Privacy Losses Around the World, 2002-09-16
One year after September 11, personal privacy is an international casualty in the war on terror.
“
A year later, it is no longer a foregone conclusion that anything that calls itself a 'terrorism bill' will be automatically enacted and put into effect.
”
Outside the U.S., the war on terrorism has pulled in many of the previous anti-privacy campaigns, and created new ones. The most obvious changes are the enactments of new anti-terrorism or related laws. Many countries have taken advantage of the situation including Australia, Belarus, Canada, Denmark, France, Germany, India, New Zealand, Spain, and the UK. Other countries have amended data protection, wiretap and privacy laws and regulations to make surveillance easier. There has also been some pushback by legislatures, courts and citizens to many of the worst ideas.
One of the first things brought into the war on terrorism was the war on cyber-crime. As the scare-a-week pronouncements from our cyber-war czars tell us, Bin Laden's minions are going to get us through our computers next. Really. Honest. The result has been the new global effort led by the U.S. through the G-8 to require ISPs and other telecommunications providers to build in surveillance capabilities - not just to intercept selected communications, but to monitor and record all user communications and activities and keep the records for years, just in case someone later turn out to be a terrorist, or is suspected of some cybercrime like not paying their Microsoft licensing fee.
The first international casualty of the war on cyberterror was the EU's previously strong privacy laws. President Bush sent a communication to the EU demanding data retention, even though the U.S. Congress would not approve a similar measure, and the Justice Department even denies considering it. In May 2002, the EU changed its telecommunication privacy directive significantly to allow national governments to order ISPs to automatically monitor and retain the online activities of users and the location data of mobile phones. A leak later revealed that the Belgium government has proposed making data retention mandatory. The U.S. and EU are also holding secret negotiations on a "common approach to searches, seizures, interception of telecommunications."
In the meanwhile Spain, France, UK, Belgium, Italy, Denmark, the Netherlands, Germany, the Ukraine, and Switzerland have all adopted data retention requirements. It is also being considered in South Africa and even Canada. In the UK, a legal opinion by the Information Commissioner found that the use of the retained information for anything besides fighting terrorism violates the Human Rights Act, but the UK government is not likely to care. Don't be surprised to see the Justice Department on Capitol Hill soon demanding the capability and pointing out that all other governments do it, so it is necessary for the U.S. to require it also.
Who are you?
Another international trend has been the concerted push to better identify and track people, with biometrics offered as a cure-all technology. Many jurisdictions including Iceland and Australia are testing face recognition systems in their airports, even though these systems have a difficult time telling the difference between an elephant and a person, much less identifying terrorists. The U.S. has imposed a requirement that citizens from countries that use the visa waiver system will need to have a passport with a biometric by 2004, or they'll have to get prior permission before traveling to the U.S. That should cause more chaos in air travel between Europe and the U.S. than Bin Laden could dream of.
Identity cards have also made a comeback. After years of vague efforts to introduce them under the guise of e-government and other noble rationales, post September 11 many governments now propose them as a basic tool to fight terrorism, no matter how far fetched that may be. The U.S. and the UK have been at the lead of this effort. Other countries with existing systems are now replacing their cards with new technologically enhanced cards to facilitate better tracking and data sharing. Hong Kong, Taiwan, Malaysia and Pakistan have all introduced smart cards in the last year. Not to be outclassed, Germany wants to adopt encrypted biometric I.D. cards.
Sharing Information
Many of the legal protections against misuse of personal information have also been undermined. Airline passengers worldwide are increasingly being profiled using data from different sources to determine if they are a danger to flight safety or other reasons. It is now commonly used against "troublemakers" who protest at various world summits. In Germany, the government began building computerized profiles of air passengers from all government records, and submitted a proposal in April 2002 to allow the entire EU do the same.
The private sector is also sharing your secrets. In the U.S., all sorts of private entities including the National Association of Scuba Divers and some supermarkets have provided their databases to government agencies. Libraries and bookstores are being forced to give up patron records. EPIC recently discovered that the U.S. INS bought information about citizens in Brazil, Argentina, Mexico, Columbia, and Costa Rica from ChoicePoint, which also provides records on millions of Americans to dozens of government agencies.
Fighting Back
There are some positive trends, particularly in the area of citizen access to government records. While the U.S. has been extensively cracking down on access to information, the rest of the world is heading in the right direction. Following September 11, only Canada made changes to its FOI law to limit access. Meanwhile Jamaica, Mexico, Panama, Peru, Romania and Scotland have all enacted new comprehensive laws to allow for citizen access to government information, and dozens of other countries are in the process of doing so. A number of countries in Eastern Europe have also opened up the archives of the Soviet-era secret police, making it easier to get information out of the files of the former national KGBs than from the FBI.
And around the world not all legislation is going through the way the spooks want it to. In the UK, the House of Lords significantly improved its terrorism legislation, and in Australia, the Senate rejected a bill to expand wiretapping. I.D. cards proposals are going nowhere fast in the UK and U.S. The COE cybercrime treaty went through without a peep in November and over 30 countries have signed it, but only that bastion of democracy Albania has been foolish enough to implement it into law.
The courts are also starting to place limits on surveillance. In Germany, courts struck down computerized searches, and only five percent of companies and universities that were asked to provide information to the government about their employees complied -- the others cited concerns about privacy. In the U.S., the Foreign Intelligence Surveillance Court came out from its cone of silence and released a decision rejecting the new regulations on national security taps.
A year after September 11, it is no longer a foregone conclusion that anything that calls itself a "terrorism bill" will be automatically enacted and put into effect. Opponents of privacy and due process are beginning to recognize that, and are starting to lash back. Just last week, UK Home Secretary David Blunkett attacked privacy groups in the UK for opposing his ever increasing demands for more surveillance powers. In South Africa, the Justice and Constitutional Affairs Committee chair lashed out when the wiretap bill had to be withdrawn. And John Ashcroft has equated opponents of his crusade to terrorists.
As Justice Michael Kirby of the Australian Supreme Court said at a 1996 EPIC conference fighting the OECD crypto guidelines, "The voices of national security and law enforcement agencies will generally be close to the ear of government. It is important that there be voices of equal strength to speak for human rights, the rule of law and protecting the privacy of citizens from the technologically enhanced capacity of the State to monitor their communications."
