link to briefings documents at magnacartaplus.org
 

Magna Carta Plus News

back to magnacartaplus.org index page
orientation to the news at MagnaCartaPlus.org

short briefing dcuments at MagnaCartaPlus.org

This page provides occasional items, linked to the original articles, as we attempt to keep up with the rapidly changing situation on civil liberties.
Archive of old news service:
2002 - 2004

1st Jan to 9th Sept 2005

Google
 
Web magnacartaplus.org

Getting the cattle to tag themselves

Posted by James Hammerton @ 2:45 pm on 11 February, 2006.
Categories privacy and surveillance.
Edit This Permalink to this article

Fancy a pint? You’ll need to give your fingerpint…

According to this report in the Times:

WITH 45 pubs and half a dozen clubs, the centre of Yeovil in Somerset can seem like the Wild South West on a Saturday night.

Groups of young people make their way from Globetrotters to The Beach or the Chicago Rock Café. If they are refused entry to one they can always try another.

Not any longer. Yeovil is to become the first town in Britain to install “biometric” fingerprint scanners in pubs and clubs that will instantly identify potential troublemakers. If it is successful, the government-backed scheme could be extended to other towns.

Five clubs, including those mentioned above, have so far signed up for the trial, which is being backed by Avon and Somerset police. The scheme’s backers hope that the rest of the town’s licensed premises will join “within months”.

Clubbers and drinkers will be asked to register by providing proof of ID and personal information including name, address, date of birth and a photograph. They will then have the print of their right index finger scanned on to a computer.

Each time a person enters premises in the scheme his or her finger will be scanned, bringing up a list of personal details. In return for participating, people will no longer have to produce means of identification on entry to nightclubs.

Although a few venues elsewhere in Britain have introduced fingerprint scanners, this is the first time they have been “networked”. If someone is identified as a troublemaker his or her details can be flashed to other licensed premises within seconds, giving doormen warning to look out for them.

And if fingerprints don’t work, I fear there is an alternative:

The old excuse ‘I’ve left my wallet at home’ will soon no longer hold when it’s your round. A nightclub is about to offer its regulars the option of having a microchip implanted in their arm that will obviate the need to carry cash or plastic.

Queuing for entry or a drink at the bar would also become a thing of the past when the ‘digital wallet’ is introduced by Bar Soba in Glasgow. The chip is already proving popular with VIP members at two nightclubs in Barcelona and Rotterdam.

While the concept strikes critics as Orwellian, others believe that, as we stride ever-closer towards a cashless society, it is only a matter of time before the chip becomes a method of fraud-proof common currency.

Brad Stevens, owner of Bar Soba, said his motivation for introducing the technology was to be cutting-edge and to reward loyal customers. He said he had received a surprisingly enthusiastic response from regulars.

Is the UK Passport Service developing an alternative identity card and database?

Posted by James Hammerton @ 8:26 pm on 29 January, 2006.
Categories privacy and surveillance.
Edit This Permalink to this article

John Lettice, writing in the Register, suggests that the UK Passport Service is developing a scheme very similar to the proposed ID card plus identity register of the Identity Cards Bill (from page 2 of Lettice’s article):

Baroness Scotland helps explain the extent to which the National Identity Register already exists: “We have called the central new database ‘the register’, but noble Lords will be familiar with the fact that the Passport Office currently has a database. When we include the biometric data that will come from facial recognition and fingerprints, that information will have to be contained on that database. As a result of the demands made on the service, we have now piloted passport validation, a commercial service that will come on stream in 2006. It is demand-led because, even under the current legislation, there has been a demand for that from the business community.

“All of those items are coming anyway, and the passport service will have to provide for them. So if we look at the differences between the service that will be provided now and that which we anticipate will be necessary to be provided in the long term, the differences are not great. I will list them. A database of basic personal information and biometrics exists, and that will continue. An identity document that stores information, including biometrics, is already provided. The ability for banks and other organisations to validate identity documents with consent exists now in pilot form. Disclosure to the police and other agencies of data held on the passport database happens already, and this would include the equivalent audit usage data.
Click Here

“So what is new? The production of cards as well as passports is new. We do not currently record changes of address, but we propose to do so in the future. The IT infrastructure will be slightly bigger; and the scheme will be enforced; that is, civil penalties, mainly post-compulsion.”

