The global reach of privacy invasion.
The full scope of this problem was brought to light on September 3, 2002, when the Electronic Privacy Information Center (EPIC), in association with Privacy International (PI), released the fifth annual privacy and human rights report. The study, entitled Privacy and Human Rights: An International Survey of Privacy Laws and Developments, reveals the current state of privacy in over fifty countries, including the United States. Marc Rotenberg, executive director of EPIC, links cause and effect in the foreword: "In the rush to strengthen national security and to reduce the risk of future terrorist acts, governments around the world turned to legal authority and new technology to extend control over individuals." And they did so without adequately considering the long-term impact on democratic freedoms.
However, the panic hasn't been limited to individual nations alone. International bodies have gotten into the act--and indeed have been among the first to do so. The United Nations took immediate action right after the attacks and adopted on September 12, 2001, UN Resolution 1368 that calls for increased cooperation between countries to suppress and prevent terrorism. The Committee of Ministers of the Council of Europe issued a similar declaration, and the North Atlantic Treaty Organization reasserted its own Article 5, which declares that an attack on any NATO nation constitutes an attack on all.
Then on September 26, 2001, the Parliamentary Assembly of the Council of Europe called for the ratification by individual countries of existing antiterrorist conventions. This included the lifting of caveats in these agreements and the extension of police activity to cover "terrorist messages and the decoding thereof." The European Union, in a report on October 17, 2001, proposed a common European arrest warrant, a common framework for antiterrorist laws, increased international cooperation among police and intelligence authorities, and a greater capability for freezing assets and preventing money laundering. Along these latter lines, the Organization for Economic Co-operation and Development together with the G-7, consisting of the world's seven largest industrial market economies, and European Commission called for an extension of its mandate to act against terrorist financing. Looking at the Internet, the European Commission went so far as to consider a requirement that every European Union member nation pass laws making cyber attacks a terrorist offense.
All of these calls by international bodies for increased cooperation and stiffer laws gave various governments the momentum to quickly develop new antiterrorist legislation. The Privacy and Human Rights report chronicles the early developments:
New Zealand minimized public consultation on a proposed law to freeze the financial assets of suspected terrorists because the government felt it was bound by United Nations Security Council resolutions. France expanded police powers to search private property without warrants. Germany reduced authorization restraints on interception of communications and increased data sharing between law enforcement and national security agencies. Australia and Canada both introduced laws to redefine terrorist activity and to grant powers of [domestic] surveillance to national security agencies.... India passed a law to allow authorities to detain suspects without trial, conduct increased wiretapping, and seize funds and property. The United Kingdom passed a law permitting the retention of data for law enforcement purposes in contravention to existing data protection rules. The United States passed a number of laws, including the USA-PATRIOT Act, which increases surveillance powers and minimizes oversight and due process requirements.
The report sums up events of the past year by noting that "almost every country that changed its laws to reflect the environment following September 11 increased the ability of law enforcement and national security agencies to perform interception of communications, and transformed the powers of search and seizure, and an increase in the type of data that can be accessed."
Unfortunately, the recent and widespread loss of liberty is only part of the story. These new intrusions by governments into the lives of citizens merely add to an environment already saturated with longstanding programs of surveillance. Since these programs aren't widely known, a general summary is in order.
In most countries, national governments issue citizen and resident identity cards that not only make invasive profiling possible but also easily enable profiles to be reproduced when the cards are misplaced. At one point a plan was underway in the United States to make state driver's licenses part of a sophisticated, nationwide ID system. A broad coalition of civil liberties groups, however, has so far managed to stall this proposal.
With the continuous evolution of cheaper and more sophisticated technologies, governments have been able to increase their deployment of audio bugging devices. Some of them can now be as tiny as an office staple. And for the last fifteen years, the U.S. government has led a global effort to boost the capability of intelligence agencies to eavesdrop on personal conversations. Meanwhile, video surveillance cameras that monitor private and public places throughout the world are ubiquitous while, out of sight, satellite surveillance cameras spy from high above the Earth using lenses capable of detecting objects less than one meter square anywhere on the planet.
