link to briefings documents at magnacartaplus.org
 

Magna Carta Plus News

back to magnacartaplus.org index page
orientation to the news at MagnaCartaPlus.org

short briefing dcuments at MagnaCartaPlus.org

This page provides occasional items, linked to the original articles, as we attempt to keep up with the rapidly changing situation on civil liberties.
Archive of old news service:
2002 - 2004

1st Jan to 9th Sept 2005

Google
 
Web magnacartaplus.org

Hackers fighting back against the onslaught on privacy

Posted by James Hammerton @ 8:26 pm on 7 January, 2006.
Categories political liberties.
Edit This Permalink to this article

Wired News recently reported on an interesting conference:

BERLIN — When the Austrian government passed a law this year allowing police to install closed-circuit surveillance cameras in public spaces without a court order, the Austrian civil liberties group Quintessenz vowed to watch the watchers.

Members of the organization worked out a way to intercept the camera images with an inexpensive, 1-GHz satellite receiver. The signal could then be descrambled using hardware designed to enhance copy-protected video as it’s transferred from DVD to VHS tape.

The Quintessenz activists then began figuring out how to blind the cameras with balloons, lasers and infrared devices.

And, just for fun, the group created an anonymous surveillance system that uses face-recognition software to place a black stripe over the eyes of people whose images are recorded.

Quintessenz members Adrian Dabrowski and Martin Slunksy presented their video-surveillance research at the 22nd annual Chaos Communication Congress here this week. Five hundred hackers jammed into a meeting room for a presentation that fit nicely into CCC’s 2005 theme of “private investigations.”

Amongst topics discussed were how to find CCTV cameras on the internet using Google, the retention of communications data, the provision of secure communications and anonymity technologies.

How to fool biometric scanners

Posted by James Hammerton @ 8:15 pm on .
Categories privacy and surveillance.
Edit This Permalink to this article

Another catch-up item. The British government has placed great faith in biometrics to make their proposed identity cards secure. Yet it seems many biometric scanners can be easily fooled:

  • For example, Play-Doh has been used to fool fingerprint scanners:

    Associate Professor of Electrical and Computer Engineering Stephanie Schuckers and her team at Clarkson University found that most scanning systems can be fooled 90% of the time by taking a mold of the mark’s finger, filling the mold with Play-Doh, and using the fake digit to gain access.

    However the authors designed an algorithm that takes perspiration into account and it was only fooled 10% of the time.

  • If you’re not sure about the Play-Doh, you could always try using gelatine, which was found to fool the scanners 80% of the time.
  • Should you wish to fool an iris scanner, it seems printing a photograph of the iris, cutting a hole where the pupil is and looking through it will suffice. OK, you’ll look rather conspicuous if you’re at an iris scanner peering through bits of paper, but it does suggest that an appropriately designed contact lense would suffice. The linked article also gives you more ways of fooling that fingerprint scanner. The article also pointed out that showing live video of a registered person to the camera was enough to fool a facial recognition system.

30,000 people wrongly matched to names on US terrorist watch list

I have a backlog of items I wish to mention on this weblog, the first of which is this one…

On 6th December 2005, an article from ZDNet reported that:

WASHINGTON–About 30,000 airline passengers have discovered since last November that their names were mistakenly matched with those appearing on federal watch lists, a transportation security official said Tuesday.

Moreover the article states:

After submitting their notarized forms and identifications, and waiting for evaluations, the vast majority of the people mistakenly matched to names on the watch list have now been added to a “clearance” list. That doesn’t mean their names are erased from the watch list. In fact, travelers who go through the paperwork are told, Kennedy said, that “it will not quote ‘remove’ you from the list because the person we’re still looking for is out there.”

Instead, their names are put on the separate clearance list, which means they typically can’t check in for flights at an unmanned kiosk and must approach the ticket counter to explain their situation and have an airline employee match their name to the clearance list.

So, after being repeatedly hassled by security staff at airports, you find that your name mathces one on a government watch list. You tell the government there must be some mistake. They get you to fill in a form requiring 3 notarized forms of identification and wait for 45 to 60 days for them to evaluate your case. After which, if they conclude that there is indeed some mistake, your name gets put on another list, and you still find yourself having to explain things to the airport staff each time you travel.

