KLIK terug naar het overzicht van de Berichten

Dataveillance

tekst: Mark Nixon
oorspronkelijk verschenen in het australische tijdschrift 21C Magazine (februari 1996)

A global trend is emerging toward citizen surveillance. While authorities speak of the need for data regulation and people become digital shadows, watchdogs are doing some monitoring of their own.
George Orwell wrote presciently of the power of tele-communications as an ever-present instrument of surveillance. But two-way television, the means of tyranny in his fictional 1984, has so far only found a niche as interactive entertainment. In its place, no-less-advanced technologies are quietly emerging that have an unprecedented potential to erode privacy and realize the surveillance society that Orwell predicted.

In Britain, closed-circuit television (CCTV) is fast turning public space into a contemporary version of Jeremy Bentham's 19th century prison, the panopticon. In Europe and the United States, intelligent transportation systems threaten to imperil the anonymity of the road, subverting freedom of both movement and association. Around the globe biometric identification systems together with the growth of networked personal data systems have the capacity to render the actions of entire populations transparent once and for all.

The current fervor for CCTV in Britain began as a means to combat football hooliganism in the mid-1980s. The success of the initiative caught the imagination of local councils across the country. They saw it as a solution to the growing fear of crimes like car theft child abduction and assault.

The British Security Industry Association says there are now about 150,000 CCTV installations across the country. The number of actual cameras is difficult to estimate as a single installation may comprise between one and 30 separate cameras. But one thing is for certain: The CCTV business is booming. Turnover for the British companies who make these systems has increased from L59 million to L129 million in the last four years.

Over 100 town centers now have integrated CCTV systems, complete with police- or volunteer-run control centers. The British Home Office recently reported that "the growth of interest in CCTV is dramatic, and the next few years are likely to witness schemes mushrooming in many towns."

The same report cites research indicating that up to 95 per cent of the British public approve of CCTV. People regard the cameras as a friendly eye in the sky and little concern is expressed for civil liberties.

But safety comes at a price. One police officer in Liverpool likened his local 20-camera system to having 20 officers on 24-hour-a-day duty constantly taking notes. The analogy is as intimidating as it is reassuring. And sleepless dedication is not the only quality that separates these digital deputies from ordinary British bobbies.

Equipped with a powerful zoom lens, each camera can read the wording on a cigarette packet at 100 meters. An added infrared capacity can turn pitch black into virtual daylight. And if one camera is attacked, another one will swing round automatically and photograph the assailant.

In town centers with council-run CCTV, almost every corner of public space can be monitored, according to Simon Davies, the director general of Privacy International, a London-based watchdog on surveillance by governments and corporations. From the control center in Liverpool, he watched as the police followed every step of a pedestrian as he walked over two miles through town. The police could see where he went, to whom he spoke, and even what he had for lunch.

While Davies admits the technology has had some effect on major crime, he remains skeptical of its long-term success. In his view, CCTV is little more than a quick fix creating an illusion of safety while pushing crime into low-rent areas that can't afford their own systems.

At the same time police and local authorities are gaining enormous control over the public environment. This is having a disturbing effect, Davies argues. "It has been successful in the policing of public morals and in the pursuit of public order" he says.

Davies points to Kings Lynn, a small town in East Anglia and the first to receive an integrated CCTV system. Officially installed to combat assault burglary and car theft these crimes make up only 30 per cent of the town's CCTV arrest record to date. Instead, says Davies, the bulk of arrests are for a range of minor offenses including under-age smoking and drinking, parking-meter evasion, littering and public urination. This included a man caught relieving himself in a park at night -- despite the fact that only the camera, with its infra-red capacity, was able to see him.

As the market continues to grow Davies believes the scope of CCTV will encroach even further into public space "It's moving to a position where you can assume that the dividing line between overt and covert surveillance will disappear," he says, and then explains how this will be allowed to happen.

"Because the authorities have successfully argued that there is no private right in a public space, therefore you should assume that at any point you could be surveilled. That is the public right, to surveil you. That extends virtually everywhere. Suddenly. public space becomes anywhere where another person stands."

This shift is already well underway. The cameras were originally placed in full public view, accompanied by signs which read "Smile, you're on 24 hour CCTV." Now they have made their way into telephone booths, buses trains, taxis, lifts, automated teller machines and even chocolate dispensers. Soon they will be installed inside police helmets and police-uniform buttons.