Wiretaps are widely used--sometimes in individual countries on such a vast scale that they involve thousands of connections that operate effortlessly. Targeted individuals are typically human rights workers, political opponents, and student activists. Wiretapping abuses have even occurred in the most democratic counties, such as Denmark and Sweden, where intelligence agencies conducted surveillance of thousands of leftists for nearly forty years.
In order to more easily conduct wiretaps, government agencies now establish formulated arrangements with telecommunications providers so that phone systems are made "wiretap friendly" in ways unknown to the public. In this regard, the U.S. Congress approved in 1994 the Communications Assistance for Law Enforcement Act, which outlines the legal requirement that all telephone systems provide surveillance capabilities. The act supports the government's two primary strategies: to promote mandatory laws requiring all companies that develop phones and communications technologies to build in surveillance capabilities and to limit the development and distribution of products that provide encryptions which scramble communications and files so others can't read them.
Many governments also use biometrics, which attempt to verify an individual's identity based on physiological or behavioral characteristics and compare new samples of that person's characteristics with those previously captured. The most common biometric methods are fingerprinting, DNA identification, and voice recognition. The latest development in biometric technology is the automation of the verification process by converting each sample into an algorithm which is used for matching purposes. Daily movements and habits of a person can then be tracked by creating an electronic trail of that person's actions.
In the realm of cyberspace, governments practice "online profiling" at an escalating rate. This practice involves tracking an individual's Internet activity in ways that can reveal financial, medical, and other private information in only a few minutes while the individual being tracked visits dozens of websites. This practice is analogous to a government spy following a given person through a shopping mall, monitoring everything the person looks at and purchases. Also, corporations share personal information with governments by using computer logs to capture consumer information.
Governments also work through Internet service providers to place "black boxes" on their networks. These monitor user traffic without public knowledge, presumably for security and maintenance purposes, and are linked to government agencies by high-speed connections. The Council of Europe acknowledges this privacy problem in its Explanatory Report of the Convention on Cybercrime, released on November 8, 2001, that says:
The collection of this data may, in some situations, permit the compilation of a profile of a person's interests, associates and social context. Accordingly Parties should bear such considerations in mind when establishing the appropriate safeguards and legal prerequisites for undertaking such measures.
Heavy lobbying by civil liberties activists exempted U.S. Internet Service Providers (ISPs) from adhering to technical requirements that intercept communications. By contrast, in Australia the Telecommunications Act of 1997 obligates telecommunications operators to assist law enforcement at their own cost. A telecommunications act in the Netherlands, approved in 1998, requires ISPs receiving a court order to intercept all traffic and maintain user logs for three months.
There are two international bodies leading the way in increased surveillance of all communication and activities of Internet users: the Council of Europe and the G-8, including Canada, France, Germany, Italy, Japan, Russia, the United Kingdom, and the United States. The Council of Europe formed a Committee of Experts on Crime in Cyberspace (PC-CY) and created the Draft Convention on Cyber-crime, version 27, released in April 2000, that significantly promotes surveillance. Also, in May 2002 the European Parliament reversed its 1997 Telecommunications Privacy Directive and allowed each European Union government to enact laws to maintain the location and traffic data of all users of mobile and landline phones, e-mails, the Internet, and more.
Meanwhile, governments are, without specific judicial authorization, changing the application of legislation from national security to criminal investigation and prevention, and many governments are increasingly sharing data with each other. As a result, information originally collected for one purpose gets used for another. The goal of these governments is to create profiles of many individuals, mostly travelers, whether or not they are citizens of a given country.
Along these lines, the U.S. National Security Agency operates an international intelligence and law enforcement surveillance system known as Echelon. This is done in cooperation with Australia, Canada, New Zealand, and the United Kingdom. Echelon has existed since the beginning of the Cold War and, today, is an electronic surveillance network that can intercept most of the world's telephone calls, faxes, and e-mails, and shares this information with the five- member intelligence alliance.
The largest U.S. domestic surveillance system is described in a September 4, 2002, Washington Post article on airline security. It says the Transportation Security Administration (TSA) is developing a secret profiling system known as the second-generation Computer Assisted Passenger Prescreening System (CAPPS II). This profiling system is a vast network of supercomputers that gathers personal data on everyone so that, when a person books a flight, her or his background is checked for clues about possible plans of violence.
