privacy | ukwatch.net

The Shape of Things to Come

Ellie Keen — Tue, 16 Sep 2008 21:08:31 +0000

Press`Release from Statewatch

The EU is currently developing a new five year strategy for justice and home affairs and security policy for 2009-2014. The proposals set out by the shadowy ‘Future Group’ include a range of extremely controversial measures including techniques and technologies of surveillance and enhanced cooperation with the United States.

A major new report The Shape of Things to come (60 pages) examines the proposals of the Future Group and their relation to existing and planned EU policies. It shows how European governments and EU policy-makers are pursuing unfettered powers to access and gather masses of personal data on the everyday life of everyone – on the grounds that we can all be safe and secure from perceived “threats”.

But how, asks Tony Bunyan, Statewatch Director, “are we to be safe from the state itself, from its uses and abuses of the data they hold on us?”

Privacy swept away by EU’s “digital tsunami”

The report shows how the EU Future Group is seeking to harness the power of what it calls the “digital tsunami” – a rather insensitive concept – for the benefit of law enforcement and security agencies. In the words of the EU Council presidency: Every object the individual uses, every transaction they make and almost everywhere they go will create a detailed digital record. This will generate a wealth of information for public security organisations, and create huge opportunities for more effective and productive public security efforts.

The Shape of Things to come shows how the EU has substituted the concept that data relating to EU citizens should in principle be kept private from state agencies, in favour of the principle that the state should have access to every detail about our private lives. In this scenario, data protection and judicial scrutiny of police surveillance are perceived by the EU as “obstacles” to efficient law enforcement cooperation. The Statewatch report calls for a meaningful and wide-ranging debate” before it is “too late” for privacy and civil liberties.

EU must make up its mind on formal ‘Euro-Atlantic area of cooperation’

In a case study of negotiations between the EU and the USA on justice and home affairs issues, The Shape of Things to come shows how the two powers are considering the establishment of a formal security cooperation framework from 2014.

The Statewatch report also shows how on substantive issues relating to EU-US security cooperation since 11 September 2001, the USA has “got its way” to the detriment of the privacy and protection of data pertaining to EU citizens.

“EU standards have been by-passed or undermined and the USA has steadfastly refused to offer Europeans the equivalent level of privacy protection to US citizens”, says Tony Bunyan.

On the proposal that the EU should tie itself in with the USA across the whole justice and home affairs field, Tony Bunyan argues that “it is hard to think of a greater danger to our privacy and civil liberties”.

“Convergence principle” = “EU state building”

The EU Future Group also calls for the application of the “convergence principle” to policing and law enforcement in the EU. According to the Group, the principle “would apply to all areas where closer relations between Member States are possible: agents, institutions, practices, equipment and legal frameworks”.

While national law enforcement agencies will still continue to work according to their national legal frameworks, those frameworks will increasingly be determined at the EU level, through ‘harmonisation’ or the development of EU institutions and law enforcement agencies.

The Shape of Things to come shows the extent of the consolidation and extension of police powers at the EU level, from mandatory communications data retention to the continued expansion of agencies like the European Police Office (Europol), the EU prosecutions agency (Eurojust), the fledgling EU border police (Frontex) and the planned Standing Committee on Internal Security (COSI).

Before yet more powers over policing and surveillance are de facto granted to the EU, suggests Tony Bunyan, “Europe needs to have a meaningful debate about the direction in which the EU is heading and just what this means for civil liberties and privacy”.

The full Analysis: The Shape of Things to Come is at:
http://www.statewatch.org/analyses/the-shape-of-things-to-come.pdf

Statewatch: Observatory on “The Shape of Things to Come” – the EU Future group:
http://www.statewatch.org/future-group.htm

Tony Bunyan is a writer and journalist and has been Director of Statewatch since 1991. He is the author of The Political Police in Britain (1977), Secrecy and openness in the EU (1999) and has edited numerous Statewatch publications including The War on freedom and democracy – Essays in civil liberties in Europe (2006). He has taken eight successful complaints against the Council of the European Union to the European Ombudsman on access to documents on behalf of Statewatch as well as two successful complaints against the European Commission. In 2001 and 2004 he was selected by the European Voice newspaper as one of the 50 most influential people in Europe.

