Page 1 of 16


PostPosted: Fri May 08, 2009 6:17 pm
by stefano
Spying in the UK: GCHQ Awards Lockheed Martin £200m Contract, Promises to "Master the Internet"
7 May 2009

The Government Communications Headquarters (GCHQ), the National Security Agency's "kissin' cousin" across the pond, has awarded a £200m ($300m U.S.) contract for an internet panopticon.

American defense and security giant Lockheed Martin and BAE subsidiary Detica (yet another firm specializing "in collecting, managing and exploiting information to reveal actionable intelligence"), snagged the contract The Registerand The Sunday Timesrevealed May 3.

According to The Register the new system, called Mastering the Internet (MTI) "will include thousands of deep packet inspection probes inside communications providers' networks, as well as massive computing power at the intelligence agency's Cheltenham base, 'the concrete doughnut'."

Lockheed Martin and Detica aren't talking and have referred all inquiries on the MTI contract to GCHQ. ComputerWeekly however, reported May 6 that Detica, a firm with close ties to MI5 and MI6, "has data mining software that can detect links between individuals based on their contacts with sometimes widely separated organisations."

The magazine revealed in 2007 that the Insurance Fraud Bureau (IFB) "has outsourced its data mining operations to Detica, a specialist IT company. Its NetReveal software applies social network analysis to huge amounts of data to identify, understand, and evaluate higher-level networks of potentially collusive individuals and organisations."

It would appear the system under construction by GCHQ will apply a similarly unsound and unscientific approach to "counterterrorism." As the National Research Council revealed in their 2008 report on data mining and other dodgy methodologies such as link- and social network analysis for reading digital tea leaves, such techniques "are likely to generate huge numbers of false leads."

However, as a repressive tool for corralling recalcitrant individuals such as antiwar campaigners, environmental activists, socialists and Muslims under Britain's draconian 2006 Terrorism Act, thousands of digital nodes designed to "master the internet" would certainly fit the bill for spooks-gone-wild.

While £200m is a lot of boodle to spy and data mine the private communications and internet browsing habits of British citizens, as James Bamford revealed in Body of Secrets, GCHQ is a key member of the exclusive "UKUSA club."

Under terms of the Cold War-era UKUSA Communications Intelligence Agreement, a surveillance nexus linking the United States, Canada, Britain, Australia and New Zealand, a cosy relationship was created where member agencies agreed to share information, including that obtained illegally on their citizens, with one another. "By the late 1980s," Bamford wrote, "there was barely a corner of the earth not covered by a listening post belonging to one of the members, or by an American satellite."

GCHQ whistleblower Katherine Gun revealed in 2004, that British spooks and their American partners at NSA had sought leverage by spying on diplomats at the United Nations during the run-up to the U.S.-led invasion and occupation of Iraq, The Observer reported.

A firestorm of protest erupted in the usually staid confines of the UN Security Council when Gun leaked a memo to The Observer from NSA section leader Frank Koza to his compadres at GCHQ. The missive detailed a massive spying operation designed to give America "the edge" in forthcoming negotiations over a second UN resolution authorizing war--and what NSA expected from GCHQ. Despite their efforts the targeted nations--Chile, Pakistan, Guinea, Angola, Cameroon and Bulgaria--wouldn't play ball.

It now appears that GCHQ has expanded its brief and intends to routinely spy on British internet users under the guise of "preventing terrorism." According to The Register,

Sources said MTI received approval and funding of more than £1bn over three years in the October 2007 Comprehensive Spending Review. GCHQ, like MI5 and MI6, is funded out of the opaque Single Intelligence Account. For 2007/8 the planned budget for the three agencies was over £1.6bn.

GCHQ began work on MTI soon after it was approved. Records of job advertising by the agency show that in April 2008 it was seeking a Head of Major Contracts with "operational responsibility for the ‘Mastering the Internet’ (MTI) contract". The new senior official was to be paid an annual salary of up to £100,000. (Chris Williams, "Jacqui's secret plan to 'master the internet'," The Register, May 3, 2009)

Not to be outdone by NSA's all-inclusive driftnet surveillance of American citizens, The Sunday Times reported that "the £1 billion snooping project ... will rely on thousands of 'black box' probes being covertly inserted across online infrastructure."

The top-secret programme began to be implemented last year, but its existence has been inadvertently disclosed through a GCHQ job advertisement carried in the computer trade press.

Last week, in what appeared to be a concession to privacy campaigners, Smith announced that she was ditching controversial plans for a single "big brother" database to store centrally all communications data in Britain.

"The government recognised the privacy implications of the move [and] therefore does not propose to pursue this move," she said.

Grabbing favourable headlines, Smith announced that up to £2 billion of public money would instead be spent helping private internet and telephone companies to retain information for up to 12 months in separate databases.

However, she failed to mention that substantial additional sums--amounting to more than £1 billion over three years--had already been allocated to GCHQ for its MTI programme. (David Leppard and Chris Williams, "Jacqui Smith's secret plan to carry on snooping," The Sunday Times, May 3, 2009)

When news of GCHQ's project surfaced, the director of Liberty, Shami Chakrabarti, said Smith's announcement was a "smokescreen" meant to conceal the new MTI project. The civil liberties' watchdog group had applauded the Home Secretary's apparent "climb-down" on an earlier proposal for a a centralized communications database.

Chakrabarti told The Sunday Times, "We opposed the big brother database because it gave the state direct access to everybody's communications. But this network of black boxes achieves the same thing via the back door." One might add, seamlessly and silently through deep packet inspections of message content.

A deep packet inspection refers to a form of computer network filtering that examines the data portion of a communication (including a message header) as it passes the inspection point of an ISP. While it can filter out viruses and spam, the technology can also enable advanced security functions such as data mining, internet eavesdropping and censorship.

Additionally, because ISP's route all of their customers' traffic to a multitude of network providers, they are also able to monitor web-browsing habits in a way that permit them to gain insight into their customers' interests; this then, becomes the basis of a new form of corporate grift: the sale of data to companies that specialize in targeted advertising.

In the United States for example, NSA's unholy alliance with AT&T, Verizon and other giant telecommunications companies, use deep packet inspection to facilitate internet surveillance, sorting and forwarding private communications to a multitude of spooky agencies.

As the Electronic Frontier Foundation has documented in their landmark lawsuits against telecommunications' grifters and the state, Hepting v. AT&T and Jewel v. NSA, AT&T's suite of "secret rooms" located across the country function as virtual--and illegal--NSA listening posts.

According to AT&T whistleblower Mark Klein, the NSA's SG3 secure room is where internet traffic is split and then diverted to NSA worker ants, most likely outsourced techno-drones hired by the agency to do the dirty work. Private communications are then analyzed by Narus traffic analyzers and logic servers. Narus, a spooky Israeli corporation with a Mountain View, California address as a "beard," claims that its devices are capable of real-time data collection and capture at 10 gigabits per second.

In his sworn affidavit Klein told the Court:

Starting in February 2003, the "splitter cabinet" split (and diverted to the SG3 Secure Room) the light signals that contained the communications in transit to and from AT&T's Peering Links with the following Internet networks and Internet exchange points: ConXion, Verio, XO, Genuity, Quest, PAIX, Allegiance, Abovenet, Global Crossing, C&W, UUNET, Level 3, Sprint, Telia, PSINet, and MAE-West.

Internet exchange points are facilities at which large numbers of major Internet service providers interconnect their equipment in order to facilitate the communications among their respective networks.

Through the "splitter cabinet," the content of all the electronic voice and data communications going across the Peering Links ... was transferred from the WorldNet Internet room's fiber optical circuits into the SG3 Secure Room. ("Declaration of Mark Klein in Support of Plaintiffs' Motion for Preliminary Injunction," United States District Court, Northern District of California, Hepting v. AT&T, No. C-06-0672-VRW, March 28, 2006)

According to Wired, the Narus STA 6400 Semantic Traffic Analyzer "can keep track of, analyze and record nearly every form of internet communication, whether e-mail, instant message, video streams or VOIP phone calls that cross the network."

The system under construction by GCHC may surpass the already-intrusive Big Brother capabilities of NSA. Indeed, GCHQ under terms of the UKUSA Communications Intelligence Agreement may in fact be building the system in cahoots with NSA. Certainly the presence of Lockheed Martin would indicate something more than a simple business deal with British spooks!

Suffice it to say, a source familiar with GCHQ's Mastering the Internet project told The Register, "In MTI, computing resources are not measured by the traditional capacities or speeds such as Gb, Tb, Megaflop or Teraflop... but by the metric tonne!.. and they have lots of them."

As author James Bamford points out in his essential book, The Shadow Factory, NSA is currently researching--and racing--to deploy supercomputers with exaflop capacities (one quintillion operations per second); it wouldn't be a stretch to infer that American spies may very well be assisting their British counterparts in a deranged quest to field the next generation of monstrous data mining and surveillance machines.

But don't be alarmed. Just like their American partners, GCHQ operates with "strict accountability ... under the existing legal framework." In response to media reports, GCHQ issued a press release May 3claiming,

Because we rely upon maintaining an advantage over those that would damage UK interests, it is usually the case that we will not disclose information about our operations and methods. People sometimes assume that secrecy comes at the price of accountability but nothing could be further from the truth. In fact, GCHQ is subject to rigorous parliamentary and judicial oversight (the Intelligence and Security Committee of parliamentarians, and two senior members of the judiciary: the Intelligence Services Commissioner and the Interception of Communications Commissioner) and works entirely within a legal framework that complies with the European Convention on Human Rights. ("GCHQ: Our Intelligence and Security mission in the Internet Age," Government Communications Headquarters, Press Release, May 3, 2009)

Try selling that to countless victims of the 1994 Intelligence Services Act or the 2000 Regulation of Investigatory Powers Act. After all, as public servants at the beck and call of their political and corporate masters, "GCHQ does not spy at will"!

PostPosted: Fri May 08, 2009 9:19 pm
by stefano
9 Jan 2009

REAL ID is a nationwide effort to improve the integrity and security of state-issued driver's licenses and identification cards, which in turn will help fight terrorism and reduce fraud.

The 9/11 Commission recommended that the U.S. improve its system for issuing identification documents, urging the federal government to set standards for the issuance of sources of identification. The REAL ID Act of 2005 was Congress' response to this key recommendation.

REAL ID-compliant licenses and ID cards must meet minimum standards which include

information and security features that must be incorporated into each card
applicant's proof of identity and lawful status
verification of the applicant's source documents
security standards for issuance of licenses and identification cards

Why We Need REAL ID

Raising the standards of state-issued identification is an important step toward enhancing national security. Because a driver's license serves so many purposes (access to federal buildings, nuclear power plants, boarding aircraft, etc.), terrorists actively seek fraudulent state-issued identification. The REAL ID rules will make it more difficult for them, while making it easier for law enforcement to detect falsified documents.
REAL ID Current Status

REAL ID went into effect May 11, 2008. Recognizing states need more time to implement REAL ID, the Department has offered states an extension to allow time to meet the requirements; all states received an extension.