It is a frightening prospect, and one that grows more alarming as the technology is improved. At the moment, several companies around the world are developing computerized face recognition (CFR) systems. Combined with CCTV, this technology provides the ability to scan a crowd at 20 faces a second and match images against a database of up to one million photographs (from, say, drivers' licenses).

A CFR system is already in use at Manchester City football ground to identify known hooligans. Major retailers are also examining the possibility of using the technology to identify known shoplifters even before they walk through the doors. As CCTV and face-recognition technologies converge the potential for pervasive and effective surveillance of public space increases significantly.

In Europe and in the US, technologies of a different sort are also converging, this time over the open road. Known as intelligent transportation systems (ITS), they promise to improve capacity and efficiency on public highways, enhance driver safety, and provide a range of new services to motorists.

These 'smart roads' will depend on the widespread use of digital wireless technologies to monitor, identify and track both individual vehicles and larger traffic flows, often in real time. The prospect is sparking fears that ITS will pave over privacy and turn roadways into an information snooper highway.

One ITS technology, automated toll collection. is already well developed in the US. On New York's Tappan Zee bridge, drivers no longer roll down the window to toss coins in a bucket. Instead, they pass straight through the toll gate, a computer scans an electronic tag located inside the windshield, and the toll is deducted from a pre-set account. At the moment, similar systems are used in nine states to collect over 250 000 tolls every day, and a further 12 states will soon put their own systems on-line.

It's easy to imagine the problems these systems could cause. Linked to an ordinary bank account, these systems can generate records that show a driver's name and address, and the precise time and place where each toll is charged. But toll collection is only the beginning. As envisioned traffic management systems will warn of accidents and traffic jams, while vehicle-to-vehicle communications could alert drivers to each other's behavior. Inside vehicles, CD-ROM-based route-finding systems linked to satellites will pinpoint a vehicle's position and movement on a map displayed on a dashboard screen. The system could help a driver through unfamiliar territory and even find them a vacant parking place.

Some of the more advanced ITS technologies have already been harnessed in the commercial sector. Qualcomm's OmniTRACS system for geo-stationary satellite-based monitoring is used by freight-transport operators throughout the US and Europe. It allows firms to track and communicate with their trucks and provide their customers with accurate delivery times. If the same systems are carried over into the consumer sector they will provide an almost limitless opportunity to track individual drivers and create detailed databases of their movements.

In the US, the producers of ITS technologies are represented by the non-profit organization ITS America. Their role is to coordinate the national development of intelligent roadware. In acknowledging privacy concerns, the organization has tentatively laid out a set of fair information and privacy principles. The European Commission, for its part, is yet to raise the issue, even though privacy concerns have already thwarted the commercial success of one large-scale ITS initiative in the Netherlands.

One of the ITS America principles is that ITS systems should not be used as a means of law enforcement. It is a point the industry no doubt wants to make very clear. After all, public acceptance will take a nose dive if driving on smart roads is like having the highway patrol in the back seat. But there is a loophole in the small print, which allows individual states to legislate conditions under which ITS information can be made available to police.

Phil Agre, a professor in communication at the University of California, San Diego, has been concerned with the privacy implications of ITS for some time. He suggests it will only be a matter of time before policies are changed to give law enforcement agencies routine access to ITS information, possibly in the wake of a terrorist bombing or a child kidnapping. Once that happens, he warns, the consequences could be devastating.

"If it's possible to build a case that someone might have been going to the meeting of a certain party or organization -- through gaining access to records of where people have been driving -- that begins to chill the very important freedom of association that lies at the foundation of a democracy," Agre says.

Information about where people drive would also be useful for a wide range of marketing purposes. How would you react to receiving junk mail from Jack's restaurant asking you why you always eat at Joe's? Or maybe from a video-rental company who think you might like to know that their new store is right on your way to work? Some of these uses will no doubt be harmless. But, as Agre points out, once the information is made available, it becomes very difficult to ensure that only people with benign intentions get their hands on it.

Agre suggests that a satellite-based tracking system would enable auto-insurance companies to offer low-risk discounts to drivers who agree not to drive through dangerous areas. "People who do not wish to be tracked in these ways will have to be presumed to be in the high-risk category," he reasons, "so that increasingly people begin to pay a very tangible monetary cost for preserving their privacy."

The pattern of convergence inherent in ITS has become common across many different information systems the world over, according to Simon Davies. "You find that the flavor of this time in the millennium is that no system, no technology, should stand alone," he says. "Part of the vortex that is created sucks the individual into the same convergence."

How? Biometrics.

