Prism and privacy
By Tom de Castella and Kayte Rath BBC News Magazine
Leaked documents have suggested the US government is able to access details of smartphone and internet activity under the Prism scheme. But what can be found out about users in the UK and what other information is held?
The Prism allegations suggest US intelligence agencies had direct access to the servers of nine firms including Google, Microsoft, Facebook, Yahoo, Skype and Apple.
The Guardian has reported that the UK’s electronic surveillance agency, GCHQ,had been able to see user communications data from the American internet companies, because it had access to Prism.
Going onlineWhen you visit a website, your IP address, type of machine and screen size can easily be ascertained.
The website can also see how you got to the site – by what search term or the last website you were on. Your location can be found by cross-referring your IP address with other data.
If you are using a work computer, it’s easy to find out who your employer is. It is an entirely automated process, says technology expert Tom Cheesewright. But an IP address is actually not a foolproof way to follow individuals, he adds.
A user’s IP address on a personal computer can change regularly, he says. For this reason, most companies will only use the IP address to get a vague idea of where their visitors are coming from.
In theory internet service providers (ISPs) can “see” everything a user chooses to do online including every website they visit. But BT, one of the biggest British ISPs, says: “In terms of internet usage BT doesn’t keep a record of any of our customers’ browsing activity as we have no business need for this.”
Many will know of the issue of using cookies for tracking. If you are looking at a news site and click on an advert for a car that will be remembered. When you visit a different site a car advert is likely to appear. Commercial transactions go back forever on a site like Amazon. They know what books you’ve looked at and didn’t buy. Travel sites will record flights you reserved but didn’t end up booking.
It is remembered for at least six months, says Prof Viktor Mayer-Schonberger, co-author of Big Data: A Revolution That Will Transform How We Live, Work, and Think.
Of course, clear your cookies at the end of every browsing session and part of the ability to follow you disappears.
Search engines like Google have the ability to remember your search terms. “Even when you make a mistake it’s remembered,” says Mayer-Schonberger.
Theoretically, this might lead to someone with a legitimate academic interest in terrorism and bomb-making techniques being labelled a terrorist by a computer tracking programme.
But there is disagreement among the experts over the way search engines like Google remember. It is easy to clear your cache and cookies, Cheesewright says. Once you do that Google may remember your searches but can’t connect them to you specifically.
He believes Google’s desire to find out more about you as an individual is tempered by a fear of breaching privacy laws and expectations. It is only interested in the information it needs to target you with advertising and it has quite enough to do that successfully without storing named records of individuals’ search histories.
Gmail and Yahoo both scan users’ emails. They do algorithmic analysis of your email messages, targeting ads that relate to the content of your messages. Defenders point out that “they”, are not people, but machines. And they argue that it is a harmless way of making advertising relevant to users and raising revenues.
Others might say that whether a machine or a human is doing the work, the potential for a privacy breach is there. The Prism whistleblower Edward Snowden has claimed that the National Security Agency has built an infrastructure that can intercept “almost everything”.
“With this capability, the vast majority of human communications are automatically ingested without targeting. If I wanted to see your emails or your wife’s phone, all I have to do is use intercepts. I can get your emails, passwords, phone records, credit cards.”
Some experts have theorised that US security agencies can use basic keyword searches backed by high-powered computing systems to sift through vast quantities of data.
ISPs have certain obligations set out in security legislation. The EU Data Retention Directive requires providers to retain data – such as sender, recipient, time and duration – from both email (and other electronic messaging) and telephone calls for between six and 24 months. The content of messages or calls is not included.
Apps and e-readersMany apps rely on following a person’s exact location. Cycling and running apps show how far you have travelled, your route and average speed. All such data will go “back to the mother ship”, says Mayer-Schonberger. We don’t know what happens to all this data that the application provider has at its disposal. Perhaps nothing. But there is a risk. Such travel apps usually start from someone’s home so they could give away someone’s address.