You can see the inexorable logic when it’s put like that. The database will exist, will include biometrics, and via passports alone will ultimately cover 80 per cent of the UK population. The Passport Service’s transformation from a document-centred to a person-centred database positions it as the sole custodian of ‘gold standard’ identification in the UK, and the inclusion of biometric ID capabilities tying the individual to the identity document produces further potential benefits. When you go down to the bank to prove you exist, the bank can use a reader to associate you with the identity document, and all of the other claimed ID scheme benefits follow from there.

From this kind of perspective the fact that the UKPS ID Register (or, erm, “database”, as Baroness Scotland puts it) can only ever cover those in the population who’re UK passport holders is clearly anomalous. But if the ID scheme died and the Government nevertheless continues with the approach, and passport-linked biometric ID infrastructure begins to grow through Government and the commercial sector, we can anticipate how the tentacles will grow.

People might start demanding that ID documentation in a more convenient format (Passport Lite?) be issued. And you could envisage other Government departments (DWP, NHS and DVLA being obvious examples) increasingly using the UKPS database systems for the validation of their own existing ID documentation and systems, and dusting off plans to morph driving licences into ID cards, and to produce “entitlement cards”.

A further point to note here is that apparently the UK Passport Service scheme is being created via the government exercising its powers of “Royal Prerogative”, meaning that Parliament doesn’t get a look in. For details see page 3 of Lettice’s article.

Another Lords defeat for the Identity Cards Bill

Posted by James Hammerton @ 8:48 pm on 23 January, 2006.
Categories privacy and surveillance.
Edit This Permalink to this article

The BBC reports that the House of Lords have inflicted another defeat for the government over the Identity Cards Bill:

The government has been defeated twice in the Lords over its Identity Cards Bill, as opposition peers attempt to make the scheme entirely voluntary.

Ministers want applicants for passports and driving licences to be obliged to go on the ID card register.

But peers decided by 186 votes to 142 - a majority of 44 - to ensure that entry on the list is voluntary.

The government lost again when peers called for a separate Act of Parliament before cards could be made compulsory.

The votes were among a series of Lib Dem and Tory amendments aimed at making sure people have a choice.

These defeats followlast week’s amendment requiring the government to produce a detailed estimate of the costs of the scheme before the scheme can go ahead.

It is interesting to consider now what these defeats mean. When the bill goes back to the House of Commons they have the choice of overturning the amendments and sending the bill back to the House of Lords, or of accepting the amendments, or of using the Parliament Act to overrule the House of Lords. However, the last option would require the Bill to be reintroduced to Parliament in the next Parliamentary session resulting in a year or so’s delay.

So the critical questions are whether the government wishes to tough it out, playing ping-pong over the bill with the House of Lords, whether the House of Lords will insist on these amendments and whether Labour MPs will be swayed to back e.g. the amendment requiring a complete costing of the scheme. The government is ludicrously holding some figures back on “commercial” grounds — this is taxpayer’s money they’re proposing to spend and they want to keep MPs and the public in the dark over the costs.

If the House of Lords insists on its amendments, the government will either have to accept them or accept a year’s delay in implementation. If it accepts the amendment about costing, that will also delay the bill. If they accept the amendment making getting a card and being registered voluntary for those applying for the passport, they will accept delays in take-up of the scheme should it go ahead.

Whichever way it goes buys more time for those opposed to the scheme to campaign against it either in terms of stopping the bill, or in terms of persuading large numbers of people not to register whilst the scheme is entirely voluntary.

The crucial variable is that the House of Lords must not back down. Backing down will let the government get the bill on the books on its own timetable, with those who apply for or renew passports being compelled to register (or forgo having a passport).

