Just because you've got nothing to hide, doesn't mean you've got nothing to lose...

Trust us, we're the good guys ... and there are bad guys, so we need your metadata. ASIO Chief David Irvine and Australian Federal Police Deputy Commissioner at a press conference supporting metadata retention laws. Source: News Corp 

This week, the Australian House of Representatives passed new laws which extend the Government’s surveillance powers, by requiring telecommunications companies to store our metadata for two years, and to make this metadata available to government security agencies without a warrant. (Unless you’re a  journalist, in which case an amendment has been proposed to require a warrant.)

While much of the political debate has focused on the important question of whether journalists will be in a position to protect their sources if the legislation passes, there are broader issues at stake.

In defending the legislation, people like the AFP Commissioner and Attorney-General have frequently invoked the ‘nothing to hide’ argument. Any argument against the Bill is met with the assertion that if you’ve got nothing to hide, then you have nothing to fear from governance agencies having access to your metadata. By extension, advocates of the Bill suggest that the only people who have something to fear from increased government access to their metadata are the anti-social, the criminal, and the terrorist.

The forced storage and sharing of metadata is but the latest incidence of surveillance creep in Australian society. Just as our movements and connections in cyberspace are tracked, so too are our movements through physical space – by CCTV cameras, licence plate recognition systems, commercial wi-fi providers, transport smart card systems, and many more technologies besides. As with the metadata laws, the ‘nothing to hide’ argument is frequently invoked to sure up support for all of these technologies.  

The ‘nothing to hide’ argument is mobilised so often by surveillance advocates because it does have traction in the wider community. When I discuss this issue with university students, for instance, the ‘nothing to hide’ argument is frequently used as a way of rationalising everything from participation in social media to support for (or at least indifference towards) increased surveillance by both corporations and state authorities.

When the issue of privacy is put this way, it is probably no surprise that many people choose to identify with the ‘nothing to hide’ argument. After all, if your choice is between having ‘nothing to hide’ and being a criminal or a terrorist, that’s not much of a choice at all for most people. And besides (so the argument goes), any loss of individual privacy is a small price to pay for the convenience and security provided by new communications and surveillance technologies. Indeed, as Prime Minister Abbott has put it, the good citizen may have to give up some personal privacy for the collective good of national security in these ‘troubled times’.

If pushed, many who support the ‘nothing to hide’ argument will likely concede that they are not prepared to share every nook and cranny of their bodies and their lives with others. But the ‘nothing to hide’ argument is rarely made in such extreme form. We are not being asked to strip naked before our peers, or to reveal the intimate content of our phone conversations and email. In the legislation before Parliament, we are being asked to share the phone numbers we dial and the places and websites we visit with law enforcements agencies. 

But even if you’re someone who thinks you’ve got ‘nothing to hide’ in relation to the measures before Parliament, this doesn’t mean you’ve got nothing to lose if the legislation is eventually passed into law by the Senate. As privacy thinker Daniel Solove argues, certain forms of privacy have a social value, not just a value to individuals. In other words, making good assessments of legislative changes such as the one before the Parliament should not be viewed as simply a matter of weighing up ‘individual privacy’ against the ‘national interest’, as though there is a simple trade-off between the two. As he puts it, “privacy issues involve balancing social interests on both sides of the scale.”

The point is that each proposal to collect, store and share any data about us should be debated on its social implications – what collective goods are secured by reduced privacy in a given domain, and what collective goods might be undermined? Here, just as knee-jerk defence of a vaguely-defined and inalienable individual privacy should not carry much weight, neither should the ‘nothing to hide’ argument be accepted without scrutiny. We all have something to hide. Not everything that we want to hide is wrong or evil, and it is good that we are able to hide some things in our society. So, what things should remain ‘private things’? Who should they be private from, and what kinds of protections should be put in place when some ‘private things’ become ‘public things’?

Only a serious political debate can answer these questions democratically. And democratic debate is stymied when any opposition is equated with criminality and evil intentions. Far from ‘turning a blind eye’ to crime and terror, most critics are simply trying to make space for clear assessment and serious debated on the benefits and harms of the particular legislation before us.

The potential harms are real. Not only journalism, but activism, scholarship, pluralism and more collective goods besides depend on our ability to keep some things to ourselves in some circumstances.