And it could be worse. If you’re really unlucky you might find yourself detained, schackled, beaten, photographed nude and injected with drugs simply because your name matches that on someone’s list.

Some much for the innocent having nothing to fear from such measures.

One would have hoped the global war on terror was conducted by people who realise that a name might be shared by more than one person…

See Bruce Schneier’s article for further discussion.

The rise of Big Brother Britain

Posted by James Hammerton @ 9:19 pm on 3 January, 2006.
Categories privacy and surveillance, political liberties.
Edit This Permalink to this article

Firstly, I wish a Happy 2006 to all the readers of Magna Carta Plus and apologise for the lack of posting on the blog recently.

But now to the main purpose of this post. It is clear that Britain is developing the infrastructure for the mass surveillance of the general public, with almost every aspect of their lives coming under surveillance — and other countries have made their own steps down this road. This trend stretches back to the rise of CCTV in towns and shopping centres during the 1990s, but the trend is now accelerating. There are several lines of development:

  • The monitoring and storage of communications data. By the term “communications data” I mean the data covered by Section 21(4) of Britain’s Regulation of Investigatory Powers Act(RIPA) 2000. This data includes information about who you communicate with and even the location of your mobile phone when switched on. Under RIPA, the security services (MI5, MI6, GCHQ), the inland revenue, customs & excise and the police can monitor this information on their own authority, however the “Snooper’s Charter” extended such powers to local authorities and numerous quangoes (see the discussion of the “Snooper’s Charter” here).

    Thus far we merely have a broad power to monitor individuals who are under suspicion, but under the Anti-Terrorism Crime and Security Act 2001, the British government asked communications providers to store communications data for upto 2 years for retrospective trawling, under threat of bringing in a compulsory scheme for such retention if they failed to cooperate. Then, during the recent British presidency of the EU (which ran through the last 6 months of 2005), they pushed the EU to adopt a directive requiring the retention of this data for 6 months to two years across the EU. This directive was adopted in December. This means that data about who you communicate with electronically will be stored for upto 2 years, regardless of whether you’re suspected of a crime, and made available for retrospective trawling.

  • The monitoring of car journeys. A number of systems which use CCTV and/or Automatic Number Plate Recognition(ANPR) to record every journey in a particular area have been developed, such as:

    However more ambitious and more worrying are plans to use ANPR to track people’s journeys and store the details for 2 years for retrospective trawling, as reported in the Independent and the Sunday Times. And in the longer term there are even proposals to track every single car journey made in Britain by requiring all cars to have satellite trackers in them (see also Spy.org.uk’s discussion).

  • The government’s Identity Cards Bill. If this goes ahead, every time your identity is checked, it’ll be recorded on the national identity register. The government intends identity checks to be required for everything from opening a bank account or enrolling your kids at school through to registering with a doctor — thus this database will record everyone’s activities in considerable detail.

The trend is clear. The government is collecting more and more information about us and storing it for future analysis, regardless of whether we’re suspected of doing anything wrong. It is moving us steadily closer to a state where we are under surveillance in all our activities 24/7. Yet there’s barely any protest about these developments and indeed some seem to welcome them.

Entertainment business wants data retention to be used to track copyright infringement

Posted by James Hammerton @ 8:23 pm on 3 December, 2005.
Categories privacy and surveillance, democracy and the rule of law.
Edit This Permalink to this article

The Register reports that the Creative Media and Business Alliance have written to MEPs asking for retained communications data to be used to enforce copyright, and other intellectual property rights:

The entertainment industry is trying to commandeer the proposed European directive on data retention to help it prosecute filesharers in the European Union, it has emerged.

The newly-formed Creative and Media Business Alliance (CMBA), an informal grouping (it says) of companies including Sony BMG, Disney, EMI, IFPI, MPA and Universal Music International, says it wants the data protection directive to be modified specifically so that it can be used to go after pirates.

