thoughts and observations of a privacy, security and internet researcher, activist, and policy advisor

Tuesday, October 17, 2006

The European way: "surveillance while protecting privacy"

The EU has announced to fund 15 more research projects "to combat terrorism", each of them with € 1 Million on average. While many of them deal with new gadgets for detecting explosives, harmful microbes and related ideas, a few of them are more, well, interesting for this blog:
Enhancing surveillance and tracking while protecting civil liberties and privacy
The i-TRACS (Counter-Terrorism identification and tracking system using the analysis of communications, financial and travel data) project aims to develop an innovative advanced tracking and surveillance system consolidating and integrating multiple information data sources...
Does this ring a bell? Communications data retention, SWIFT, passenger name records? arrive at a socially acceptable solution in terms of civil liberties and the privacy. (...) The i- TRACS consortium has the confluence of expertise to empower the required and justifiable data intelligence gathering of evidence in order to track and hopefully halt prima facie suspected criminal activities.
So they want to do datamining in communications, financial, and travel data to gather intelligence (not "evidence"), in order to halt suspect criminals? Oh, above it even said "terrorism" - well, never mind, you bloody mp3-sharing terrorist! And did I hear anyone saying Total Information Awareness?

It gets even better. Remember, the title says "while protecting civil liberties and privacy"? How are they going to do this?
One of the partners is a civil liberties group.
Wopee, this will save us. The project leader is a French company called CICOM, which seems to be some business or research incubator, and which is not known in the privacy field I am aware of. So in the end, a yet unknown civil liberties group that is accountable to no one will make sure that surveillance in Europe is "protecting civil liberties and privacy"?

This project is also interesting:
Tracking potentially suspicious persons
The main goal of HAMLeT (Hazardous Material Localisation & Person Tracking) is the classification and tracking of potentially suspicious persons for focusing the attention of security personnel (...). [A]n individual chemical sensor is unable to localize hazardous material and to associate it to an individual person. Within the integrative approach of HAMLeT, this deficiency is compensated in dynamic multiple person scenarios by fusing the output of several chemical sensors with kinematical data from laser range-scanning or video sensors to be used for multiple person tracking.

So, while it sounds like "we only track people who smell like semtex", one side-effect of this project will be to know how to use "laser range-scanning or video sensors (...) for multiple person tracking". Add this to the face-scan experiments in public places that have just started in Mainz main station last week, and you get the idea.

And then you have mySWIFT on steroids:

Combating money laundering and terrorism financing
GATE (Next Generation of Anti-Terrorist Financing Methods) will study new adaptive multidisciplinary modelling techniques to detect criminal behaviour by flagging suspicious human behaviours...
"Suspicious behaviour" can only be determined when you a) have a norm that defines normal behavior, and b) detect deviations before you have any suspicion from other sources (otherwise, it would not be suspicion, but evidence). In other words: You have to do data-mining in close-to-real-time (because you want to avoid the data to pile up - and of course, you want to prevent snakes from entering a plane in the first place) and detect suspicion. In what kind of data again? Ah, yes:
...for anti-money laundering/anti terrorism financing. It will combine intelligence from within individual financial institutions with computational trust modelling and mining intelligence.
So the idea is to develop a prototype for monitoring all financial transactions in Europe? No:
The project will identify, design, deploy and validate models in real conditions within banks...
They actually already want to deploy it in banks! capture more complex behaviours including multidisciplinary aspects beyond utilising transaction data from financial institutions, such as demographics, social networks, lifestyle or cultural behaviours.
So they want to combine my age (demographics), my shopping or web surfing habits (lifestyle), my concert or theater visits (cultural behaviours), and my MySpace, openBC and whatever Web2.0 data plus my phone and address books (social networks), in order to detect terrorism financing? Get real. In the end they will want to find out for which small lecture I forgot to file the 50€ remuneration with the tax authorities, because I took a train to XYZ without knowing anyone there, not even among my openBC contacts. And they will say "Boy, this can be seen as money laundering, and yeah, we just have the technology to do it."

On a related note, the EU Commissioner for Justice & Home Affairs, Franco Frattini, said in August that the Internet should be made a "hostile environment" for terrorists. Spyblog asked him back then how the EU intends to do this, and now got an answer back from Jonathan Faull, Director General for Justice, Freedom and Security at the Commission. The answers are telling. Take the first question:
Are you proposing a European Union version of the national level firewall content filtering and censorware software such as is used in the "Great Firewall of China" or in Saudi Arabia and other repressive regimes?
The Commission's answer is more like a "no, we never decided to do data retention, and we think the SWIFT scandal is in fact a scandal":
At such an early stage of our consultations it would be premature to speak about a specific solution, however we can certainly reassure European citizens regarding the commitment of the European Union to the respect of human rights, which applies to all fields where it is competent, including the fight against terrorism. Indeed, as Article 6 of the [Treaty of the European Union] sets out, the European Union is founded on the principles of liberty, democracy, respect for human rights and fundamental freedoms, and the rule of law. In consequence, policy options undermining such principles will be necessarily ruled out as opposed to the democratic values that are common to all Member States and constitute the basis of our society.
The Register has a nice summary for the above:

Relieved? We know we were. So even if Europe does build a Great Firewall it won’t be one that undermines our basic principles, right…


Anonymous Anonymous said...

Hello Ralf,

I am looking to inteview the project coordinator of the i-TRACS project to write a story for CORDIS News and was wondering if I could 'pick your brain' for ideas on how to approach the subject as I am no security expert? My email is james(dot)cordis(at)gmail(dot)com. Thanks in advance. James

16/5/07 15:25


Post a Comment

<< Home