This sort of story always has me near helpless on the floor with laughter…
Those who, in theory at least, should be a lot smarter, have yet to grasp the concept of how the greatest creator of publicity for something, anything, is to demand it is given privacy.
The French Secret Service is certainly a stranger to the concept, as are most people who demand privacy. After all, isn’t the best and cheapest way for a waste-of-skin celebrity to get their unwanted faces plastered across the media for them simply to start up some gripe about not being given privacy?
In this case, the French seem to be demanding that Wikipedia take down a page (from 2009, four years ago!) that they seem to have suddenly developed some sort of phobia over:
French agents at the Direction Centrale du Renseignement Intérieur (DCRI), apparently turning their attention to Wikipedia for the first time in years, demanded last month that the Wikimedia Foundation delete an entry about a military radio relay station written in 2009.
When Wikimedia refused, the DCRI approached a French man with administrative editing rights on Wikipedia about taking down the page. The man told them that he had no involvement with the page’s creation or hosting. And that his mother told him not to talk to strangers.
There’s even a video of the chief of the radio relay station, station hertzienne militaire de Pierre sur Haute, giving an interview about the station’s operations, and taking a reporter on a tour of the facilities.
This one warms up a sore spot I have, and would almost post a pic just to get revenge, but the house and location are too recognisable and the incident too recent – I just had an altercation with a home owner who came running up to me and asked me what I thought I was doing. I though I was standing in a public street taking photographs of some interesting decorations, but he seemed to think I was taking pictures of his house, was interfering with his children (who were at school at the time of day concerned), and even threw worrying his wife into the pot at one point.
I pointed out, and showed him (aren’t digital cameras wonderful?) that I had not even caught his hovel in any of my shots, let alone take any pictures of it, but regardless, we did not part the best of friends.
Yes folks… there are still nut jobs out there, fuelled by the dregs of the media and their alarmist stories carrying tales of evil people openly carrying cameras in public.
Just wait until they learn about miniature hidden cameras and phones that have cameras built in, and can even take moving pictures, so people can wander about taking covert pics and not even be noticed.
I find the irony of ID Card fans being charged £30 for the privilege of owning a reminder of their folly to be rather sweet.
The disgraceful ID Card scheme, the National Identity Register, and the lies we were told as the scheme changed from being voluntary to compulsory by a series of stealthy changes will come to an end within 100 days, as the new Home Secretary Theresa May has announced that legislation to remove the related laws forced through by the outgoing Government will be the first to be put before Parliament by the new government.
15,000 people foolish enough to hand over £30 at the Manchester rollout of this con will not receive a refund, however Ms May said they would at least have a “souvenir” of the scheme.
Can you believe that the utter plonker who was originally responsible for this scheme, an obscure politician named David Blunkett who was going to make us all carry one if his cards, and who managed to get thrown out of his Government job not once, but twice, after making repeated gaffes that his bosses tried to ignore and gloss over, went to the papers and tried to recreate himself in some way, by threatening to sue the Government for the £30 he paid for his ID Card.
What a cheek! He should have been standing up and proclaiming his utter joy at having been granted the privilege of owning one of the ID Cards for a mere £30. They will be rare collectors’ items in future. I’m not sure of the ultimate number, I have seen claims of between 7,000 and 50,000 ID Cards being issued, despite Blunkett’s Labour Party being aware that every other party was going to scrap them after the General Election. The cost of the scheme was said to be £250 million over the eight years it was being pushed through regardless, against all opposition objections, with 15,000 paying £30 for each card worth £16,667 – which surely has to be a bargain. If the number was 50,000 then the cost of each card was a mere £5,000 – still a bargain at £30, but who will ever know the truth?
Maybe David Blunkett should still be sued for the cost of the disgraced and scrapped ID Card scheme – paying off the bill might keep us safe from his demented publicity stunts.