In a letter to all MEPs, the CMBA said:

“We would appreciate your support in ensuring that this becomes an effective instrument in the fight against piracy”.

It went on to ask MEPs to amend the directive so that it covers all criminal offences, not just the “serious” ones of organised crime and terrorism, and that law enforcement’s access to the data should not be limited.

When it voted on Wednesday, the European parliamentary committee on civil liberties did keep the word “serious”, but only as defined in the European arrest warrant, which includes piracy.

According to Suw Charman, founder of the Open Rights Group, this means the door is officially open for the entertainment industry to use legislation designed to protect European citizens from terrorists to prosecute them instead.

The push for the retention of communications data has hitherto been justified as a means of fighting terrorism and organised crime. Now we see the entertainment industry are pushing for it to be used to investigate copyright infringement. This is a pattern one can often see in government, where legal powers introduced for one purpose are later extended for other purposes, i.e. function creep.

The Open Rights Group note how this proposal ties in with another proposal to make copyright infringement a criminal offence (it is currently merely a civil offence):

Now tie this in with IPRED2, another nasty bit of legislation which criminalises all “intellectual property” infringement on a commercial scale and “aiding and abetting such infringement”, with very thin definitions of what “commercial scale” or “intellectual property” means. The two directives together become even more alarming.

IPRED2 mandates that the police work with rightsholders to pursue suspected cases of IP infringement - including patent infringements - or merely vocal encouragement of infringement. And the Data Retention directive provides them with reams of data they can mine for evidence against these suspected infringers.

At the latest IPRED2 hearing, that’s exactly what the CBMA’s parent organisation, the International Federation of the Phonographic Industry (IFPI), demanded.

This opens up a very ugly can of worms where entire industries can get unparalleled powers of investigation, provided at the taxpayer’s expense.

Moreover, if the CMBA get their way, the number of data retention enquiries that the telcos and ISPs will have to process will be far higher than if restricted to terrorism and serious crime. This will put far more pressure on the telcos and ISPs who will not only have to bear the cost of storing the data, but also of providing access to the information to the authorities.

They also point out that:

Both Data Retention and IPRED2 are being frogmarched through the European Parliament at an alarming speed. Votes are being held by three committees over the next few days on Data Retention, with secret meetings going on in the background between the Council, the Commission and the Parliament, with the aim of reaching a tacit agreement on what this legislation should look like.

On 13 December 2005, the Parliament votes on the Data Retention directive. Usually, they get two stabs at it, with the Council having a say in between. This time, they get just one vote.

This time, MEPs will have just a few days between being presented with the proposed legislation as drawn up in the secret meetings and being expected to come to an informed, considered decision on whether it should become law.

DVLA data for sale

Posted by James Hammerton @ 10:55 pm on 1 December, 2005.
Categories privacy and surveillance.
Edit This Permalink to this article

Samizdata have higlighted the following article from The Times, about the DVLA’s selling of information about drivers to all sorts of businesses:

What is happening is this: requests come in from businesses that have relevance to parking — clampers, car park managers, even a financial services company that happens to have a car park in which, notionally, people might leave their cars without permission. The DVLA charges a few thousand pounds for a link to its database, and thereafter the commercial company has only to tap in any registration number to be sent the owner’s name and address. If crooked, it could collect car numbers from anywhere in the country, enter them and thereafter know when you are away from home. Or it could send you threatening letters, of extortion or blackmail, citing your car details and claiming a violation.

But the DVLA wouldn’t deal with such people, would it? Yep. It does. It has been forced to hand over its list of the 157 companies registered to buy personal information about drivers — the list includes bailiffs, debt collection agencies and financial services companies. DVLA bleats that it is obliged — under an undebated Statutory Instrument of 2002 — to sell the information to anyone with “reasonable cause”. Well, almost anyone can claim that a car might park in their space. Thus a credit company, which bombards us all with mailshots offering loans, is on the list because it’s got a company car park. Nor does DVLA check that it is not selling the list to people with criminal records: it deals with Aquarius Security — clampers whose management were found guilty of blackmail at Bristol Crown Court and given prison sentences. One of them was already on an ASBO after being accused of driving his truck into a 60-year-old man, breaking his knee. They clamped one young woman’s car in the middle of a three-point turn. But the DVLA saw nothing wrong in selling that company addresses for £2.50 each so that they could find other citizens to harass.