E-readers can give a surprising amount of data away about someone. Whenever you underline a favourite bit on a Kindle that can be sent back to Amazon. As an author, Mayer-Schonberger says it’s fascinating to see the five most underlined phrases in your book.
Social mediaOn Facebook, people willingly share information with a group of their friends and acquaintances. But the mining of that information for commercially useful data is controversial.
“All the seemingly trivial details we reveal about ourselves online every day can be cross-referenced and correlated often to startling effect,” digital and technology writer Tom Chatfield has said.
If you tweet and say you’re popping out to a particular park for a coffee, someone is on the trail of finding your home address. Cross-refer the postcode of the park with the person’s surname and you might get a person’s website registration details listing home address, mobile and email address.
Tweeting with your location is disabled by default for everyone. But people who enable this feature may later forget just what they are revealing.
Every Facebook like is being logged. Researchers at Cambridge University recently published research showing how even this seemingly trivial data gives people an accurate insight into our personal characteristics. Facebook Likes were 88% accurate for determining male sexuality, 95% accurate distinguishing African-American from white American and 85% accurate in differentiating Republican from Democrat.
PhonePeople may regard their phone as more intimate and therefore more private than a computer. But that is not the case, says Gareth Beavis, phone editor at technology website TechRadar.
A person’s location can be tracked in three ways via a phone. Even when not in use for a call, a mobile phone that is switched on may be tracked to the nearest masts from which it is taking a signal. This is unlikely to give a very exact location, but it has been used in a number of murder cases.
There’s also the wifi network that a phone is using and its GPS – these are both more exact.
Phone calls are seen by many as even more private than emails. After an outcry in the US over the NSA’s request for data from phone operator Verizon, President Obama insisted “nobody is listening to your phone calls”. Instead, the authorities may see telephone numbers and serial numbers, who is calling whom, when a call is made and how long the call lasts. It does not include the content of a call or the callers’ addresses or financial information.
On transport systemsTravel systems that use swipe cards have the potential to accrue data. For instance, when you travel on the London Underground using an Oyster card, swiping the card in and out to pay for your journey, Transport for London (TfL) collects data about your movements.
It records the location, date and time an Oyster card is used both on the Tube and on National Rail services where Oyster is accepted. TfL says the data stays linked with your individual card for eight weeks, after which it is permanently disassociated from that card and held by TfL for “research purposes”.
Is your data also going on a journey?TfL says it takes the privacy of its customers “very seriously” and complies with the Data Protection Act. It says it does not hand the data to third parties for marketing purposes.
But journalist Henry Porter, who has written about privacy, says this kind of data allows potentially anyone to be traced.
“If you have a target and you do have access to Oyster card data you can piece it together with CCTV footage to track someone’s movements,” he says.
ShoppingMost people know that when they do their weekly supermarket shop and use a loyalty card, their local supermarket is building up a profile of them and their shopping habits. The supermarkets use this to target advertising and special offers and make sure their marketing is making the most impact on customers.
When someone signs up for a loyalty card used by chains such as Sainsbury’s, Argos and Homebase, they agree to share their shopping habits with the retailers, who then analyse it to send special offers and information they think the customer might be interested in.
And it’s not just about special offers. It has recently been reported that Tesco intends to use data from its 16 million Clubcard users to help tackle obesity, by giving customers tailored suggestions for how to shop more healthily.
It was claimed that the Target chain in the US was able to second-guess if a woman was pregnant before her own family.
Even supermarkets that don’t have a loyalty card scheme – such as Morrisons – will still track customer habits. Morrisons use an anonymised card number from your debit or credit card when you pay to track which groceries people buy.
The UK is said to have arguably the greatest concentration of CCTV in the world.
No-one knows precisely how many cameras are actually watching the UK, but estimates range from 1.85 million to 4.2 million, making Britons among the world’s most watched people.
But CCTV systems are not connected so there is no overarching control room able to see and collect all our movements.
Facial recognition technology, which uses algorithms to identify facial features and match them to an image database, is also on the rise – offering the prospect that one day “a face could be traced through an entire day in a city centre”, according to Porter.