For more information contact Tony Bunyan:
Statewatch office: 00 44 0208 802 1882
e-mail: office@statewatch.org
Postal address: Statewatch, PO Box 1516, London N16 0EW, UK

Labour proposes huge increase in state surveillance

tim — Sat, 30 Aug 2008 12:16:10 +0000

In a further escalation of the attack on democratic rights, the Labour government is proposing a huge increase in state surveillance. It is implementing new measures under the pretext of the “war on terror” to intrude ever deeper into the private lives of people who are viewed as potential criminals rather than citizens.

As things stand, the Regulation of Investigatory Powers Act (RIPA) introduced in 2004 allows hundreds of public bodies to monitor communications without a court warrant. The Commissioner for the Interception of Communications, Paul Kennedy, oversees 795 agencies and organisations permitted by RIPA to acquire communications data. These include 9 intelligence agencies, 52 police forces, 12 other law enforcement agencies, 139 prisons, 475 local authorities, and 108 other organisations such as the Post Office and the Food Standards Agency.

There were 519,000 requests for information in 2006/07, mainly from the police and security services—up from 440,000 the previous year. Official reports say law enforcement agencies were also authorised to “interfere with someone’s property” about 3,000 times in 2007/08, mount 355 “intrusive surveillance” operations (breaking in to someone’s property or planting a bug) and carry out 18,767 cases of “directed surveillance” (following someone and recording their activities).

Currently, telecommunications companies must store records of all phone calls for a year so that they can be examined. In 2005, Statewatch News Online revealed how T-mobile had “an automated e-mail system that allows law enforcement agencies to retrieve subscriber and billing details by consulting the system directly—all they need is a mobile phone number. This process requires no human intervention from T-mobile staff: the system automatically generates spreadsheets showing the subscriber and billing information and sends them to the law enforcement e-mail address.”

From next year, internet service providers will also be compelled to collect information about the web sites people visit and details of their emails. The Home Office said the new measures would force companies to store “a billion incidents of data exchange a day” and dismisses any concerns about these developments with the usual mantra, “we consider that these measures are a proportionate interference with individuals’ right to privacy to ensure protection of the public.”

There are plans to force all companies to hand over their data to one central “super” database so that government agencies will no longer need to submit requests to individual companies.

The government is also putting pressure on organisations besides the police and security services to make more use of spying powers. Kennedy complained, “I am concerned that so many authorities who applied for powers to be given to them, apparently do not use them and I do not know why this is … if this state of affairs continues unexplained, then consideration must be given to removing the powers from them.

“During the period covered by this report only 154 local authorities made use of their powers to acquire communications data. A total of 1,707 requests were made for communications data and the vast majority were for basic subscriber information. Very few local authorities have used their powers to acquire itemized call records in relation to the investigations, which they have conducted. Indeed our inspections have shown that generally the local authorities could make much more use of communications data as a powerful tool to investigate crime.”

UK Home Secretary, Jacqui Smith, agreed saying, “The commissioners’ reports offer valuable oversight and provide reassurance that these powers are being used appropriately.” She added: “We need to ensure Ripa powers are used appropriately and are not undermined.”

Smith’s last remark is a reference to the recent furore over local authorities using phone and email records and carrying out video surveillance of people applying for schools for their children, housing benefit and other social services. The papers were also full of headlines about spying operations to detect dogs fouling the footpaths and people using refuse bins improperly.

Sir Christopher Rose, the Chief Surveillance Commissioner, warned local authorities that they risked losing “the protection that RIPA affords.” He used the “lack of understanding of the legislation” shown by councils and their “serious misunderstanding of the concept of proportionality” to call on them to “invest in properly trained intelligence officers who could operate covertly.”

Rose added, “The government is reviewing those public authorities that have access to these powers to ensure that they have a continuing and justifiable requirement for them. On completion the government will list the authorities that can use each of the powers and the purposes for which they can use them, and set out revised codes of practice.”

Simon Milton, outgoing chairman of the Local Government Association (LGA), attempted to defend local authorities against these accusations saying, “Councils have been criticised for using the powers in relation to issues that can be portrayed as trivial or not considered a crime by the public. Yet councils are caught between the rock of public opinion and the hard place of being told they should actually be using some of these powers more widely.” He agreed, however, that, “... it is important that they use these powers carefully and appropriately and we will be working with [the Surveillance Commissioner] to help enable this.”