Biometrics refers to the measurement of various physical and difficult-to-alienate characteristics. In recent years, efforts to establish more-accurate ways to identify individuals have intensified. Using sophisticated computer-scanning technology it is now possible to measure characteristics including digitized fingerprints, the micro-visual pattern of the retina, the geometry of the hand, and even the genetic blueprint of DNA. These techniques are beginning to replace conventional methods of identification.

Starting in 1993, US immigration authorities at JFK and Newark airports, and more recently at Vancouver airport, have been testing a passport-replacement scheme based on hand biometrics The system, known as INSPASS (Immigration and Naturalization Service Passenger Accelerated Service System) currently involves about 70,000 frequent fliers to and from the United States and Canada. The trials also involve cooperation with Britain, the Netherlands, Germany and Bermuda.

A member of INSPASS who arrives at one of these airports skips the main immigration line and enters a special kiosk. Inside, a scanner records the contours of the person's hand. The pattern is then compared to a template previously encoded on a 'smart card' and carried by the member. If the two patterns match, the green light flashes and the passenger is free to go -- all in as little as 20 seconds. Faster immigration processing is not the only advantage of the technology. A biometric system like INSPASS promises a far higher degree of integrity than collection of the cards, documents and numbers we regularly use to identify ourselves. For governments and corporations, biometrics promise to reduce the costs and risks involved in daily transactions with individuals.

In Ontario, there are 12 million identities in the health system -- an alarming figure, considering the Canadian province has a population of only 10 million people. To address this problem, the provincial government has proposed a biometric scheme based on a registry of thumb scans. If the same thumbprint appears in the system under two separate identities, it is instantly flagged.

A similar system for fingerprinting general-welfare recipients has been in operation for over three years in several counties in California. Intended to counter welfare fraud, the system looks like being adopted in another three states and extended to include other forms of welfare.

In the UK, the Department of Social Security has proposed a computerized database of handprints for all 30 million people currently receiving government benefits.

Elsewhere, biometric schemes are emerging in various applications around the world. The Jamaican government plans to use electronic thumbprinting to control elections, while in Europe there are plans to include cardholders' fingerprints on credit cards. Meanwhile, biometric systems are already used by banking and retail organizations worldwide for internal security.

Davies has been following the development of biometric identification with increasing concern. He says the technology creates a new form of intimacy between individuals and information systems. "With the establishment of biometrics you actually create a fusion between flesh and machine. You create an identity pattern, an identity process, which involves the machinery," he observes.

Imagine your fingerprint, handprint or retinal pattern scanned and mapped onto a few blocks of storage and spinning endlessly inside a computer somewhere. Because of its intrusive nature, biometric identification could result in perceptions of a shift in the power of organizations over individuals. But Davies believes that perception will become reality if the high performance of a single system creates the temptation to apply it across different organizations -- thereby linking otherwise separate databases.

Roger Clarke, an independent consultant and visiting fellow in information systems at the Australian National University, has been studying the use of such systems as a means of surveillance for over 20 years. In 1988 he coined the term 'dataveillance' to refer to the use of personal data systems to monitor individuals.

Dataveillance is unlike most common forms of surveillance, as Clarke explains: "What is being monitored is not the individual themselves so much as a digital shadow -- model or persona of the individual that is built up in a restricted way from the data that is available about them."

Clarke points out that dataveillance is not in itself evil, but it can very easily be used against the interests of the individual. "The concern is that multiple organizations may get together and pass information amongst themselves and coordinate the way in which they deal with individuals," he explains. "When they do that, they upgrade the power of those institutions over the individual."

This is not a new concern. In the late '60s the US government proposed creating a national data center. In opposing the idea, the long-standing geographic dispersion and fragmentary nature of individual information maintained by governments and corporations were held up as essential safeguards to privacy.

With the development of telecommunications networks, geographic dispersion is no longer an obstacle. Nowadays every computer-input device has become a potential recorder of our actions. Networked together, these ever-wakeful digital minions provide the capacity to compile dossiers on various aspects of our lives from the data trails we leave.

It's this ability that led the director of the US Internal Revenue Service to suggest that tax returns will soon be made redundant. Instead, the authorities will track everything a taxpayer earns and spends, and a computer will generate a bill at the end of the year.

Simply networking databases together, however, is not enough to realize such dreams of administrative ease. That's because most organizations have developed unique and often incompatible schemes for identifying their clients, which makes it difficult to create a central databank. Up until recently, that is. There are signs of a steady push towards a single identification system in various countries.