I’m certainly not wasting my time hunting down the real numbers, so if the above – taken from various reports in the news – are wrong, don’t bother letting me know. I don’t care now that the billions – at least £5 billion, and no doubt many times more if the project had been allowed to continue – have been saved, especially given the dire financial straits the country was shown to be in after the General Election.
It was embarrassing to watch the previous Government ride roughshod over any protests against the scheme, and attempt to have this pointless scheme set in place before it lost office, as if it was intent on having it installed deeply enough to ensure that any following administration would not be able to afford to cancel and withdraw it, since every single other political party had announced its intention to do away with the scheme in their post-election manifestos.
I could have a laugh at the expense of those who supported these useless cards, but it’s perhaps better to let them speak for themselves, and how ridiculous their claims are (or were), remembering that there is no evidence to support the claimed anti-terrorism claims made for the ID Card, and that they did not replace ANY of the alternative forms of identification we already have available, which would still all continue to be needed, meaning this cards/system would still have been additional to what we already have, and more importantly, subscribe to voluntarily when we want or need the services they apply to:
BBC News – ‘Why I love my ID card’ (Seriously, this makes for truly sad reading if the writer believe all he has written.)
Civil service warning
While I’m not too interested in the words of fanatics, extremists, or those with their own agenda, I have had a look around some of the follow up stories that have appeared around the web since the news of the current ID Card scheme cancellation was confirmed, and some of it may just carry the worrying ring of truth.
There are claims that the bureaucrats and pen-pushers at Westminster are not too happy about the loss of the scheme, and that they had been rubbing their hands in joy at the prospect of having a database where everyone’s details were centralised, and of forcing people to carry a card that linked them to it. And it’s not hard to see how people who’s lives revolve around making rules and having people follow them would adore to have such a system in place.
I think it might be well worth watching the small print that related to the people of the bureaucratic Government services over the next few years, just in case they decide to use their skills to learn from the current ID Card and database fiasco, and use the next five years to form a new plan to introduce something similar once the current interest dies down, and they can come up with the reheated dregs under a new name.
Maybe they will come up with something ‘new’, like an Entitlement Card (and of course, a database containing details of the entire UK population to back it up).
Maybe you won’t be granted access to any Government related services if you don’t have one, so it won’t be compulsory, unless you want access even to your local council, or maybe even to prove you are entitled to have your bin emptied.
The story may be little more than ‘smoke and mirrors’, but where pen-pushers and Jobsworth’s are concerned, I never discount anything, no matter how unbelievable, fantastic, or unlikely it may sound, and this has a little more than just the smell of possibility to me, and thoughts of how kids behave when you take one of the favourite toys away from them. They don’t let go willingly, or forget.
ID Cards can still be had
If you’re really upset at not being tagged with a UK ID Card then you may wish to follow the link below, and keep one of their offering in you handbag or wallet. You could even fine yourself $1,000 any time you leave home without it, or forget it, and you could even lock yourself indoors for 24 hours, just to simulate the feeling of being lifted by the police in a spot check to make sure you had your card with you.
It will probably be as secure as the UK ID Card, which I have seen newspaper articles which claim could be cracked in as little as 10 minutes, and new work suggests that biometrics are far from infallible.
While I don’t want to be accused of telling anyone how they should vote in a general election – as if anyone would listen to me anyway – I’m still not gagged, so that doesn’t preclude my observations regarding interesting things that might influence them.
I was going to precede this information with some introductory blurb, reflecting on the intriguing distribution of voting in general election in Scotland, but that would have infringed on the opening premise, so all I can do is quote the following, and suggest that most folk are not aware of the true implications of the ID Card, and more importantly, The National Identity Register, which is generally ignored, but much more sinister.
You may be perfectly happy to hand all your personal identification data over to the current Government which is power, but don’t forget, that will inevitably change one day, and has been seen in recent years, the principles of those in power do not necessarily stay the same.
It seems that every political party, except Labour (which has poured and will continue to pour ridiculous amounts of money into it), sees no future for ID Cards, the National Identity Register, and related projects.