Lords defeats for British government on ID cards and Terrorism bills

Posted by James Hammerton @ 10:06 pm on 17 January, 2006.
Categories privacy and surveillance, political liberties, democracy and the rule of law.
Edit This Permalink to this article

The House of Lords has passed some opposition amendments to both the Identity Cards Bill and the Terrorism Bill.

Regarding the Identity Cards Bill, it has been amended so that the government must disclose their estimates of the full costs of the scheme before it can go ahead:

The victory by Tory and Liberal Democrat peers together with some Labour rebels means that Charles Clarke, the Home Secretary, will have to come up with hard figures for the scheme, which an independent report has warned may cost as much as £19 billion over the next decade, about the same as the development and purchase cost of the Royal Air Force’s new Eurofighter.

The Home Office will now have to present its costings to the Commons and the National Audit Office, meaning that Labour MPs opposed in principle to what has been mocked as a “breathing licence” will get another chance to vote against it.

Furthermore:

Yesterday’s vote of 237 to 156 follows two reports from the London School of Economics warning of the potentially colossal price of equipping every adult in Briton with a card. The only figure made available by the Home Office so far is one for annual running costs of £584 million.

But that refers only to the Home Office and not to other departments that will have to alter systems and install equipment such as “readers” capable of verifying biometric data.

In addition, there is no mention of the enormous capital cost. The LSE has warned that the charge for each card may have to be £300 just to cover costs.

The Government has concealed its estimate on the grounds that IT companies bidding to supply hardware and software would use it as a minimum start point in negotiations. But that argument was rejected by opposition peers, who said that such a lucrative deal would have companies scrambling to undercut each other.

Clearly the government will say anything to try and hide the full cost to taxpayers represented by this scheme. Having to produce a full costing of the scheme may help those who wish to see it kicked into the long grass, by delaying it further.

Meanwhile the Lords have also passed amendments to the Terrorism Bill, removing the offence of glorification of terrorism and redefining the offence related to publishing a terrorist publication so that someone would commit the offence only if they acted recklessly or with intent.

How to fool biometric scanners

Posted by James Hammerton @ 8:15 pm on 7 January, 2006.
Categories privacy and surveillance.
Edit This Permalink to this article

Another catch-up item. The British government has placed great faith in biometrics to make their proposed identity cards secure. Yet it seems many biometric scanners can be easily fooled:

  • For example, Play-Doh has been used to fool fingerprint scanners:

    Associate Professor of Electrical and Computer Engineering Stephanie Schuckers and her team at Clarkson University found that most scanning systems can be fooled 90% of the time by taking a mold of the mark’s finger, filling the mold with Play-Doh, and using the fake digit to gain access.

    However the authors designed an algorithm that takes perspiration into account and it was only fooled 10% of the time.

  • If you’re not sure about the Play-Doh, you could always try using gelatine, which was found to fool the scanners 80% of the time.
  • Should you wish to fool an iris scanner, it seems printing a photograph of the iris, cutting a hole where the pupil is and looking through it will suffice. OK, you’ll look rather conspicuous if you’re at an iris scanner peering through bits of paper, but it does suggest that an appropriately designed contact lense would suffice. The linked article also gives you more ways of fooling that fingerprint scanner. The article also pointed out that showing live video of a registered person to the camera was enough to fool a facial recognition system.

30,000 people wrongly matched to names on US terrorist watch list

I have a backlog of items I wish to mention on this weblog, the first of which is this one…

On 6th December 2005, an article from ZDNet reported that:

WASHINGTON–About 30,000 airline passengers have discovered since last November that their names were mistakenly matched with those appearing on federal watch lists, a transportation security official said Tuesday.

Moreover the article states:

After submitting their notarized forms and identifications, and waiting for evaluations, the vast majority of the people mistakenly matched to names on the watch list have now been added to a “clearance” list. That doesn’t mean their names are erased from the watch list. In fact, travelers who go through the paperwork are told, Kennedy said, that “it will not quote ‘remove’ you from the list because the person we’re still looking for is out there.”