Last April, Milton was the driving force behind a proposal to use supermarkets to collect data on migrant workers. Communities Secretary, Hazel Blears, told MPs, “The LGA has recently suggested that we look at footfall in supermarkets. They reckon Tesco has pretty good accurate information about the people who use their stores. I welcome that kind of imaginative thinking if it can help us to get a better and more accurate view at the local level of what the impact [of migration] is.”

Earlier this year popular opposition to Labour’s anti-terror legislation and its erosion of civil liberties allowed former Conservative Shadow Home Secretary David Davis to adopt the mantle of “defender of liberty” when he won the Haltemprice and Howden by-election. A similar thing has happened with these new proposals. Ken Jones, president of the Association of Chief Police Officers has warned about “the ceding of intrusive powers to local government and other bodies and giving them access to once sacrosanct personal data” and Dominic Grieve, the current Conservative Shadow Home Secretary, said, “Yet again the Government has proved itself unable to resist the temptation to take a power, quite properly designed to combat terrorism, to snoop on the lives of ordinary people in everyday circumstances.”

The new powers are linked to the enactment in British law of a European Union directive on data retention, which the Labour government was largely responsible for steamrolling through the European Union in 2005.

It claimed they were vital to defeat terrorism after the September 11, 2001 bombings in New York but, in fact, the EU was considering police-state measures well before then. In 1998, attempts were made in the Enfopol proposals to allow law enforcement agencies access to all communications, which were only withdrawn after widespread condemnation by civil liberties groups. This, after all, was not long after the enactment of limited reforms expressed in Human Rights Acts and Data Protection procedures.

However, following George Bush’s October 2001 letter to the EU, which demanded that countries “revise draft privacy directives that call for mandatory destruction to permit the retention of critical data for a reasonable period” the Belgian government back by the UK introduced proposals for mandatory data retention.

In October 2005, after months of secret meetings, the European Council with its UK Presidency published a draft directive. The UK Home Secretary, Charles Clark, warned the European Parliament that if it did not vote for the proposals “he would make sure [it] would no longer have a say on any justice and home affairs matters.”

Civil rights organisations put their faith in the European Parliament to block the proposals. One NGO asked, “... the European Parliament faces a crucial decision. Is this the type of society we would like to live in? A society where all our actions are recorded, all of our interactions may be mapped, treating the use of communications infrastructures as criminal activity.”

In the event, the draft was fast-tracked through the parliament with little debate and few amendments and became law after the vast majority of socialist and conservative MEPs voted for it.

As many lawyers and experts pointed out, any EU member state was, in effect, now free to retain “any type of data for any type of security purpose for any period at all.” They expressed concern that there would inevitably be demands for more draconian measures such as ID cards required to use internet cafes, the banning of all international email services such as Hotmail, and blocking the use of all non-European Internet Service Providers.

The unprecedented infringements of civil liberties that the Labour government and its European counterparts have implemented and are proposing are not motivated by the “war on terror”. As the political representatives of big business and the super-rich, they are conscious that they cannot secure a popular mandate for policies based on militarism, colonial conquest and the systematic destruction of the living standards of millions of people and are preparing other means for their enforcement.

What's it got to do with RIPA?

Ellie Keen — Wed, 02 Jul 2008 21:00:09 +0000

Liberty called for an overhaul of RIPA yesterday after the European Court of Human Rights slapped the UK government over the way it applied the UK’s previous interception legislation.

But the Home Office today said it did not see that the judgement had any implications for the UK’s current suite of laws covering covert investigations.

The court ruled that the UK had violated article 8 of the European Convention on Human Rights, by tapping communications of Liberty, along with British Irish Rights Watch and the Irish Council for Civil Liberties between 1990 and 1997. Article 8 quaintly demands the right to respect for private and family life and correspondence.

The three human rights groups had claimed that the MoD’s Electronic Test Facility had eavesdropped on their phone, fax, email and data comms between 1990 and 1997.

The three had first lodged complaints with the UK’s Interception of Communications Tribunal, the DPP and the Investigatory Powers Tribunal, to “no avail” with local courts ruling “there was no contravention to the Interception of Powers Act 1985”.