If it’s so good, why does nobody else want it? They should all be beating a path to its door!
The issue has been fudged since it first appeared around 2002, and even now, it remains unclear just whose best interest it is in. Don’t forget, most of the reasons put forward by the Home Office can be shown to be ‘smoke and mirrors’, based on assumptions, not facts.
As of 26th April, opposition parties’ 2010 manifesto commitments on the National Identity Scheme stand as follows:
- The Conservatives (standing 631 candidates) will “scrap ID cards, the National Identity Register and the ContactPoint database”;
- The Liberal Democrats (631 candidates) will “scrap intrusive Identity Cards and have more police instead”. They also intend to “scrap plans for expensive, unnecessary new passports with additional biometric data”;
- The UK Independence Party (543 candidates) will “abolish ID cards” which involve “harvesting large amounts of highly sensitive personal data” and are “an ingredient in an increasingly intrusive surveillance society”;
- The Green Party (315 candidates) oppose ID cards and “also have grave concerns over the development of a national dataset, including detailed biometric data, which has potential for the infringement of civil liberties”;
- The British National Party (270 candidates) will “halt all moves to introduce ID cards as an undesirable manifestation of the surveillance society”;
- The Scottish National Party (59 candidates) would “cut the projects that the country doesn’t need and can no longer afford such as Trident, ID cards and deep storage nuclear dumps”;
- Plaid Cymru (40 candidates) will “continue to oppose legislation to make possible secret inquests, Internet monitoring, wasteful ID cards, the national DNA identity register and longer pre-charge periods of detention for suspects”;
- The Scottish Green Party (20 candidates) will not have ID cards which “are an unnecessary invasion of our privacy and will do nothing to prevent crime and terrorism”;
- The Social Democratic and Labour Party (18 candidates) will “continue to point to the savings possible by scrapping spending catastrophes of the current government such as the £5bn ID cards”;
- The Democratic Unionist Party (16 candidates) says “plans to introduce ID cards should be scrapped”;
- The Pirate Party (10 candidates) “strongly oppose compulsory ID cards, and pledge that we will never introduce them”;
- The Respect Party (11 candidates) succinctly states: “No ID cards”;
- The Alliance for Green Socialism (6 candidates) will “scrap ID cards and databases of personal information”;
- The Communist Party of Great Britain (6 candidates) calls for “an end to prolonged detention without charge, house arrest and plans for ID cards and full restoration of the rights of assembly, protest and free speech”;
- The Liberal Party (5 candidates) “oppose the introduction of ID Cards and the ‘Database’ State”;
- The Libertarian Party (4 candidates) will “immediately scrap the compulsory National ID card scheme”
From 2012 under a Labour administration, everyone needing a passport will be forced to enrol on a centralised ID database and be fingerprinted – and have to pay for the privilege of having their identity ‘managed’ by the state for the rest of their life. Labour’s manifesto pledge that “in the next Parliament ID cards and the ID scheme will be self-financing” is nonsense. The billions the scheme will cost have to come from somewhere, and it is the public who will pay.
Source: stop the database state » NO2ID
A centralised database is not even needed for proof
Although it’s only a local scheme in Wiltshire, and very new as I write, a scheme whereby young people can prove they are over 18 in order to gain entry to premises where proof of age is required appears to be making a successful start.
The interesting aspect of this scheme is that it provides its proof-of-age without having to refer to a centralised database, and relies on data encoded on a card, in this case fingerprint data. However, it does not contain any personal data, nor does it contain the fingerprint, which means if it is lost or stolen, it is useless to anyone else. And, as there is no need for it to refer to, or be linked to a central database holding the person’s details, there are no security implications resulting from its loss or theft.
Two items (make that three, as a third arrived as I wrote) landed on my desk this morning with regard to the current cavalier attitude taken by those who are support to be safeguarding our personal data.
