Stores tracking our cell phones

Today’s Slaw post:

Some retailers are following customer movement in stores by tracking cell phone movement.  From a legal perspective it raises issues around privacy and perhaps wiretapping laws.  To a great extent whether or not such activities comply are dependent upon the subtleties of how it is being done, and how anonymously it is being done.

The other issue – as is often the case when dealing with privacy related issues – is the customer acceptance or “creepiness” factor.  Some people would welcome getting a coupon on their phone while wandering through a store.  But for others it feels like surveillance and tracking that is just plain creepy.

The New York Times has a good article exploring some of these issues entitled Attention, Shoppers: Store Is Tracking Your Cell.

From the article:

Nordstrom’s experiment is part of a movement by retailers to gather data about in-store shoppers’ behavior and moods, using video surveillance and signals from their cellphones and apps to learn information as varied as their sex, how many minutes they spend in the candy aisle and how long they look at merchandise before buying it.

All sorts of retailers — including national chains, like Family Dollar, Cabela’s and Mothercare, a British company, and specialty stores like Benetton and Warby Parker — are testing these technologies and using them to decide on matters like changing store layouts and offering customized coupons.

But while consumers seem to have no problem with cookies, profiles and other online tools that let e-commerce sites know who they are and how they shop, some bristle at the physical version, at a time when government surveillance — of telephone calls, Internet activity and Postal Service deliveries — is front and center because of the leaks by Edward J. Snowden.

Legislators have too many control issues

That’s the title of my Slaw post for today.  It reads as follows.

The trend to more invasive surveillance and control by North American governments (indeed, by many countries that we consider civilized democracies), or their granting of too much control to others is disturbing. Too many things are making creeping (and sometimes creepy) inroads into privacy rights, along with the usual specious “if you’ve got nothing to hide… ” argument. Too many things are tending towards shoot first, ask questions later. And governments are too eager to look to ISP’s and others who run the internet pipes to control what flows through.

Some examples:

The proposed US SOPA (Stop Online Piracy Act) that is being loudly opposed. It has been characterised as net censorship, an attempt to regulate the internet, and breaking the internet as we know it. It could result in entire web sites being taken down based merely on an allegation that one post or comment infringes copyright.

The proposed Canadian Lawful Access legislation that would allow much more invasive internet information to be given to authorities without warrants. This resulted in a lengthy letter by the Privacy Commissioner to the Ministers responsible.

The increasing use of license plate cameras by police, such as in the Washington DC area. In its simplest, most privacy friendly form, car mounted or fixed cameras read car license plates and flag any that are contained in a database of stolen or suspect vehicles. No record is kept of any plates other than those of interest. But it has come to light that some of the systems store the details of every single plate that they capture, and retain that for long periods of time.

 

Surveillance society requires debate

That’s the title of my Slaw post for today.  It reads as follows.

There has been a lot written lately about the disturbing trend towards becoming a surveillance society. And the equally disturbing trend for governments to try to interfere with various kinds of communications to squash activity. Mathew Ingram has a good article about that on gigaom.

There is a great hue and cry about this when it occurs in countries that we feel suppress their people – but we are also seeing the trend in North America and Britain – such as the recent British riots and San Fransico’s Bart transit system shutdown of cell service.

And yet at the same time, authorities get upset at and try to stop people from photographing them doing their jobs – sometimes to the extent of trying to charge them with crimes such as wiretapping.

Along with that is the photographer as terrorist / criminal attitude that is seen far too often. That has been mentioned on Slaw before here and here. The latest example of that is a post on Techdirt that says police in Long Beach California have a policy that they can detain someone taking photos with “no apparent esthetic value”.

There is of course always some reason given for doing these things – but we can’t just let it be justified by some claim that it is necessary to stop violence or catch criminals. We have to consider many factors, including practical matters such as whether the actions are even effective to accomplish the stated goal, and how disruptive they are to others. We also need to think about issues like security vs privacy, and liberty vs control.

We need to think about these issues on matters such as the proposed lawful access laws.

 

Laws requiring data retention ill-advised

I’m not a fan of laws that require entities such as ISP’s to retain data about its customers so law enforcement can get to it.  To me, that flies in the face of privacy principles that say one should only retain personal information (both quantity and duration) to the extent it is required to fulfil the purpose of the services being offered.

