Detection Technologies, Terrorism, Ethics and Human Rights

FP7-SEC-2007-217862

DETECTER

Detection Technologies, Terrorism, Ethics and Human Rights

Collaborative Project

Quarterly Update on Technology 3

D12.2.3

Project co-funded by the European Commission within the Seventh Framework Programme (2002-2006)
Dissemination Level
PU / Public / X
PP / Restricted to other programme participants (including the Commission Services)
RE / Restricted to a group specified by the consortium (including the Commission Services)
CO / Confidential, only for members of the consortium (including the Commission Services)

Due date of deliverable: 30/11/09

Actual submission date:

Start date of project: 1.12.2008 Duration: 36 months

WP02 Professor Tom Sorell

Author(s): Dr. John Guelke UoB

Detection Technology Survey no. 3

This is the third of 10 surveys and as such is a work in progress and should not be treated in any way as a ‘final analysis’. The taxonomy of risks and harms employed here is evolving and will not necessarily be the same used for subsequent surveys. Any comments, suggestions, errata or requests for more information should be sent to the author, John Guelke, at .

Alternative Approaches

The PRISE project categorises privacy dangers arising from applications of security technology. It conceives basic technologies (e.g. sensor, communications technology) and identifies specific vulnerabilities each suffers from. Thus more complex applications which involve a variety of the above inherit the problems of all: e.g. Machine Readable Travel Documents involve communications technology, sensors, data storage and biometrics.

However, the categorisation departs from those used by industry quite substantially – there is no systematic presentation of the risks posed by the categories of DT as understood by industry. My categorisation of the technologies is written so as to be as continuous with, and user friendly to, industry as is practical.

Note on the Taxonomy of Dangers

The taxonomy of dangers categorises along two axes: the possibilities or risks that come with the use of a particular technology and the distinctive harms these may lead to.

I divide the different possibilities between first, the normal use as generally practiced. Where the use intended by government (second) or potential use permitted under the law (third) departs from this it is commented upon. Some detection technologies involve transmitting or storing the information sought. Somebody may be able to gain unauthorized access at either of these stages, providing our fourth and fifth risks. Sixth, the risk of acquiring extraneous information, irrelevant to any legitimate concern. Some sorts of evidence are particularly given to false positives, the seventh risk. Even information which is legitimately of interest to law enforcement may be sensitive in a potentially harmful way (eighth). Extraneous information acquired may also have this potential (ninth). The tenth risk is that the operator(s) of the technology will abuse it – using it voyeuristically or to pursue vendettas, for example. Eleventh is the risk of mission creep – that detection technologies established for a particular purpose come to be used for further purposes. Twelfth, what I call ‘use creep’ – that the fact that something can be conveniently used for a specific purpose leads to a wide expansion of its use. Thirteenth, the risk that information which is difficult to act upon may make end users legally liable in way that has harmful consequences. Fourteenth, is the issue of whether the subject of surveillance is able to understand the detection process which is occurring or whether it is entirely opaque to her. Finally fifteenth, the question of whether the detection process follows or precedes the crime.

The different harms or injustices highlighted are first, the felt intrusiveness/invasiveness that is a consequence of being subject to another’s scrutiny. Second intrusiveness that follows from other sources, such as the potential consequences of certain information being disclosed. Third, whether the scenario might constitute a miscarriage of justice. Fourth, whether the scenario might constitute discrimination on the basis of social identity. Fifth, the ‘chilling’ effect on legitimate behaviour. By ‘chill’ I mean the disinclination to take part in certain activities which liberal theory holds entirely legitimate, such as free association, free speech and political organisation. If one worries that such behaviour is punishable in anyway, or that it draws unwanted attention to oneself on the part of authorities, one is subject to the ‘chill’ I describe. sixth is the related matter of the non-official sanction one may find oneself subject to. For example if one is unjustly treated with suspicion and harassed by authorities. There have been media reports of individuals being placed on watchlists and denied flights, implying that this is being used as a tool of sanction. Whether or not these reports are accurate, the example makes the point. In such cases the target is not subject to actual criminal charges but are disadvantaged in some other way. Finally seventh, violation of existing legal norms.