The first related to The Information Commissioner’s Office (ICO), which uncovered 17,500 requests for private information made to a private investigator by 400 journalists. Information handed over included ex-directory addresses and contact details for security service personnel and celebrities. Information Commissioner Christopher Graham said he had highlighted the problem regarding the trade of such information back in 2006, in a report What Price Privacy Now? but no action had been taken by the authorities. He suggested that the courts were could not be bothered levying even the trivial fines at its disposal, that parliament let everyone down by not providing appropriate legislations, and the the newspapers, who do not take the matter seriously. According to Guardian, he said, even if a fine was issued, it could be written off as a business expense.
The ICO’s Motorman investigation into the activities of a private investigator uncovered 17,500 requests for private information on behalf of 400 journalists working for some of the UK’s biggest papers, including the News of the World, whose royal reporter Clive Goodman was later found guilty of hacking into people’s mobile phones to find stories.
What Price Privacy Now? Report by the ICO in 2006.
The second item seems to indicate a more informed and responsible plan regarding personal date by the Scottish government, which plans to reduce the amount of personal information held by large public databases and curb the collection and use of personal data by public authorities. A consultation on its plans has just begun, and it has the backing of the UK Information Commissioner’s Office (ICO), and proposes a set of Identity Management and Privacy Principles with which public bodies will have to comply. The principles move the Scottish Government away from the trend of building very large public databases of personal information.
Scottish finance secretary John Swinney commented that the principles guiding the plan were aimed at all who have a responsibility for protecting personal information, not only those those in the public sector dealing with the public, but those involved in designing and operating the systems concerned, and added that recent incidents where such principles had failed, and that it people had to be confident that their data was secure, and their privacy safeguarded.
The guidelines stipulate that privacy impact assessments must be carried out in relation to new Scottish Government plans and that any body gathering personal data must explain why they are doing so and how it will be used.
“The ICO welcomes this initiative of the Scottish Government,” said Ken Macdonald, Assistant Information Commissioner for Scotland. “At the ICO we urge all public bodies to ensure that data protection is treated as an important part of corporate governance. Safeguarding personal information must be embedded in organisational culture and no public body should be taking risks with Scottish individuals’ personal details.”
A third item arrived as I was writing the above, so this one is just direct quote, but is important as it shows how we have been consistently lied to regarding the non-compulsory aspect of the ID Card:
Already the Home Office is devising ways of making use of the ID card integral to gaining employment, an extremely sinister development.
Last week, The Register published an important story, through a freedom of information request, they discovered that the Criminal Records Bureau is considering requiring ID card and fingerprint data in an attempt to improve the accuracy of CRB checks. This would force people to get ID cards in order to get a job. As Phil Both of No2ID says, “This is entirely consistent with the various forms of coercion strategy they’ve been working on to create artificial ‘volunteers’ for ID cards.”
You have to acknowledge the cunning of the Home Office and CRB. As the Register reports the CRB is palpably dysfunctional. “In the 12 months to the end of March 2009, identity errors at the CRB more than doubled compared to the previous year. More than half of the 1,570 mistakes were made in just one month.” The government’s solution to this disaster, which by the way has not received nearly enough publicity, is to marry the CRB with the ID card, which the Home Office desperately wants to make compulsory.
The ID Card may not be compulsory, but it would seem that before it is booted out of office, the government that thought it up, and is the only champion of this lever towards a National Identity Database, will do all it can to install it everywhere it can, to the extend that it may not be compulsory, but is necessary for anyone that want to live in this country, and interact with any government related service.
I only hope my reference to country excludes Scotland, and the Scottish government is opposed to this abhorrent device.
It’s been an interesting week in the land of secrecy, security, surveillance, and shall we say lack of truth.
As one who has worked with corporate databases, I always find it hard not to fall about and roll on the floor laughing whenever I hear government ministers, officials, and other spokespersons issue assurances that they will make sure the NID (national identity database) and ID Card scheme are secure, that the data cannot be hacked, and there will be no way for anyone to access the data if they are not supposed to.