I’m not convinced that the benefit to law enforcement outweighs the negative aspects of this – which range from costs to the entity retaining, the risk of abuse, and the risk of exposing it.   It is hard enough to protect the information that entities need, let alone information they don’t need.  And the more information you have, the more you are a target for malfeasers trying to get at it.

Mike Masnick of Techdirt has a post worth reading on the subject.  He refers to a researcher and author who says that a current US bill, the “Protecting Children from Internet Pornographers Act”  should be called the  ”Forcing Your Internet Provider to Spy On You Just In Case You’re a Criminal Act of 2011″.

Unfortunately, we are heading down the same path here in Canada with the proposed lawful access statute.

Bill c-52 Investigating and Preventing Criminal Electronic Communications

David Fraser has a post worth reading entitled Investigating and Preventing Criminal Electronic Communications Act bill one step closer to (warrantless) surveillance state.

The bill has been called “lawful access” , or “awful access” depending on your perspective.  It will give more power to government authorities to get information from telecommunications service providers without a warrant.

David uses the example of secret police in Belarus who used this kind of power to identify people at an anti-government demonstration.

As he puts it “If we’re shocked at what repressive regimes are doing to their citizens, we shouldn’t be giving our own governments tools to be repressive.”

Plethora of Pending IT Legislation

That’s the title of my Slaw post for today.  It reads as follows.

Those who practice in the IT area have a lot of potential new law to digest.  The Federal government has several bills in various stages that will affect many businesses and organizations, and all of us as consumers.  These bills have been mentioned on Slaw, but I thought it was worthwhile listing them all in one place. 

Bill C-28    Fighting Internet and Wireless Spam Act.  

This bill brings in several anti-spam measures.  While this is welcome by most people, the language has the possibility to affect how typical businesses communicate.  Things that we may not consider to be spam might get caught by the act.  Since the penalties are significant, we will have to take a close look at this before it is in force to understand what it means for a typical business or organization. 

Bill C-29     An Act to amend the Personal Information Protection and Electronic Documents Act

This would make several amendments to PIPEDA.  Most of the amendments were expected, and are welcome as they address issues that have arisen from the current legislation.  There are a couple of new parts that could use some clarity, though.  Language that attempts to clarify what “lawful authority” is that allows one to release information to law enforcement doesn’t really seem to clarify what the threshold of proof is, or what to ask for.  It also contains language that requires notification of breaches in certain circumstances to both the privacy commissioner and the affected individuals.  The language has threshold tests – which on the surface are not as clear as they might be.   If this language stays, it may take a privacy commissioner decision and/or court decision to clarify the threshold.  The best source for more information is David Fraser’s blog

Bill C-32     Copyright Modernization Act.

This is the latest of several attempts over the years to amend the Copyright Act.  Controversial elements include digital lock provisions that will allow publishers to trump user rights.  There has been a lot written about this, including a book entitled From “Radical Extremism” to “Balanced Copyright”: Canadian Copyright and the Digital Agenda written by several copyright experts. The best source for more information about the bill is Michael Geist’s blog.

Bill C-51     An Act to amend the Criminal Code, the Competition Act and the Mutual Legal Assistance in Criminal Matters Act aka Investigative Powers for the 21st Century Act. 

There also appears to be at least one companion bill, C-52.  This is the latest incarnation of what has been dubbed a “lawful access” bill.   The bill essentially tries to give law enforcement more access to electronic communications.    Critics refer to the bills as “awful access”, and point to the erosion of privacy and the costs ISP’s will need to spend.  They also question the practical effectiveness of the measures.   This bill is hot off the press, and I have not had time to look at it – but in general I fall into the ”awful access” camp.  Expect more commentary on this from both Michael and David.

Why internet back door laws are not a good idea

As I mentioned earlier, there is a proposal in the US for legislation to require backdoor internet access to law enforcement.  There have been similar proposals in Canada for “lawful access”.

Bruce Schneier has a good post entitled Wiretapping the Internet that explains why this is a bad idea.  The entire post is worth reading, but to give a flavour:

These laws are dangerous, both for citizens of countries like China and citizens of Western democracies. Forcing companies to redesign their communications products and services to facilitate government eavesdropping reduces privacy and liberty; that’s obvious. But the laws also make us less safe. Communications systems that have no inherent eavesdropping capabilities are more secure than systems with those capabilities built in.