CCTV images are covered by the Data Protection Act, which gives you the right to see CCTV images of yourself, or images which give away personal information, such as your number plate, but there are no rules on exactly how long the images can be kept for.
The government has recently introduced a new code of conduct to regulate CCTV use. Councils and police forces will have to review regularly all of their cameras to see whether they are still “necessary, proportionate and effective”, but there are fewer regulations on those operating in businesses and on private property.
DrivingPolice have been using automatic number plate recognition cameras for a number of years to track vehicles.
Their network of cameras, which is around 4,000-strong, logs more than 10 million vehicles every day. It takes a snapshot of a car’s number plate and records the date, time and place of capture. The cameras capture the front of cars, and photographs can include images of the driver and any passengers.
The cameras work by scanning number plates and instantly checking them against information stored in various databases to identify vehicles of interest to the police. An ANPR (Automated Number Plate Recognition) camera can read a number plate every second. The data can be used in real time to track and catch anyone of interest to the police on the roads.
In some cases, cameras will actually alert police when a specific number plate drives past it. When officers were looking for those suspected of killing police officer Sharon Beshenivsky in Bradford in 2005, the monitoring system “pinged” every time the getaway car drove past a camera, allowing the police to track their movements in real time.
HM Revenue and Customs and the Serious Organised Crime Agency also use the ANPR system for investigations. So do the DVLA and the Highways Agency.
Private companies can use similar technology on a much smaller scale using their own cameras – for instance, if a supermarket or car park chain wants to enforce parking restrictions or ensure customers do not leave without paying.
The government is introducing a new code of conduct to tighten up access to CCTV and ANPR databases, which it says will ensure both are used proportionately, and are more focused in helping to fight crime.
But critics argue that the code is not strong enough, that it lacks sanctions against those who breach the code, and does not properly regulate private CCTV and ANPR systems.
Credit reference agenciesCredit reference agencies gather data on an individual’s financial life, including data on their credit cards, bank accounts, mortgages and bills.
The Magazine on internet privacy
What is ‘ungoogleable’?: “The word “ungoogleable” has been removed from a list of new Swedish words after a trademark spat. But it raises the question of what can and can’t be found with a search engine.” (March 2013)
How much privacy can smartphone users expect?: “The US Supreme Court could soon allow police to monitor the movements of US mobile phone users without a warrant. Now that most of us carry sophisticated tracking devices in our pockets, how much privacy do we have a right to expect?” (November 2011
Banks, mobile phone providers and even utility companies are among those who pass customer information to these agencies so they can produce reports on creditworthiness.
The three credit reference agencies in the UK are Experian, Equifax and Callcredit. They use a range of data, from the electoral roll to credit card payments. Everyone has the statutory right to see their report, usually for a £2 fee.
A typical credit history lists credit accounts, the date they were opened, the credit limit or loan amount, and whether the individual has missed any payments. It will also include personal details such as name, current and previous addresses and date of birth.
All three major UK agencies have contracts with both central and local government to help tackle benefit fraud – such as benefits claimed on the grounds of living alone.
A local authority could run checks on those receiving the single person discount for council tax, and credit agencies would flag up when other people were also linked with that address – perhaps through bank accounts, mobile phone bills or simply the electoral roll. Further investigations could then be made.
All the agencies stress that they are are bound by data protection legislation and that this is very strictly adhered to.
Electoral rollIt is illegal not to register to vote in the UK, although many people choose not to, for various reasons, and avoid punishment. The result of registration is the electoral roll – a public record of where each voter lives that has proved a goldmine to junk-mail firms, marketing people and journalists over the years.
Britons now have the option not to appear on the publicly available list and instead only to appear on a restricted version for the use of the authorities. But credit reference agencies have successfully argued that they should have access to this unabridged version. Political parties and MPs also have access to the full register.
Choosing not to register means you will struggle to get even the smallest amount of credit.
The publicly available version of the register can be sold to any person, organisation or company and used for any number of purposes, including direct marketing. The electoral roll provides a history of every place you have eve