Security

The police cannot deal with the amount of information generated by surveillance cameras, according to the U.K.'s Association of Chief Police Officers.

Ian Readhead, director of information for the ACPO Criminal Records Office, said this week that police are overwhelmed by the volume of such data and that one of his major concerns is that police don't have the capability to track a car in real time using the Automatic Number Plate Recognition System, which is part of the surveillance cameras' functions.

"The problem is the amount of data," said Readhead, speaking at a data protection in event in London on Wednesday. "The worry for me is that a child is kidnapped in Kent, and (the car) goes through a number of cameras, not being picked up."

The plate recognition system uses optical character recognition to convert digital pictures of car number plates into characters, which are then held in a list. The technology was launched in part to aid the tracking of suspects, but, according to Readhead, there is simply too much information for the police to be able to use.

The U.K. has about 4 million surveillance cameras in use.

Dominic Grieve, the Conservative party's "shadow" home secretary, said that the efficacy of closed-circuit TV as a crime fighting tool is dubious and that police use of CCTV is hampered by lack of resources.

"CCTV provides evidence, but evidence firstly doesn't prevent crime, and secondly in many cases the police don't have the time or resources to look at CCTV (footage)," Grieve said. "In fighting crime, mass surveillance through CCTV is highly questionable."

Michael Wills, the minister of state for the Justice Ministry, said at the same conference that surveillance cameras have public support.

"I don't believe CCTV is a mistake. My constituents are begging for it," said Wills. "We are living in a very rapidly changing world. Technology is driving that (change); it's not because the government is hell-bent on controlling everyone."

In February, a House of Lords committee in the U.K.

Tom Espiner of ZDNet UK reported from London.

This story has been updated. See below for details.

Watchdog group Privacy International has filed a formal complaint with the U.K. government over the recent introduction of Google's Street View in Britain.

Simon Davies, director of Privacy International, argues that Street View has caused "clear embarrassment and damage" to many residents of the U.K., according to a BBC News report. The street-level feature of Google Maps, which debuted in the U.K. last week, provides a driver's-eye photographic record of urban landscapes, including storefronts and pedestrians.

The complaint was filed with the Information Commissioner's Office, which confirmed that the documents had been received, but declined to provide any details. Privacy International did not immediately respond to inquiries.

Street View should be "switched off" while the U.K. government investigates the matter, Davies said, according to the BBC. Privacy International is said to cite 200-plus reports of Street View making members of the public identifiable.

The Information Commissioner's Office worked with Google before Street View was launched in the U.K. and said that the Internet giant offered assurances that adequate safeguards would be put into place. In a statement provided Tuesday, the ICO said:

It is Google's responsibility to ensure all vehicle registration marks and faces are satisfactorily blurred. Individuals who feel that an image does identify them (and are unhappy with this) should contact Google direct to get the image removed. Individuals who have raised concerns with Google about their image being included - and who do not think they have received a satisfactory response - can complain to the ICO.

Google CEO Eric Schmidt told the BBC that the company agrees with privacy concerns. "The way we address it is by allowing people to opt out, literally to take anything we capture that is inappropriate out," he said in the BBC story, "and we do it as quickly as we possibly can."

In February, Google won a lawsuit in a U.S. court over a complaint by a Pittsburgh couple that Street View had violated their privacy.

Update 7:28 a.m. PDT: Privacy International has provided a copy of its filing with the ICO. The gist:

In summary, we believe on the basis of complaints received, that the service has created numerous instances of embarrassment and distress and that the promised privacy safeguards do not provide adequate protection to shield Street View from the general requirement to provide notice prior to collection of the data. We also believe that the technology has created substantial threat to a number of individuals and that the extent of intrusion into the homes of some complainants is unlawful. In such cases, Google should have acquired consent from individuals before images were captured.

Among the complaints cited by Privacy International:

• A woman who has for several years been moving house to avoid detection from a former violent partner complained to us that she felt extreme distress when Street View identified her outside her new home.

• Two men working for a large organization were identified by work colleagues in a situation which gave the appearance that they were kissing each other. This was not the case, but the image - subsequently widely circulated throughout the organization - has caused great humiliation to them and their (female) partners.

• A fifteen year-old boy was caught on Street View carrying a skateboard, which his parents had expressly forbade him from using. The boy subsequently had a row with the parents and is now staying with friends.

The U.K. government is considering the mass surveillance and retention of all user communications on social-networking sites, including Facebook, MySpace, and Bebo.