TSA has not resolved issues concerning the impact that CAPPS II will have on civil liberties. Civil liberties activists warn that privacy issues could create controversy if these concerns are not publicly resolved before the system begins operation. They are worried that innocent individuals who are offbeat or politically radical will be singled out by the system which challenges the right to privacy, the right to travel, and the right to engage in certain activities.
Clearly, the major relevant trends worldwide are those of increased profiling and identification, greater communications surveillance, and expanded search and seizure powers. In connection with this, we find a decrease in data protection regimes and an increase in data sharing, particularly with governments. These activities tend to quickly become codified into law. And the process has accelerated in response to the events of 9-11 with many legislative shifts occurring worldwide that affected the four primary areas of privacy: information privacy, bodily privacy, privacy of communication, and territorial privacy.
Fortunately, the right of privacy is included in the constitution of nearly every country in the world. Often, when it is not included, ordinary laws and provisions cover the matter. The Privacy and Human Rights report defines privacy as "a way of drawing the line at how far society can intrude into a person's affairs." U.S. Supreme Court Justice Louis Brandeis said in the 1890s that privacy should be reflected in the U.S. Constitution and argued that an individual's right to privacy is the most cherished freedom in a democracy. The preamble to the Australian Privacy Charter is in agreement, saying:
A free and democratic society requires respect for the autonomy of individuals, and limits on the power of both state and private organizations to intrude on that autonomy.... Privacy is a key value that underpins human dignity and other key values such as freedom of association and freedom of speech.... Privacy is a basic human right and the reasonable expectation of every person.
The UN commissioner on human rights in 1988 declared:
Compliance with Article 17 requires that the integrity and confidentiality of correspondence should be guaranteed de jure and de facto. Correspondence should be delivered to the addressee without interception and without being opened or otherwise read. Surveillance, whether electronic or otherwise, interceptions of telephonic, telegraphic and other forms of communication, wire-tapping and recording of conversations should be prohibited.
Countries in Europe, Asia, and Latin America continue to enforce data protection laws. The new European Union Electronic Communication Directive prohibits unsolicited commercial marketing by e-mail without consent and protects mobile phone users from surveillance. Bulgaria endorsed in January 2002 its new Personal Data Protection Act. Poland approved in May 2002 the Convention for the Protection of Individuals with Regard to Automatic Processing of Personal Data. Slovenia amended its Data Protection Act in 2001 to establish an independent supervisory authority. Malaysia's Personal Data Protection Act is pending, and a National Internet Advisory Committee in Singapore released a Model Data Protection Code for the Private Sector in February 2002. Peru enacted a data protection law in August 2001 covering credit-reporting agencies, and both Peru and Mexico passed new freedom of information laws in 2002. A similar law also went into effect in Poland.
Governments are also responding to the right to privacy in the workplace. Finland adopted a new law on Data Protection in Working Life in October 2001 and the president of the Russian Federation who signed a new labor code that includes the security of personal data. The United Kingdom privacy commissioner who drafted a four-part code on data protection in the workplace, and in March 2002 a national committee in Sweden issued a proposal recommending specific legislation to protect the personal information of employees in both the private and public sectors. The European Union's Data Protection Working Party released in May 2002 a working paper about the monitoring of electronic communication in the workplace. The Hong Kong Data Protection Commission issued for public consultation in June 2002 a draft code of practice in the workplace.
Clearly then, there are a number of new provisions that ensure the protection of privacy. This provides a glimmer of hope in a world where many new anti-terrorism and security measures work against human rights to increase communications surveillance, to profile individuals, and to weaken data protection regimes. But constant vigilance and activism on the part of people all over the world remain necessary to ensure that privacy rights prevail in this new century.
Erika Waak is the editorial assistant for the Humanist.
|Printer friendly Cite/link Email Feedback|
|Date:||Nov 1, 2002|
|Previous Article:||Minimum security. (Upfront: news and opinion from independent minds).|
|Next Article:||Bush and Clausewitz.|