[LINK] Spies like us: we never walk alone
Bernard Robertson-Dunn
brd at iimetro.com.au
Sun Jan 28 13:48:00 AEDT 2007
<brd>
A question to the list:-
There's a big difference between gathering and using. It seems to me
that a whole lot of effort is required to track an individual (in the
case of murder investigations, for example). Is Joe Six-pack really at
risk? Can the informed reduce the potential risk?
There's a lot of systems out there that gather info on us. What's the
evidence that is it being used only for other than its intended purpose?
</brd>
Spies like us: we never walk alone
Elisabeth Wynhausen exposes the watchers exposing you
January 27, 2007
The Australian
http://www.theaustralian.news.com.au/story/0,20867,21123717-28737,00.html
If you have the bad judgment or the bad luck to give evidence in a court
case, you may lose more than your good name. Once the case is finished,
court files are open to the public more often than not, even if the
files contain the bank statements, financial records, medical
information, birthdates and addresses that witnesses produced in court.
Soon this information may be available at the click of a computer mouse.
In some countries you can search court records on the internet, and
there is talk of adopting the system in Australia, despite a flagrant
breach of privacy in the US, where some information from court records
was used for data matching and direct marketing by dating companies and
nappy manufacturers. But you don't have to be in court or under
investigation by the police to have the details of your personal life,
preferences and peccadilloes spread out like baubles on a blanket for
the delectation of anyone who cares to take a peek.
Meanwhile, the Howard Government is starting to set up the clanking
machinery required before it can introduce its de facto identity card -
the so-called access card - to replace the Medicare card for those
claiming any government pension or benefit. This week, federal Labor's
human services spokeswoman Tanya Plibersek said: "This card has too much
information on the front. It also has too much information on the
microchip inside the card that will be available for anyone to read."
Temporarily staving off the question of whether there is such a thing as
privacy nowadays, it might be said that many people in the West have
more room to themselves than before, living alone rather than in
extended family groups. But the pattern of everyday life involves
frequent incursions into what, in the previous century (if not in
earlier times), was regarded as part of a private realm.
You get into your car, which has a tollway e-tag (and soon enough all
cars will have to have one of these transponders, but at least we're not
in the US, where children at some schools have to wear them around their
necks). Pass through a tollgate and its tag reader records your
movements: information that can be linked to the details on the credit
card you used to pay for the tag.
Your mobile phone is another tracking device, of course. The network has
to know where you are to charge you for the call. If you take a detour
to the local shopping centre, your purchases are scanned to the
supermarket database, which may have a file on your shopping habits:
especially if you also shop online.
In the carpark you suddenly notice you've parked all but underneath a
closed-circuit television camera (so prevalent that research by
criminologist Paul Wilson and others at Bond University reveals that
Brisbane's Citytrain network has no fewer than 5500 cameras in its
trains and around its railway platforms and carparks).
You reach your place of work, passing several more security cameras
hanging like vultures around the building, and swipe the company pass
you need to get in through a scanner, which registers the times you come
and go and may send the information to the payroll people or the human
resources department.
Luckily you don't work for a business that has security cameras trained
on employees taking a tea break in a stairwell or merely sitting at
their desks.
Turning on the work computer, you only half-notice the threatening
reminder from the company that "all internet and email activity is
logged for legal and technical reasons".
Managers can audit your use of the internet or email, possibly using the
software they've installed to track the websites you visit.
Even so, employers do not have an absolute right to do so, according to
Roger Clarke, the chairman of the Australian Privacy Foundation
(www.privacy.org.au) and a consultant whose specialties include data
surveillance and information privacy.
"The courts have never permitted unfettered powers to be granted to one
party at the expense of another."
There are constraints on the freedom employers have to listen in or
record employees' conversations, telephone conversations and behaviour,
he says. "With controls existing over every other form of spying on
employees, it's fatuous to suggest that employers can do what they like
about their employees' use of the internet."
Of course, anything you do on a computer leaves a trace on the internet
and, unless expunged with specific software, the computer memory. These
traces are the lifeblood of the parasitic communities feeding off the
data we heedlessly leave in our wake. "There are three principal ways to
measure internet usage," says the home page for a data-tracking company
called Hitwise that boasts of its "real-time competitive intelligence".
"A panel of users can be measured at their computers with installed
software ... marketers can monitor how visitors interact with a specific
website ... or the data can be collected directly from (internet service
provider) networks."
Interaction can be monitored with "cookies", bits of identifying data
implanted into a computer's web browser by a website. The federal
Privacy Act 1988 is no more capable of licensing what is done with these
digital crumbs (as another writer called them) than the beach is capable
of licensing the waves that roll over it, only one of the criticisms of
a piece of legislation said to have started out inadequate and become
more so with every passing year.
