Data Protection and Privacy

Published 13.06.2011 ‘Features’ Engineering & Technology Magazine

‘You have zero privacy; get over it.’ So said Scott McNeally, chief executive officer of Sun Microsystems back in 1999. For the greater part of last century we have been worried that expansion of technology will mean by default the extinction of privacy.

There is sound evidence to support this notion. A mobile phone needs to know where you are in order to make or receive a call. A website must be served to your IP address should you wish to access it. CCTV cameras record not just criminal activity but all movement throughout the day.

Authenticating our identity gets more complicated and personal as criminals innovate to bypass the system. Internet advertisers – the financial backbone and one of the main reasons for the Web’s success – are collecting all sorts of user data with blatant disregard for privacy and almost zero regulation.

Advanced data-mining and analysis technology is limiting the individual’s ability to control what information is stored about him or her by governments and corporations. Technology that can profile and track behaviour is changing the relationship between citizen and state, consumer and business. And regulation of this burgeoning information industry has proved difficult.

This was publicly illustrated in relation to the super-injunction taken out by football player Ryan Giggs to block publication of details of an alleged affair. Users of the Twitter social networking site defiantly named Giggs in a pattern already established in support of ‘Twitter Joke trial’ defendant Paul Chambers.

Chambers’ January 2010 mistake had been to vent on Twitter about the threat to his holiday of an airport’s snow-bound closure; he gave the airport a week to get its act together, ‘otherwise I’m blowing the airport sky high!!’ Arrested under the Terrorism Act for his choice of rhetoric, Chambers received digital support from an avalanche of users who duplicated his tweet, thereby directly challenging the perceived injustice. The duplications ran with the inspired hashtag ‘#ImSpartacus’.

Faced with a similar popular revolt, Giggs’ representatives attempted to force Twitter to disclose personal account details of users who posted this information – a seemingly mammoth amount of ‘private’ information. However the latest privacy storm turns out, and however such information is used, it changes the ‘#ImSpartacus’ ideal, and tees up the question for future users: is privacy a necessary price to pay for progress and to defend freedom of speech?

Records and losses

The Passenger Name Record (PNR) is a database used by all airline companies, containing the personal details of every commercial and private air passenger. The database includes the passenger’s full name, date of birth, home and work address, telephone number, email address, credit card details, IP address if booked online, as well as the names and personal information of emergency contacts. In May 2004, the US negotiated an agreement with the European Union to process all PNR data of people departing from or arriving at their airports. In 2007, the Bush administration suddenly exempted the Department of Homeland Security from the Privacy Act and permitted the organisation not to respond to requests for personal information they held on EU citizens.

American writer Stewart Brand’s adage ‘information wants to be free’ is proving true and problematic for the principles behind data protection. Governments have a questionable track record in keeping this information safe. In October 2007 HM Revenue & Customs lost the details of 25 million child benefit claimants stored on two unencrypted discs; the Department of Transport lost three million records of its drivers… the list goes on and on.

In the US, the Transport Security Administration lost a check-in laptop with unencrypted personal data of 33,000 passengers; the Military sold one of its hard drives on eBay with detailed information about a system used to shoot down missiles in Iraq, along with security policies, facility blueprints, and the ever popular list of employee Social Security numbers.

Corporations have not fared much better in holding on to their users’ personal data. During a recent conference in San Francisco, data researchers, Warden and Alasdair Allen, presented their findings on the latest iPhone operating system update that forced the handset to record the GPS location coordinates of all Wi-Fi networks the phone could access throughout the day, and later on upload this information to the user’s iTunes program. Location-based tracking had moved from the domain of law enforcement into the everyday user’s hands. Both Apple and Google were questioned in the US Senate last month over the use of location data in their popular mobile handsets, while Sony’s PlayStation Network suffered a disastrous 70 million member hack.

It is hard to imagine how governments and corporations with a similar track record can be trusted to continue to handle and mine our personal data. Yet these governments keeping coming up with schemes to share data – most famously the National ID card scheme and the sharing of public health records with the private sector – before invariably dropping them.