Official misuses are bad enough, but the unofficial uses are far more worrisome. An infrastructure conducive to surveillance and control invites surveillance and control, both by the people you expect and the people you don’t. Any surveillance and control system must itself be secured, and we’re not very good at that. Why does anyone think that only authorized law enforcement will mine collected internet data or eavesdrop on Skype and IM conversations?

Internet cafe surveillance ‘security theatre’

For the London Free Press – Mar 3, 2010

Read this on Canoe

General public, especially Muslims, likely unintended target of move by U.K. police to monitor customers’ web travels

Internet cafes in the United Kingdom are the latest victims of privacy invasive counter terrorism measures. Scotland Yard recently asked Internet cafe owners to monitor customers’ use of public computers. The authorities are encouraging owners to check activity on their computers and keep an eye on any suspicious activity.

Yet police say it’s not about asking Internet cafe owners to spy on their customers.

These measures seem unreasonable and privacy invasive, and are likely to be ineffective.

This is similar to monitoring calls on a public phone, it has been pointed out.

Surely a criminal or terrorist using an Internet cafe would be savvy enough to hide their tracks.

Unfortunately, the general public will likely be the unintended victims of this initiative, similar to the suspicions raised against average people taking photographs in public places.

As Simon Davies, director of U.K.-based Privacy International, has said, “What you’re going to end up with is a lot of people reporting Muslims in Internet cafes.”

Police have stated that Internet cafes often have been used by terrorists and other criminals in order to evade police surveillance. The police noted that the men behind the plot to blow up U.S.-bound passenger jets with liquid explosives secreted into soft drink containers used an Internet cafe to plan their attack.

Posters and computer desktop images of Scotland Yard’s logo are being distributed to Internet cafes. They are sternly worded, warning customers against viewing “inappropriate or offensive content,” and stating “breaching the above will result in the user’s Internet access being terminated immediately and, where appropriate, the police being informed.”

This latest initiative can be seen as an extension of the suspicious attitude the UK police have against public photography. There are many reports that average people with cameras often are accused of suspicious activity, just for taking photographs.

In response to public outrage at police searching people’s cameras, Scotland Yard posted the following note on their website under “Photography Advice:”

“Officers have the power to view digital images contained in mobile telephones or cameras carried by a person searched under S43 of the Terrorism Act 2000 to discover whether the images constitute evidence that the person is involved in terrorism. Officers also have the power to seize and retain any article found during the search which the officer reasonably suspects may constitute evidence that the person is a terrorist. This includes any mobile telephone or camera containing such evidence.”

The official suspicion about photographers seems ironic in a nation having a massive number of surveillance cameras to watch the public’s every move.

One has to wonder whether the invasion of privacy, and the air of suspicion and fear such measures foster, is worth it, and whether these measures do anything at all to increase public safety, or are mere security theatre.

laptop spy lawsuit / scandal

That’s the title of my Slaw post for today.  It reads as follows.

There is a lawsuit  and a criminal investigation underway resulting from a school outside of Philadelphia that secretly took pictures of students with webcams on laptops supplied by the school.

The idea was to use the webcams only in cases where a laptop was reported stolen.   It is alleged however that school officials turned on the webcams simply to spy on the students for their own curiosity.  

More details and commentary can be found on Techdirt, Boing Boing, and this AP story.

It’s hard to sort out reality from posturing, but it doesn’t look good for the school.

A couple of lessons can be learned from this.

First, people are a real weak link in the need to preserve privacy where any kind of surveillance or tracking is possible – despite good intentions behind the system.

Second, if you must use any kind of system that enables surveillance, take all possible steps to limit access, and make clear to those that have access that they will be held accountable if they misuse it.

Schneier article: Spy cameras won’t make us safer

Security expert Bruce Schneier wrote an article for CNN entitled “Spy cameras won’t make us safer” that’s worth reading.

His basic premise is:

Pervasive security cameras don’t substantially reduce crime. This fact has been demonstrated repeatedly: in San Francisco, California, public housing; in a New York apartment complex; in Philadelphia, Pennsylvania; in Washington; in study after study in both the U.S. and the U.K. Nor are they instrumental in solving many crimes after the fact.