If your state has been granted a REAL ID extension, your current driver's license is still a valid form of identification for boarding a federally-regulated airplane, accessing a federal facility or nuclear power plant.
REAL ID Privacy Impact Assessment

A Privacy Impact Assessment (PIA), as mandated by the E-Government Act of 2002, ensures that the Department is fully transparent about how intended information technology systems may affect privacy. The REAL ID PIA examines how drivers' and identification holders' personal information will be collected, used, disseminated, and maintained.

Privacy Impact Assessment ... alidfr.pdf

[url=]REAL ID: Myths & Facts[url]

Myth: REAL ID creates a national identification (ID) card

Fact: REAL ID simply sets minimum standards so that the public can have confidence in the security and integrity of driver’s licenses and identification cards issued by all participating states and jurisdictions.

States and jurisdictions will maintain their ability to design and issue their own unique driver’s licenses and identification cards. Each state and jurisdiction will continue to have flexibility with regard to the design and security features used on the card. Where REAL ID details the minimum data elements that must be included on the face of the card, most states and jurisdictions already include all or almost all of these data elements on their cards.
REAL ID identification documents will not be the only form of documentation accepted by the federal government or any other entity. You can still present another form of acceptable identification such as a U.S. passport, military ID, or government identification badge. If you do not have another form of acceptable documentation, however, you may experience delays at the airport due to the requirement for additional security screening.

Myth: REAL ID creates a national database of personal information

Fact: REAL ID requires that authorized DMV officials have the capability to verify that an applicant holds only one valid REAL ID. REAL ID does not grant the federal government or law enforcement greater access to DMV data, nor does it create a national database.

States will continue to manage and operate databases for driver’s license and identification card issuance.
REAL ID does not create a national database or require additional personal information on your driver’s license than is already required by most states. It simply verifies the documents an applicant presents at the DMV to confirm that individual’s identity and ensure that each individual has only one valid REAL ID.
Personally identifiable information, beyond the minimum information necessary to appropriately route verification queries, will not be stored.

Myth: REAL ID will diminish privacy

Fact: The REAL ID final rule calls on states to protect personal identity information. It requires each state to develop a security plan and lists a number of privacy and security elements that must be included in the plan.

The Department's Privacy Office has also issued Best Practices for the Protection of Personally Identifiable Information Associated with State Implementation of the Real ID Act, which provides useful guidance to states on how to address the privacy and security of information related to REAL ID.
The REAL ID Act will not allow motor vehicle driver’s data to be made available in a manner that does not conform to the Driver’s Privacy Protection Act. Furthermore, with REAL ID, DMV employees will be subject to background checks, a necessary step to protect against insider fraud, just one of the vulnerabilities to a secure licensing system. These steps raise the bar for state DMVs beyond what was previously required.
The Department recognizes the importance of protecting privacy and ensuring the security of the personal information associated with implementation of the REAL ID Act.

Myth: The Department is creating a "hub" in order to gain access to Department of Motor Vehicle (DMV) information

Fact: A state-owned and -operated "verification hub" will be designed to facilitate connectivity between the states and data owners to ensure that people applying for a REAL ID are who they say they are. The federal government will not gain greater access to DMV information as a result. Only authorized DMV officials and law enforcement will have access to DMV records.

REAL ID requires state DMVs to verify an applicant’s identity document, date of birth, Social Security Number, address of principal residence and lawful status, as well as ensure that each individual has only one valid REAL ID. For example, the electronic verification hub will facilitate state-to-state checks for duplicate registrations in multiple states, therefore limiting the ability for persons to obtain multiple licenses for fraudulent purposes.
While the Department has pledged to fund the development and deployment of a state-owned and -operated "verification hub", states will continue to manage and operate databases for driver’s license and identification card issuance. The Department and the states will work together to ensure that security measures are in place to prevent unauthorized access or use of the information. Personally identifiable information, beyond the minimum information necessary to appropriately route verification queries, will not be stored.

Myth: REAL ID is an unfunded mandate

Fact: In December 2008, the Department announced $48.575 million in FY09 grants to improve drivers' license security. From FY06-FY08, the Department made available $361.375 million in grants to assist state driver's license issuance authorities with REAL ID implementation:

REAL ID Pilot Project - The Commonwealth of Kentucky received $3 million in Fiscal Year (FY) 2006 to fund a REAL ID Pilot Project. The pilot is being implemented to test and validate birth record verification processes and to develop a common set of standards that states can use during the driver's license issuance process.

REAL ID Vital Events Verification State Project Grant – The Department of Homeland Security awarded Kentucky an additional $4 million to help state Departments of Motor Vehicles (DMVs) connect to state Vital Record Offices (VROs). The Commonwealth of Kentucky will enable state VROs access to the Electronic Verification of Vital Events hub (a Web-based portal) to verify birth and death record information of individuals applying for REAL ID driver's licenses and identification cards. Kentucky will also use these funds to expand the scope of its REAL ID Pilot Project by comparing U.S. foreign-born citizens applying for a REAL ID driver's license with the U.S. Department of State's foreign-born citizen birth record information.

FY 2008 REAL ID Demonstration Grant Program - The Department competitively awarded $79.875 million to assist states and territories with implementing REAL ID. The FY 2008 REAL ID Demonstration Grant Program is designed to standardize the way driver's licenses are issued and will help protect citizens against fraud and identity theft. Grant funds will help states enhance the integrity of driver's licenses (DL) and identification documents (ID), improve state issuance capabilities, as well as system security.

State Homeland Security Grant Program (SHSGP) - $274.5 million in State Homeland Security Grant Program (SHSGP) funds (20% of the total SHSGP minus M&A funds) were made available to states for REAL ID (FY07-FY08).

PostPosted: Fri May 08, 2009 9:39 pm
by stefano
UK comms intercepts up by half - and it isn't the council
23 July 2008

The latest reports from government surveillance watchdogs reveals that interception of communications by UK officials surged by almost 50 per cent in 2007. British public bodies including police and intelligence agencies made 519,260 requests for information to telcos and ISPs during the year.

However, just 1,707 of these were from councils - a fraction of a single percentage point. The Interception of Communications Commissioner, Sir Paul Kennedy, said in his report that "local authorities could make much more use of communications data as a powerful tool to investigate crime". Whoever's behind the surge in intercept requests, it plainly isn't local bureaucracy.

Under available powers, councils can ask to see itemised phone bills and internet usage records, but aren't allowed to eavesdrop on conversations. Such records can nonetheless be a powerful tool for local government officials acting against rogue traders, fly tippers, those seeking to avoid council tax, parents trying to fraudulently gain places at popular schools and other criminals.

Sir Paul plainly believes that communications data should be more widely used in government, and that in general intercept powers are not being abused or causing problems. His counterpart Sir Christopher Rose, who deals with full-blown surveillance (bugging, watching, following people, making covert entries to premises etc.) is much less sanguine.

In his report, Sir Christopher says that council officers using such methods (they are limited to the less activist options, unlike the police and especially unlike the security service) have gone too far on occasion. He said that if town halls wanted to have people watched or followed, they should spend money and hire properly trained operatives able to work covertly without causing needless distress and alarm.

Some councils using these surveillance methods against council tax dodgers and so forth had shown "serious misunderstanding of the concept of proportionality", and that oversight had been "poor" in some cases.

The Beeb quotes Home Sec Jacqui Smithas saying that: "The commissioners' reports offer valuable oversight and provide reassurance that these powers are being used appropriately.

"These powers can make a real difference ... enabling us to gain that vital intelligence that will prevent a terrorist attack, working to tackle antisocial behaviour or ensuring that rogue traders do not defraud the public."

PostPosted: Fri May 08, 2009 9:49 pm
by stefano
The mobile phone as self-inflicted surveillance
10 April 2009

And if you don't have one, what have you got to hide?

Like the breadcrumbs in Hansel and Gretel, mobile phones leave a trail wherever they go. Practically everybody can be tracked via this trail, and the beauty of it all is, we're effectively tracking ourselves.

By design, phones pass their location on to local base stations. You can gauge how effectively the networks can track you by requesting your personal information from your network provider using a data subject access under the Data Protection Act, or by just running Google Mobile Maps on your phone. The smaller 3G cells in central London give an even better location than on GSM.

Mobile phone penetration in Europe reached an average of 111.26 per cent in 2007 according to ITU estimates, while in the UK it was 118.47 per cent. We love them so much that we are more likely to leave our wallet at home than our mobile.

The location breadcrumbs from these, along with other communication traffic data, are kept as part of a mass surveillance operation affecting everyone. They are collected by the networks, retained for a year, and handed over to the police and other bodies on request.

Professor Steve Peers, of the University of Essex and Statewatch, points out that although the system is incredibly sweeping, it doesn't stigmatise anyone because every phone call is going to be subject to this.

It's no longer just the individuals who are suspect of, or connected to, or convicted of a crime who are subject to some sort of additional surveillance beyond which they would traditionally have been subjected to. As regards to data retention, as regards to fingerprints, as regards to passenger records, it's everyone or a very large percentage of the population subject to the hoovering of that information.

This is cogent analysis. Mobile phones and email are used by everyone, including terrorists and other criminals. The data can be instrumental in tracking down criminals, with the caveat that having a bigger haystack does not make it easier to find a needle. But it misses one perverse effect - those who will be stigmatised in the future are those who don't have traffic data retained.

Lack of traffic data is what becomes suspicious. There are already two documented cases in Europe where not carrying a mobile phone was considered one of the grounds for arrest.

On 31st July 2007, in Brandenburg and Berlin, Germany, the flats and workplaces of Dr. Andrej Holm and Dr. Matthias B., as well as of two other persons, were searched by the police. All four were charged with "membership of a terrorist association" and are alleged to be members of a so-called 'militante gruppe' (mg):

According to the arrest warrant against Andrej Holm, the charge against the four individuals was justified on the following grounds:

• Dr. Matthias B. is alleged to have used, in his academic publications, "phrases and key words" which are also used by the 'militante gruppe';


• The fact that he - allegedly intentionally - did not take his mobile phone with him to a meeting is considered as "conspiratorial behavior".

On 11th November 2008, 150 French anti-terrorist police officers swooped on the 330-inhabitant village of Tarnac to arrest four men and five women aged 22 to 34, since nicknamed the 'Tarnac Nine'. These 'brilliant students' were living in a farm and ran a grocery store. All but one have been released. They were accused of "criminal association connected to a terrorist enterprise". French Interior Minister Michèle Alliot-Marie (MAM) was in the news soon after:

The Interior Minister is convinced of having saved France by nipping a revolution in the bud. For MAM, the defendants are the seed of Action Directe.

"They have adopted the method of clandestinity. They never use a mobile phone. They managed to have, in the village of Tarnac, friendly relations with people who could warn them of the presence of strangers," said the minister.