Quietly announced by Computer Weekly (as media attention focused on other government problems, and largely missed or ignored the story) nine staff have been sacked from their local authority jobs for snooping on personal records of celebrities and personal acquaintances held on the core database of the government’s National Identity Scheme. They are among 34 council workers who illegally accessed the Customer Information System (CIS) database, which holds the biographical data of the population that will underpin the government’s multi-billion-pound programme. Here is the list published of councils involved in breaching the core ID Card database.
So much for those assurances then, ministers have repeatedly insisted that security will be absolute and that severe penalties will deter anyone tempted to read files illegally – and two of those breaches were in Glasgow, so it’s not a problem “down south”.
It’s also worth bearing in mind that this story relates only to the results obtained from a sample checks on the system, and not a full audit. With this number arising from only a sampling exercise, it doesn’t take the greatest imagination in the world to see that the supposed absolute security we have been promised is nothing more than a figment of the government’s imagination, or simply a lie, if one wishes to be blunt and honest.
At the same time, there was another story – which could be read together with the above to see how data could be misused, or used without proper authority and checks in place – when it was revealed that requests by police and other officials for information on people’s phone calls and emails ran to an average of 1,381 a day last year, according to a report released recently by the interception of communications commissioner, Sir Paul Kennedy. A total of 504,073 surveillance requests to telephone and internet companies were made in 2008, the equivalent of one in 78 adults being targeted. The figure was slightly lower than in 2007, but higher than in 2006, when Kennedy issued his first report covering 253,557 requests registered in the 38 weeks after he took up his position in mid-April of that year. The 2008 figure shows a rise estimated at about 45%, if the 2006 figure is projected at a constant rate over a full year.
The Liberal Democrat home affairs spokesman, Chris Huhne, probably summed this up when he said the figures “beggared belief” and showed that Britain had sleepwalked into a surveillance state.
While there are serious cases where such methods need to be used, and information sought on individuals, it is now a matter of record both in the press and through investigative television documentaries that councils are using these powers to spy on people accused of allowing their dogs to foul pavements, or of leaving bins out too early for collection.
I rather liked his observation that Orwell’s 1984 was not a blueprint, but a warning.
One of the things I make no apology for going on about is privacy and data protection – I object to anyone collecting information about me in general (other than anything I freely choose to place in the public domain), and the millions of personal details that the various government bodies have left lying around in public, or just simply lost, means I have no need to make any case for highlighting data protection deficiencies.
You can combine the two in the private sector, as businesses seek to collect data about us all, amass them in corporate databases, and then sell the information to one another without any reference to those to whom the data refers. If they make a mistake, you’ll never know about it, or have any way to correct it. You can kiss your credit rating goodbye, or forget any jobs that involve, for example, children, if someone hits the wrong key somewhere.
Until now, there has been no way to issue fine to data controllers in charge of such information.
The Data Protection Act 1998 should act to help reduce such instances, but under the Data Protection Act (DPA) the Information Commissioner’s Office (ICO), responsible for enforcing the Act, cannot issue fines for breaches of the eight data protection principles at the heart of the law. From next April that will change and it will be able to issue fines for knowing or reckless breaches of the Act’s principles.
The introduction date is still to be officially confirmed though, and could be changed, and further work is still to be done with regard to the level of fines that can be issued.
The fines can be levied by the ICO when one of the eight principles have been seriously breached, but only if the ICO is convinced that the breach was deliberate or that the data controller knew, or ought to have known, of the contravention risk, and that the contravention would be likely to cause substantial damage or substantial distress and that the controller failed to take action to stop it.
Presumably the government will be treated as a special case, otherwise we will all be penniless as our taxes rise in order to pay the fines for the millions of records it will fail to protect in future, given its past and current performance in this area.
The data protection principles
Part I The principles
1 Personal data shall be processed fairly and lawfully and, in particular, shall not be processed unless—
(a) at least one of the conditions in Schedule 2 is met, and
(b) in the case of sensitive personal data, at least one of the conditions in Schedule 3 is also met.