Vernon Coaker the U.K. Home Office security minister, on Monday said the EU Data Retention Directive, under which Internet service providers must store communications data for 12 months, does not go far enough. Communications such as those on social-networking sites and via instant-messaging services could also be monitored, he said.

"Social-networking sites such as MySpace or Bebo are not covered by the directive," said Coaker, speaking at a meeting of the House of Commons Fourth Delegated Legislation Committee. "That is one reason why the government (is) looking at what we should do about the Intercept(ion) Modernisation Programme, because there are certain aspects of communications which are not covered by the directive."

Under the EU Data Retention Directive, from March 15, 2009, all U.K. ISPs are required to store customer traffic data for a year. The Interception Modernisation Programme, or IMP, is a government proposal, introduced last year, for legislation to use mass monitoring of traffic data as an antiterrorism tool.

The IMP has two objectives: that the government use deep-packet inspection to monitor the Web communications of all U.K. citizens; and that all of the traffic data relating to those communications are stored in a centralized government database.

The U.K. government has previously said communications interception is "vital" and has hinted that social-networking sites may be put under surveillance. And responding to a question from Liberal Democrat Parliament member Tom Brake, Coaker said all traffic data on social-networking sites and through instant-messaging services may be harvested and stored.

"The honorable member for Carshalton and Wallington will also know the controversy that currently surrounds the Intercept(ion) Modernisation Programme," Coaker said. "I look forward to his support when we present (IMP) proposals, which may include requiring the retention of data on Facebook, Bebo, MySpace, and all other similar sites."

Deep-packet inspection, the second strand of the IMP, involves intercepting and examining the contents of all data packets that flow over a network. In Monday's meeting, Coaker said the government still intends to have a consultation on whether to inspect and then store all Internet traffic data in a centralized government database.

"What is the point of having a consultation if, as the honorable gentleman implies, the government (has) already made up (its) mind to have a central database?" Coaker asked. "We have not made up our mind. We have said we will consult on a variety of options."

Opposition to the government's IMP proposal has been fierce. Cambridge University computer security expert Richard Clayton told ZDNet UK on Wednesday that the government proposal to monitor social-networking traffic was "extremely intrusive."

"The question is whether it's necessary or proportionate, and the short answer is no, it doesn't look that way," said Clayton. "If the government wants to make us safer, having a few more police on the electronic beat would be a good idea."

Clayton said the problem for the government is that the Data Retention Directive applies only to data held by Internet service providers, but that a large number of people don't use ISPs' systems to communicate, instead using online services such as Web mail and social-networking sites. Servers may be located in different jurisdictions, Clayton said, and data retention times may be short.

"The government wants to collect all of this data on everybody, just in case," Clayton said. "Suppose you use (an e-mail service based in Pakistan), and you blow up the Houses of Parliament. The government would have to persuade the Pakistani authorities to turn over the logs, which may then turn out only to have been retained for three days."

However, Clayton believes that the cost of harvesting this information, which would involve all U.K. Internet infrastructure providers and ISPs having "black boxes" to monitor data, would be prohibitively expensive. Clayton said taxpayers' money would be better spent on the police, who could target investigations to those they suspect of criminal activity, rather than on performing blanket surveillance of everybody.

"To deploy deep-packet inspection equipment isn't cheap--the word 'billion' is appropriate," Clayton said. "It took the Home Office the best part of a year to find 3 million pounds for the Police e-Crime Unit. That's what is wrong with this picture."

Web inventor Sir Tim Berners-Lee also opposes the use of deep-packet inspection to inspect people's data. Berners-Lee told ZDNet UK last week that the Internet should not be "snooped" upon.

"If (third parties) are using the data for political ends or commercial interest, there we have to draw the line," Berners-Lee said. "There's a gap between running a successful Internet service and looking inside data packets."

Tom Espiner of ZDNet UK reported from London.

New powers are needed to combat a culture of "pervasive" surveillance that has seen the U.K. become the most spied-upon country in the world, the Lords said Friday.

The U.K. is now watched by more about 4 million CCTV cameras and details of 7 percent of the population is held in the National DNA Database (NDNAD)--more than any other country, according to chairman of the House of Lords Constitution Committee, Lord Goodlad.

At the same time national databases designed to hold personal information on nearly every U.K. citizen are being set up across Whitehall, from the NHS Care Records Service to the ID cards National Identity Register, according to a report by the committee released Friday.

Meanwhile businesses and banks are gathering data on the public from CCTV, Web browsing behavior, CRM systems and tracking the use of loyalty cards, the report says, adding that the government also wants access to this data.

"Every time we make a telephone call, send an email, browse the internet, or even walk down our local high street, our actions may be monitored and recorded," the report said.