In the village, people laugh at this statement. One of the defendants rented an apartment above the town hall. "Is it a clandestine method?", asks Jean-Michel, who goes on: "Can one be labelled terrorist because he does not have a mobile phone?". Here, mobile reception is poor.

Mass surveillance of the rest of us is becoming even more pervasive. The UK started transposing the European directive on retaining data generated through electronic communications or public communications networks (European Directive 2006/24/EC) with the Data Retention (EC Directive) Regulations 2007. These came into force on 1st October 2007 and require service providers to retain fixed and mobile telephony traffic data of everyone's calls and SMS and MMS for one year and hand it over on request.

More than 650 public authorities can lawfully obtain communications data, including intelligence and law enforcement agencies, emergency services and other public authorities, such as the Financial Services Authority, local councils and the Home Office's UK Border Agency.

These regulations were superseded this week (on 6th April 2009), by the 2009 Regulations eventually completing the implementation of the European directive by adding the requirement to retain Internet access, email and Internet telephony traffic data as well.

What has to be retained in all cases is data necessary to trace and identify the source and destination of a communication and to identify the date, time and duration, and the communication's type. For mobile telephony and for Internet access, email and telephony, there's also a requirement to retain data necessary to identify users' communication equipment (or what purports to be their equipment) and the location of mobile communication equipment. The detail of exactly what needs to be retained has been regrouped in an easy to read list in a schedule to the Statutory Instrument (S.I.).

Earlier this year, Sir David Omand, a former Cabinet Office security and intelligence coordinator, gave a clear indication of what some in Whitehall have on their wish-list:

[A]pplication of modern data mining and processing techniques does involve examination of the innocent as well as the suspect to identify patterns of interest for further investigation.[...] Finding out other people's secrets is going to involve breaking everyday moral rules. So public trust in the essential reasonableness of UK police, security and intelligence agency activity will continue to be essential.

One extension to the traffic data retention guidelines that fits within this agenda is the building of a massive central silo for all UK communications data. Another is the e-Borders database (in pilot schemes, 0.0035 per cent of people screened were arrested); the location of your mobile phone had better match the country you declared you would be in.

Professor Steve Peers offers a glimmer of hope:

What is the relevance of [the European Court of Human Rights DNA database ruling] Marper to that? To what extent can it regulate or stop what is clearly an ongoing development?

Marper is very relevant if it rules out the sweeping collection of personal data regardless of the stigmatisation factor and regardless of the UK factor (the distinction between the UK and the rest of the Council of Europe countries). If we ignore these factors and say what is wrong here is purely sweeping collection of personal data, then this is a very significant judgement. Then it's profoundly important. It really stands in the way of what we're already doing across Europe, not just in the UK.

Of course the ruling may be interpreted to have no relevance outside its application to the retention of DNA and fingerprints. Then Sir David Omand's national security strategy may be further implemented and carrying a mobile phone - an electronic tag - could become a necessity, if you don't want people to think you have something to hide.

PostPosted: Fri May 08, 2009 10:01 pm
by stefano
Report: Some gov't databases almost certainly illegal
23 March 2009

A group of privacy and security experts has charted the proliferation of UK government databases and concluded that some of them could be illegal.

The Foundation for Information Policy Research (FIPR), an independent technology think tank, published a report on Monday entitled Database State. The authors described 46 government databases and, in a press statement on Monday, labelled a quarter of them "fundamentally flawed and almost certainly illegal". The report was commissioned by the cross-party Joseph Rowntree Reform Trust.

One of the report's authors, security expert Ross Anderson, told ZDNet UK in an email interview on Thursday that, if used in conjunction with each other, the databases could have a serious impact on citizens' privacy.

"It's the first time someone's tried to put together the big picture, and it's scary," wrote Anderson, who is professor of security engineering at Cambridge University. "Some of the systems are so privacy-invasive that they almost certainly break European law, and spending taxpayers' money on computer systems that will fall at the first legal challenge is foolish."

Speaking to ZDNet UK on Friday, Anderson said 11 of the databases that are currently used or in the process of being developed by the government may contravene the European Convention on Human Rights (ECHR).

"To collect sensitive information [on a person] and use it without consent, under the [ECHR], the data needs to be used for a narrowly defined legal purpose, and needs to be necessary and proportionate," said Anderson.

The report's authors looked at each of the major databases used by the government and ranked them using a 'traffic light' colour-coding system. Eleven government databases were coded red, and should be "scrapped or substantially redesigned", according to the report. These include the National Identity Register, the communications database behind the Intercept Modernisation Programme, and the National DNA Database.

The National Identity Register — the database behind the government's plan to record all UK citizens' biometric and personal details for its identity-cards scheme — was criticised by the report's authors for breaking down privacy barriers.

"A National Identity Number will make it easier to link together information held on individuals across other public-sector databases," said the report. "This is worrying because in the UK, unlike other EU States with strong constitutional protection, there are few safeguards against excessive data exchanges."

Anderson told ZDNet UK on Friday that the National Identity Register would be "a central spine on which to hang all information about a citizen, available to open access".

A national identity card that became essential for government and financial transactions would also establish an audit trail to which the intelligence services and much of the police would have unrestricted access, the report added.

The government has put forward plans to monitor all UK citizens' communications by intercepting all online data traffic, including email, instant messaging and social-networking communications. These details would be combined with details of telephone calls and stored in a centralised database. A government consultation about this communications database, which is part of an intelligence-service IT overhaul dubbed the Intercept Modernisation Programme, was due to begin in March, but has not yet taken place.

The report said that this kind of mass surveillance was overly expensive and antithetical to principles of privacy, and pointed out that the idea had already been criticised by the information commissioner.

"The Information Commissioner's Office has commented that the plans are 'a step too far for the British way of life'," said the report. "Given this assessment, the public opposition, the huge cost of the exercise, and the intent [to allow] the intelligence services... to watch everybody, we have no choice but to rate this as Privacy impact: red."

The National DNA Database was also criticised by the report's authors. Currently, the police in England have the power to hold the DNA of everybody they take into custody, regardless of whether or not they are then charged with a crime.

"The DNA database was found to be illegal by a European Court," said Anderson. "There's no way round that for the government — samples from innocent people will have to be purged."

The Home Office, which oversees these three databases, denied that government databases contravened the ECHR.

"We recognise the absolute necessity of striking the balance between the rights and privacy of the individual and the ability to disrupt, prevent and investigate crime effectively," a Home Office spokesperson told ZDNet UK on Friday. "That is why the home secretary has made clear that a 'common sense' test must be applied to every action in this area to make sure it is proportionate, transparent and robust safeguards are in place."

The spokesperson claimed the National Identity Scheme and ID cards will have independent oversight built in from the start, with every citizen given the right to see their data and who has accessed it. According to the Home Office, "technology such as DNA and CCTV is providing clear benefits in deterring and detecting crime, securing convictions and reducing fear of crime".

The Home Office spokesperson added that home secretary Jacqui Smith wanted to debate measures such as Home Office plans for the centralised communications database.

"The home secretary has said she wants open and reasoned debate about these issues, and we remain committed to ensuring law-enforcement agencies have the right tools to protect the public, while at the same time ensuring effective safeguards and a solid legal framework that protects civil liberties," said the spokesperson.

PostPosted: Sat May 16, 2009 10:34 am
by stefano
From Database State
March 2009

This report surveys the main government databases that keep information on all of us, or at least on a very substantial minority of us, and assesses them using a simple traffic-light system.

Red means that a database is almost certainly illegal under human rights or data protection law and should be scrapped or substantially redesigned. The collection and sharing of sensitive personal data may be disproportionate, or done without our consent, or without a proper legal
basis; or there may be other major privacy or operational problems. Most of these systems already have a high public profile. One of them (the National DNA Database) has been condemned by the
European Court of Human Rights, and both the Conservative Party and Liberal Democrats have promised to scrap many of the others.

The red systems are:
- the National DNA Database, which holds DNA profiles for approximately 4 million individuals, over half a million of whom are innocent (they have not been convicted, reprimanded, given a final warning or cautioned, and have no proceedings pending against them) – including more than 39,000 children;

- the National Identity Register, which will store biographical information, biometric data and administrative data linked to the use of an ID card;

- ContactPoint, which is a national index of all children in England. It will hold biographical and contact information for each child and record their relationship with public services, including a note on whether any ‘sensitive service’ is working with the child;

- the NHS Detailed Care Record, which will hold GP and hospital records in remote servers controlled by the government, but to which many care providers can add their own comments, wikipedia-style, without proper control or accountability; and the Secondary Uses Service, which holds summaries of hospital and other treatment in a central system to support NHS administration and research;

- the electronic Common Assessment Framework, which holds an assessment of a child’s welfare needs. It can include sensitive and subjective information, and is too widely disseminated;

- ONSET, which is a Home Office system that gathers information from many sources and seeks to predict which children will offend in the future;

- the DWP’s cross-departmental data sharing programme, which involves sharing large amounts of personal information with other government departments and the private sector;

- the Audit Commission’s National Fraud Initiative, which collects sensitive information from many different sources and under the Serious and Organised Crime Act 2007 is absolved from any breaches of confidentiality;

- the communications database and other aspects of the Interception Modernisation Programme, which will hold everyone’s communication traffic data such as itemised phone bills, email headers and mobile phone location history; and

- the Prüm Framework, which allows law enforcement information to be shared between EU Member States without proper data protection.

Amber means that a database has significant problems, and may be unlawful. Depending on the circumstances, it may need to be shrunk, or split, or individuals may have to be given a right to opt out. An incoming government should order an independent assessment of each system to identify and prioritise necessary changes.

There are 29 amber databases including:

- the NHS Summary Care Record, which will ‘initially’ hold information such as allergies and current prescriptions, although some in the Department of Health appear to want to develop it into a full electronic health record that will be available nationally. In Scotland, where the
SCR project has been completed, there has already been an abuse case in which celebrities had their records accessed by a doctor who is now facing charges. The Prime Minister’s own medical records were reported compromised. There is some doubt about whether patients will be able to opt out effectively from this system, and if they cannot, it will be downgraded to red;

- the National Childhood Obesity Database, which is the largest of its kind in the world, containing the results of height and weight measurements taken from school pupils in Year 1 (age 5–6) and Year 6 (10–11) since 2005. This database is simply unnecessary;

- the National Pupil Database, which holds data on every pupil in a state-maintained school and on younger children in nurseries or childcare if their places are funded by the local authority, including: name; age; address; ethnicity; special educational needs information; ‘gifted and talented’ indicators; free school meal entitlement; whether the child is in care; mode of travel to school; behaviour and attendance data. It is planned to share this data with social workers, police and others;

- Automatic Number Plate Recognition systems, which are operated by multiple agencies - the Highways Agency, local authorities, police forces and private firms – and will read 50m plates covering 10m drivers each day;

- the Schengen Information System, a European police database that lists suspects, people to be denied entry to Europe, and people to be kept under surveillance. It is due to be replaced with an updated SIS-II which will also store biometric data such as fingerprints; and

- the Customer Information Systemof the Department for Work and Pensions which describes it as “one of the largest databases in Europe”. It makes 85 million records available to 80,000 DWP staff, 60,000 staff from other government departments, and 445 local authorities – whose staff are already abusing their access to it.