Other people who can get your address just by noting down your registration number include a car park management company, which without issuing tickets or reproofs sends bills for £170 to people it has secretly photographed overstaying the free limit in supermarket car parks, and another which notoriously forced an Olympic athlete to pay £335 to retrieve a clamped car in Swindon.

This situation illustrates an important point.

We cannot trust the government with our personal data.

Therefore we should minimise the data the government collects on us to only that which is necessary for it to carry out its functions, and it should be illegal for the government to use this data for purposes other than those for which it was collected or to share it with others, without our consent.

The police should only be allowed to get hold of such data, for the purposes of criminal investigation, only if they get a warrant from a judge and only if the person concerned is subsequently informed about it once the investigation is over or once charges are brought against that person.

Unfortunately the government has been reducing the barriers to the sharing of personal data, and is recording more and more data about us.

A final point regarding the identity cards bill. The government has been trying to sell the use of the national identity register to businesses, e.g. see:

Given the DVLA’s selling of information to businesses and the govt’s desire for businesses to make use of the ID cards and national identity register, can we trust the data held on the NIR not to find its way into the hands of advertisers, crooks and others who’d abuse it?

Andy Burnham on Identity Cards

Posted by James Hammerton @ 6:56 pm on 27 November, 2005.
Categories privacy and surveillance.
Edit This Permalink to this article

Home Office minister Andy Burnham recently wrote an article in the Guardian, defending ID cards. Whilst discussing the access to their personal information that people can obtain via the Data Protection Act 1998, he writes:

All databases holding personal information are covered by the limited exemptions to the act, such as where the police or security services have an ongoing investigation. The National Identity Register will be no different and imposes no further restriction. In reality, the basic information it holds will reveal much less than mobile phone or plastic card records that can already be requested by the police to aid a criminal investigation.

Three points:

  • Schedule 1 of the bill sets out the information to be stored in the NIR. Under section 9 of the schedule, every time information from the NIR about you is provided to another person, such as when your identity is checked, this fact is recorded. Since the card will become necessary for gaining employment, opening bank accounts, getting government services and many other transactions in peoples lives, this will effectively record the activities of individuals. Moreover all the government needs to do to bring an area of life under this surveillance is to require identity checks.
  • Also stored in the register are the details of every identity document you have been issued with, including such things as National Insurance numbers, passport numbers, etc. By obtaining these details one would have the key to access much of the information stored about you in other databases both public and private.
  • The bill will also create a National Identity Registration Number or NIRN, unique to each database entry and which will end up indexing into other databases. This will end up being a single key therefore that can be used to access all the information about you stored in the many databases held by both public and private organisations.

It seems to me quite clear that the NIR will enable people to obtain far more information about people than can be gleaned from mobile phone records or credit card records.

Simon Hughes prepared to go to jail rather than carry ID card

Posted by James Hammerton @ 6:46 pm on .
Categories political liberties.
Edit This Permalink to this article

The Observer reports :

The Liberal Democrat president, Simon Hughes, yesterday vowed to go to jail rather than carry the proposed new national ID card.

The Bermondsey MP became the first senior politician to sign up to a civil disobedience campaign being mounted by opponents of the government scheme, which is facing strong opposition in the House of Lords. He told The Observer that he still hoped the bill would be defeated. But if not, he was ‘absolutely’ ready to go behind bars if necessary.

‘For me, it is a matter of fundamental principle,’ said Hughes, a former shadow home affairs spokesman. ‘I was born in this country and regard myself as a free man. I do not believe that I should have to identify myself as a matter of course.’ He added that if reported plans went ahead to link the ID card to people’s right to hold a passport, ‘I would also challenge that in court.’

