I’ve been watching a recording of Suspect Nation, first shown last Monday on More 4, in which journalist and author Henry Porter covers the privacy and security aspects of mass surveillance in the UK. He was supported by programme consultants Adam Laurie and Heather Brooke. Early in the fim Porter meets Professor Clive Norris, one of the founding editors of the journal Surveillance and Society, who asserts that we have moved away from the idea that you should only target those that you have reasonable suspicion of, to a point where we are saying everybody is suspicious, and we have a right to target everybody.
Porter quotes from an e-mail exchange he had with Tony Blair earlier this year in which the Prime Minister attempts to justify these developments with: “… this is as much an issue of modernity as liberty. We are trying to fight 21st century crime by 19th century means. It hasn’t worked. It won’t work. The terrorism is different. The street crime is different.”
To cope with the increasing level of CCTV surveillance, London Underground is trialling a system that allows automatic detection of undesirable behaviour. On the roads, Porter states that a reported 3000 numberplate recognition cameras are being installed in a nationwide roll-out; the system will log the time, date and location of every car that passes its cameras, and keep the information for up to 2 years. (The police want to extend this to 5 years.) Porter also cites the
Oyster Card system, which maintains a record of your journeys on the London Underground for the previous 8 weeks. Heather Brooke reports that from August 2004 to March 2006, there were 426 requests from the police to search the database, whereas in the last 6 months there have been around 170 requests per month for access. And in London, the numberplate recognition cameras used for congestion charging are left running over the weekend because (according to Transport for London) it would be too expensive for someone to go round and “flick a switch” on each camera.
The government is planning, at a cost of more than £200M, to create a database containing the personal details of around 11M children, which will be accessible by 400,000 public sector workers. Top politicians and celebrities will be able to opt out of this database for security reasons.
Given that the prevention of terrorism is one of the main justifications for increased surveillance, Porter visits America to see what measures have been implemented there five years after September 11th. He mentions the AT&T phone tapping case, and also that SWIFT has systematically breached European data privacy laws since 2001 by sharing personal data of EU citizens with the U.S. He meets Jay Stanley, of the American Civil Liberties Union; when people say that they’ve never done anything wrong (so why should they be worried?) Stanley points out that “there are a lot of (complicated) laws on the books, where the prosecutors and police have discretion to interpret the laws and if they decide that you are the enemy, and they can go through your life with a fine-toothed comb (because your privacy has been destroyed), the chances are pretty good that they will find something”. (Consider the case of David Mery, mentioned in my previous post on surveillance, who was arrested for spurious reasons at Southwark tube station.)
Porter meets Al Gore, who says: “The use of fear to acquire power has a rather old provenance … politicians from time immemorial have used that tactic … it’s always been effective.”
When Porter asks whether Gore thinks that blanket surveillance is a good way of tracking people, Gore responds with an analogy from an FBI expert: “We are looking for needles in haystacks and the Bush-Cheney administration keeps piling more hay on top of the stacks. The routine mass-collection of all of these conversations and communications is not only an invasion of privacy, it’s also completely impractical as a way of finding threats to security that are legitimate … they had the names of the hijackers on 9/11 … they had their telephone numbers … [two of them] were listed in the book under their own names and yet they had so much hay to sort through they ignored those pointed facts and said ‘oh, we need to collect more mass data'”.
Gore also says, when asked about a national ID card: “In the U.S. context, a national ID card has always been resisted precisely because it has been seen as a very powerful tool, which in the hands of the wrong kind of government could be a means for abusing privacy”.
The final part of the programme examines the security of some tracking technologies.
As well as being used to track goods, RFID chips have been implanted in some U.S. patients with degenerative brain conditions. Each chip contains a 16-digit code that can be used to access the patient’s medical records. Verichip implants were originally designed to tag pets, but the CEO has also suggested that they be used on migrant workers and the military. Adam Laurie points out that he can easily buy another writable RFID chip, copy the code in Henry Porter’s chip
and then have it implanted. Laurie also shows how he was able to obtain CCTV footage of Porter meeting Heather Brooke (by using a radio frequency receiver to intercept the CCTV signal), and record their conversation. He achieved this by registering Brooke’s mobile phone in a tracking service, then following Porter and Brooke until he spotted them. He then sat around the corner and connected to her phone via Bluetooth, using a known vulnerability to get the phone to call him back and he recorded the conversation.
This is a rather contrived example, because it depends on Bluetooth being enabled and the target phone being vulnerable, but it does demonstrate how a variety of techniques can be used together to build a composite picture.
Laurie’s final demonstration is to read the electronic information from one of the new UK passports, which was covered at length in the Guardian a few days earlier, and also on SecurityFocus. Laurie established that the cryptographic key required to read information from the embedded chip is based on the date of birth, passport number, and expiry date. The Home Office comments that the chip contains only the same information as is shown inside the passport, and you need to know the passport number (or be able to guess it). Note, however, that the decoding of information does not have to be done in real-time, as the attacker could read data exchanged wirelessly between the passport and the reader, and then decrypt this later. And the chip could also potentially be cloned into a new passport.
I’ve covered this programme because I feel that we all need to be mindful of how surveillance is evolving and what it means for each of us. I understand that covering the country with cameras is more cost-effective than spending the money on police, and these tracking technologies do help to catch criminals (and generate revenue) but I think it’s also clear that this is being done at the expense of our privacy.
Suspect Nation will be shown again on Wednesday 29th November at 10pm GMT on More 4.