Tuesday, February 20, 2007

UK reveals record number of telephone, email, and post monitoring

The United Kingdom is checking on its citizens' telephone conversations, email exchanges, and posted letters like never before (and — as far as I know — like no other country democracy). A report in todays The Times reveals that 439,000 requests were made by secret agencies and other authorised bodies to monitor people’s telephone calls, e-mails and post in a 15-month period from 2005 to 2006.

The newspaper article draws on the report of the "Interceptions of Communications Commissioner" — a somewhat Orwellian sounding title for an office about which I had never heard before and for which a quick google throws up nothing except two references in debates at the House of Lords many years ago. More detailed investigation, however, reveals that the person in question is Sir Swinton Thomas, a former High Court Judge, who has been said Commissioner since April 2000, and that his office is created by Section 57(1) of the Regulation of Investigatory Powers Act 2000.

The report (apparently his first in seven years in office) covers no less than 795 bodies that are empowered to seek out communications data. Besides the usual suspects such as MI5, MI6 and GCHQ, the signals intelligence centre in Cheltenham, they also include 52 police forces, 475 local authorities and 108 other organisations such as the Serious Fraud Office and the Financial Services Authority. The report also reveals that 4,000 errors were reported, of which 67 were mistakes concerning direct interception of communications. Sir Swinton Thomas is quoted by The Times as describing that figure as “unacceptably high”.

This is where I disagree. I think that 67 mistakes in 439,000 is as good a ratio as you can get — some 0.016 per cent. It is not 67 that is unacceptably high; it is 439,000!

Update: The present Interception of Communications Commissioner is Sir Paul Kennedy, who was appointed in 2006 for three years, writes Spyblog (see also here). So it was his predecessor who wrote the report and not the present Commissioner; I am sure there is a reason for this, even if I can't think of one right now…

Further Update: Spyblog points out that the date of the report (available here) is 19 December 2006 and speculates that the original report may have been toned down which would account for its delayed publication. The letter accompanying the report also makes clear that this is the 6th Annual Report, although The Times in the article referenced above calls it "the first report of its kind". As I have not had a chance to go hunting for the other reports, I cannot solve the contradiction between these two claims.

Technorati Tags: , , ,

Tuesday, February 06, 2007

Tories warn industry that their government will scrap ID card project

The British Conservative Party has issued a warning to companies intending to tender for work in the multibillion Pound ID card scheme that a future Tory government would "immediately" cancel the project.

As the Financial Times reports today, shadow home secretary David Davis also wrote to the government asking for that position to be taken into account when entering into contracts. (See here for the official announcement on the party's website.)

This is an interesting move. On the one hand, it increases the party politicisation of the privacy issue that I have speculated about in this blog in the past (see here and here). This is all the more so since the Tories are presently launching a web- and print-based campaign against ID cards. The main arguments put forward are that ID cards "won't work", "are a waste of money", and "an invasion of privacy". The campaign also includes an online petition to the Prime Minister "to scrap the proposed introduction of ID cards". (As of 6 February 2007, 16,143 signatures have been added).

On the other hand (and speaking as a political scientist), it is an interesting procedure for a weak opposition to try to exert influence on an all-powerful government. While most experts would at the moment probably think a hung parliament more likely than an outright Conservative majority in a future UK general election, it must hearten the Tories see firm announcements of what they will do once they return to power — whenever that may be…

Technorati Tags: , ,

German Federal Court of Justice bans state hacker attacks on computers

The German Federal Court of Justice — the highest appelate court in the country for civil and criminal cases — yesterday banned the online search of home and business computers of suspects by state agencies through specialised computer programs such as trojans, spyware, or specially programmed computer viruses.

The case before the Court concerned Germany's Federal Prosecutor who is investigating a terrorist suspect and had applied for permission to smuggle a specially designed program onto the suspects PC or laptop. The program would then search the computer and copy data to the prosecturing authorities. The Court ruled that such a procedure would substantially infringe a person's fundamental rights and had no basis in law. The thrust of the Court's decision is against the covert character of the search: while it can be unannounced, it cannot be secret. (The decision — in German, of course — is available online.)

The decision has triggered an intense political row. Germany's Interior Minister, Wolfgang Schäuble (CDU), immediately announced that he would table a bill that would create a legal basis for such covert online searches. In his view, such an instrument is indispensable in the fight against global terrorism that is using online media, and the head of Germany's Federal Criminal Police Office agrees, arguing that "99.9 per cent of the population in Germany would not be affected by this".

Schäuble's colleague, the Justice Minister Brigitte Zypries (SPD) was more cautious, calling for a measured approach in line with constitutional requirements. Since computers were used for many private things that authorities would then have access to, too, privacy rights might be violated substantially.

The opposition parties Greens and Left Party welcomed the Court's decision, while the Liberals stance was ambiguous: on the federal level (where they are in opposition), politicians like Jörg van Essen embraced the decision, stating that the Court had strengthened citizens' rights. Yet the state of North-Rhine Westfalia passed a bill only in December 2006 that allows covert online searches of computers. The minister in charge there is Ingo Wolf (FDP) who argued that this represents a "quantum leap".

If this is pursued further by politicians, it will be an interesting case to follow. The fight against terrorism has been used in the past couple of years in Germany to bring in substantial new powers for state agencies and prosecutors and curtail civil rights. Under the Schröder government, the Social Democrats were the driving force (with largely tacit acceptance by their small coalition partner The Greens), while the CDU's opposition waned and FDP opposition to infringement on civil rights grew. Now, the two parties which favour a "strong state" approach in law enforcement, the CDU and the SPD, are united in a Grand Coalition.

If you had to bet money, which do you think will succeed?

Technorati Tags: , ,

Saturday, February 03, 2007

Germany's National Ethics Council publishes opinion on privacy and health information

Germany's National Ethics Council has published an opinion setting out guidelines about privacy rights and health information, warning against private health insurance companies demanding ever more detailed diagnostics from new customers.

The 55 page opinion (English language version probably soon available here) argues that private health insurance companies' desire to know ever more about their customers' current state of health before offering them protection has to be balanced against the individual's privacy rights. While the Council acknowledges that insurance companies have a legitimate interest to know about the risks they are taking on, it argues that individuals also have rights that must be protected. It is especially (but not only) modern genetic diagnostics that makes prediction of an individual's future health trajectory possible. While this information can be used to engage in preventative measures, it can also be used to exclude individuals from health insurance.

The Council thus argues that the amount of information requested must be proportional to the protection offered — for very high levels of insurance, higher information requirements are acceptable. Problems arise, however, if individuals seeking normal levels of protection are subjected to tests that may lead to information the individual would prefer not to have — such as knowledge about an incurable disease that will afflict them in the future. Individuals, the Council argues, also have a right to ignorance that must be taken into account. The Council links this to the "right to informational self-determination" established by the German Constitutional Court and consequently advocates restrictions on insurance companies' information requirements.

Social science analysis of insurance has always pointed out problems of information asymmetry and adverse selection. The Council's opinion (which has only consultative force) highlights the fact that these issues must be revisited and given special attention in the light of new diagnostic methods and information technology, and that individual rights must be carefully balanced against corporate (and state!) interests of cost reduction.

Technorati Tags: , ,