Liberty et al then took the case to the European Court Human Rights, which after a mere nine years decided that there had indeed “been an interference with their human rights as guaranteed by Article 8”.

The court found that the 1985 Act gave the UK government “virtually unlimited” discretion to intercept communications between the UK and an external receiver, and “wide discretion” to decide which communications were subsequently listened to or read.” The government had guidelines to ensure a “safeguard against abuse of power”, but these were not included in legislation, nor made available to the public.

The court concluded that the UK’s 1985 interception law “had not indicated with sufficient clarity… the scope or manner of the exercise of the very wide discretion of the conferred on the State to intercept and examine external communications” so as to guard against abuse of power.

The 1985 Act and the 1990s eavesdropping on Liberty and its Irish counterparts came against the background of the IRA’s armed campaign against the British state.

Over a decade on, and the 1985 Act has been replaced by RIPA. It has the same objective in detecting terrorism, serious crime and the like, but is more commonly known for being applied by local councils to people suspected to circumventing school applications procedures and not cleaning up after their dogs.

Gareth Crossman, Liberty’s Policy Director, said in a statement yesterday the judgement highlighted the need for a review of RIPA.

Liberty’s legal officer Alex Gask said: “While secret surveillance is a valuable tool, the mechanisms for intercepting our telephone calls and emails should be as open and accountable as possible, and should ensure proportionate use of very wide powers.”

Mark Kelly, Director of the Irish Council for Civil Liberties, said the judgement had clear implications for many other Council of Europe member states, including Ireland. ”Our lax data interception regime will require a thorough overhaul in order to ensure that it meets the standards required by the European Court of Human Rights under Article 8.”

The Home Office was less vocal, saying it did not think the judgement had any implications for RIPA. While yesterday’s judgement concerned the 1985 Act, a Home Office spokesman said there were no legal challenges against RIPA.

The Surveillance Society Does Not Work

Ellie Keen — Tue, 06 May 2008 23:29:38 +0000

Costing in excess of billions of pounds each year, every single area of the British surveillance society has been proven ill effective when dealing with crime, fraud and terrorism – the very reasons government officials implement such measures.

Which begs the question: How can the Government justify such spending when it also imposes an increasing risk to our personal freedom and privacy? What is more, as current technology has failed to live up to the expectations of the British Government they still have widespread plans to advance citizen surveillance like we have never seen before.

Passport Interrogations

The latest statistics are cause for concern. A procedure introduced in 2007 made it compulsory for all passport applicants to attend face-to-face interviews.

We were told this was a necessary measure in fraud prevention but out of 90,000 interviewees not a single criminal had been caught. The cost of the network has run into the hundreds of millions.

DNA Database

More statistics show the DNA database, which contains the details of over one million innocent people, has almost zero effect in solving crimes. On average just 1 in every 800 crimes will be solved and the cost runs into the millions, turning the innocent into suspects. Each DNA sample added to the database cost £3,575 – last year the database held 660,000 samples.

Phil Booth of NO2ID said: “This utterly blows away the myth that the DNA database is the perfect detection tool. It is, in fact, creating-a nation of suspects.”

The British DNA database contains 4.5 million samples and is the largest in the world yet it does not hold the information of terrorist suspects or serious offenders currently in jail.

Police across the EU can access the database creating what civil liberty advocates call a ‘Big Brother Europe’.

CCTV

Just this week it was revealed that only 3% of London street robberies were solved using CCTV. Britain is the most monitored country in the world with an average of one CCTV per ever 14 people.

“Billions of pounds has been spent on kit, but no thought has gone into how the police are going to use the images and how they will be used in court. It’s been an utter fiasco: only 3% of crimes were solved by CCTV. There’s no fear of CCTV. Why don’t people fear it? [They think] the cameras are not working,” said Detective Chief Inspector Mick Neville.

Still the development of a national facial recognition CCTV database continues at the taxpayer’s expense.

RIPA

What is more worrying still is the use of the Regulation of Investigatory Powers Act (RIPA), a spy law that was introduced in 2000 which gives the police and security services the power to monitor people and their communications. In 2002 the act was extended to include local councils allowing them to commit extensive surveillance of its citizens.