And as Solove notes, data collection and sharing are not only potentially harmful because they reveal individual secrets. They are also potentially harmful when the citizens who are surveilled have no means to identify and correct indifference, errors, and abuses that are bound to occur from time to time when large volumes of data are collected and analysed by large state agencies. He is as worried about Kafka’s bureaucrats as he is about Orwell’s Big Brother. From this perspective, the lack of oversight, and lack of citizen access to our own data and how it is used, is deeply problematic.

Law enforcement agencies reply that imposing burdens such as warrants and disclosure on their use of data would be time-consuming and costly. But they provide no evidence that it would put their investigations at risk. And just as we citizens are urged to accept the notion that the curtailment of some of our freedoms is necessary for the collective good, surely the same argument applies to the law enforcement agencies? Some curtailment of their freedom to access and use our data as they see fit, without adequate oversight, is most certainly a matter of public good in a democratic society.

Commenting on the data retention debates in the US, Solove observes that “Far too often, the balancing of privacy interests against security interests takes place in a manner that severely shortchanges the privacy interest while inflating the security interests. Such is the logic of the nothing to hide argument.” The same will happen here if we let it.

Facial Recognition (and the scrambling thereof...)

Effective facial recognition detection software and systems have beeen in development in various parts of the world for several years. While the ability to recognise faces of real people moving through crowded urban environments in real-time is not yet a reliable prospect and/or an affordable reality in most cities (at least according to CCTV operators I've spoken to), the ability to scan static faces and two dimensional images has been getting more sophisticated for a while. Recently, for instance, the US Federal Bureau of Investigations announced that it would be adding facial recognition software and databases to its 'Next Generation Identification System', thus enhancing their biometric capabilities.

So, not surprisingly, facial recognition has become the target of activists concerned with issues of surveillance and privacy. Check out URME Surveillance, which offers a range of products designed to help people beat the recognition systems (and to raise awareness of the issues associated with new facial recognition technologies). Among the ideas here is the URME Surveillance Personal Suveillance Identity Prosthetic, which is a 3D printed mask letting you wear the artist's face instead of your own. There's a novel use of 3D printing ... go Leo!



URME SURVEILLANCE: Indiegogo Campaign from Leo Selvaggio on Vimeo.

There's an interesting article here interviewing Leo about his project (thanks to Derek for the link!).

In Google We Trust

Technologically connected but where does our data go? Image source: ABC Four Corners

The ABC current affairs program, Four Corners, recently broadcast an episode that looked at life in the digital age, In Google We Trust. The episode followed the a day in the life of your "average" Australian family, looking at how the everyday technologies they use, create a profile of their movements interests, likes, communications and the extent of the data networks that this information travels through. The program also discusses the opportunities for surveillance, tracking and the general erosion of privacy that these technologies enable, often without much public awareness of these intrusions. Many of these are known to us and our readers here at The Politics of Location, some which will be reiterated in today's post, along with a few examples which are new to us.

The first member of the family to be the focus of the camera's attention is their teenage daughter, Christina. She likes to visit sites such as YouTube, tumblr and instagram to keep up to date with what people and celebrities are doing. She also likes Selena Gomez. Of course, the use of these sites raises the question of privacy agreements required for using such services and whether or not the majority of people read them, and if they do, whether they actually understand them. The answer is a resounding "No". No surprises there. According to Alistair MacGibbon, from the Center for Internet Safety, and former federal police officer:

Even if there are 156 pages of terms and conditions very conveniently though that checkbox is on page one, and I suspect that the majority of Australians have never read a privacy policy and if they had, they probably couldn't understand it.

Furthermore, he notes that people should not be lapsed into a false sense of security based on the familiarity of the environment from which they're accessing the net:

If we think that we're in our lounge room or bedroom engaging in the internet, that it's just us - there're an awful lot of people looking over your shoulder.

