Gothenburg has approximatly 50,000 students (25 000 full-time students) and 5,000 employees.  This public authority is then used to demand of it’s 50 000 clients that they must become reliant on a private company.

As if this wasn’t enough the recent Swedish FRA law allows surveillance of all communications that pass through Sweden. Since Google’s servers are outside Sweden this means that all the students email will be under surveillance.

This is wrong in so many ways but nobody seems to be reacting to the fact that univesities are pimping out their students for the sake of technical simplicity – when this is not necessary!

File Sharing in Britain

Virtual Law@LSE writes that BT, Virgin, Orange, Tiscali, BSkyB and Carphone Warehouse have all signed up to the Government’s new Memorandum of Understanding (MoU) on File Sharing. [BBC, Guardian, Telegraph]

The MOU means that the companies have to work to create a “significant reduction” in illegal filesharing. This may sound easy enough but spying on customers and accusing them of violating copyright law is not really good business – especially for companies whose business it is to sell faster (and more expensive) broadband. The ISP’s have in the MoU agreed to send out “informative letters” to customers whose accounts have been identified as being used for potential file sharing. But as Virtual Law@LSE writes:

It would appear many thousands of people will get letters from their ISPs telling them that the BPI has identified them as potentially being in breach of copyright. The ISPs should be careful here in terms of customer relations. It is never a good idea to tell a customer of your that someone believes them to be a copyright infringer. It will (a) suggest you are snooping on them (which to an extent is true), (b) suggests you are entitled to lecture them on their activities online and (c) suggests you are serving the interests of the BPI not their own customers.

In order to be able to send the letters to suspected file sharers the ISP’s must either monitor all data traffic or only monitor those who use unusually high amounts of broadband. Either way the ISP’s are uncomfortably close to violating peoples privacy. Maybe not in a legal sense and maybe they are acting within the limitations of their customer contracts but still tantamount to surveillence and a violation of privacy.

It is also a form of privatized regulation through technology which sits uncomfortably with the potential freedom that the technology enables…

The Swedish Surveillance State

I am almost ashamed for not blogging and discussing this in more detail. There have been plenty of media, discussions, and a blogging frenzy in the past two weeks…

Short of actually doing the work myself I simplified life – or gave way to my laziness and re-post this post from the EFF

A proposed new law in Sweden (voted on this week, after much delay) will, if passed, allow a secretive government agency ostensibly concerned with signals intelligence to install technology in twenty public hubs across the country. There it will be permitted to conduct a huge mass data-mining project, processing and analysing the telephony, emails, and web traffic of millions of innocent individuals. Allegedly these monitoring stations will be restricted to data passing across Sweden’s borders with other countries for the purposes of monitoring terrorist activity: but there seems few judicial or technical safeguards to prevent domestic communications from being swept up in the dragnet. Sound familiar?

The passing of the FRA law (or “Lex Orwell”, as the Swedish are calling it) next week is by no means guaranteed. Many Swedes are up in arms over its provisions (the protest Facebook group has over 5000 members; the chief protest site links to thousands of angry commenters across the Web). With the governing alliance managing the barest of majorities in the Swedish Parliament, it would only take four MPs in the governing coalition opposing this bill to effectively remove it from the government’s agenda.

As with the debate over the NSA warrantless wiretapping program in the United States, much of this domestic Swedish debate revolves around how much their own nationals will be caught up with this dragnet surveillance. But as anyone who has sat outside the US debate will know, there is a wider international dimension to such pervasive spying systems. No promise that a dragnet surveillance system will do its best to eliminate domestic traffic removes the fact that it *will* pick up terabytes of the innocent communications of, and with, foreigners – especially those of Sweden’s supposed allies and friends.

Sweden is a part of the European Union: a community of states which places a strong emphasis on the values of privacy, proportionality, and the mutual defence of those values by its members. But even as the EU aspires to being a closer, borderless community, it seems Sweden is determined to set its spies on every entry and exit to Sweden. When the citizens of the EU talk to their Swedish colleagues, what happens to their private communications then?

When revelations regarding the United Kingdom’s involvement in a UK-US surveillance agreement emerged in 2000, the European Parliament produced a highly critical report (and recommended that EU adopt strong pervasive encryption to protect its citizens’ privacy).

Back then, UK’s cavalier attitude to European communications, and its willingness to hand that data to the United States and other non-EU countries, greatly concerned Europe’s elected legislators. Already questions are being asked in the European Parliament about Sweden’s new plans and their effect on European citizen’s personal data. Commercial companies like TeliaSonera have moved servers out of Sweden to prevent their customers from being wiretapped by the Swedish Department of Defence. Sweden’s own business community have expressed concern that companies may move out of Sweden to protect their private financial data.

Sweden has often led the charge for government openness and consumer advocacy, and has, understandably, much national pride in seeing its past policies exported and reflected in Europe and beyond. Before Sweden’s MPs vote next week to allow its government surveillance access to whole Net, they should certainly consider its effect on their Swedish citizens’ privacy. But it should also ponder exactly how their vote will be seen by their closest neighbors. If the Lex Orwell passes, Sweden may not need something so sophisticated as a supercomputer to hear what the rest of the world thinks about their new values.

Zero Privacy in UK

The Times has an article on the recent proposal has been put forward in England to create a massive government database holding details of every phone call, e-mail and time spent on the internet by the public.

Naturally this is all being done in the effort to fight crime and terrorism. Against what? Systems such as these are massive threats against democracy and weaken the whole legitimacy of government. Unfortunately instead of kicking and screaming most people still seem to believe that as long as they have nothing to hide then total surveillance is not a problem.

As if nothing bad ever happens to innocent people…

Spying violates privacy

The BBC online report that the Federal Constitutional Court in Karlsruhe have found that cyber spying violates individuals’ right to privacy and could be used only in exceptional cases.

Germany’s Federal Constitutional Court has rejected provisions adopted by the State of North Rhine-Westphalia that allowed investigators to covertly search PCs online. In its ruling, the court creates a new right to confidentiality and integrity of personal data stored on IT systems; the ruling expands the current protection provided by the country’s constitutional rights for telecommunications privacy and the personal right to control private information under the German constitution.In line with an earlier ruling on censuses, the judges found that the modern digital world requires a new right, but not one which is absolute ­ exceptions can be made if there is just cause. The judges did not feel that the blanket covert online searches that North Rhine-Westphalia’s (NRW) provisions allowed fell under that category; rather, these searches were found to be a severe violation of privacy.

The court explained that strict legal provisions apply for covert online searches of PCs, as with exceptional cases of telephone tapping or other exceptions to the right to privacy. Specifically, the judges say that private PCs can only be covertly searched “if there is evidence that an important overriding right would otherwise be violated.” (via Heise Online).

Here is the ruling in German.