2 Personal data shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes.
3 Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed.
4 Personal data shall be accurate and, where necessary, kept up to date.
5 Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
6 Personal data shall be processed in accordance with the rights of data subjects under this Act.
7 Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.
8 Personal data shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.
A few weeks ago, I commented about an apparently Over cautious Google?
At the time, I had discovered that a personal request to have some of their Street View privacy technology applied to imagery that referred directly to me had resulted not in the simple tweaking I had requested, but had seen all the images deleted, and replaced by the ominous “This image is no longer available” frame. Then I found that the frames had been restored – untweaked.
I got in touch again, and re-iterated the original request. Again the frames became unavailable, but then quickly reappeared with the requested tweaks in place. At the time, I wondered if this would remain, or if the original untweaked images would return, so I promised to revisit them six weeks later.
The six weeks have passed, and I’m pleased to say that things remain as per the request, and no, I’m still not going to point you at them, which would have the effect of negating the privacy request.
Interesting to see that development is still continuing inside the system too, with some rather nice image zoom graphics being layer on the views to make them both more usable and user friendly.
We seem to have arrived at a sad and sorry state in this country where I look at at my news feeds and find that some state or police contravention of people’s rights has been reported, or worse, upheld in a court somewhere, almost on a weekly basis.
I can’t list the private violations, since they don’t fall under the same rules or open scrutiny, but there will surely be private security guards and firms doing the same, and I’ve been thrown out of places by “uniforms” for having a camera in view.
While I am photographed and tracked more and more as I walk the streets, almost on a weekly basis, I grow more and more worried about the hazards of walking around with a camera – and I don’t mean in respect of being hit over the head and having it stolen.
Given the number of times I’ve driven past HMNB Clyde, Faslane, and the peace camp, I’m now wondering how often I’ve been photographed simply for driving past, and being a potential contact. On reflection, it’s almost amusing to note that when I used to visit the base officially, I wouldn’t have been photographed at all, as we always parked in the nearby visitor centre, and were provided with transport. Still, that would the MoD and the Defence Police.
This week it was the police that headed the news, as they breached the right to privacy of a protester at an arms trade fair.
While the court had no problem with the police taking the photograph of the man at the annual general meeting (AGM) of Reed Elsevier plc, owner of Spearhead Exhibitions, which puts on arms trade fairs, and ruled that this was legitimate, it found that the picture should have been deleted once it was apparent that no crime had taken place at the meeting.
The man had purchased one share, entitling him to attended the 2005 AGM of Reed as a shareholder and asked one question. There were no allegations that he behaved improperly at, before or after the meeting. A photographer hired by police took photographs of him outside the meeting, and he and a colleague were followed by police. They were stopped before they reached their Underground station and asked to identify themselves.
Article 8 of the Convention protects the right to privacy, Article 10 the right to free expression, Article 11 the right to free assembly and association and Article 14 the right to exercise the other rights without being subject to discrimination. All three Court of Appeal judges agreed that in the circumstances, his privacy rights were a factor. Two of the judges, though, ruled that the second part of Article 8 was breached.
“The retention by the police of photographs taken of persons who have not committed an offence, and who are not even suspected of having committed an offence, is always a serious matter,” said Lord Justice Dyson. “The retention by the police of photographs of a person must be justified and the justification must be the more compelling where the interference with a person’s rights is, as in the present case, in pursuit of the protection of the community from the risk of public disorder or low level crime, as opposed, for example, to protection against the danger of terrorism or really serious criminal activity.”
Lord Collins of Mapesbury agreed that there was justification for the taking of the photos, but not for keeping them.
“The retention of the photographs for more than a few days could not be justified as furthering the aim of detecting the perpetrators of any crime that may have been committed during the meeting,” he said. “The suggestion that retention of the photographs was justified by the possibility that Mr —- might attend and commit an offence at the DSEi fair several months later is plainly an afterthought and had nothing to do with the decision to take the photographs.”