This means, that even before Christina starts her school day, her online activity and the data that generates is already travelling internationally and being tracked, providing advertisers with information to directly target marketing to her.  This doesn't really bother Christina because she believes she there is no sensitive information that can be gathered from her internet use and she isn't using her accounts to do anything secret, although one might be doubtful if liking Selena Gomez is something you want shared. But that doesn't particularly seem to bother a twelve year old. The basic message here though is that privacy agreements are often unclear and convoluted, deterring users from perusing and comprehending them fully. Thus people sign up without being fully aware what data is being collected and how it will be used. The data creates a digital profile of the user and companies frequently use this data for targeted advertising. They know a lot about you.

Next up is teenage son Alexi, who is the highest app user in the family. On the topic of apps, Troy Hunt, Internet Security Officer, is quick to point out that apps essentially do what your internet browser does, and again makes your online activity trackable and able to be intercepted. Alexi's apps are scrutinised by Hunt and he finds that some of the apps that users would consider as trustworthy actually have some major security problems, the example here being the app of the NRL team, the Sydney Roosters. Their protocol wasn't encrypted which meant that personal information and credit card data entered into the site would be available to anybody observing the connection. The Sydney Roosters have since fixed this problem.

The problem with apps, according to Hunt, is that they often operate on user trust:

So that's a real problem with this app and it's unfortunate when you're sitting at a PC and you're doing your banking or you're doing your shopping, you get a little padlock icon and you can sort of look for that, and you get some sort of confidence in the security of the website. But you don't get that in an app, so all you know with an app is that these guys are saying, hey trust me with your credit card details - so that one basically has not even an attempt at securing your credentials.

Reporter, Geoff Thompson, next turns his attention to the father, Jim, a financial planner who travels to work by motorbike. Etags are mentioned in passing as a trade off between convenient automatic billing and the road authorities knowing when he uses the tolls. What is news to Jim, and also to us here at this blog, is that NSW Roads and Maritime Services is downloading information on his mobile phone by scanning its Bluetooth signal as he passes particular streetlights. This obviously raises concerns about what data is being stored and whether it is de-identified, as Hunt notes:

It's a question of what they're actually capturing and saving, I mean the concern that I would have is are they tracking identifiable information about individuals, because if they're tracking identifiable information and they're doing it at multiple points, then they're tracking everything from your personal movements, to the average speed that you could be carrying, that would be a bit of a concern to me, it's a question though of whether it's de-identified or not.

The Roads and Maritime Services (RMS) is collecting the Media Access Control (MAC) addresses of mobile phones at 16 sets of traffic lights in inner Sydney. MAC addresses are unique identifiers of mobile phones and similar devices (we talked about their use in so-called 'Spy Bins' in London here). They are not considered as personal information by Australian privacy laws because the phone's owner is not easily identified by the address. This however doesn't mean its not invading privacy or doesn't have the potential to. As Hunt cautions,

this might be one of those cases where you want to get a definition of personal information, is a unique device address personal information? You know, maybe it is not, but it does still track an individual's movements, ah so whether or not they admit to actually tracking it, the capability is there.

The RMS issued a statement in response to the Four Corner's inquiries claiming that,

The devices receive the Bluetooth MAC address but no other identifying information is captured. MAC addresses are anonymous data.

The signals provide RMS with data to show the number of vehicles passing through intersections at particular times which then helps RMS monitor traffic flows. Unlike other devices with measure traffic volumes, this method allows RMS to measure traffic flow and provide information on trip and exit times to customers.

Despite this Four Corners uses examples of technologies which ended up having impacts beyond what was initially intended.San Francisco's toll tag, is one such example, for despite being introduced only with the intention for automatic billing, it eventually had impact on divorce proceedings. The movements of spouses became important information, and the courts acted to subpoena such information from the tags.

The fact that Jim drives to work also brings up the issue of Automatic Number Plate Recognition (APNR) technology which takes photographs of number plates and identifies any "problem" vehicles. Introduced in late 2009, the technology is now installed on 280 police cars across NSW. The cameras take six photos a second and these photos are stored on a data base for approximately five years. But the scanners don't discriminate on which vehicles they photograph. All number plates in view are targeted whether they are doing something illegal or not. According to Four Corners, since 2009 the NSW police force has captured and stored more than 208,799,000 number plates. However, the police are reluctant to explain how exactly they use this data, noting that there are strict protocols for accessing and retrieving the stored information and that none of it is personal, while offering a general statement that:

"The information collected by the ANPR units - car photo, registration plate number ... and where and when the photo was taken - is stored in a separate data base for about five years."