Part of the problem is that the act essentially allows people to spy on
you as long as they tell you what they're doing, a compromise our
regulators seem to love. This doesn't apply of course to dreaded
spyware, programs slipped on to your computer surreptitiously while
you're browsing that can send information back to a perpetrator on what
websites you look at (of interest to markets), or even your credit card
details, internet banking passwords or other personal information that
may be stored in memory. Last year it emerged that Google keeps records
on every search your computer, identified by a number, makes using its
search engine.
Not long ago, the Australian Communications Authority dealt with a
complaint that telemarketing companies may have improperly gained access
to the database that contains the names, addresses and phone numbers of
every phone service in Australia, silent lines included. When customers
contacted internet service providers from a silent line, some phone
companies, Telstra and Optus among them, were allegedly giving the ISPs
the numbers for which Telstra customers pay the usual motza.
Rather than punishing Telstra for invading the privacy of its customers
(while charging them for the privilege), the ACA came up with what it
called an "alternative solution": it would "seek the co-operation" of
ISPs, asking them to let customers know their private numbers had become
public property. Yeah, right.
But I digress. A year ago, Attorney-General Philip Ruddock announced
that the Australian Law Reform Commission would review commonwealth and
state privacy legislation, not least to "consider the needs of
individuals for privacy protection in the light of evolving technology".
In its submission, privacy advocacy group Electronic Frontiers Australia
suggested how far the horse had already bolted. "Internet technologies
enable the collection of information about individual internet users'
behaviour across thousands of websites. Personal profiles about them,
including their habits and interests, are being compiled surreptitiously
and in many cases without users being aware that this is even possible,
let alone their having provided their name to such websites."
Does this make the very concept of privacy redundant, not just in
theory? As part of its review, the ALRC conducted a "national privacy
phone-in". ALRC commissioner Les McCrimmon, an adjunct professor at the
University of Technology, Sydney, tells Inquirer there were 1300
responses. "By far the majority were concerned about telemarketing,"
McCrimmon says.
The report, which you can see by clicking on to issues paper 31 on the
ALRC website (www.alrc.gov.au), lists four "hypothetical situations"
more than 90 per cent of respondents considered an invasion of privacy.
A business you don't know gets hold of your personal information (94 per
cent); a business monitors your activities on the internet, recording
information on the sites you visit without your knowledge (93 per cent);
you supply your information to a business for a specific purpose and the
business uses it for another purpose (93 per cent); a business asks you
for personal information that doesn't seem relevant to the purpose of
the transaction (94 per cent).
"They're not hypotheticals," says Roger Clarke by email, his preferred
mode of communication. "Such things are standard business practice."
For the most part, we seem to accept them as such, whatever we tell
interviewers. "Most people will happily sell their privacy for something
as paltry as collecting a quantity of 'fly-buy' points too small to
redeem for anything useful, or a one-in-a-million chance of winning a
'free' car," says Dale Clapperton, an EFA board member.
In fact, we fill in the forms knowing we will be plagued with mail from
associated marketing companies until we're old and grey, not that our
consent is necessarily involved.
Take the case of the medical information that health professionals may
unthinkingly share around, for instance emailing results to each other.
If patients know this, they will usually see the value.
"The one that got our people stirred up was when we found out that data
collected by one of the doctor's medical software packages was being
sent off overseas, possibly for marketing analysis and not for patient
care," says Helen Hopkins of the Consumers' Health Forum of Australia.
In an article on neuroscience, this week's Time magazine reports on the
potential for a more intimate invasion of privacy: "Even in their
current state, brain scans may be able to reveal, without our consent,
hidden things about who we are and what we think and feel."
Look up the word privacy in Roget's Thesaurus and you get three possible
meanings: invisibility, refuge and seclusion, all only glancingly
related to the power to keep information about ourselves and our lives
from entering the public domain, the other interpretation given to the
word these days.
In an essay on the subject, Bob Sullivan, the technology correspondent
for the US news website MSNBC, contrasts this willingness to sacrifice
our privacy with the outrage sometimes expressed when entities
compromise it for commercial gain.
In the US in 2004, ChoicePoint, a data services company that creates and
sells files containing people's names, addresses, social security
numbers and credit reports, gave a bunch of crooks in Nigeria who had
posed as legitimate businessmen potential access to the records of
140,000 people. The Atlanta-based firm, previously a fast-growing
company, "suddenly ... became a household term associated with identity
theft", according to one American observer.