Lord Collins said that there was a delicate legal balance to be struck between the operation of state surveillance and the privacy rights of citizens, and that this case would not settle the question of how to strike that balance.
“It is plain that the last word has yet to be said on the implications for civil liberties of the taking and retention of images in the modern surveillance society. This is not the case for the exploration of the wider, and very serious, human rights issues which arise when the State obtains and retains the images of persons who have committed no offence and are not suspected of having committed any offence,” he said.
See also: The
I can understand the idea of sharing photographs on the internet, and by photographs I mean those taken for their own sake by being interesting, informative, artistic, creative, or similar, and shared through online hosts and galleries.
I’ve never understood why anyone would place their personal family albums online for the world to see, especially if combined with personal details, family histories, name, addresses, and other intimate details. Do they really think they are so interesting, or their egos need such a degree of massaging in public?
More seriously, as I write in 2009, all these details and pictures are often more than enough for those who wish to create a false identity to do so with ease, and apply for driving licenses, bank accounts, loans, credit cards, and more, while the checks that in places are generally so poor that the criminals will have pocketed their proceeds and vanished before the poor mug whose identity has been cloned becomes aware of the deception.
A study published this week by Cambridge PhD students shows that nearly half of all social networking sites retain copies of photographs after being “deleted” by users. The study examined 16 popular websites that host user-uploaded photos, including social networking sites, blogging sites and dedicated-photo-sharing sites. Seven of the 16 sites surveyed were still maintaining copies of users’ photos after they had been deleted by the user. The researchers – Jonathan Anderson, Andrew Lewis, Joseph Bonneau and lecturer Frank Stajano – found that by keeping a note of the URL where the photo is actually stored in a content delivery network, it was possible for them to access the photo even after it had been deleted.
Their report says:
Social networking sites fared especially poorly in the study, with four of eight failing to remove deleted photos, including industry leaders Facebook, MySpace, hi5, and Bebo. Blogging sites also fared poorly, with LiveJournal, Xanga, and SkyRock all failing to remove photos.
Faring well in the study were the dedicated photo sharing sites Flickr, Photobucket, and Fotki, which all removed photos within 1 hour. Three Google-operated websites, Blogger, Picasa, and Orkut, all removed photos within 48 hours. Microsoft’s Windows Live Spaces received special commendation for removing photos instantly.
Interestingly, the only online hosting sites we’ve ever used, or use for that matter, since they were opened years ago are : Photobucket, Flickr, and Picasa. Hopefully, we don’t have to mention which blogging service we use, but it doesn’t seem to have attracted any attention.
It would be interesting to see how the BBC fared if examined in the same way, as it invites online pictures, and these are generally provided with credits and often show family snaps. Although I have seen pubic gripes about its copyright and useage policy, I don’t recall any remarks about having your picture removed from their site once you have given it to them, together with comment/details of the content.
Perhaps you can’t.
This may all seem rather small beer in the great scheme of privacy issues but the Cambridge team has done some valuable research that will steer users to more conscientious sites. Joseph Bonneau makes a good point when he says, “This demonstrates how social networking sites often take a lazy approach to user privacy, doing what’s simpler rather than what is correct. It’s imperative to view privacy as a design constraint, not a legal add-on.”
That last statement should be the guiding ethic for all web companies, to say nothing of the government.
As noted, if you are unfortunate enough to have your fingerprints and DNA taken taken as part of a criminal investigation in Scotland, and this is for elimination purposes only, or you are found innocent, these records are destroyed, so you’re not part of a criminal database.
However, in England, once they’ve got your DNA and fingerprints, they won’t let them go and want to keep them forever, regardless of whether you just provided the samples for elimination, or are a convicted criminal. They say that you can ask for you innocent details to be removed by request, but reports in the news suggest that these requests tend to get lost, or if not, take years to come to fruition, possibly needing a call the the papers or TV to get any response.
The ECHR ruled English DNA retention policy breaches human rights, and told them to to something about it, and elbows pointed towards the Scottish model as an example.