However, as the episode notes, this is essentially a database of where you've been and when for the past for years. Hunt believes we have reason to question the innocuousness of the technology:

Without any confirmation to the contrary, and I can understand why they'd want to be cagey about something like this, that's really the only conclusion you can draw right? Because we know that the data's being collected, we know we have the technology to match a numberplate in one location to a numberplate in another location, I mean this is, this is very basic stuff. So you have to draw the conclusion that that yes they, you know, this is all getting put together at some point.

This clearly shows the potential for metadata to be stored and used to link people and events over a period of years. This potential is voiced by the Australian Privacy Commissioner, Timothy Pilgrim, who notes that:

Metadata can tell quite a lot about a person's activity in terms of the times they're transmitting and who they're transmitting data to or having communications with, certainly it can provide quite a lot of information.

And there are more than 300 000 metadata requests made each year.

However, it is not just internet data, apps, number plates, etags, and mobile phones that are surrendering our data. Thompson, now turns to the mother of the family, Helen, who is heading out to do the grocery shopping. This of course brings up Coles "Flybuys" and Woolworths "Everyday Rewards".

Rob Scott, Finance Director for Coles, claims that the FlyBuys system is an extension of what retailers have been doing for years, in getting to know the customer, what products they need and like, and then tailoriing their services and stock to the customer. As Alastair MacGibbon notes, "loyalty cards and rewards programs are about collecting information about you. Again, it's a perfectly legitimate thing to do, so long as you go into it with your eyes wide open."

It is noted that Woolworth's has bought a 50% share in data analysis company, Quantium, giving Woolworth's access not only to the data of its own clients, but many of Quantium's other clients. This provides Woolworth's with a greater understanding of the buying habits of its own and other customers. Although the data that both companies share supposedly is de-identified, such data is still incredibly valuable in showing customer habits more broadly, which helps businesses to further tailor their products and services to the customer's wants.

Back at home, Helen opens up her yahoo account. Doing so means that her data is re-routed through computer servers in the United States and which of course, as the whistle blowing revelations on the National Security Agency earlier this year showed, makes Helen's data subject to interception by foreign intelligence agencies, something she is not comfortable with. While some "If you haven't done anything wrong, you don't have to worry" rhetoric is rolled out, Danny O'Brien of the Electronic Frontier Foundation notes that,

US citizens have, at least in theory, some constitutional rights that protect their data from access by the US government. Those rights don't extend to non-US persons, which means that Australian's data, when it's kept in the United States, has no real legal protection from the government...It gets worse because, not only is there no good legal protections from the US government, 'cause the US government shares its intelligence and research with the rest of the world, including potentially the Australian government. So you have this incredible trade off where the Australian legal system has good protections to prevent data just ending up in the hands of the Australian law enforcement, without you know a good warrant or a judicial process. But that doesn't stop the US from handing data on Australian citizens straight over to those same parties without any of those legal safeguards.

With the potential surveillance and data gathering opportunities in the domestic sphere discussed, the episode moves onto the final member of the Pappas family yet to be addressed, eldest daughter, Katerina. Meeting a friend at Westfield, Bondi Junction, Katerina's movements are monitored by CCTV but also have the potential to be tracked by the shopping center using her mobile phone. Four Corners notes that Westfield's privacy policy claims that,

"...where devices are able to connect to, or are identifiable by, in-centre infrastructure, we may collect data including usage, location and type of device"

Although Westfield states that they are currently not tracking customers via mobile phones despite having the technology installed in three Australian sites. The importance placed on such technologies is demonstrated by the creation of Westfield Labs, a division of Westfield based in San Francisco, which is tasked with developing and perfecting ways to collect data on customers. Another company, RetailNext, has already developed their own version of in-store tracking, something we discussed in a previous blog post. Katerina, understandably is not comfortable with the idea of tracking her movements through the shopping center by wi-fi, suggesting for an opt in, opt out policy.