Green means that a database is broadly in line with the law. Its privacy intrusions (if any) have a proper legal basis and are proportionate and necessary in a democratic society. Some of these databases have operational problems, not least due to the recent cavalier attitude toward both privacy and operational security, but these could be fixed once transparency, accountability and proper risk management are restored.

Green databases include the police National Fingerprint Database and the TV Licensing database.

Six years into the Transformational Government programme, the number of green databases is now shockingly low. Of the 46 databases assessed in this report, only six are given a green light.

PostPosted: Sat May 16, 2009 11:31 am
by stefano
Biometric Passports , UK Home Office Identity & Passport Services

The new biometric passport

Over the last two years, the Identity and Passport Service (IPS) has successfully introduced a range of procedures and systems to prevent identity and passport fraud. In March 2006, we launched one of our most important counter-fraud initiatives, the biometric passport.

The biometric passport has a new design and improved security features which were not present on previous passports. The new pages have intricate designs, complex watermarks and a chip antenna.

Why has the UK introduced biometrics in its passport?

The increasing threat of identity fraud means we must strengthen security features in passports. The International Civil Aviation Organisation (ICAO - which sets international standards) chose facial recognition as the primary biometric with iris and fingerprint as backup (but not compulsory). The use of biometric information to link a person to a passport can help to counter identity fraud. In practice, biometric verification can be used at border controls and to verify the image on a passport renewal application against images held on record.

Biometric information is also used for the following purposes:

* to allow automated immigration checks in the future
* to ensure that British citizens can continue to benefit from visa-free travel to the USA
* to avoid disadvantaging British passport holders as other countries switch to biometric passports.

How do facial biometrics work?

Facial recognition maps various features on the face, for example, the distances between eyes, nose, mouth and ears. The measurements are digitally coded and this can then be used for comparison and verification purposes. Biometric technology is perfectly safe as facial biometrics can be taken from a good quality passport photo.

What information is stored on the chip?

The chip stores the passport holder's photo and the personal details printed on page 31 of the passport.

Can I see what is on the chip?

IPS Regional Offices in Belfast, Glasgow, Durham, Liverpool, Peterborough, London and Newport are now equipped with Biometric Passport Readers. The Reader enables holders of a British biometric passport to view their personal information stored within the chip embedded in the passport. The information viewed is the same as the information displayed on the bio data page of the passport.

This is a free self service facility within the public area of each IPS office.

Is the biometric passport secure?

IPS takes security and privacy very seriously. The new British biometric passport meets international standards as set out by International Civil Aviation Organisation (ICAO) we are confident that it is one of the most secure passports available.

The new biometric passport has many new security features including a chip. The new design will be harder to forge, the new security features will show if the passport is genuine or that it has been tampered with and the facial biometrics on the chip will help link the passport holder to the document.

The data on the chip (your photo and personal information as printed on page 31 of the passport) will be protected against skimming and eavesdropping, through the use of advanced digital encryption techniques. The chip will complement the security features currently inherent in the passport, including the 'machine readable zone' (found on the personal data page of the passport).

How is the biometric passport protected?

The chip in the new biometric passport is part of a suite of new security features to help fight passport fraud and forgery. It is protected through three layers of security:

1. A digital signature to show the encoded data is genuine and which country has issued the passport.
2. A protection against unauthorised readings ("skimming") through Basic Access Control, a secure access protocol.
3. The data will be locked down using a Public Key Infrastructure (PKI), which provides protection against encoded data being changed. PKI is a digital encryption technology, which enables validation of the data as being genuine.

Do I need to exchange my current passport?

Your current passport will remain valid until its expiry date. You will not need to exchange your passport to a biometric passport, but should apply for a new passport in good time as and when your current passport expires. It is best to allow three weeks for a passport application.

Do I need to change my current passport for a biometric passport to travel to the US?

Most UK citizens will not need to exchange their current digital passport for a biometric book. Please note the following:

* Children must have their own individual passports to be eligible for entry to the US under the VWP
* Your British passport will qualify for the US Visa Waiver Programme (US VWP) if the personal information page (the page containing your photo, your name and your date of birth) is on an inside page of the passport rather than on the inside back cover.
* If your personal information page is on the inside back cover and was issued inside the UK, your passport will qualify for US VWP.
* If your personal information page is on the inside back cover and was issued outside the UK, please visit (please note these links will open in a new browser window), or for more detailed information about US visa and immigration rules.

IPS does not issue visas. If you are unsure about Visa requirements you will needto contact the US Embassy in your country of residence. Their contact details are available on their website.

What are the additional design features on the biometric passport?

We have chosen birds as a theme in the updated passport to symbolise freedom to travel. The birds are native to Britain and were chosen because they provided a good scope for developing security features. In addition, the British biometric passport also includes the languages of the British Isles clearly displayed on the inside front page. This is an addition to the passport design and includes English, Welsh and Scottish Gaelic.

PostPosted: Sat May 16, 2009 2:17 pm
by stefano
From The shape of things to come
Tony Bunyan, Statewatch
Sept 2008

Chapter 2
What is already underway or being discussed

To appreciate what is "new" in the Future group report a quick resume of what is already in the pipeline or planned is necessary. In 2006 a Directive on the mandatory retention of all communications data across the EU was adopted. Service providers are obliged to keep and give agencies access to records of all phone-calls, mobile phone calls (and their location), faxes, e-mails and internet usage. This year most EU states that had not done so are implementing this at national level. In
short, records of all communications by everyone in the EU are held and can be accessed by agencies in connection with “serious crime, as defined by each Member State in its national law” which varies from member states to member state or for suspicion of a “serious crime”.12

In 2004 a Regulation on EU passports required the taking of fingerprints (biometrics) from all applying for one. Again there was a time-lag in the implementation at national level. But from 2009 onwards millions of people across the EU will have to attend special centres to be interviewed (to prove who they are) then compulsorily finger-printed. The finger-printing of everyone applying for a visa to visit the EU from third countries is already underway and fingerprinting of resident third country nationals has been agreed. Discussions are underway on extending the taking of fingerprints for national ID cards as these are used for travel within the Schengen area.

It is sobering to note that the mass surveillance of all telecommunications and mass fingerprinting of all are two proposals that have not been proposed in the USA – thus the EU is set to become the most surveilled place in the world.

EU laws on driving licences have been harmonised so that licences have to be renewed initially every 10 years with the option for every five years - in the UK a driving licence is held from passing the test until the age of 70 (when it can be renewed with a doctor's letter). Renewing the licence every 10 years will mean the "chip" and the data on it can be updated and adapted.

In the UK a National Health database will hold the records of all 60 million people with over 350,000 "clinicians" having access - as will police and security agencies. The EU is planning a new EU Health Card and argue the benefits of being able to travel anywhere with your medical details available.

The EU is keen too on "e-government" cards and much research is being conducted. "Egovernment" gives people access to state services where they have to prove who they are, for example, to get medical or hospital treatment, local government services like libraries, getting social and unemployment benefits and so on. The day may not be far off when all these state-run systems will be put on "one-card": passport, ID card, driving licence, health record and e-government.

The Schengen Information System (SIS) is to be upgraded to hold more categories of data (including fingerprints and DNA), access to all the data is to be extended to all agencies (police, immigration and customs).13 SIS II is to share a “common technical platform” with VIS (Visa Information System) for the policing of visitors – thus SIS II/VIS will become a dedicated surveillance tool.14

Discussions to create an EU-PNR (passenger name record) system are underway. In June 2008 the Council threw the Commission proposal out and in the autumn it will draw up its own draft. A number of governments do not like limiting the use of data to terrorism and organised crime and want to extend the proposal’s scope from just in and out of the EU to
travel between EU states and even within each state. The same view also supports extending the scope from air travel to land and sea travel too.

An EU entry-exit system is planned for third country nationals entering with visas, and those without visas too, as is an EU version of an Electronic System for Travel Authorisation (ESTA). The former proposal includes the automated checking of EU citizens - that is, passports and biometrics (finger-prints) to be checked by "machines" not people. The EU-PNR exit-entry system and ESTA will put the EU on the same footing as the USA.

The Prum Treaty, agreed by 17 EU member states, has lead to the incorporation of the policing aspects into EU law (the automated exchange of DNA, fingerprint and vehicle data) thus applying across all 27 member states. The immigration aspects - including the
use of air marshals - are being adopted by the signatory states.

The Lisbon Treaty will include extensive increases in operational police cooperation at the EU level and the creation of the Committee on Internal Security (COSI).15 A good summary of the measures adopted in the wake of the Madrid bombings in 2004 and the extent to which they concern "terrorism" is available in Statewatch's Scoreboard.16

In June the EU agreed in principle on the Returns Directive under which those found to be "illegally" resident in the EU are to be rounded and held in detention centres for up to 18 months before being deported back to their assumed country of origin. Some defined as "illegal" will have been in the EU for days or weeks, others may have been here for years
with their children being "second-generation", the Directive makes no distinction - they are all "illegal". At the same time "legal migration" is to be encouraged. Due to the EU's ageing population it needs skilled labour from the third world to maintain its standard of living - and its continued exploitation of the third world's resources.

The EU-USA nexus developed apace after 11 September (see Case study below). Also relevant is the extension of NATO's role beyond the bounds of Europe in 2002. Twenty-one EU member states are in NATO and most are involved in the war in Afghanistan.17

PostPosted: Sat May 16, 2009 7:42 pm
by stefano
From The shape of things to come
Tony Bunyan, Statewatch
Sept 2008

Case Study: The "digital tsunami" and the EU surveillance state

The Future Group proposes to harness the “digital tsunami” by European (and national) agencies predicating state surveillance over a very wide range of human activity.

Two of the Future group’s documents are considered here: 1) sections from the final report: “Freedom, Security and Privacy" - the area of European Home Affairs” (referred to as the “final report”) and 2) a "Concept" paper from the Portuguese Council Presidency entitled: "Public security, privacy and technology in Europe: Moving Forward: Concept paper on the European Strategy to transform Public security organisations in a Connected World" (referred to as the “paper”)57. As we shall see the obscure language used in the former is firmly embedded in the latter.

Using new technologies and information networks

The final report argues that in the “digital tsunami environment” citizens' expectations of "proactive protection" become "ever more acute", especially as traditional measures to protect privacy "will become less and less effective", thus:

“privacy-enhancing technologies are absolutely essential to guarantee civil and political rights in the age of cyberspace.”

The document is silent on how this should be done.