The English response to the ruling was published recently, and the Home Office proposal is little short of a mockery of the EHCR, and makes you glad to live north of the border. There is little to be added to the criticism voiced by the opposition spokespersons:
Launching its consultation on how to comply with the courts judgement, the Home Office said its proposals include:
• Destroying all original DNA samples, like mouth swabs, as soon as they are converted into a digital database profile
• Automatically deleting after 12 years the profiles of those arrested but not convicted of a serious violent or sexual crime
• Automatically deleting after six years the profiles of anyone arrested but not convicted of other offences.
• Retain indefinitely the DNA profiles and fingerprints of anyone convicted of a recordable offence.
• Remove the profiles of young people arrested but not convicted, or convicted of less serious offences, when they turn 18
While the DNA profiles of all children under 10-years-old have already been deleted, Home Secretary Jacqui Smith said the database would be expanded to include 30,000 serious offenders convicted before the database was established.
The Home Secretary went on, “It is crucial that we do everything we can to protect the public by preventing crime and bringing offenders to justice.
“These new proposals will ensure that the right people are on it, as well as considering where people should come off. We will ensure that the most serious offenders are added to the database no matter when or where they were convicted.”
But Shadow home secretary Chris Grayling said, “The Government just doesn’t get this. People in Britain should be innocent until proven guilty. Ministers are just trying to get away with as little as they possibly can instead of taking real action to remove innocent people from the DNA database. It’s just not good enough.”
And Liberal Democrat home affairs spokesman Chris Huhne said, “Once again, the Home Office is fighting an undignified rearguard action designed to give as little as possible in response to the ruling of the European Court of Human Rights. Today’s announcement is nowhere near good enough. Jacqui Smith must not be allowed to get away with anything short of immediately removing all innocent people from the database, except those accused of a violent or sexual offence.”
The Home Office has used its now standard ploy of using intangible estimates to justify its stance. In its consultation, the Home Office says that removing profiles is “likely to reduce the number of detections that DNA delivers”, with one official estimate suggesting there will be 4,500 fewer crimes detected a year – rising to 26,000 if the proposals are extended to the policies on retaining fingerprints. The numbers sound good, but are still only estimates, and from what some might say is a source with a vested interest in size of the estimate it makes.
Back at the launch of Google’s Street View, I had the opportunity to test their Report a problem option. The subject was unimportant, but comprised a registration plate that had been missed by the automated blurring. There was good reason, due to the location and angle of the plate, but it was still clearly visible thanks to its position.
Back then, I observed that not only was the registration plate blurred (in adjacent views), but they had gone a step too far and removed the images as well, and the graphic shown to the right appeared instead – this was not what I had asked for, nor expected as I had clearly marked and reported the visible registration using their provided reporting tool.
With the news that the UK’s Information Commissioner had sent Privacy International away with a flea in its ear, I decided to have a look at the location concerned and see how it looked some weeks after the images had been removed. Maybe they would have blurred the registration and restored the edited image.
Disappointingly, the image had been returned to Street View unedited, and complete with the registration number in plain view. This was rather embarrassing as I had previously been using the location as an example of Google’s response to a concern, unaware that it had been restored.
I re-registered the problem, including a description of the registration plate, and requesting it be blurred, but that the images not be removed.
While the automated acknowledgement was almost immediate, the result was still to remove the image (and others beside it!) rather than simply blur the registration plate that I had clearly identified in the reporting form.
I don’t really see what their problem is, as the registrations on neighbouring vehicles have been successfully blurred without the need to resort to removing the whole image containing them.
I don’t know if they are being ultra-cautious in the cases where a problem is reported, or for some technical reason just can’t apply the blur as requested, however that still wouldn’t explain why the images that were initially removed were restored.
We’ll give it another 4-6 weeks and revisit the view at the start of June to see what it looks like then, if it’s the same, blurred, or has the original image mysteriously restored again.