Time to get Angry about Data Protection!

Angry-Birds-HD-WallpaperThe latest revelation from the Snowden leaks has caused a good deal of amusement: the NSA has been ‘piggybacking’ on apps like Angry Birds. The images that come to mind are indeed funny – I like the idea of a Man in Black riding on the back of an Angry Bird – but there’s a serious point and a serious risk underneath it, one that’s particularly pertinent on European Data Protection Day.

The point is very simple: the NSA can only get information from ‘leaky’ apps like Angry Birds if those apps collect the information in the first place. If we want to stop the NSA gathering data about us, then, ultimately, the key is to have less data out there, less data gathered – less data gathering, and by commercial entities, not just by governments. Why, you might (and should) ask, does Angry Birds need to gather so much information about you in the first place? And, more importantly, should it be able to?

This hits at the fundamental problem that underlies the whole NSA/GCHQ mass surveillance farrago. As Bruce Schneier put it, quoted here:

“The NSA didn’t wake up and say, ‘Let’s just spy on everybody.’ They looked up and said, ‘Wow, corporations are spying on everybody. Let’s get ourselves a copy.’”

If we want to stop the NSA spying, the first and most important step is to cut down on commercial surveillance. If we want the NSA to have less access to our private and personal data, we need to stop the commercial entities from have so much of our private and personal data. If the commercial entities gather and hold the data, you can be pretty sure that, one way or another, the authorities – and others – will find a way to get access to that data.

That’s where data protection should come in. One of the underlying principles of data protection is ‘data minimisation’: only the minimum of data should be held, and for the minimum length of time, for a specific purpose, one that has been explained to the people about whom the data has been gathered. Sadly, data minimisation is mostly ignored, or at best paid lip service to. It shouldn’t be – and we should be getting angry about it. Yes, we should be angry that Angry Birds is ‘leaky’ – but we should be equally angry that Angry Birds is gathering so much data about us in the first place.

Whatever happens with the reform of data protection – and the reform process has been tortuous over the last two years – we shouldn’t let it be weakened. We shouldn’t let principles like data minimisation be watered down. We should strengthen them, and fight for them. Data Protection has a lot of problems, but it’s still a crucial tool to protect us, and not just from corporate intrusions but from the excesses of the intelligence agencies on others. On European Data Protection Day we should remember that, and do our best to support it.

Minority Report on the Tesco Forecourt?

A story came out yesterday that sent a few chills down privacy advocates’ spines. As reported in the Telegraph

“The ‘OptimEyes’ system will be rolled out into 450 Tesco petrol forecourts, which serve millions of customers a week.

It works by using inbuilt cameras in a TV-style screen above the till that identify whether a customer is male or female, estimate their age and judge how long they look at the ad.
The ‘real time’ data is fed back to advertisers to give them a better idea of the effectiveness of their campaigns and enable them to tailor ads to certain times of the day.”

The story was repeated in a number of places, with varying degrees of criticism – but it was good to see that most of the reports did at least talk about the privacy angle, because, despite what Tesco and the providers of the system, Alan Sugar’s company Amscreen, might suggest, there really IS a privacy issue here. In fact, there are many privacy issues.

Data Protection

Tesco have ‘reassured’ us – even directly tweeting me about it – that there is no data protection issue here, that no data is collected or stored. I wonder how they are managing that – and whether they understand how digital technology works. In order for their analysis to take place – through which they attempt to ascertain the age and sex of the person in the queue – a photographic image of some kind must be taken. The ‘inbuilt camera’ mentioned must take such an image. That image is then analysed – for things like hair length, shape of face etc – in order to make that determination.

From what I have read it looks as though the OptimEyes system then discards the image – which is, presumably, why Tesco think no personal data is ‘collected or stored’. That, however, is highly unconvincing. First of all, the image IS personal data. Secondly, even if it is immediately discarded, it has still been collected. That engages Data Protection – and means that, in these circumstances, Tesco would presumably need to get the consent of the people who they are photographing. I find myself wondering how they are planning to do this – and whether they are really aware of the requirement. What’s more, that consent needs to be informed consent. I look forward to seeing the notifications on the systems making clear what is going on….

Vulnerabilities and function creep

It’s important also to understand that a system like this will also automatically have vulnerabilities – and that the functions to which it is put may ‘creep’. Once the systems are set up, new uses will be found for them. Economics is part of what drives this – any business wants to get the best out of its assets. Technology is another part of it: if you have the cameras in place, then why not use the latest analytic software on the images? They may currently promise not to use facial recognition software, only basic facial scanning software, but once we’re softened up to this system (see normalisation below) it will only be a matter of time before the software is ‘upgraded’. And then integrated with the Clubcard data of the shopper using the till?

Vulnerability is another side to this. Where data is gathered, it is always vulnerable – that is axiomatic. Even if it is held only for an instant it can be intercepted. Systems can fail. They can be hacked. Presumably the data is being analysed and tested so that the systems can be improved and developed – that testing adds additional vulnerabilities. Anyone paying even cursory attention to the NSA/GCHQ leaks from Edward Snowden should understand how easily and often systems can be compromised – and systems like those set up for seemingly innocuous things like advertising often have far fewer and less effective security that those that are taken more seriously. Why break into carefully control security cameras when you can hack more simply and easily into an insecure advertising camera system?

The security bargain?

That brings into play another issue that was brought up by a number of people in discussions over Twitter yesterday. The argument goes roughly like this: ‘there are already CCTV cameras everywhere, and we don’t care about them – why does this matter?’ It is true, of course, that CCTV cameras are pretty much everywhere in the UK today, and also true that for the most part we simply accept their existence. Why, then, do I think this is different? The first reason is that there is a different ‘bargain’ going on. With security based cameras the bargain is at least in some ways equal. We sacrifice some of our privacy in exchange for  at least a perception of an improvement in our security. We benefit from the (at least perceived) lowering of crime. Our environment is safer.

With this kind of system there is no such bargain going on. We are sacrificing some of our privacy – and in reality getting nothing in return. The only people benefiting from this are Tesco – and Amscreen. That is quite different.

Normalisation – and creepiness

For me, this is the most important angle. The reaction of many people, when reading about this kind of story is ‘this is really creepy’. They’re right – it is creepy. Even Simon Sugar, son of Alan, said ‘Yes it’s like something out of Minority Report’, without apparently realising that wasn’t something to be proud of. Creepiness matters – and we shouldn’t discard our cares about it just because they’re ’emotional’. Personally I hope we keep on thinking this sort of thing is creepy – because the time we really need to worry is when we don’t think of it as creepy. When we’ve been so softened up by the constant attacks on our privacy to accept this as ‘normal’. That’s the key risk here for me – the risk of normalisation. The more systems like this are accepted without question, the easier it is for our lives to be constantly monitored and controlled. The less freedom we have.

This particular system may not matter very much. It may, as some have said to me, be pretty trivial and unlikely to work – there have been a few jokes about the unreliability of Amstrad technology in the past – but the normalisation really does matter. If Tesco are followed by Sainsbury’s, by Asda, by Waitrose etc etc and then these systems become the default, we really will have sleepwalked into a Minority Report situation.


A few things have been suggested – from wearing wigs, baseball caps and even burkas. I even toyed with the idea of wearing a Lord Sugar mask – but the best, right now, seems to me to be simply not use Tesco petrol stations… and to make a noise about this! Tell Tesco what you feel, that you don’t want this kind of system. Ultimately, Tesco will only make decisions based on money. If enough people stay away, if they get no economic benefit, then they might change their minds. Sadly it seems unlikely. In this country we don’t seem to care nearly enough about our privacy…..