The main emphasis is almost exclusively on the opportunities the "digital tsunami" gives “public security organisations” to:

“have access to almost limitless amounts of potentially useful information”

For "public security organisations" to "master this data tsunami" will require "automated data analysis" to get this through to a "multitude of stakeholders" in the agencies across the EU. "Interoperability" is assumed (being able to access databases across the EU) but what is needed is a:

“platform approach to delivering public security”

A “service oriented” approach means that:

“outputs from different parts of the system can be shared (within and across organisations) and to build converged platforms... move to converged networks (or where necessary solutions that ensure all their networks can "talk" to each other) and.. ensure all data streams are digital and capable of being meshed together” (emphasis added)

For example, the "principle of availability" means that on a "case-by-case" basis, through "interoperable" systems, data and intelligence can be gathered by an agency in one state from a number of other EU states. However, remember the report argued

“this is an opportune moment to go beyond the limited perspective of a case-by-case approach and aim for a holistic objective in law enforcement information management.”

In contrast to an "uncoordinated and incoherent palette of information systems" there would be a:

“European Union Law Enforcement Information Management Strategy (EU IMS).. aiming at a professional, business-oriented and cost-effective use of information technology and information networks.”

The EU "surveillance state”

At its meeting in October 2007 the Future Group was presented with a "Concept" paper from the Portuguese Council Presidency.

It spells out in detail the thinking and intent underneath the obscure language in the full report's section on: "Using new technologies and information networks." The "Concept paper" opens with the statement that:

“Technology is not neutral: it must be put at the service of security with respect for the way of life of the citizen in democratic countries and can have a decisive contribution towards making a global world more secure.”

This statement begs the question of exactly how, if technology is "put at the service of security" it can at the same time "respect" for the way of life of citizens. Surely technology should "serve" the people and "serve" security only in so far as it does not undermine individual and fundamental rights. This paper however assumes the former to reflect the consensus of governments in the EU, “public security” comes first. It can be argued that it is not “public security” that the public want but rather “public safety”. Indeed, if a concept of “public safety”, based on people’s needs, were used instead of “public security”, based on the state’s needs, a whole different set of policies and practices might emerge.

The paper draws attention to the:

“development and integration of satellite and airborne monitoring capabilities, the use of GMES technologies, including multilayer mapping with modelling tools and the development of shared, interactive and secure information, communication and analysis tools.”

GMES, Global Monitoring for Environment and Security, is an EU initiative for the implementation of information services dealing with the environment and security. It uses "observation data" from "Earth Observation satellites and ground based information which integrates and makes accessible data from multiple sources. This allows public and private actors to: "anticipate, intervene and control".

The next section in the Portuguese Council Presidency paper is: "The digital tsunami and its consequences for public security organisations". As more and more "people, machines and environments are connected" this vastly increases the amount of:

“potential information for use in the day-to-day operations of public security organisations. One obvious illustration is the ability to track the location of any active mobile phone (and to know where it was last switched off and last switched on). This is just the beginning. In the next few years billions of items in the physical world will be connected, using technologies such as radio-frequency identification (RFID), broadband wireless (WiFi, WiMAX), satellite and wireless (Bluetooth, wireless USB, ZigBee). This means it will be possible to trace more and more objects in real-time and to analyse their movement and activity retrospectively.... In the near future most objects will generate streams of digital data about their location and use - revealing patterns and social behaviours which public security professionals can use to prevent or investigate incidents.”

The “objects” referred to also include people who could be tracked through their car, mobile phone or the clothes they are wearing. The paper goes on to look at digital transactions, use of biometrics and online

“All credit or debit-related purchases already generate monitorable and searchable real-time information; but more and more transactions will be of this kind as we move towards a cashless society... These trends will be reinforced as biometric measurements are used to enhance security at more and more locations - whether public places such as town halls or train stations; private locations such as amusement venues; or places of work.”

This assumes the widespread use of peoples' biometrics (fingerprints, facial scans or iris scans) in everyday life once they have been collected by national EU states for passports and ID cards.

“Most large cities have already seen a significant increase in the use of closed circuit television (CCTV), and usage (by public and private sector organisations) is likely to increase further and to shift from the current analogue technologies to more easily storable and searchable digital technologies. Further accelerating the tsunami of data is online behaviour. Social networks such as My Space, Face Book and Second Life - and indeed all forms of online activity - generate huge amounts of information that can be of use to public security organisations.”

Next generation "searchable digital" videos of public and private places suggests lifetime databanks with the ability to conduct historical searches based on a person’s image.

The paper suggests that the capacity now exists, or will very soon, where the state will be able to combine data from different sources on every individual - financial transactions, train journeys, visits to a town hall, a fairground, images from “searchable digital technologies”, internet usage and social habits together with state records, citizen registration, National Insurance details, schools, universities, criminal records, tax record, health record, driving licence and motoring offences, insurance details and more which could be used to monitor and control social, economic and political life. If this seems an extreme view just read what the
Portuguese Council Presidency goes on to say:

“These trends have huge implications for public security. Citizens already leave many digital traces as they move around. What is clear, however, is that the number of those traces (and the detailed information they contain) is likely to increase by several orders of magnitude in the next ten years. Every object the individual uses, every transaction they make and almost everywhere they go will create a detailed digital record. This will generate a wealth of information for public security organisations, and create huge opportunities for more effective and productive public security efforts.”

Is “privacy enhancing technology” a non-starter?

The final report mentioned that "Privacy enhancing technologies" were essential if people were to be convinced of the need for this development. Here in this background paper, however, this is recognised but is also fatally undermined. The paper says that fundamental privacy issues are raised on “how much information about the behaviour of citizens should be shared” There is no reference to terrorism or even crime but simply "information about the behaviour of citizens" being hoovered up. It then goes on to say:

“Paradoxically, those same tools can also be used by terrorists and other criminals. Thus, if data are automatically anonymised, after a certain lapse of time, that procedure may erase evidence of crimes; encryption tools prevent hacking when information is transmitted over the Internet and protect personal data against unlawful processing but may also help conceal criminal plans; cookie-cutters enhance compliance with the principle that data must be processed fairly and that the data subject must be informed about the processing going on, but may also make ineffective police efforts to gather information on illegal activities.”

Indeed, when it comes to "balancing" the first need against the second it is "security" that has always won since 11 September 2001. Just look at the draft Framework Decision on data protection on police and judicial cooperation – covering the exchange of data/intelligence between member states and outside the EU about to be adopted by the Council. The Commission proposal was thrown out and rewritten by law enforcement officers and officials who ignored all the proposals by EU data protection bodies for meaningful privacy provisions.

Three "Challenges"

The Portuguese paper says that there are three “Challenges”, the first of which is presented under the heading: "Automate and master data analysis" is that [because of?] the "digital tsunami": “data monitoring and analysis will become much more automated”

Drawing on the practice of financial traders, brokers and credit card companies who use sophisticated programmes to analyse changes and trends the paper says that:

“machines are able not just to analyse records of transactions, but also to analyse visual information as well. Current systems can already identify individuals by their gait or flag up particular types of image, eg: unattended luggage or a person lying on the ground, apparently injured. Next generation systems are likely to be able to watch for, find and follow even more tightly defined objects, behaviour patterns or events.

These developments mean routine data monitoring and analysis will increasingly be handled by machines; the system will then flag up exceptions (unusual behaviour and anomalies) for human investigation. Some law enforcement agencies are already familiar with this approach in their suspicious transaction monitoring activities carried out by specialised agencies tasked with anti-money laundering activity. But this approach will need to be much more widely understood.”

When [you?] put together "automated monitoring and analysis" with "machines" determining unusual or unacceptable behaviour the next step is easy, you get "machine" driven responses. Thus "networked systems" will not just monitor live situations but the "machine":

“will start to respond to it intelligently”

So now we have "intelligent" machines. Moreover, the systems or "machines" will:

“work across multiple data streams and multiple types of data stream. For example, if someone in an airport starts making a series of unusual mobile phone calls, the system might monitor the video streams of the areas where that person is more sensitively than it would normally. Or it might check passenger travel information to see if that person or someone related to them is due to arrive or depart in the next couple of hours.”

Who or rather what (if it is a machine) will determine if a mobile phone call is "unusual"? What if you are doing your neighbour a favour by picking up their grandparents from the airport - you are not related to them and are a bit anxious that you will not recognise them?

The second "Challenge" is "Making decision-making more distributed" which is making sure that everyone in the chain of public security organisations can get instant and real-time information.

The third "Challenge" is to "Transform Decision support". Employing "Mashups" (“Web applications that combine data from two or more sources into a "single tool") means that:

“in the near future public security organisations will be building portals that aggregate a huge range of data sources into personalized cockpits for different decision-makers.”

which in turn means that:

“IT systems will increasingly have automated policies that perform actions on decisions and/or destinations”

It is not hard to imagine a scenario where a person is picked up by CCTV running in a tube station: is this person running because they have attacked someone, running away from an attacker, or just running for the train?

Echoing the final report the Council Presidency paper says that EU member states "individually and collectively" should take a "platform" approach to "delivering public security". They need, it says to move beyond interoperability to a "services-oriented approach" and "converged platforms" so that all the networks can "talk" to each other". After all, in an increasingly connected world: “public security organisations will have access to almost limitless amounts of potentially useful information.”


This paper and the final report were drawn up by high-level officials and agreed by EU Ministers. They, frighteningly, really do believe they have, and are, "balancing" the demands of security and civil liberties; they embrace the new technology, if it is technologically possible why should it not be used; they assume that the "digital tsunami" should be harvested by public security organisations, simply because it is there; and assume too that everyone accepts that the "threats" they proclaim requiresuch a gargantuan, and undiscussed, leap. There is no recognition that people not only want to live and travel in safety but also want protection from the activities of an almighty state.

The creation of a surveillance state, for that is what is being proposed, will take the EU further down the road to authoritarianism, a path which looks less and less likely to be reversible.

In the aftermath of 11 September 2001, and for the next three or four years, the rationale for new powers, databases and agencies in and across the EU were presented as if they were “exceptional” initiatives needed to meet the terrorist threat. We know now what was termed “exceptional” is the norm, that what were unthinkable (and politically unacceptable) uses of technology just seven years ago are almost upon us.

PostPosted: Sat May 16, 2009 8:08 pm
by stefano
ESRIF - "European Security Research and Innovation Forum"


ESRIF stands for the "European Security Research and Innovation
Forum". It is a European strategy group in the civil security research domain that was established in September 2007. Its main objective is to develop a mid and long term strategy for civil security research and innovation through public private dialogue by 2009.

ESRIF was set up and is supported by the EU Member States and the European Commission together. Its members represent three different interest groups ("stakeholders"):

* Those that will use and apply the achievements of security research – knowledge, technologies and products (often large systems): European, national and regional authorities, police, fire brigades, all kinds of emergency organisations and first responders, private and public operators of critical infrastructure etc. ("demand side");

* Those that perform security research and turn its outcome into technologies and products: universities, research establishments, industry, including SMEs ("supply side");

* And representatives of the citizens, often non governmental organisations or special think tanks, that are affected by both potential security incidents as well as the efforts to ensure their security ("civil society").