In the United States the originally single-purpose social security number (SSN) is now used by organizations including banks, phone companies, schools, hospitals and insurance companies to identify their clients. This trend known as 'function creep,' looks set to continue. Recently proposed legislation, known as 'work-site verification,' will create a computerized register based on the SSN, designed to prevent illegal immigrants from gaining employment.

And it creeps on. Welfare reform initiatives currently before the US Congress represents perhaps the most explicit form of legislated dataveillance to date. The proposals will create or expand a series of national personal data banks, linked by SSN, to track down parents who refuse to honor child-support obligations. These so-called 'dead-beat dads' avoid paying an estimated US$34 billion per year to their ex-wives and children.

In Australia, an individual's tax file number can now be used to cross-reference welfare payments, student fees and grants, and child support. Most states in Western Europe already have broad, multipurpose identification systems for taxation, superannuation and health insurance. The British government, meanwhile, has taken the direct approach and plans to introduce a national identity card.

But cards and numbers, like other forms of conventional identification, are open to fraud and misuse, as occurred in the '40s and '50s when thousands of Americans adopted the SSNs that appeared on sample cards inserted into new wallets. Safeguards are not much better today.

This, of course, is the reason for the development of biometrics. Whether or not the schemes being developed can cope with the physical variations among large populations remains to be seen. Nevertheless, it seems the push for multipurpose or general-purpose biometric identification will inevitably come, either from governments and corporations or from the developers of the technology themselves.

Davies warns that the consequences of such a development will be far-reaching "You are basically setting up this once-and-for-all system across all agencies, and that begs a whole lot of other questions about what sort of society you are setting up for yourself," he says.

Such a system would provide instant and total recall of many aspects of a person's life, all at the press of a button. Furthermore, there are fears that lumping together data generated in different contexts may create misunderstandings and lead bureaucrats and system operators to draw inaccurate conclusions. In the extreme, protecting privacy would mean dropping out of organized society altogether.

Many of the privacy concerns relating to information systems can be traced to the basic principles of computer-system design. According to Agre, whose research involves the representation of human activities by computer systems, collecting information in an individualized form has become a matter of routine design, regardless of whether it is necessary or not.

This is one reason why, in the era of computerized databases, privacy is regularly interpreted as either data protection or data security. These concepts, while perfectly legitimate in their own right, are predicated on gathering individually identifiable information and then regulating what happens to it.

"A different set of principles, starting from the principle of anonymity, could begin to take much more seriously the demands that privacy makes," Agre suggests. He adds that technologies already exist that embody just such a set of principles.

Chief among these is digital cash. As notes and coins go the way of the gramophone, their electronic equivalent is emerging as the technology of choice for conducting transactions in total privacy. Based on public-key cryptography, digital cash allows people to conduct all kinds of transactions without adding another piece of information to their data trails.

The same technology could also help protect privacy on the roads In Dallas, one company has successfully tested a digital-cash-based electronic toll-collection system at highway speeds. In fact, Agre says, all the legitimate applications of ITS systems so far proposed could be accomplished either anonymously or by pseudonymous techniques. The latter would enable authorities to determine that the same car passed Point A in the morning and Point B in the afternoon, without ever identifying whose car it is.

The idea of pseudonymity is one that Clarke says could be used for many day-to-day transactions between organizations and individuals. He makes the point that organizations often need only to authenticate that they are dealing with the same person at each transaction. There is no reason why they need to know that person's identity.

"There are now quite a few mechanisms available, all of them based essentially on cryptography, which enable such authentication to be undertaken without identifying the individual," Clarke says. The membership of many sporting and social clubs could be administered this way, as could the increasing number of customer-loyalty schemes.

But these technologies face an uphill public relations battle. Digital cash has already been widely accused of providing money launderers, drug barons and other criminals with the perfect means of continuing their activities. It's the same argument that was used in the Clipper Chip debate, in which the US government proposed a central encryption software, and it will no doubt be directed towards pseudonymous techniques as they emerge.

Davies is familiar with this type of argument. He says there has been a change of political winds in recent years. Where once privacy was used to protect individual freedoms, it is now officially deemed by governments and corporations to be an aid to criminals and a barrier to administrative efficiency. "In a generation, we now have privacy as almost like an ancient, forgotten wisdom," he says. Then he adds: "The point that needs to be made very clear is that technology has been misused. It always did have the capacity, the capability, to be a friend to people. Instead, it has become a potential tool of enslavement. And it has rendered society vulnerable on a scale that has never been seen before. It is technologists and politicians and financiers who have misused the technology and should be brought to account for it."