The law was introduced to catch terrorists but is currently being used to stop benefit cheats, anti-social behaviour, graffiti and even poor parking.

The abuse of Government authority is abundantly clear as our privacy and freedoms are needlessly stripped way while the taxpayer is forced to pay for technology which fails to protect us from criminals or terrorists.

A surveillance society simply does not work.

Surveillance Society

Ellie Keen — Sun, 27 Jan 2008 01:44:29 +0000

In 2004, Richard Thomas, the information commissioner, warned that Britain was ‘sleepwalking into a surveillance society’. In 2006 he suggested that we were ‘waking up to a surveillance society that is in fact all around us’. He hasn’t said much this year, but by implication it must be around breakfast-time in the surveillance society by now.

It’s easy to get worked up about surveillance. By definition, the surveillance society is not a democratic society in which surveillance is pervasive. It’s one in which surveillance is so pervasive that it threatens the very fabric of democracy. The libertarian intuition that we are ‘descending into a police state’ is borne of this concern. As ever more laws are introduced to regulate social and material life (not least the 3,000 new criminal offences said to have been introduced by New Labour), and ever more aspects of our lives are monitored and recorded, the more we are asked to account for ourselves and the more we can be held accountable for.

In a nutshell, the problem is that it is but a few discrete steps from the information society we cherish to the surveillance society we fear. To avail ourselves of today’s hi-tech goods and services we have little choice but to allow those who provide them to collect more and more information about us. And let’s be honest: as long as they keep this information secure and confidential, we’re not all that bothered. Secretly, we may even quite like being profiled, targeted and ‘rewarded’ with Amazon book recommendations, discounts and freebies.

Although unwanted ‘spam’ has gotten beyond a joke, the principles of ‘data protection’ appear to work reasonably well in the private sector. The 1995 and 1997 EC directives, and the 1998 UK Act, have imposed clear legal obligations on ‘data controllers’ to protect personal information, while ‘taking your privacy seriously’ has become a corporate mantra.

So far so good: things to hide, but little to fear. Bring the state into the debate, however, and the equation quickly changes. A new generation of surveillance technologies, population databases, identity management systems, ‘dataveillance’, data-sharing and data-mining tools are providing the state with the capacity to construct an almost unimaginably detailed picture of our private lives. At the same time, our celebrated data protection laws are being systematically circumvented and unravelled in order to legitimise the very practices they were designed to prevent.

Who’s tapping your phone?

A few years ago, the police needed a warrant to access your telephone records – now all they need is your phone number. This revolution in communications surveillance was carefully orchestrated. In 2000, parliament adopted the misleadingly titled Regulation of Investigatory Powers Act (RIPA) which, rather than regulating state surveillance, bequeathed to the police and a host of other public bodies the spook-like power to access directly the records held by communications companies. In place of a judicial warrant, an ‘authorisation’ by a senior officer would now suffice. In accordance with data protection rules, telecoms companies were also duly deleting our phone records after we had paid our phone bills (a matter of a few months at most). ‘Not so fast,’ said the Home Office, using the 2001 Anti-Terrorism, Crime and Security Act (ATCSA) to introduce a voluntary code on ‘data retention’, under which the major ‘telcos’ would not only retain their records for up to one year, but provide the police with direct access to their databases. The House of Lords did its level best to restrict the purpose of the Act to ‘serious crime’ but this would inevitably prove meaningless once data had been retained.

Not content with the voluntary code, the Home Office now demanded mandatory data retention by all telecoms companies and internet service providers (ISPs). But rather than returning to parliament, which had already judged ATCSA a bridge too far, the UK government went to the EU to seek an agreement with the force of European law. A discreet amendment to EU data protection rules followed in 2002, and an EC directive on data retention was eventually adopted in 2006.

In 2007, the Home Office returned to parliament to make its voluntary code mandatory by statutory order (meaning no debate), with the justification that the UK was merely fulfilling its obligations under EU law. This is a flagrant case of ‘policy laundering’. Just as ‘money laundering’ describes the passage of illegitimate funds through outside institutions and back into legitimate circulation, policy laundering involves the use of intergovernmental organisations to agree policies that lack political legitimacy in order to bring them into practice.