Instead, their names are put on the separate clearance list, which means they typically can’t check in for flights at an unmanned kiosk and must approach the ticket counter to explain their situation and have an airline employee match their name to the clearance list.

So, after being repeatedly hassled by security staff at airports, you find that your name mathces one on a government watch list. You tell the government there must be some mistake. They get you to fill in a form requiring 3 notarized forms of identification and wait for 45 to 60 days for them to evaluate your case. After which, if they conclude that there is indeed some mistake, your name gets put on another list, and you still find yourself having to explain things to the airport staff each time you travel.

And it could be worse. If you’re really unlucky you might find yourself detained, schackled, beaten, photographed nude and injected with drugs simply because your name matches that on someone’s list.

Some much for the innocent having nothing to fear from such measures.

One would have hoped the global war on terror was conducted by people who realise that a name might be shared by more than one person…

See Bruce Schneier’s article for further discussion.

The rise of Big Brother Britain

Posted by James Hammerton @ 9:19 pm on 3 January, 2006.
Categories privacy and surveillance, political liberties.
Edit This Permalink to this article

Firstly, I wish a Happy 2006 to all the readers of Magna Carta Plus and apologise for the lack of posting on the blog recently.

But now to the main purpose of this post. It is clear that Britain is developing the infrastructure for the mass surveillance of the general public, with almost every aspect of their lives coming under surveillance — and other countries have made their own steps down this road. This trend stretches back to the rise of CCTV in towns and shopping centres during the 1990s, but the trend is now accelerating. There are several lines of development:

  • The monitoring and storage of communications data. By the term “communications data” I mean the data covered by Section 21(4) of Britain’s Regulation of Investigatory Powers Act(RIPA) 2000. This data includes information about who you communicate with and even the location of your mobile phone when switched on. Under RIPA, the security services (MI5, MI6, GCHQ), the inland revenue, customs & excise and the police can monitor this information on their own authority, however the “Snooper’s Charter” extended such powers to local authorities and numerous quangoes (see the discussion of the “Snooper’s Charter” here).

    Thus far we merely have a broad power to monitor individuals who are under suspicion, but under the Anti-Terrorism Crime and Security Act 2001, the British government asked communications providers to store communications data for upto 2 years for retrospective trawling, under threat of bringing in a compulsory scheme for such retention if they failed to cooperate. Then, during the recent British presidency of the EU (which ran through the last 6 months of 2005), they pushed the EU to adopt a directive requiring the retention of this data for 6 months to two years across the EU. This directive was adopted in December. This means that data about who you communicate with electronically will be stored for upto 2 years, regardless of whether you’re suspected of a crime, and made available for retrospective trawling.

  • The monitoring of car journeys. A number of systems which use CCTV and/or Automatic Number Plate Recognition(ANPR) to record every journey in a particular area have been developed, such as:

    However more ambitious and more worrying are plans to use ANPR to track people’s journeys and store the details for 2 years for retrospective trawling, as reported in the Independent and the Sunday Times. And in the longer term there are even proposals to track every single car journey made in Britain by requiring all cars to have satellite trackers in them (see also Spy.org.uk’s discussion).

  • The government’s Identity Cards Bill. If this goes ahead, every time your identity is checked, it’ll be recorded on the national identity register. The government intends identity checks to be required for everything from opening a bank account or enrolling your kids at school through to registering with a doctor — thus this database will record everyone’s activities in considerable detail.

The trend is clear. The government is collecting more and more information about us and storing it for future analysis, regardless of whether we’re suspected of doing anything wrong. It is moving us steadily closer to a state where we are under surveillance in all our activities 24/7. Yet there’s barely any protest about these developments and indeed some seem to welcome them.

Entertainment business wants data retention to be used to track copyright infringement

Posted by James Hammerton @ 8:23 pm on 3 December, 2005.
Categories privacy and surveillance, democracy and the rule of law.
Edit This Permalink to this article

The Register reports that the Creative Media and Business Alliance have written to MEPs asking for retained communications data to be used to enforce copyright, and other intellectual property rights:

The entertainment industry is trying to commandeer the proposed European directive on data retention to help it prosecute filesharers in the European Union, it has emerged.

