I asked this question over on Hacker News, as well as Quora, but I thought I’d also ask it here…

The UK plans to intercept all electronic communication. They currently don’t plan to snoop on content, but as noted elsewhere connection data is just as invasive.

To me this is both a civil liberties and business risk problem. I view my list of business contacts as confidential information and I don’t trust the government not to leave this information on a train somewhere.

Legal solutions are one thing, but the snoops keep raising their heads, so my feeling is that we need to actually find a way to make this sort of thing technically impossible.

Content encryption is already largely solved, although for email we still need a critical mass of people using PGP or similar.

VPNs just seems to push the problem to another jurisdiction, and if this is an agenda all governments will one day pursue, this will become decreasingly useful.

What can an individual do to protect content and connection data? Onion routing for mail servers? Do technical solutions rely on everyone doing it and so are unlikely to get much traction?

So what are your thoughts? What can we build?

The other day I took the decision to delete my Facebook account.

There has been a lot about Facebook and privacy in the tech press over the past few weeks – making live chats public, the ABC bug, criminalising violations of their terms of service, etc.

Facebook has a clear habit of leaking data, and a general disdain for their user’s privacy. As we can see by the changes to their Terms of Service and default privacy settings over time this is a deliberate strategy, which makes perfect sense since Facebook’s entire business model depends on their users sharing everything.

There’s a problem here of course, because even if you delete your account or were never on Facebook to begin with, the chances are you still are on Facebook.

Crowd sourced surveillance

Facebook crowd sources its intelligence gathering by encouraging your friends to continually update it with fairly sizable amounts of information about you, even if you are not a member. The simplest example of this would be the invite system… Facebook user Alice uses the Facebook interface to invite Bob, who is outside of Facebook, to a party… innocuous at first glance, until you consider that Alice has just told Facebook (and by extension: advertisers, government agencies, application developers etc) that Alice knows Bob (expanding the social graph) and has informed them of Bobs email address.

Image tagging presents another interesting problem. Facial recognition has reached a stage where by a machine can tell whether a face belongs too the same person from picture to picture. This feature was included in the latest version of iPhoto for example, but even without facial recognition, a tagged photo provides confirmation that a group of people were together at a certain time – and with geotagging enabled – in a certain place.

Facial recogniton is on Facebook now (via a third party app – although I would imagine Facebook will be developing their own version), Google is also following similar lines of research.

Of course, the algorithm can’t know who you are…

… until someone helpfully tags you of course. At which point you can be identified in any image on Facebook and the wider internet.

Governments have access to this technology as well of course (biometric passports anyone?), and we have already seen moves to incorporate this sort of face tracking and recognition technology in the next generation of CCTV cameras allowing automated tracking of people throughout our cities.

Anyone considering wearing a mask or similar as an obvious countermeasure should take note that the wording of the “burka ban” law recently passed in Belgium… which does not specifically ban the burka, rather bans any clothing that conceals the wearers identity. French and German MEPs are pushing for similar laws throughout the EU.

… first they came for the hoodies, then they came for the Muslims…

Question of ownership

I could easily be accused of being paranoid, but all this is perfectly possible and is an extrapolation of current trends.  It also serves to underline two central problems; first, that information is collected and added about you regardless of you do, and second, that this data is not considered to be yours – leading to unintended outcomes should the people holding the data change how they use it.

So much data is collected about you through the usage of online systems. Facebook in particular has extended this intelligence gathering capability out into the wider internet with its seemingly innocuous “like” button, or by secretly installing applications (which have full access to your profile) when you visit Facebook enabled websites (decidedly less innocuous).

Each bit of information gathered is fairly harmless on its own, but when aggregated over time present an incredibly detailed picture of your life – online and offline.

This information is packaged and sold.

That this data doesn’t belong to the person its about – even if it is of a deeply personal nature – is, I think, a rather corrosive assumption. Unfortunately we see this assumption at work all over the place both in government and the private sector, and although I’ve focussed particularly on Facebook in this post, it is only one part of a much wider problem.

Question of control

Fundamentally if you don’t own your data, you can’t possibly control what is done with it. Privacy controls and the like are at best a comforting placebo.

For this reason, I am suspicious of “free” services as money must be being made somewhere, and if it is not a direct fee then where?

So how can you keep control?

This is actually a very hard problem, because the obvious solution – not using the services in the first place – increasingly handicaps you.

Facebook has made a push to become the social architecture of the web with their “like” button, which isn’t the end of the world. However, more and more sites are using Facebook, Twitter etc for logon. Linking sites around the internet together and forming a more complete picture of your online habits.

If I want to use Microsoft’s online word processor Docs.com, my only option is to sign in with Facebook. Google docs needs a google account etc..

As Twitter, Facebook and Google etc all compete to be “You” on the internet you will see this kind of thing happening more and more.

Can I live without these services? Possibly. But what if a client uses them to share a specification document, can I refuse to view it? I guess it depends on how understanding your client is.

Is privacy dead?

Privacy is important, and anyone who says that “if you have nothing to hide, you have nothing to fear” should be encouraged to read Anne Frank’s diary.

However, we now live in a world were both online and offline we are encouraged to give away more and more of our private information. What information we don’t give away is obtained by monitoring our actions or provided by others – “Marcus was so wasted at Dave’s party last week, look here’s a picture of him passed out on the floor! LOL”

So much of this is out of your control, and what data is generated is not yours, but at the moment you still have a little wiggle room – if only because all these systems are still rather fragmented.

However, I believe that privacy is going to be one of the main societal battle grounds of the 21st century, and the first salvos have already been fired.

Privacy may not be quite dead yet, but it is certainly missing in action.

Image from ICanHasCheezburger

On the 27th of March next year all UK households will be compelled by law to fill in a Census.

I admit that I get more worked up about this sort of thing more than most people. The arrogant presumption that we are somehow state property, the compulsion to complete it & the sheer impertinence of the questions being asked are all things that stick in my craw.

With all else that’s going on – ID cards, mass surveillance, not to mention badly written laws made to put minority interests ahead of the citizenry – it seems that the census hasn’t yet appeared on the radar of most civil liberty campaigners.

However, as with previous years the number of questions has increased (34 in 1991, 41 in 2001). This year, there will be 56 questions prying into every aspect of your life.

Ostensibly a census is about resource allocation, but if that was the case the only question the government can legitimately ask is “How many people live in your house?“.

Gender is irrelevant as this is more or less going to be an even split. Birth rate isn’t going to suddenly shoot up so there’s also need to ask about the number of children.

I’d argue that even this one question isn’t really required as any areas which have resource problems can be identified more readily (and I’d argue more accurately) by deriving the information from other sources – class sizes, waiting times at hospital etc.

Some of the questions being asked

Further details of the census can be found here.

Many of the questions being asked certainly do not have anything to do with resource allocation.

For the first time you will be compelled to disclose any other passports you may have. Also, if you’ve previously lived out of the country you will also have to say when you came into the country and for how long you intend to stay.

You will also be compelled to give the names and addresses of any guests you have staying over on the evening of the census, as well as their sex and date of birth – which has led some to call this the “Snooper’s census“.

Compulsion

You are required by law to answer these questions, and if you choose not to answer these questions – questions which in my opinion the government has no business asking – you will have committed a criminal offence and receive a stiff penalty.

Worse still, the contract for processing the data has been handed to the arms manufacturer and surveillance company Lockheed Martin, which has already raised some eyebrows.