The cumulative effect of mandatory data retention cannot be understated. All our telephone and internet traffic data must now be stored for at least 12 months (perhaps longer in future – up to three years as in Ireland, or five as in Italy) in case the police or other state agencies need to look at it. The list of other agencies includes, among others, the Tax Office, the Food Standards Agency, the Department of Health, the Immigration Service, the Gaming Board, the Charities Commission and 475 local councils.

Should the police wish to see your telephone records today, they no longer need to show ‘probable cause’ to a judge. They just need to turn on their computers (or phone a friend). In 2005/6, this power was used a staggering 439,000 times over 12 months – a figure certain to rise with mandatory data retention and its extension to internet usage by 2009. The lack of independent scrutiny means we can only guess what the police were up to, but in accessing records more than 1,200 times a day, we can be certain that their activities went far beyond the scope of organised crime and terrorism.

Pulling a Swift one

Telecommunications data retention is but one example of the state placing legal obligations on the private sector to facilitate surveillance. ‘Policy laundering’ is again in evidence, somewhat ironically, in the EC money laundering directives of 1991, 2001 and 2005. These directives have effectively reversed the principles of banking secrecy and privacy in financial transactions by placing a legal obligation on financial institutions to retain data for five years and report all ‘suspicious financial transactions’ and customers to the police. In the UK, ‘failure to disclose’ those suspicions is now a criminal offence punishable by up to five years imprisonment.

The money laundering directives now also apply to auditors, accountants, tax advisors, estate agents, lawyers and notaries, dealers in high-value goods and casinos (not that this has done anything to curb systematic tax evasion and corruption by the rich and powerful), while under the UK Terrorism Act 2000, we are all now liable to prosecution for ‘failure to disclose’ any suspicions we may harbour about terrorist activities. As these so-called ‘due diligence’ obligations come to represent the wholesale privatisation of surveillance, government whistle-blowing, as David Kelly and Craig Murray can testify, is positively discouraged.

Further obligations have been placed on the airline industry to provide states with information about their passengers (so-called ‘passenger name records’ or ‘PNR’). Under successive EU-US PNR agreements – which the European Parliament voted against on four occasions – US agencies now have direct access to European passenger reservation databases. There are few meaningful restrictions on the use or onward exchange of the data they extract. This means that even if you’re only taking a BA flight from London to Amsterdam, up to 35 categories of personal information that you supply could find themselves in the US Department of Homeland Security’s inbox. Perhaps it’s time to start reading the ‘terms and conditions’ before ticking that box? Except that if you don’t tick that box, you can’t book the ticket.

In other cases, corporations are simply handing their data over to state agencies in the absence of any lawful requirement to do so. In 2006 the New York Times broke the story that the US was secretly monitoring every transaction sent through the global Swift money transfer organisation – which is based in Brussels – via an illegal ‘mirror’ in the US. The EU responded by formally granting the US access to the Swift data.

It is suggested that the use of ‘mirrors’ by the US government is widespread, and endemic where US-based multinationals are concerned. This begs a question: when corporations are requested to hand over or provide states with access to their data in the name of combating terrorism or some other evil, are they really going to refuse in practice? The same question applies to public bodies, with Transport for London apparently all too ready to provide the security services with a ‘backdoor’ into the congestion charge and Oystercard systems.

Stasi 2.0

The debate about ID cards masks far more insidious developments. Over the coming decade, the vast majority of the EU’s law-abiding population will be fingerprinted, registered and placed under de facto surveillance. Once again, governments have taken advantage of the EU to ‘harmonise’ national policy on the introduction of ‘biometric’ passports, ID cards, resident permits and visas. Article 18(3) EC of the EU Treaty should have prohibited EU legislation from the outset as it states clearly that the power to adopt legislation ‘shall not apply to provisions on passports, identity cards, residence permits or any other such document’. The member states simply ignored this provision and then used the new ‘reform treaty’ to belatedly add these powers to the EU mandate.

Under the ID Cards Act of 2006, from around 2010 everyone renewing their UK passport will be required to attend one of 69 ‘enrolment centres’, where they will be fingerprinted (all ten), photographed and asked any of the 200 questions designed by the Home Office to test the applicant’s identity, provenance and entitlement to remain in the country. Under EU rules, applicants for a visa to any EU member state will soon be subject to an almost identical process in their own country (with data retained in EU databases even if the visa is refused).

