What berveillance Is And What To Do About

What 'Überveillance' Is And What To Do About It Roger Clarke, Xamax Consultancy, Canberra Visiting Professor, UNSW, ANU, Uni. of Hong Kong Chair, Australian Privacy Foundation 2 nd RNSA Workshop The Social Implications of National Security From Dataveillance to Überveillance 29 October 2007 http: //www. anu. edu. au/Roger. Clarke/. . . . /DV/ RNSA 07 {. html, . ppt} Copyright 1987 -2007 1

What 'Überveillance' Is & What To Do About It AGENDA • • • Copyright 1987 -2007 What's 'Surveillance'? • Fundamentals • Vignettes • Categorisation What's Überveillance? • Omni-Surveillance • Exaggerated Surveillance • Master-Surveillance What Do We Do About Überveillance? 2

Surveillance The systematic monitoring or investigation of the actions or communications of one or more persons, directly, or through the monitoring of space or objects Personal Surveillance Focus on an identified person: because of suspicion about that individual • for activity deterrence / behaviour repression Mass Surveillance Focus on groups or spaces: • to generate suspects • for activity deterrence / behaviour repression • Copyright 1987 -2007 3

PHYSICAL Surveillance • Localised Observation, Listening • At Distance (Enhanced Observation, Listening) Image-Amplification Devices (field glasses, infrared binoculars, light amplifiers, satellite cameras) Sound-Amplification Devices (directional microphones) • Auto (by means of the Self) Devices that are attached to the person: • loosely but reliably ('mil dog-tags', mobile phone) • tightly (anklet) • embedded Copyright 1987 -2007 4

'ELECTRONIC' Surveillance 'Speech Surveillance' • Mail ‘Covers’, Telephone Interception, e. Mail Interception: • connections monitoring / traffic analysis (who is talking with whom) • communications surveillance (who is saying what to whom) 'Experience Surveillance' / 'Behaviour Surveillance' • • The Web since the early-to-mid-1990 s also supports the equivalents of buying books and going to the library The monitoring now being conducted by employers and governments is far more intrusive than before, because it provides access to peoples interests &, by inference, thoughts Copyright 1987 -2007 5

From the Observation of Ephemera To Recording and Analysis What was 'NOW OR NEVER' is now 'SOONER OR LATER' ENABLERS: • Image-Recording • Sound-Recording • Speech-Traffic-Recording • Transaction-Recording FACILITATORS: • Trail-Generation • Trail-Correlation Copyright 1987 -2007 NEW CAPABILITIES: • Retrospective Analysis • Real-Time Location • Real-Time Tracking • Predictive Tracking 6

Dataveillance The systematic use of personal data systems in the monitoring or investigation of the actions or communications of one or more persons Term first published in Commun. ACM in 1988 Now 22, 200 hits on Google 581 hits on Googe Scholar (at least 166 of which do not contain 'Clarke') Copyright 1987 -2007 7

The Modern Forms of Surveillance are Inherently Surreptitious • • • Copyright 1987 -2007 Physical Surveillance at Distance Electronic Speech Surveillance Electronic Experience/Behaviour Surveillance Dataveillance Auto-Surveillance (Apparent but quickly becomes habituated) 8

A Surveillance Explosion Was Inevitable • • Earlier Forms of Surveillance: • Labour-Intensive • Time-Consuming • Expensive => Economic Disincentive Against Wide Use Modern Forms of Surveillance: • Automated • Cheaper • More Reliable => The Economic Disincentive Was Overcome Copyright 1987 -2007 9

Surveillance of a PLACE or Location • Private Places Where an individual, or two, or perhaps a few, could reasonably expect not to be subject to surveillance by other parties (bedroom, home, toilets, . . . ) • Controlled Places Control rooms of nuclear power stations and air traffic; footpaths outside government agencies? at ATMs? railway stations platforms? cinema precincts? ? • Public Places When behaving in a manner intended to be private (e. g. in the company of family, rather than projecting themselves or their 'public persona' to some kind of 'public') Copyright 1987 -2007 10

Surveillance of SPACES rather than PLACES • • • Copyright 1987 -2007 Electronic surveillance broke the nexus with Place First it became a multi-location phenomenon, e. g. monitoring of both ends of a phone conversation But now many actions and many communications occur in a 'space' rather than 'place' The Space may be Physical The Space may be Figurative: • a particular e. Community (e. List, chat, forum) • 'cyberspace', 'the blogosphere' • the web of ideas inherent in published text, uttered words and recorded behaviour 11

Surveillance Vignettes • • • Baby-Monitoring Acute Health Care Staff Movement Monitoring Vehicle Monitoring 'Speed Cameras' Automated Number Plate Recognition (ANPR) Toll-Road Anonymity Denial CCTV. . . Goods Monitoring Freight Interchange-Points Financial Transaction Tracking Copyright 1987 -2007 • • • Consolidation of Agencies and Databases National Identification Schemes Human-Attached Chips Human-Embedded Chips Continuous Monitoring of Chips Biometrics and Foreigners Biometrics and Australians International Travel Domestic Travel Service Denial Identity Denial 12

Categorisation of Surveillance (1) (2) (3) (4) (5) Of What? Person, Object, Space For Whom? Person, Involved Party, Third Party By Whom? Person, Involved Party, Third Party Why? Wellbeing, Evidence, Deterrence How? Physical (visual, aural, at distance, auto-surveillance); Dataveillance (retrospective, real-time, predictive); Communications / Experience; Personal / Mass surveillance (6) (7) Copyright 1987 -2007 Where? When? Physical, Virtual, Intellectual Once, Recurrent, Scattered, Continuous 13