WikiLeaks and whistle-blowing

It was more than just diplomatic pride that was hung out to dry on the clothesline of public debate following the last WikiLeaks scandal. Department of Defence engineers and military commanders who designed and implemented the SIPRNet for sharing classified information in a ‘completely secure environment’ were licking their wounds, inflicted by an inevitable component of most information systems – the human. The leak itself and subsequent editorial work by WikiLeaks volunteers, applied to the data before its public release, exemplify the topics of debate around data protection.

How did a low-ranking intelligence officer in the US Army get access to years of classified communications, and was it a result of a system design fault or yet another argument against centralising sensitive information whilst hoping that nothing will go wrong?

The 9/11 Commission Report found that the lack of intelligence-sharing between the various departments as one of the security apparatus’ greatest failings. Almost two million users were granted access to the Department of Defence’s own secure worldwide network.

The proposal must have caused some grey hairs for the techies whose standards for security policies usually demand tight controls, strict access restrictions and limiting the availability of information to any one user account. The SIPRNet could not have it both ways – the confidentiality of data passing through its network was breached by the very users it was designed to serve. The threat model for leaking secrets from an information system (technology + policy / number of users) is a troubling one.

Regardless of their efforts towards total transparency, WikiLeaks members were forced to realise that they had a responsibility to ensure the privacy and thereby security of numerous people whose personal details were mentioned in the Afghan, Iraqi and Diplomatic Cables leaks.

CJ Hinke, director of the Freedom Against Censorship in Thailand group and a member of the WikiLeaks advisory board, explained to E&T: ‘The process of posting leaked documents relies on stripping all identifying information. There are many personal identifiers which we examine in each document for exclusion such as names, locations, affiliations, dates and time, etc. We don’t have expertise enough to identify possible targets for retribution within the leaked documents.

‘This is precisely why we partner with traditional news media for public releases… WikiLeaks doesn’t trust the minimal data protection laws enacted by nation-states, rightly so. If we happen to offend a government, those laws are quickly forgotten. This could nowhere be more true than the US. We erred in all instances on the side of caution. If it could be concealed and encrypted, we made it happen… All donation information is stripped. Lists of staff and volunteers are encrypted as well as having personal responsibility to keep them secure. All communications among WikiLeaks insiders use different sorts of encryption, from simple SSL to PGP to external, encrypted services such as Jabber.’

Right to forget

Earlier this year, courts in Spain launched a legal attack on Google’s unwillingness to remove search links to websites displaying outdated information. A Spanish citizen was initially charged with criminal negligence and later acquitted. A Google search on his name however brings back results about his arrest. Spain has legislation specifying ‘the right to be forgotten’. Some 90 court orders were filed against Google on behalf of Spanish citizens, and as Paloma Llaneza, a data protection lawyer representing some of the plaintiffs, explained for the Outlook Series: ‘The truth is, we very much care about privacy and about data protection. And especially because Google is addressing its services to the Spanish country. They are using a ‘.es’ domain name, they are translating everything into Spanish and they are tailoring their services for our country, so they have to be prepared to comply with Spanish law – that’s all.’

The European Commission has followed suit in trying to bring about legislation updating its outdated 1995 Data Protection Act. Justice commissioner, Viviane Reding, emphasised the need for adequate rules to protect the privacy of Web users, stating that the right to control, access and delete personal information online ought to be guaranteed in the digital world of today. However enforcement of these restrictions is a problem. Websites are hosted on servers all around the world and each is governed by their own (if any) local legislation. Only those who can afford the time and costs of going through the legal system to mandate a deletion of their personal data may see any chance of success.

Our actions and participation in an information society should evolve in parallel with technology. Regulation and enforcement of the law will eventually catch up to reflect the unshakeable belief in the need for privacy. The lack of an ‘off’ switch for the information tap means we must ensure that access to personal data is restricted by legislation and protected by encryption.