Your new biometric passport will contain an embedded radio frequency identification (RFID) chip that includes your fingerprints and other personal data, an identity card (with another RFID chip) and a number. The RFID chip is there to transmit your data, from distance, to special airport scanners, which scream ‘hack me’ to all those so inclined.

Your special number relates to your record in the UK national identity register (NIR), which links you to every other piece of information the state has ever collected about you. As the campaign group NO2ID has explained, the NIR will become ‘an index to all other official and quasi-official records. Through cross-references and an audit trail of all checks on the register, the NIR [will] be the key to a total life history of every individual, to be retained even after death.’

At the same time, a new generation of ‘e-borders’ will mean that all entrants are fingerprinted upon entry and given a de facto police record. The UK ‘e-borders’ system is to contain up to 90 specific categories of data on individuals and will record all movement into and out of the UK.

Shocked by the Stasi analogy in the subheading? You may be missing the point: the Stasi didn’t ask many questions because they already knew all the answers. Nor is it simply a case of ‘Business or pleasure, sir?’ making way for some rather more direct questioning. As more and more data is collected on the premise of border control, the techniques and technologies deployed at the border are simultaneously being deployed on the streets. ‘Multi-agency’ police checks (basically roadblocks with benefits, tax, immigration and DVLA inspectors in attendance), massive immigration raids and collective expulsions, hand-held fingerprint scanners, mobile access to police computer systems – these are all now matters of policy rather than legislation, and the subject of little if any debate.

You are a security risk

States are also investing heavily – and usually secretly – in the kind of predictive algorithms developed for direct marketing purposes in the belief that ‘risk profiling’ will help identify terrorists, criminals, psychopaths, problem children (see ‘Generation ID’, opposite) and other dangerous people before they have the chance to do us harm. This corresponds to more and more ‘preventative’ police powers – Asbos, security-based detention and so on. As EU policies, ‘terrorist profiling’ and computer-assisted passenger screening are now being introduced across Europe.

These types of programmes raise several fundamental objections. Primarily, by using assumptions about ethnicity, religion, nationality, lifestyle, education, health, wealth or criminal record as indicators of risk, these systems are intrinsically discriminatory. In turn, they inevitably lead to actions against large numbers of innocent people on a scale that renders the exercise both unacceptable and pointless. In the wake of the discovery of the Hamburg cell’s involvement in the 9/11 conspiracy, for example, German federal police agencies collected and analysed data on some 8.3 million Muslims (and suspected Muslims) in Germany but failed – despite hundreds of surveillance operations, arrests and interrogations – to find a single terrorist.

As Douwe Korff, international law professor at London Metropolitan University, points out, it is important to stress that this is not something that can be fixed by better design: ‘Attempts to identify very rare incidents or targets from a very large data set are mathematically certain to result in either an unacceptably high number of “false positives” (identifying innocent people as suspects) or an unacceptably low number of “false negatives” (not identifying real criminals or terrorists). This is referred to scientifically as the “base-rate fallacy”; colloquially, as “If you are looking for a needle in a haystack, it doesn’t help to throw more hay on the stack.”’

Democracy’s prospect

Despite the fact that the judicial regulation of surveillance is fast disappearing, many liberals have faith that the surveillance society can be somehow ‘democratised’ – a few new data protection rules here, a little bit more accountability there. This is disingenuous to say the least: mass surveillance, data retention and risk-profiling are the very things data protection law was designed to prevent. Once these practices are introduced, the law can give little practical effect to the supposedly fundamental right to protection from undue or arbitrary interference by the state.

Others suggest that the very same technology used to hold the citizen to account can be turned inwards, so that ‘glass citizens’ are governed by transparent states, as it were. But in a country that won’t even allow telephone intercepts as evidence in court because the police and security services don’t want to compromise their secret listening programmes, this appears a remote proposition.

So the job rests firmly with what remains of society. But in the absence of any rational appraisal as to the desirability and effectiveness of surveillance systems, never mind more concerted efforts to halt the march of the surveillance state (particularly via the EU), there can be little cause for optimism. And if you tolerate this, your children really will be next.

Ben Hayes is a researcher with Statewatch and the Transnational Institute