Background and context of ESRIF

Why is ESRIF needed?

Security Context

The security threats facing Europe are becoming more complex. External and internal threats are becoming increasingly intertwined. The threats to European security are also becoming more diverse, with developments affecting public health, energy, and the environment taking their place alongside the five threats identified in the European Security Strategy

Furthermore, the countries of Europe are increasingly interdependent as regards their security. To cope with these changes, both the governments of EU Member States and the EU as a whole need to invest in security-related research, supporting their security policies, and to develop innovative processes and products. They also need to engage all relevant partners.

Developing and implementing an effective security research strategy requires the participation of all relevant stakeholders in the private and public sectors, both at national and European levels.

In order to drive this process forward through the establishment of a strategic security research and innovation agenda, the European Security Research and Innovation Forum (ESRIF) has been created.

EU level civil security research started in 2004 when the European Commission launched a three years Preparatory Action for Security Research (PASR) with a budget of 45 M€ for 2004-2006. The purpose of the PASR was the development of a fully fledged European civil security research programme that was eventually implemented as part of the 7th Research Framework Programme (FP7) , the EU´s main instrument for funding research over the period 2007 to 2013.

The FP7 Security theme was allocated a budget of 1400 M€ for that period. It launches annual work programmes which are implemented mainly through calls for proposals.

During the years of the PASR and early FP7, a number of national security research programmes were also prepared and launched in the EU Member States.

The preparation of both the PASR and the FP7 Security theme was supported by high level strategy groups: the Group of Personalities (GoP) for Security Research and the European Security Research Advisory Board (ESRAB) whose strategic advice shaped the scope and implementation of these programmes.

However, there was still a need for:

* Coordination of the strategy and implementation of European and national security research funding programmes;
* a mid and longer term perspective for civil security research in Europe, going beyond pure research and also embracing innovation elements;
* improving coordination between security policy and its implementation on the one side and security research on the other side, including the demand and supply side of security technologies/solutions and also involving civil society, and also between the various players in the field;
* coordination between civil and military security research.

History of ESRIF

The intention to set up ESRIF was announced at the 2nd European Conference on Security Research - SRC’07 in Berlin on 26 March 2007 by the German Minister for Education and Research, Ms. Annette Schavan, then representing the EU Presidency, and Commission's Vice Presidents Günter Verheugen and Franco Frattini.

In September 2007 the European Commission welcomed the establishment of ESRIF in a new Communication on Public-Private Dialogue in Security Research and Innovation

ESRIF's inaugurating meeting took place on 11 September 2007.

Members and chairpersons

ESRIF Members

ESRIF members represent four stakeholder groups:

1. The security technology / solution demand side
* Authorities and end users in charge of civil security from the 27 EU Member States as well as from the countries associated with the 7th Research Framework Programme (FP7);
2. The security technology / solution supply side
* Representatives of industry, research establishments and academia with a particular security profile;
3. Civil society representatives
* Think-tanks, civil liberty organisations and other relevant experts;
4. The European representatives
* Observers from the European Parliament (EP) from relevant EP committees;
* European agencies and comparable organisations in the security and / or security research domain: EUROPOL, FRONTEX and EDA;
* the European Commission , in particular its Directorates General concerned with security and/or security research issues.

All members were nominated in spring/summer 2007 either by the EU Member States and FP7 Associated Countries (stakeholder groups 1, 2 and 3) or by the European organisations listed under stakeholder group 4.

It was agreed among them that ESRIF should have between 50 and 70 members in total.

ESRIF Chairmen

Mr Dragutin Mate (Slovenia) was elected chairman by ESRIF members at the 6th plenary meeting (on 18 November 2008) in replacement of Mr Gijs de Vries, who left to join the Netherlands Court of Audit.

He is supported by two deputy chairmen: Mr Jürgen Stock (Germany, Bundeskriminalamt) and Mr Giancarlo Grasso (Italy, Finmeccanica).

Contributors to the ESRIF work groups

To bring together all required expertise and to ensure a balanced profile, the eleven working groups of ESRIF are open to involve additional contributors beyond the formal members of ESRIF.

So far, about 500 persons from all over Europe have expressed their interest to contribute to the work.

List of members (Excel file)

WIEDEMANN Sabine Deutsche Post AG, Abt. Konzernsicherheit Germany private Demand side
STOCK Jürgen Bundeskriminalamt Germany public Demand side
MICHEL Bernd Fraunhofer Gesellschaft, Micro Materials Center Germany public Supply side
UNGER Christoph BBK Bundesamt für Bevölkerungsschutz und Katastrophenhilfe Germany public Demand side / Civil society side
MEY Holger EADS Germany private Supply side
AMINOT Jean-Luc Direction de l'administration de la police nationale France public Demand side
ROUJANSKY Jacques Ministère de la défense, DG de l'armement, Division Développement et technologies de sécurité et souveraineté France public Demand side
GREVERIE Franck Thales Security Solutions & Services Division France private Supply side
HERTEMAN Jean-Paul Sagem Défense et Sécurité France private Supply side
DUBRIE Brian Home Office United Kingdom public Demand side
DURRANT Paul Department for Transport United Kingdom public Demand side
PHIPSON Stephen Smiths Group plc, Security & Resilience Industry & Suppliers Council (RISC) United Kingdom private Supply side
HENDEN Peter Petards Group plc United Kingdom private Supply side
ACCARDO Lucio Ministero della Difesa/Segretariato Generale della Difesa e DANN. Capo V Rep. Ricerca Tecnologica SGD/DANN Italy public Demand side
CAMELI Antonio Ministero Degli Interni - Polizia di Stato Italy public Demand side
GRASSO Giancarlo Finmeccanica Italy private Supply side
ZANASI Alessandro ZANASI Alessandro Srl. and University of Bologna Italy private Supply side
RODRIGUEZ AUGUSTIN Carmen INTA, Relaciones Institucionales y Politica Comercial Spain public Supply side
VILLANUEVA DIEZ Francisco Ministerio del Interior, General Directorate of Infrastructure and Security Means Spain public Demand side
MEDINA Manel Universidad Politécnica de Cataluna, Spanish computer emergency response team Spain public Supply side
DURBAJLO Piotr Ministry of Interior and Administration, Dept. Of Teleinformational Infrastructure Poland public Demand side
DOBROWOLSKI Grzegorz AGH University of Science and Technology, Faculty of Electrical Engineering, Automatics, Computer Science and Electronics Poland public Supply side
SERWIAK Sebastian Ministry of Interior & Administration of the Republic of Poland, Dept. Of Public Security Poland public Demand side
PISO Marius-Ioan Romanian Space Agency (ROSA) Romania public Supply side
MURESAN Liviu EURISC Institute Romania private Civil society side
VAN DUYVENDIJK Cees TNO - Netherlands Organisation for Applied Scietific Research, TNO Board of Management The Netherlands public Supply side
DE VRIES Gijs Netherlands Institute of International Relations "Clingendael" The Netherlands public Supply side
KOTZANIKOLAOU Panayotis Hellenic Authority for the Assurance of Communications Privacy and Security (ADAE) Greece public Demand side
LEVENTAKIS George Centre for Security Studies (KE.ME.A) Greece public Demand / Supply side
GALVÃO DA SILVA Frederico GNR - Guarda Nacional Republicana Portugal public Demand side
vacant - - Portugal - -
DESIMPELAERE Luc Barco Corporate Research Belgium private Supply side
DE MESMAEKER Yvan ECSA European Corporate Security Association Belgium private Demand side / Civil society side
HOLL Milan Aeronautics Research and Test Institute Czech Republic public Supply side
NEKVASIL Vladimir Academy of Sciences, Prague Czech Republic public Supply side
DOBSON Tibor National Directorate General for Disaster Management Hungary public Demand side
KÜRTI Tamás KÜRT Corp. Information Managment (Information Security Technology), Research & Development Dept. Hungary private Supply side
THORELL Dan Swedish Coast Guard HQ Sweden public Demand side
ENSTEDT Dan-Åke Saab AB, Saab Mgmt Team, Civil Security Sweden private Supply side
GUSTENAU Gustav BMLV Bundesministerium für Landesverteidigung, Direktion Sicherheitspolitik Austria public Demand side
PRINZ Johannes FREQUENTIS, Corporate Research Austria private Supply side
HADJITODOROV Stefan Bulgarian Academy of Sciences, Centre of Biomedical Engineering Bulgaria public Supply side
SHALAMANOV Velizar George C. Marshal Association Bulgaria private Civil Society
STIG HANSEN John-Erik National Centre for Biological Defence Denmark public Demand side
WAGNER Juraj Alexander Dubček University of Trenčin Slovakia public Supply side
RINTAKOSKI Kristiina Crisis Management Initiative Finland private Civil society side
TRAVERS Eleanor Transport Security Solutions Ltd. Ireland private Demand side
KALNINS Kaspars Riga Technical University Latvia public Supply side
CENAS Narimantas Institute for Biochemistry, Dept. Of Biochemistry of Xenobiotics Lithuania public Supply side
KÜTT Kristiina Ministry of Defence, Bureau of Security of Industry and Innovation Estonia public Demand side
SIMON Carlo Centre de Communication du Gouvernement Luxembourg public Demand side
PAPADOPOULOU Vicky University of Cyprus, Department of Computer Science Cyprus public Supply side
GULTEKIN Recep Turkish National Police Turkey public Demand side
KLISARIC Milan Ministry of Interior, Office for professional education, qualification, specialisation and science Serbia public Demand side
EGGENBERGER René Eidgenössisches Department für Verteidigung, Bevölkerungsschutz und Sport, Bereich Forschungsmanagement & Kooperation Switzerland public Demand side
NURIEL Nitzan National Security Council, Counter Terrorism Bureau Israel public Demand side
BERG Frank Robert The Financial Supervisory Authority of Norway (Kredittilsynet) Norway public Demand side
PRANJÍC Stipan Ministry of Interior, Inspectorate for the production & traffic of the dangerous substances Croatia public Demand side
TOMASSON Bodvar Linuhonnun Consulting Engineers Iceland private Supply side
MATE Dragutin President of ESRIF Slovenia n/a n/a
MARGUE Tung-Laï EUROPEAN COMMISSION - DG JLS - General Affairs Directorate Europe public Demand side
WEISSENBERG Paul EUROPEAN COMMISSION - DG ENTR - Aerospace, GMES, Security & Defence Directorate Europe public Supply side
MADALENO Utimia EDA - European Defence Agency, R & T Directorate Europe public Demand / Supply side
GRAMMATICA Alvise EUROPOL - Information, Management & Technology Coordination Unit Europe public Demand side
BERGLUND Erik FRONTEX - Research Unit Europe public Demand side

PostPosted: Mon May 25, 2009 5:36 pm
by stefano
The Tech Lab: Bruce Schneier
26 February 2009

Bruce Schneier is the chief security technology officer at BT and a celebrated writer and speaker on privacy, cryptography and security issues.