Because we seem unable to normalise our attitudes to privacy, other
public and private institutions justify niggling bureaucratic procedures
in its name. A Sydney woman who has accounts with Westpac says when the
bank unexpectedly telephoned her not long ago, "they refused to say why
they were ringing. They said they couldn't tell me until I told them my
birth date".
A spokesman for the bank agrees that customers are asked for personal
information before being told the reason for the call. "For privacy
reasons we obviously have to confirm who they are, for instance by
asking their date of birth ... "
While this sort of thing annoys most people almost as much as
telemarketing, most accept being spied on in public, as long as the
invasion of privacy is justified by the suggestion that it will make
law-abiding citizens safer.
"People have a secret love affair with CCTV: they approve of it," says
Wilson, who has just found out that about three-quarters of the public
shares the love. "They're not worried about the number of cameras on
them, they are not concerned about civil liberties issues." Wilson is
one of the authors of a new study reporting the results of what he calls
"the first major investigation of CCTV in Australia".
The two-year project looked at the effectiveness of the thousands of
security cameras around the Gold Coast and in the Citytrain network.
"The paradox here is that CCTV is not very good at preventing crime but
is generally fairly good at picking up crime going on," Wilson says.
The cameras are supplied by private firms, who are helping to drive the
fast expansion of CCTV cameras into every settled pocket of this wide
brown land. But Wilson's study found that the private contractors doing
the monitoring in the council's control room in Surfers Paradise spent
just 15 per cent of the time looking at what was happening. They spent
much time instead "searching through old tapes or filling in log books".
But this is no more likely to inhibit the love affair with CCTV than the
certain knowledge that it isn't much good at preventing crime, and
doesn't necessarily stand up in court.
People acknowledged as much even as they told the researchers from Bond
University that it made them feel safer, a near relative of the
sentiment that seems to underpin the surprisingly sanguine acceptance of
widespread "anti-terror legislation".
Only this week the BBC reported that the Blair Government in Britain was
proposing to create a giant database of people's personal details at
Whitehall. "Step by step," said Conservative Opposition constitutional
affairs spokesman Oliver Heald, "the Government is logging details of
every man, woman and child in 'big brother' computers."
For its part, the US Government will reportedly demand that visitors to
the country have all 10 fingers scanned when they enter the country,
with the biometric information collected to be shared with intelligence
agencies, the FBI included.
The Observer reported that "passengers face having all their credit card
transactions traced when using one to book a flight. And travellers
giving an email address to an airline will be open to having all
messages they send and receive from that address scrutinised".
But even in the light of such overwrought measures the Australian
Government has hardly lagged behind, passing no fewer than 41 pieces of
"anti-terror legislation" giving officials unprecedented access to what
used to be thought of as private communication.
Under the Telecommunications (Interception) Amendment Act 2006, now law,
authorities can bug the phones of people who are not suspected of
complicity in any crime but who are thought to be in contact with
suspected criminals, or (in the new parlance) "persons of interest".
Once a judge signs off on the required "B-party" warrant, says Martin
Bibby, a spokesman for the NSW Council for Civil Liberties, the
Australian Federal Police or ASIO can "tap the phone of a completely
innocent person and listen to all conversations on that phone".
"The issue it raises is whether privacy means anything at all in
Australia," Bibby says. "If it is given away whenever there is a
conflict with other concerns, we will soon lose it all." Perhaps we
already have.
In an article in the Privacy Law Bulletin in 2005, EFA's Clapperton
looked at the feeble constraints on the use of spyware. Yet for the
Privacy Act to apply, Clapperton tells Inquirer, "you would have to show
that information could be linked to your identity.
"People are tricked into installing software that includes the spyware.
They don't read the licence agreement, so they don't know what it's doing."
There are some similarities with shopping mall sweepstakes and
supermarket giveaways.
"If the fine print says that they are going to take your personal
information and sell it to all and sundry, the Privacy Act won't stop
them," says Clapperton.
"The attitude implicit in the Privacy Act is that if you didn't want
them doing it, you should have read the fine print and not given the
information in the first place."
Despite the act's limitations, there appears to be a backlog of cases
piling up. "The Privacy Commissioner's office doesn't handle complaints
promptly or well," says Clarke. "We fear the department has become
ossified. It's just another defensive government agency."
Whatever Privacy Commissioner Karen Curtis is doing about your privacy,
her own is well guarded. Her spokesman informs Inquirer there will be no
interview with the commissioner unless the questions are emailed to him
beforehand.
Additional reporting by Karen Dearne.
--
Regards
brd
Bernard Robertson-Dunn
Sydney Australia
brd at iimetro.com.au
More information about the Link
mailing list