His stand was welcomed by the cross-party group No2ID, which has been running an online campaign to enlist people to refuse to carry the card and to donate £10 each to a legal defence fund in support of anyone who was prosecuted. ‘We already have more than 11,000 people signed up to the pledge,’ No2ID director Phil Booth said. ‘I have no doubt that Simon Hughes’s forthright position will give a new boost to the campaign.’

The No2ID pledge can be signed online here. They’re looking for 15,000 signatures by January 8th, but no from people who have signed earlier pledges.

On the progress of the UK’s Terrorism Bill

Posted by James Hammerton @ 9:33 pm on 24 November, 2005.
Categories democracy and the rule of law.
Edit This Permalink to this article

The Terrorism Bill has now reached the committee stage in the House of Lords, having passed its second reading.

Proposals to allow the police to hold terrorist suspects for upto 90 days without charge were defeated in the Commons, with the Blair government suffering its first defeat since being elected in 1997. However, the Commons accepted an amendment to hold the suspects for upto 28 days without charge, doubled from the time limit that came into force in 2004.

The offences of incitement and glorification of terrorism, raised as a concern by Spy blog, and this blog, remain however.

Clearly, despite the government’s defeat, this bill still represents yet another assault on civil liberties and is likely to do so even once the Lords have dealt with it.

Regarding the 90 days detention, Andy Hayman, the Assistant Commissioner of the Metropolitan Police sent this letter to Charles Clarke outlining the case for the extended detention. The letter was often cited by those who supported the measure. Spy.org.uk have demolished his case here.

It seems to me that, given the numerous broad and vaguely defined offences available in existing British legislation, ranging from membership of a proscribed organisation to possessing information useful to someone who wishes to carry out acts of terrorism, it is highly unlikely that after 14 days, the police would not be able to charge anyone they have genuine reason to believe is involved in terrorism with something. Once charged with an initial offence, the suspect could be detained and questioned whilst they build a case for more serious offences.

There is also nothing to stop someone being quickly re-arrested if new evidence arrives or to keep that person under constant surveillance. And all this is without considering the use of control orders. Quite simply, the state already has more than enough legal weaponry for dealing with terrorists.

Britain to track all vehicle movements and store them for upto 2 years.

Posted by James Hammerton @ 9:00 pm on .
Categories privacy and surveillance.
Edit This Permalink to this article

Firstly, apologies for the lack of posts this month, things have been rather busy lately.

Secondly, and to start on the backlog of items that cought my attention recently, it seems that the steps towards a big brother state in Britain are moving on fast. According to this report from the Register:

A “24×7 national vehicle movement database” that logs everything on the UK’s roads and retains the data for at least two years is now being built, according to an Association of Chief Police Officers (ACPO) strategy document leaked to the Sunday Times. The system, which will use Automatic Number Plate Recognition (ANPR), and will be overseen from a control centre in Hendon, London, is a sort of ‘Gatso 2′ network, extending. enhancing and linking existing CCTV, ANPR and speedcam systems and databases.

Which possibly explains why the sorcerer’s apprentices in ACPO’s tech section don’t seem to have needed any kind of Parliamentary approval to begin the deployment of what promises to be one the most pervasive surveillance systems on earth.

The control centre is intended to go live in April of next year, and is intended to be processing 50 million number plates a day by year end. ACPO national ANPR co-ordinator John Dean told the Sunday Times that fixed ANPR cameras already exist “at strategic points” on every motorway in the UK, and that the intention was to have “good nationwide coverage within the next 12 months.” According to ACPO roads policing head Meredydd Hughes, ANPR systems are planned every 400 yards along motorways, and a trial on the M42 near Birmingham will first be used to enforce variable speed limits, then to ‘tackle more serious crime.’

So yet again the British government is opting for a system of indiscriminate surveillance of the public at large. I predict a burgeoning market in fake registration plates developing once this in place…

« Previous PageNext Page »

email feedback@magnacartaplus.org

© magnacartaplus.org2008, 2007, 2006 [1 December]

variable words
prints as variable A4 pages (on my printer and set-up)

abstracts of documents on magnacartaplus.org UK Acts of Parliament click for news from magnacartaplus.org orientation to magnacartaplus.org orientation button links to other relevant sites links

Powered by WordPress