Welcome to the future, where everything about you is saved. A future where your actions are recorded, your movements are tracked, and your conversations are no longer ephemeral. A future brought to you not by some 1984-like dystopia, but by the natural tendencies of computers to produce data.

Data is the pollution of the information age. It's a natural by-product of every computer-mediated interaction. It stays around forever, unless it's disposed of. It is valuable when reused, but it must be done carefully. Otherwise, its after-effects are toxic.

And just as 100 years ago people ignored pollution in our rush to build the Industrial Age, today we're ignoring data in our rush to build the Information Age.

Increasingly, you leave a trail of digital footprints throughout your day. Once you walked into a bookstore and bought a book with cash. Now you visit Amazon, and all of your browsing and purchases are recorded. You used to buy a train ticket with coins; now your electronic fare card is tied to your bank account. Your store affinity cards give you discounts; merchants use the data on them to reveal detailed purchasing patterns.

Data about you is collected when you make a phone call, send an e-mail message, use a credit card, or visit a website. A national ID card will only exacerbate this.

More computerised systems are watching you. Cameras are ubiquitous in some cities, and eventually face recognition technology will be able to identify individuals. Automatic licence plate scanners track vehicles in parking lots and cities. Colour printers, digital cameras, and some photocopy machines have embedded identification codes. Aerial surveillance is used by cities to find building permit violators and by marketers to learn about home and garden size.

As RFID chips become more common, they'll be tracked, too. Already you can be followed by your cellphone, even if you never make a call. This is wholesale surveillance; not "follow that car," but "follow every car".

Computers are mediating conversation as well. Face-to-face conversations are ephemeral. Years ago, telephone companies might have known who you called and how long you talked, but not what you said. Today you chat in e-mail, by text message, and on social networking sites. You blog and you Twitter. These conversations - with family, friends, and colleagues - can be recorded and stored.

It used to be too expensive to save this data, but computer memory is now cheaper. Computer processing power is cheaper, too; more data is cross-indexed and correlated, and then used for secondary purposes. What was once ephemeral is now permanent.

Who collects and uses this data depends on local laws. In the US, corporations collect, then buy and sell, much of this information for marketing purposes. In Europe, governments collect more of it than corporations. On both continents, law enforcement wants access to as much of it as possible for both investigation and data mining.

Regardless of country, more organisations are collecting, storing, and sharing more of it.

More is coming. Keyboard logging programs and devices can already record everything you type; recording everything you say on your cellphone is only a few years away.

A "life recorder" you can clip to your lapel that'll record everything you see and hear isn't far behind. It'll be sold as a security device, so that no-one can attack you without being recorded. When that happens, will not wearing a life recorder be used as evidence that someone is up to no good, just as prosecutors today use the fact that someone left his cellphone at home as evidence that he didn't want to be tracked?

You're living in a unique time in history: the technology is here, but it's not yet seamless. Identification checks are common, but you still have to show your ID. Soon it'll happen automatically, either by remotely querying a chip in your wallets or by recognising your face on camera.

And all those cameras, now visible, will shrink to the point where you won't even see them. Ephemeral conversation will all but disappear, and you'll think it normal. Already your children live much more of their lives in public than you do. Your future has no privacy, not because of some police-state governmental tendencies or corporate malfeasance, but because computers naturally produce data.

Cardinal Richelieu famously said: "If one would give me six lines written by the hand of the most honest man, I would find something in them to have him hanged." When all your words and actions can be saved for later examination, different rules have to apply.

Society works precisely because conversation is ephemeral; because people forget, and because people don't have to justify every word they utter.

Conversation is not the same thing as correspondence. Words uttered in haste over morning coffee, whether spoken in a coffee shop or thumbed on a BlackBerry, are not official correspondence. A data pattern indicating "terrorist tendencies" is no substitute for a real investigation. Being constantly scrutinised undermines our social norms; furthermore, it's creepy. Privacy isn't just about having something to hide; it's a basic right that has enormous value to democracy, liberty, and our humanity.

We're not going to stop the march of technology, just as we cannot un-invent the automobile or the coal furnace. We spent the industrial age relying on fossil fuels that polluted our air and transformed our climate. Now we are working to address the consequences. (While still using said fossil fuels, of course.) This time around, maybe we can be a little more proactive.

Just as we look back at the beginning of the previous century and shake our heads at how people could ignore the pollution they caused, future generations will look back at us - living in the early decades of the information age - and judge our solutions to the proliferation of data.

We must, all of us together, start discussing this major societal change and what it means. And we must work out a way to create a future that our grandchildren will be proud of.

PostPosted: Mon May 25, 2009 5:56 pm
by stefano
Rural idyll or terrorist hub? The village that police say is a threat to the state

The Guardian, Saturday 3 January 2009
Angelique Chrisafis

High on a bleak mountain plateau in central France, the tiny village of Tarnac is fiercely proud of its grocer's shop. A smiling lady with a perm stands behind the old-fashioned till amid shelves stocked with everything from fly-swats and fairy lights to socks and soya milk. Elderly villagers boast that thanks to the shop, they don't have to leave their cottages to travel miles for bread in this vast, depopulated rural wilderness of central France known as "the desert". Posters advertise tea dances and cinema club screenings of Billy the Kid.

But the French government claims that Tarnac and its small shop are the headquarters of a dangerous cell of anarchist terrorists plotting to overthrow the state. Images of balaclava-clad police swooping to arrest suspects in Tarnac were compared by bewildered villagers to a strange, rural action movie. The government hinted that locals were too gormless to have noticed the terrorist activity in their midst. But after weeks of controversy, supporters are rising up to defend the young people of the village.

Known as the Tarnac Nine, four men and five women aged 22 to 34 are being investigated over far-left terrorism following dawn raids by police in November that targeted several addresses, including a farm with a few goats, chickens and vegetables. Those arrested include a Swiss sitcom actor, a distinguished clarinettist, a student nurse and Benjamin Rosoux, an Edinburgh University graduate who runs the grocer's shop and its adjoining bar-restaurant.

The alleged ringleader, Julien Coupat, 34, is still being held in prison despite a judge's ruling that he be released. A former business and sociology student from an affluent Parisian suburb, Coupat moved to Tarnac in search of a non-consumerist lifestyle, saying he wanted to live frugally. The poor village of 350 people is home to a growing number of young people who have escaped the city for a simple life and sense of community. Together, the newcomers ran the shop, a mobile delivery service, the restaurant, a cinema club and an informal library.

Police said Coupat and his archaeologist girlfriend had been under surveillance for months. The arrests followed six incidents of vandalism on France's high-speed railway lines, which caused delays for thousands of travellers but no casualties. Coupat and his girlfriend had allegedly been seen by police near a train line that was later vandalised.

The couple had come to the attention of the FBI months earlier when they took part in a protest outside an army recruitment centre in New York. They and acquaintances are said to have often travelled to protests and demonstrations such as a recent protest at a European summit on immigration at Vichy.

French police say Coupat was the author of an anonymous tract against capitalism and modern society, The Coming Insurrection. The Paris prosecutor said the group was intent on armed struggle and used the farm in Tarnac as a "meeting point and place of indoctrination" for "violent action". But France's Human Rights League, opposition politicians and intellectuals criticised the arrests as an attack on civil liberties and an abuse of France's draconian anti-terrorist laws. Defence lawyers say there is no evidence for terrorist charges.

Inspired by the indignant villagers of Tarnac, support committees for the Tarnac Nine have sprung up across France and in the US, Spain and Greece. In Moscow, supporters demonstrated outside the French embassy. A national protest is planned in Paris this month. The interior minister, Michèle Alliot-Marie, has been challenged in parliament over the case but insists there are "concrete elements" to support terrorism charges.

In the bar adjoining Tarnac's grocery store, as farmers tucked into their lunch, Jérôme, 28, who moved from the city seeking an alternative lifestyle in Tarnac, said he knew those who had been arrested and had stayed at their farm. "The portrayal of this place has been absurd. The farm is a very collective place and the village has a convivial atmosphere, doors are always open. They say we lived a secretive existence hidden away in the woods. That's not true - the farm is beside the road. They talk of a 'group' when there is no group. They say there was a ringleader ... but there is no boss here, that's an absurdity. It's against our whole thinking."

He said the government was trying to create an idea of an "enemy within", branding all forms of leftwing demonstrations and activism as terrorism.

The government said those arrested did not have mobile phones in order to avoid being detected. Their supporters said there was poor network coverage in the area and they shunned mobile phones as consumerist.

Tarnac sits on the plateau of Millevaches in the northern corner of Corrèze, in rural Limousin, famous for its cattle, poverty and emigration. The surrounding countryside was used by the resistance during the second world war and the village, which for decades had a communist mayor, has long been leftwing.

Across the hill from the farm where Coupat was arrested, Thierry Letellier, the independent mayor of the neighbouring village, tended his sheep farm. He said: "They were my neighbours, helping me on the farm and selling my meat at the shop. They were kind, intelligent and spoke several languages. They were politicised, on the left and clearly anti-capitalist like lots of people here, but they were people active in community life who wanted to change society at a local level first. To say that they were the descendants of Baader-Meinhof or the Red Brigades with no proof, I'm completely against that."

He dismissed the interior minister's claims that it was easy for "terrorists" to move into a remote village where people were not very bright and wouldn't notice. "It's true that members of Eta [the Basque terrorist group] have been found in the area, but they were hidden, they had no support, no one knew them. These people were a key part of our community."

Coupat's well-connected doctor father said the government was using the case to "intimidate youth".

One man, drinking in Tarnac's bar, said: "Did they do something silly or not? It's on the news every night but we're no closer to the truth. I feel we're being manipulated."

Chopping wood outside his house, André Filippin, 65, said: "It's ridiculous. I see them at the shop every day of the year, I help them with their drains, they help me. They are people who came to Corrèze to change their lives, to help people. We don't view them as terrorists here."

New AI surveillance systems, Europe

PostPosted: Tue Sep 22, 2009 7:29 am
by Penguin
BRS Labs announced a video-surveillance technology called Behavioral Analytics, which leverages cognitive reasoning, and processes visual data on a level similar to the human brain.

It is impossible for humans to monitor the tens of millions of cameras deployed throughout the world, a fact long recognized by the international security community. Security video is either used for forensic analysis after an incident has occurred, or it employs a limited-capability technology known as Video Analytics – a video-motion and object-classification-based software technology that attempts to watch video streams and then sends an alarm on specific pre-programmed events. The problem is that this legacy solution generates a great number of false alarms that effectively renders it useless in the real world.

BRS Labs has created a technology it calls Behavioral Analytics. It uses cognitive reasoning, much like the human brain, to process visual data and to identify criminal and terroristic activities. Built on a framework of cognitive learning engines and computer vision, AISight, provides an automated and scalable surveillance solution that analyzes behavioral patterns, activities and scene content without the need for human training, setup, or programming.