Goodlad said in a statement: "There can be no justification for this gradual but incessant creep towards every detail about us being recorded and pored over by the state."

Citing instances where councils have spied on citizens when investigating littering, the report says that any victims of "unlawful surveillance" by a local authority should receive compensation and that local authority snooping under the Regulation of Investigatory Powers Act should be monitored by the courts.

Any future surveillance or data processing scheme suggested by Whitehall should be closely scrutinized by a dedicated parliamentary body and the information commissioner before it goes ahead, the report said.

This should be paired with legally binding guidelines on the operation of all CCTV systems it added.

The report also said the government should act swiftly to comply with last December's ruling by the European Court of Human Rights that innocent people's DNA should be removed from the NDNAD, a decision that could see about 850,000 people's details deleted.

The information commissioner should also be able to carry out unannounced spot checks on private sector organizations to check they are complying with the data protection act, the report recommended.

A Ministry of Justice spokesman said: "The government has been clear that where surveillance or data collection will impact on privacy they should only be used where it is necessary and proportionate.

"This provides law enforcement agencies with the tools to protect the public as well as ensuring Government has the ability to provide effective public services while ensuring there are effective safeguards and a solid legal framework that protects civil liberties."

Simon Davies, director of Privacy International, said: "This report reflects a sea change in public opinion. The language is robust and unequivocal about the need to address surveillance as a matter of urgency.

"Hopefully this will pave the way to overturn the parts of the Coroners and Justice Bill that will give government ministers the ability to demand data sharing between organizations."

Nick Heath of Silicon.com reported from London.

The DNA records of about 850,000 people could be wiped from the U.K.'s national database after the European Union ruled it breached human rights.

The European Court of Human Rights decision on Thursday means that the DNA details and possibly fingerprints of people suspected of a crime, but later cleared, could be removed.

The court found that in keeping the DNA details of people suspected of a crime the "state had overstepped any acceptable margin of appreciation."

The case was brought by two Britons, Michael Marper and "S", who were cleared of crimes and challenged the government over their details being kept on the 4.5 million-strong police database.

A U.K. Home Office representative said the government has until March before it must take any action on the ruling.

Home Secretary Jacqui Smith expressed dissatisfaction with the verdict, saying in a statement: "DNA and fingerprinting is vital to the fight against crime, providing the police with more than 3,500 matches a month, and I am disappointed by the European Court of Human Rights' decision...The existing law will remain in place while we carefully consider the judgment."

Privacy pressure group NO2ID welcomed the decision with the organization's national coordinator Phil Booth describing it as a victory for liberty and privacy.

Nick Heath of ZDNet UKreported from London.

A pilot program of the U.K.'s national identity card plan will be compulsory at one of the two participating airports.

Workers will be required to enroll in the program at London city airport, the Home Office said Thursday. The move comes despite repeated assurances from the Home Office that U.K. citizens will not be compelled to have an ID card or enter their biometric details onto the National Identity Register.

Also on Thursday, the government said that retailers, post offices, and banks can apply to become biometrics enrollment sites for the cards.

At the end of this month, foreign nationals will need to apply for the cards. It will be several years before any nationwide enrollment for citizens takes effect under the highly controversial plan.

Richard Gooding, chief executive of London city airport, said the cards would be required for workers.

"Our intention is that, working with the Home Office, all staff will be enrolled over an 18-month period," Gooding said. "We shall make it compulsory."

Gooding said U.K. airports already have compulsory biometric identification systems, but that they only work on an individual airport-by airport basis. He added that the compulsory ID card will work at London city airport and at the other location in the pilot program, the Manchester airport.

Geoff Muirhead, the group chief executive of the Manchester Airports Group, said that the Manchester airport also plans to make the cards compulsory, once it has had discussions with unions.

"For new workers and renewals, we expect the cards to be compulsory, but we need to talk to the unions," he told ZDNet UK.

Anti-ID card campaigner Phil Booth derided the plan.

"It's a pilot, and yet it's compulsory," Booth said. "These people will be in the National Identity Scheme for life, subject to a lifetime of surveillance. That's appalling. What (is) London city airport doing?"

The British Air Transportation Association (BATA), a trade body that represents airlines, said that its members could "see no benefits" from participating in the plan.

"It's clear we've been picked on as guinea pigs for the scheme," said Roger Wiltshire, secretary general of BATA. "We've yet to see any benefits. As far as our members are concerned, they have not been asked whether they would be happy to participate in the trial."

Tom Espiner of ZDNet UK reported from London.