The newly-formed Creative and Media Business Alliance (CMBA), an informal grouping (it says) of companies including Sony BMG, Disney, EMI, IFPI, MPA and Universal Music International, says it wants the data protection directive to be modified specifically so that it can be used to go after pirates.

In a letter to all MEPs, the CMBA said:

“We would appreciate your support in ensuring that this becomes an effective instrument in the fight against piracy”.

It went on to ask MEPs to amend the directive so that it covers all criminal offences, not just the “serious” ones of organised crime and terrorism, and that law enforcement’s access to the data should not be limited.

When it voted on Wednesday, the European parliamentary committee on civil liberties did keep the word “serious”, but only as defined in the European arrest warrant, which includes piracy.

According to Suw Charman, founder of the Open Rights Group, this means the door is officially open for the entertainment industry to use legislation designed to protect European citizens from terrorists to prosecute them instead.

The push for the retention of communications data has hitherto been justified as a means of fighting terrorism and organised crime. Now we see the entertainment industry are pushing for it to be used to investigate copyright infringement. This is a pattern one can often see in government, where legal powers introduced for one purpose are later extended for other purposes, i.e. function creep.

The Open Rights Group note how this proposal ties in with another proposal to make copyright infringement a criminal offence (it is currently merely a civil offence):

Now tie this in with IPRED2, another nasty bit of legislation which criminalises all “intellectual property” infringement on a commercial scale and “aiding and abetting such infringement”, with very thin definitions of what “commercial scale” or “intellectual property” means. The two directives together become even more alarming.

IPRED2 mandates that the police work with rightsholders to pursue suspected cases of IP infringement - including patent infringements - or merely vocal encouragement of infringement. And the Data Retention directive provides them with reams of data they can mine for evidence against these suspected infringers.

At the latest IPRED2 hearing, that’s exactly what the CBMA’s parent organisation, the International Federation of the Phonographic Industry (IFPI), demanded.

This opens up a very ugly can of worms where entire industries can get unparalleled powers of investigation, provided at the taxpayer’s expense.

Moreover, if the CMBA get their way, the number of data retention enquiries that the telcos and ISPs will have to process will be far higher than if restricted to terrorism and serious crime. This will put far more pressure on the telcos and ISPs who will not only have to bear the cost of storing the data, but also of providing access to the information to the authorities.

They also point out that:

Both Data Retention and IPRED2 are being frogmarched through the European Parliament at an alarming speed. Votes are being held by three committees over the next few days on Data Retention, with secret meetings going on in the background between the Council, the Commission and the Parliament, with the aim of reaching a tacit agreement on what this legislation should look like.

On 13 December 2005, the Parliament votes on the Data Retention directive. Usually, they get two stabs at it, with the Council having a say in between. This time, they get just one vote.

This time, MEPs will have just a few days between being presented with the proposed legislation as drawn up in the secret meetings and being expected to come to an informed, considered decision on whether it should become law.

DVLA data for sale

Posted by James Hammerton @ 10:55 pm on 1 December, 2005.
Categories privacy and surveillance.
Edit This Permalink to this article

Samizdata have higlighted the following article from The Times, about the DVLA’s selling of information about drivers to all sorts of businesses:

What is happening is this: requests come in from businesses that have relevance to parking — clampers, car park managers, even a financial services company that happens to have a car park in which, notionally, people might leave their cars without permission. The DVLA charges a few thousand pounds for a link to its database, and thereafter the commercial company has only to tap in any registration number to be sent the owner’s name and address. If crooked, it could collect car numbers from anywhere in the country, enter them and thereafter know when you are away from home. Or it could send you threatening letters, of extortion or blackmail, citing your car details and claiming a violation.