The system learns autonomously, and builds cognitive “memories” while continuously monitoring a scene through the “eyes” of a CCTV security camera. It sees and then registers the context of what constitutes normal behavior, and the software distinguishes and alerts on abnormal behavior without requiring any special programming, definition of rules or virtual trip lines.

AISight is currently fielded across a wide variety of global critical infrastructure assets, protecting major international hotels, banking institutions, seaports, nuclear facilities, airports and dense urban areas plagued by criminal activity.

New European Union initiative and research program for "predictive surveillance" of Internet, images and video feeds - Project INDECT - ... viour.html

EU funding 'Orwellian' artificial intelligence plan to monitor public for "abnormal behaviour"

The European Union is spending millions of pounds developing "Orwellian" technologies designed to scour the internet and CCTV images for "abnormal behaviour".

A five-year research programme, called Project Indect, aims to develop computer programmes which act as "agents" to monitor and process information from web sites, discussion forums, file servers, peer-to-peer networks and even individual computers.

Its main objectives include the "automatic detection of threats and abnormal behaviour or violence".

Project Indect, which received nearly £10 million in funding from the European Union, involves the Police Service of Northern Ireland (PSNI) and computer scientists at York University, in addition to colleagues in nine other European countries.

Shami Chakrabarti, the director of human rights group Liberty, described the introduction of such mass surveillance techniques as a "sinister step" for any country, adding that it was "positively chilling" on a European scale.

The Indect research, which began this year, comes as the EU is pressing ahead with an expansion of its role in fighting crime, terrorism and managing migration, increasing its budget in these areas by 13.5% to nearly £900 million.

The European Commission is calling for a "common culture" of law enforcement to be developed across the EU and for a third of police officers – more than 50,000 in the UK alone – to be given training in European affairs within the next five years.

According to the Open Europe think tank, the increased emphasis on co-operation and sharing intelligence means that European police forces are likely to gain access to sensitive information held by UK police, including the British DNA database. It also expects the number of UK citizens extradited under the controversial European Arrest Warrant to triple.

Stephen Booth, an Open Europe analyst who has helped compile a dossier on the European justice agenda, said these developments and projects such as Indect sounded "Orwellian" and raised serious questions about individual liberty.

"This is all pretty scary stuff in my book. These projects would involve a huge invasion of privacy and citizens need to ask themselves whether the EU should be spending their taxes on them," he said.

"The EU lacks sufficient checks and balances and there is no evidence that anyone has ever asked 'is this actually in the best interests of our citizens?'"

Miss Chakrabarti said: "Profiling whole populations instead of monitoring individual suspects is a sinister step in any society.

"It's dangerous enough at national level, but on a Europe-wide scale the idea becomes positively chilling."

According to the official website for Project Indect, which began this year, its main objectives include "to develop a platform for the registration and exchange of operational data, acquisition of multimedia content, intelligent processing of all information and automatic detection of threats and recognition of abnormal behaviour or violence".

It talks of the "construction of agents assigned to continuous and automatic monitoring of public resources such as: web sites, discussion forums, usenet groups, file servers, p2p [peer-to-peer] networks as well as individual computer systems, building an internet-based intelligence gathering system, both active and passive".

York University's computer science department website details how its task is to develop "computational linguistic techniques for information gathering and learning from the web".

"Our focus is on novel techniques for word sense induction, entity resolution, relationship mining, social network analysis [and] sentiment analysis," it says.

A separate EU-funded research project, called Adabts – the Automatic Detection of Abnormal Behaviour and Threats in crowded Spaces – has received nearly £3 million. Its is based in Sweden but partners include the UK Home Office and BAE Systems.

It is seeking to develop models of "suspicious behaviour" so these can be automatically detected using CCTV and other surveillance methods. The system would analyse the pitch of people's voices, the way their bodies move and track individuals within crowds.

Project coordinator Dr Jorgen Ahlberg, of the Swedish Defence Research Agency, said this would simply help CCTV operators notice when trouble was starting.

"People usually don't start to fight from one second to another," he said. "They start by arguing and pushing each other. It's not that 'oh you are pushing each other, you should be arrested', it's to alert an operator that something is going on.

"If it's a shopping mall, you could send a security guard into the vicinity and things [a fight] maybe wouldn't happen."

Open Europe believes intelligence gathered by Indect and other such systems could be used by a little-known body, the EU Joint Situation Centre (SitCen), which it claims is "effectively the beginning of an EU secret service". Critics have said it could develop into "Europe's CIA".

Welcome to INDECT homepage

This is the homepage of the EU FP7 project INDECT.

UE FP7 INDECT Project: "Intelligent information system supporting observation, searching and detection for security of citizens in urban environment"

GPS tracking watch for kids, Google maps integrated

PostPosted: Tue Sep 22, 2009 9:25 am
by Penguin ... ystem.html

The new num8 watch by Lok8u has a satellite positioning system so parents can keep track of their children's movements on Google maps.

The num8 watch has a GPS tracking device and satellite positioning system concealed inside so parents can locate the wearer to within 10 feet.

The watch, which is designed in bright colours to appeal to children, can be tightly fastened to a child's wrist and sends an alert if forcibly removed.

Parents can see the location of their child on Google maps by clicking 'where r you' on a secure website or texting 'wru' to a special number. Safe zones can also be programmed with parents being alerted if their child strays outside this zone.

The makers of the num8 watch claim it gives peace of mind to parents and makes children more independent but critics say tagging children like this is a step too far in paranoia about child safety.

Speaking to the Daily Mail, Steve Salmon, from Lok8u, said: "Losing your child, if only for a brief moment, leads to a state of panic and makes parents feel powerless. The overriding aim of num8 is to give children their freedom and parents peace of mind."

But Dr Michele Elliott, director of children's charity Kidscape, said: "Is the world really that unsafe that parents need to track their children electronically? I don't think so."

The num8 watch costs £149.99 and is sold with a monthly subscription contract.

PostPosted: Tue Sep 22, 2009 4:25 pm
by stefano
EU funding 'Orwellian' artificial intelligence plan to monitor public for "abnormal behaviour"
By Ian Johnston
Published: 9:08PM BST 19 Sep 2009

The European Union is spending millions of pounds developing "Orwellian" technologies designed to scour the internet and CCTV images for "abnormal behaviour".

A five-year research programme, called Project Indect, aims to develop computer programmes which act as "agents" to monitor and process information from web sites, discussion forums, file servers, peer-to-peer networks and even individual computers.

Its main objectives include the "automatic detection of threats and abnormal behaviour or violence".

Project Indect, which received nearly £10 million in funding from the European Union, involves the Police Service of Northern Ireland (PSNI) and computer scientists at York University, in addition to colleagues in nine other European countries.

Shami Chakrabarti, the director of human rights group Liberty, described the introduction of such mass surveillance techniques as a "sinister step" for any country, adding that it was "positively chilling" on a European scale.

The Indect research, which began this year, comes as the EU is pressing ahead with an expansion of its role in fighting crime, terrorism and managing migration, increasing its budget in these areas by 13.5% to nearly £900 million.

The European Commission is calling for a "common culture" of law enforcement to be developed across the EU and for a third of police officers – more than 50,000 in the UK alone – to be given training in European affairs within the next five years.

According to the Open Europe think tank, the increased emphasis on co-operation and sharing intelligence means that European police forces are likely to gain access to sensitive information held by UK police, including the British DNA database. It also expects the number of UK citizens extradited under the controversial European Arrest Warrant to triple.

Stephen Booth, an Open Europe analyst who has helped compile a dossier on the European justice agenda, said these developments and projects such as Indect sounded "Orwellian" and raised serious questions about individual liberty.

"This is all pretty scary stuff in my book. These projects would involve a huge invasion of privacy and citizens need to ask themselves whether the EU should be spending their taxes on them," he said.

"The EU lacks sufficient checks and balances and there is no evidence that anyone has ever asked 'is this actually in the best interests of our citizens?'"

Miss Chakrabarti said: "Profiling whole populations instead of monitoring individual suspects is a sinister step in any society.

"It's dangerous enough at national level, but on a Europe-wide scale the idea becomes positively chilling."

According to the official website for Project Indect, which began this year, its main objectives include "to develop a platform for the registration and exchange of operational data, acquisition of multimedia content, intelligent processing of all information and automatic detection of threats and recognition of abnormal behaviour or violence".

It talks of the "construction of agents assigned to continuous and automatic monitoring of public resources such as: web sites, discussion forums, usenet groups, file servers, p2p [peer-to-peer] networks as well as individual computer systems, building an internet-based intelligence gathering system, both active and passive".

York University's computer science department website details how its task is to develop "computational linguistic techniques for information gathering and learning from the web".

"Our focus is on novel techniques for word sense induction, entity resolution, relationship mining, social network analysis [and] sentiment analysis," it says.

A separate EU-funded research project, called Adabts – the Automatic Detection of Abnormal Behaviour and Threats in crowded Spaces – has received nearly £3 million. Its is based in Sweden but partners include the UK Home Office and BAE Systems.

It is seeking to develop models of "suspicious behaviour" so these can be automatically detected using CCTV and other surveillance methods. The system would analyse the pitch of people's voices, the way their bodies move and track individuals within crowds.

Project coordinator Dr Jorgen Ahlberg, of the Swedish Defence Research Agency, said this would simply help CCTV operators notice when trouble was starting.

"People usually don't start to fight from one second to another," he said. "They start by arguing and pushing each other. It's not that 'oh you are pushing each other, you should be arrested', it's to alert an operator that something is going on.

"If it's a shopping mall, you could send a security guard into the vicinity and things [a fight] maybe wouldn't happen."

Open Europe believes intelligence gathered by Indect and other such systems could be used by a little-known body, the EU Joint Situation Centre (SitCen), which it claims is "effectively the beginning of an EU secret service". Critics have said it could develop into "Europe's CIA".

The dossier says: "The EU's Joint Situation Centre (SitCen) was originally established in order to monitor and assess worldwide events and situations on a 24-hour basis with a focus on potential crisis regions, terrorism and WMD-proliferation.

"However, since 2005, SitCen has been used to share counter-terrorism information.

"An increased role for SitCen should be of concern since the body is shrouded in so much secrecy.

"The expansion of what is effectively the beginning of an EU 'secret service' raises fundamental questions of political oversight in the member states."

Superintendent Gerry Murray, of the PSNI, said the force's main role would be to test whether the system, which he said could be operated on a countrywide or European level, was a worthwhile tool for the police.

"A lot of it is very academic and very science-driven [at the moment]. Our budgets are shrinking, our human resources are shrinking and we are looking for IT technology that will help us five years down the line in reducing crime and combating criminal gangs," he said.

"Within this Project Indect there is an ethical board which will be looked at: is it permissible within the legislation of the country who may use it, who oversees it and is it human rights compliant."