'Überveillance' • • • French 'surveiller' In English since c. 1799, with sinister connotations The Workshop Organisers have combined it with the German prefix ‘über’ Alternative Interpretations • Omni-Surveillance • Exaggerated Surveillance • Master-Surveillance Copyright 1987 -2007 14

Üv as Omni-Surveillance • • • Copyright 1987 -2007 An apocalyptic vision Surveillance across all space and all time (and hence ‘omni-present’) To enable some organisation to be all-seeing and/or all-knowing (and hence ‘omniscient’) To serve the organisation’s desire to be all-powerful (and hence ‘omnipotent’) Personal Überveillance is specific to a person / object Mass Überveillance is a suspicion-generator and a deterrent / behaviour chiller 15

Üv as Exaggerated Surveillance • • Copyright 1987 -2007 Key Examples of exaggerated justification: • excessively broad scope • instigated for reasons that are minor in comparison with its negative impacts Very substantial real and potential dangers But a breakdown in ‘intrinsic controls’ and seriously deficient ‘extrinsic controls’ 'Business Cases' rather than Cost/Benefit Analyses: • one-dimensional, ignoring key stakeholders • a justification of a policy position that has already been adopted, cf. an analytical tool 16

Terrorism as a Gilt-Edged Excuse for Exaggeration • • Avoidance of Scrutiny A pseudo-national-security imperative using as catch-cries ‘money-laundering', 'counter-terrorism', 'homeland', 'critical infrastructure protection' The worst form of policy-formation – knee-jerk reaction, bandwagon effect, and sacred cow Ongoing Examples: • Mythologies of Biometrics, e. g. • US Govt – FRVT (Face Recognition Vendor Test) • Aust Govt – ‘Biometrics Institute’ • 'Anti-Money-Laundering and Counter-Terrorism Financing' (AML-CTF) legislation Copyright 1987 -2007 17

Üv as Master Surveillance 'über' translated as 'meta', 'supra' or 'master'-surveillance 1. Consolidation BUT diversity in objectives, data sources, data meaning, data quality 2. Coordination Pressure for harmonisation, e. g. U. S. ‘DHS’ 3. Centralisation Data-flows designed to feed into a single 'master' Copyright 1987 -2007 18

Centralisation The Conventional Free-World Perspective – 1950 -1975 • • • 'Central Planning' approaches were derided • France post-WWII, countries behind the Iron Curtain, Cuba, East Asian Communist regimes The Last Hurrah of Centralised Economic Management Stafford Beer's Cybersyn (Allende’s Chile – 1970 -73) Inevitable Outcomes: • Economic Systems that are ineffective, inefficient and in most cases downright stagnant • Social Stasis Copyright 1987 -2007 19

Centralisation as Self-Denying Prophecy Lessons of General Systems Theory • • • Copyright 1987 -2007 Up to a point, many systems exhibit efficiencies of scale, and efficiencies of scope Beyond that point, they become unwieldy, excessively complex, inherently unmanageable Systems of the complexity of national societies and economies are well beyond the flex-point Survival requires flexibility and adaptability They in turn require: • loosely coupled elements • control through interplay of elements not simple-minded centralised control 20

The ‘Free World’ Malaise National Security Extremism • • • Copyright 1987 -2007 Religious Fundamentalist Extremism is real, but matters but far, far less than is pretended ‘Osama bin Laden’ and ‘Al Qaeda’ have triumphed Limited, sporadic attacks in their names stimulated the 'Western', 'democratic' world to eat itself Powerful right-wing institutions have manipulated Parliaments in order to deny the very freedoms on which our world was supposed to be built. Human values have been trampled. Surveillance is rampant We need an antidote to National Security Extremism 21

What To Do About 'Überveillance? • Bring the surveillance mania back under control • Generate countervailing power against the extremism of the national security agencies • Both 'countervaillance and 'counterveillance’ • Tenets, and Principles Copyright 1987 -2007 22

Counterveillance Tenets • • Terrorism is not new, and not unusual The 'power to weight ratio' of a single strike has increased (because fewer terrorists can deliver a bigger payload), but this has only limited implications for public policy Reactionary Extremism must not be accepted at face value National security and law enforcement interests must not be granted carte blanche to do whatever they wish Secrecy is not a necessary pre-condition of security It is illegitimate to treat what are really 'public safety' issues as though they were 'national security' matters Counter-Terrorism is not dependent on everyone being limited to a single State-managed identity Copyright 1987 -2007 23

Counterveillance Principles 1. 2. 3. 4. 5. 6. 7. Independent Evaluation of Technology A Moratorium on Technology Deployments Open Information Flows Justification for Proposed Measures Consultation and Participation Evaluation Design Principles 1. Balance 2. Independent Controls 3. Nymity and Multiple Identity 8. Rollback Copyright 1987 -2007 24

What 'Überveillance' Is And What To Do About It Roger Clarke, Xamax Consultancy, Canberra Visiting Professor, UNSW, ANU, Uni. of Hong Kong Chair, Australian Privacy Foundation 2 nd RNSA Workshop The Social Implications of National Security From Dataveillance to Überveillance 29 October 2007 http: //www. anu. edu. au/Roger. Clarke/. . . . /DV/ RNSA 07 {. html, . ppt} Copyright 1987 -2007 25