But the DVLA wouldn’t deal with such people, would it? Yep. It does. It has been forced to hand over its list of the 157 companies registered to buy personal information about drivers — the list includes bailiffs, debt collection agencies and financial services companies. DVLA bleats that it is obliged — under an undebated Statutory Instrument of 2002 — to sell the information to anyone with “reasonable cause”. Well, almost anyone can claim that a car might park in their space. Thus a credit company, which bombards us all with mailshots offering loans, is on the list because it’s got a company car park. Nor does DVLA check that it is not selling the list to people with criminal records: it deals with Aquarius Security — clampers whose management were found guilty of blackmail at Bristol Crown Court and given prison sentences. One of them was already on an ASBO after being accused of driving his truck into a 60-year-old man, breaking his knee. They clamped one young woman’s car in the middle of a three-point turn. But the DVLA saw nothing wrong in selling that company addresses for £2.50 each so that they could find other citizens to harass.

Other people who can get your address just by noting down your registration number include a car park management company, which without issuing tickets or reproofs sends bills for £170 to people it has secretly photographed overstaying the free limit in supermarket car parks, and another which notoriously forced an Olympic athlete to pay £335 to retrieve a clamped car in Swindon.

This situation illustrates an important point.

We cannot trust the government with our personal data.

Therefore we should minimise the data the government collects on us to only that which is necessary for it to carry out its functions, and it should be illegal for the government to use this data for purposes other than those for which it was collected or to share it with others, without our consent.

The police should only be allowed to get hold of such data, for the purposes of criminal investigation, only if they get a warrant from a judge and only if the person concerned is subsequently informed about it once the investigation is over or once charges are brought against that person.

Unfortunately the government has been reducing the barriers to the sharing of personal data, and is recording more and more data about us.

A final point regarding the identity cards bill. The government has been trying to sell the use of the national identity register to businesses, e.g. see:

Given the DVLA’s selling of information to businesses and the govt’s desire for businesses to make use of the ID cards and national identity register, can we trust the data held on the NIR not to find its way into the hands of advertisers, crooks and others who’d abuse it?

Andy Burnham on Identity Cards

Posted by James Hammerton @ 6:56 pm on 27 November, 2005.
Categories privacy and surveillance.
Edit This Permalink to this article

Home Office minister Andy Burnham recently wrote an article in the Guardian, defending ID cards. Whilst discussing the access to their personal information that people can obtain via the Data Protection Act 1998, he writes:

All databases holding personal information are covered by the limited exemptions to the act, such as where the police or security services have an ongoing investigation. The National Identity Register will be no different and imposes no further restriction. In reality, the basic information it holds will reveal much less than mobile phone or plastic card records that can already be requested by the police to aid a criminal investigation.

Three points:

  • Schedule 1 of the bill sets out the information to be stored in the NIR. Under section 9 of the schedule, every time information from the NIR about you is provided to another person, such as when your identity is checked, this fact is recorded. Since the card will become necessary for gaining employment, opening bank accounts, getting government services and many other transactions in peoples lives, this will effectively record the activities of individuals. Moreover all the government needs to do to bring an area of life under this surveillance is to require identity checks.
  • Also stored in the register are the details of every identity document you have been issued with, including such things as National Insurance numbers, passport numbers, etc. By obtaining these details one would have the key to access much of the information stored about you in other databases both public and private.
  • The bill will also create a National Identity Registration Number or NIRN, unique to each database entry and which will end up indexing into other databases. This will end up being a single key therefore that can be used to access all the information about you stored in the many databases held by both public and private organisations.

It seems to me quite clear that the NIR will enable people to obtain far more information about people than can be gleaned from mobile phone records or credit card records.

« Previous PageNext Page »

email feedback@magnacartaplus.org

© magnacartaplus.org2008, 2007, 2006 [1 December]

variable words
prints as variable A4 pages (on my printer and set-up)

abstracts of documents on magnacartaplus.org UK Acts of Parliament click for news from magnacartaplus.org orientation to magnacartaplus.org orientation button links to other relevant sites links

Powered by WordPress