The Future of Retail. Image Source: Westfield Labs

But it is not quite safe to leave Westfield without another privacy hazard! According to Four Corners, Westfield parking station trialed technology to help shopper locate their cars. This required photographing and uploading the images of every parked car. Hunt, however, had found a security flaw which has now been addressed. It had been possible to obtain more information than the four possible car matches that the product had intended. According to Hunt, anybody with an internet connection could access information on which cars were in the shopping center and when:

And they would get a list of every vehicle that was currently in the car park and then they could repeat it every sixty seconds, every five minutes, whenever they wanted to, so you would get a profile of who's coming and going and how long they're staying.

The episode concludes back at the Pappas' s house, where the complexity of digital assets ownership, particularly after death and the idea of people's data outliving them, is discussed. The relative "newness" of this issue is noted, along with the need to find ways to deal with this, answers to which are far from complete.

That distinguishing between our physical and digital identity is becoming increasingly difficult is remarked upon by Thompson, and the episode has reflected the increasing intertwining of the two through our everyday lives, often through processes of which we are not aware, or only partly so. Our data footprints reveal a considerable amount of detail about ourselves, even if the data is de-identified or not, and it is increasingly salient to develop ways to manage this data in a way that finds a balance with privacy, regardless of whether some commentators have already touted the death of privacy.

It suggests the increasing blurring of the boundaries between public and private places and selves. Many see their mobile phone as a personal and private device, but clearly as this report has showed, the information contained on them can be obtained in public spaces, such as with the MAC address gathering, and without clear explanation of why, or what is used for. This also denotes a disparity between people's perceptions of what is private and what law or government define as personal information, based on ideas of de-identified information, which need to be re-assessed. Because the collection, storing and access to big data raises a multitude of issues concerning privacy, security, policing, government and power, as well as the potential to abuse that power. As O'Brien comments,

I don't think any social system, any government, can survive knowing everything about its citizens without ultimately that being corrupted. I mean I wouldn't be able to take that power. I don't think anyone would want or to take that power, um. But once you've got it, you're gonna find a use for it.

Exploring Sydney's Digital-Urban Interface

Accessing the digital layers ... networked urbanism is ruining our posture!

Recently, Sophia and I took a group of 25 urban geography students on a field trip in the Central Business District of Sydney, designed to examine various ways in which the digital and the urban are coming together.

We based the field trip on the 'Systems/Layers Walkshop' concept designed by Nurri Kim and Adam Greenfield for Do Projects. Nurri and Adam have produced a fantastic booklet that can be used to help prepare for such an exercise, based on their experiences of running these 'walkshops' in a number of cities.

The purpose of the walkshop is to develop a better understanding of networked urbanism and its implications. To quote from their booklet:

We live in an age in which the form of cities, the ways in which we experience them, and the choices they present us with are all in the process of profound and rapid change, driven by the presence of networked information-processing systems everywhere around us. Mobile phones, CCTV cameras, building-scale displays, embedded sensors, and remotely-operated barriers are all part of this transformation. Between them, these systems superimpose a layer of information on top of the physical bricks and paths of the city, and this is increasingly a place where control over space and behavior can be exerted.

We believe that understanding this layer, the systems that make it up, and its implications for the freedom to move and act is vital to full citizenship in the congested, contested urban spaces of the twenty-first century.

And so, the walkshop is a tool to develop this understanding of layers and systems, and to generate discussion about their implications. This is what you do:

What you’re going to be looking for are appearances of the networked digital in the physical, and vice versa: apertures through which the things that happen in the real world are gathered up by the global informational network, and contexts in which information originating on the network affects what people see, confront and are able to do.

Places where information is being collected.

Places where information is being displayed.

Places where networked information is being acted upon.

I also asked the participants to read Dan Hill's wonderful essay on 'The Street as Platform' in preparation for the day.

We focused our attention on a couple of relatively small areas in the Central Business District. For those who know Sydney, here's how we rolled...

We started at Central Station, where we had a talk from two people from the City of Sydney about their Food Truck program and mobile app.

We then caught a train from Central Station to Circular Quay, for a walk around followed by a talk from the folks at Skedgo, who are responsible for the real-time public transport app TripGo.

After a break for lunch, we then caught a train back to Town Hall Station, and broke up into small groups to explore the terrain between Town Hall and St James Station on foot. We reconvened as a large group to report back on our small group observations and reflect on the day.

Here's a quick report on what we saw and what we learnt, and some reflections on the experience.