I’m in the process of pulling together some privacy-related thoughts surrounding Canadian ISPs’ use of DPI equipment. I’ve posted an early draft of the document, and invite comments and thoughts. If you want to prepare your own comments, you’ve still got until February 23rd.
Privacy
Update: ‘More Secure’ (non-EDL) Drivers Licenses Coming to BC Soon!
As I’ve written about before, Enhanced Drivers Licenses (EDLs) are coming to British Columbia, as well as many other provinces around the country (I have a wiki page set up to collate information on EDLs). It seems that, at the same time the BC is rolling out EDLs, they are updating their ‘regular’ licenses.
The Canadian Press is reporting that these new licenses will be available in March, and include:
holographic overlays and laser-engraving or raised elements such as the cardholder’s image and signature…The B.C. government said the cards will incorporate technology that analyzes characteristics that do not change, such as the size and location of cheekbones and the distance between the eyes. This “facial recognition technology … will enable ICBC to compare a cardholder’s image with their existing image on file and with the corporation’s entire database of millions of images.” (Source)
Comment: Google Latitude
In the past week or so, Google has receive an enormous amount of attention because of their Latitude program. Latitude, once installed and enabled, will alert specified friends to your geographic location very specifically (i.e. street address) or more broadly (i.e. city). Google has developed this system so that users can turn off the system, can alter how precise it locates users, and has (really) just caught up to the technologies that their competitors have already been playing with (I wrote a little about Yahoo!’s Fire Eagle software, which is similar to Latitude, a few months ago).
While many people have already written and spoken about Latitude, I’ve found myself on a fence. On the one hand, I think that some of the criticisms towards the ‘privacy’ features of the program have been innane – at least one privacy advocate’s core ‘contribution’ to has been a worry that individuals might be given a phone with Latitude installed and active, without knowing about its presence or activation. As a result, they would be tracked without having consented to the program, or the geo-surveillance.
Update: Ontario EDL Suppliers Named
Dr. Ann Cavoukian, the Ontario Information and Privacy Commissioner, announced yesterday that GND (located in Munich) would be responsible for producing Ontario EDLs. Further, she is working with the company Peratech to develop an on/off switch that would enable or disable the EDL RFIDs. As of yet, Peratech only has their technology working with contactless smart cards (i.e. cards with a 10 cm range), but they expect to overcome this. Ann is presently in talks with DHS to let them build the Peratech solution into the EDLs – this ‘privacy protective’ feature is not currently in the EDL spec. This is part of her ‘PETs Plus’, or ‘positive sum’ approach to security and privacy.
BC Privacy Commissioner Would Resign Over Longterm Surveillance
Several sessions about the Vancouver 2010 Olympics were held over the course of the 10th Annual Security and Privacy conference. The BC Privacy Commissioner, David Loukidelis, has stated in each session that he is opposed to the continued presence of surveillance infrastructure installed for the games after the games conclude. When asked by a member of the audience if he would consider resigning were this infrastructure not dismantled (and thus mirror the actions taken by Greek privacy officers when police refused to limit their use of surveillance infrastructure developed for the Athens games) he responded that he would consider it.
Micheal Vonn, the policy directory for BCCLA, noted in her presentations that the Vancouver police have established a policy for ‘routine’ consent searches throughout the lower eastside area of Vancouver during the games – by her rough calculations, around 300 people would be searched each patrol. Over two weeks, this would amount to a minimum of 4200 searches, and this assumes that only one patrol would be moving through the area each day. What is most significant is that the proposed target area is where the safe injection site is, as well as other essential social services facilities for the most disadvantaged in society. Vonn’s information is in the Vancouver police’s business plan, which suggests that a premeditated, unwarranted, search regime may be coming to the games along with other ‘exceptional’ security measures.
Reflections: Day Zero of ‘Life in a Digital Fishbowl’
I’m fortunate enough to be attending the 10th Annual Privacy and Security Conference, Life in a Digital Fishbowl, this year. Monday held ‘preconferences’, and I want to quickly summarize and reflect on the one that dealt with the 2010 Olympic games.
Two sessions were organized, with the first broadly focusing on infrastructure and privacy issues, and the second addressing the need to protect critical infrastructure and consider the ‘legacies’ of mega-events. In the first session, really began with a clear statement that terror threats have reoriented ‘domestic’ threats into the domain of national security and, as a result, a new mode of considering and engaging with security has emerged. As part of this new orientation, the Integrated Security Unit (ISU) has been created to coordinate security agencies across jurisdictional boundaries, but this creates jurisdictional problems. Who can compel what organization to turn over documents, data, and recorded discourse? What should be done when different agencies have very different conceptions of what must remain confidential? Effectively, how do you navigate the varying loyalties and lines of responsibility that members of the ISU hold?
Technology, Thoughts & Trinkets 