News

Main events

Europe

-  Debate over US access to SWIFT database: The Belgian company SWIFT (Society for Worldwide Interbank Financial Telecommunication) proposed a new server in Switzerland for inner European banking transactions, prompting debate over US intelligence services access to this new database. The European Commission were accused of conducting negotiations for US access to this database in the face of widespread opposition of the expressed wishes of the European Parliament, who subsequently adopted a resolution on the need for a new agreement.[1] Sweden, in its capacity as then President, were authorised by the Council of Foreign Ministers to negotiate a temporary deal with the US, whereby information could be granted on a per request basis and stored in the US for up to 5 years. The current draft proposal is reportedly opposed by Germany, France, Austria and Finland, which may result in a decision being delayed until after the Lisbon Treaty comes into force, which would grant the European Parliament a larger role in the decisionmaking process.[2]

-  Debate over establishment of Intelligent Transport System: This proposed system would use information and communication technologies such as GPS embedded in different modes of transport. On the 22nd of July Peter Hustinx, the European Data Protection Officer, issued his opinion on the proposed plan, calling for clarifications and substantial safeguards.[3]

Italy

-  Establishment of DNA database criticised for lack of safeguards.[4]

UK

-  EU ruling forces Britain to change open ended retention of DNA samples of those not subsequently charged with any crime. With over 5,500,000 samples, the UK’s DNA database is now reported to be the largest in the world.[5] Latest stated intention is to hold the DNA samples for no more than 6 years in normal cases, but in any cases involving terrorism or other violent crime to retain them indefinitely.[6]

-  Legislation to establish Interception Modernisation Programme, obliging ISPs and Mobile Phone companies to store information of people’s internet, email, phone call and texting activity, is delayed until after the current parliamentary session.[7]

-  Confirmed and alleged cases of company employees selling on private information for commercial purposes.[8]

-  The Information Commissioners Office have been granted new powers to fine companies who seriously breach data protection principles, but some have claimed these do not go far enough.[9]

Romania

-  Romanian Constitutional Court declares European Data Retention Directive incompatible with the Romanian Constitution.[10]

Belgium

-  Discussions on implementing the EU's controvertial Data Retention Directive have sparked the proposal to retain electronic communication traffic data for 2 years, citing the needs of the police and the prosecutors office. That figure has been disputed by the Belgian ISP association, who express concern about costs to customers, and the Belgian Data Protection Authority.[11]

New Products

·  More and more Internet Protocol cameras and systems are being produced.

·  Video analytics systems offer the possibility of improving the usefulness of CCTV, by providing the ability to ‘search’ for specific patterns (ethical issues raised in taxonomy). Likewise emerging facility for voice recording analysis.

·  One product, a software management system for the retention and retrieval of IP Data, explicitly marketed itself as a tool to enable telephone operators to comply with the European Data Retention Directive.[12]

·  A number of new face recognition systems have come to market, some of which integrate with CCTV.

·  A couple of companies are now offering new integrated systems combining, eg. CCTV, Biometric Access control, Number Plate Recognition etc.

·  Handheld devices enabling police on the ground to have access to sensitive databases, such as that on criminal records offer the possibility of a large efficiency saving (ethical risk discussed in taxonomy).[13]

Scanners

American Science and Engineering Z Backscatter X-ray scanners - http://www.as-e.com/products_solutions/z_backscatter.asp[14]

Rapiscan Secure 1000: Back Scatter X Ray Body Scanner – http://rapiscansystems.com/rapiscan-secure-1000.html[15]

Thermo Fischer Scientific Mobile Advanced Radioisotope Identification System: Radiation detecter – http://www.prosecurityzone.com/Customisation/News/Detection/Radiation_Detection/Washington_Police_successfully_test_dirty_bomb_detector.asp

Universal Detection Technology[16] TS 10 5: Handheld device to test sample for presence of anthrax, ricin toxin, botulinum, Y. pestis and staphylococcal – http://www.udetection.com/productDetail.asp?ProdID=38

Cameras

Smartvue Network Video Surveillance Systems: An integrated network video system with wireless and wired cameras, network video recorders, and remote access. http://www.kanecomputing.co.uk/smartvue.htm

Genetec – Security Center Unified Security platform: Integrates IP camera network, IP access control and licence plate recognition. http://www.genetec.com/English/Products/Pages/security-center-unified-security-platform.aspx

TSS DVR: Mobile CCTV (mounted on police vehicles) - http://www.tssltd.co.uk/mobile-cctv.html

Agent Vi Analytics: Allows search of CCTV video “by event (e.g. crossing a line, movement) or target parameters, including type (people, vehicle, object), size and color” and performs real time ‘analysis’ which identifies and generates alerts for a variety of user-defined events “relating to people, vehicles and objects” – http://www.agentvi.com/category.aspx?catid=2

Ioimage Ioicam Sc1dn: Integrated system combining IP CCTV cameras (with night vision) with onboard video analytics (for example can Intrusion Detection, Tripwire Crossover, Fence Trespassing and Camera Tampering. The unit can also be easily configured to detect unattended baggage, object removal, loitering and stopped vehicles. ) – http://www.ioimage.com/?p=ProductDetails&ClusterID=1599&ParentID=624&FatherID=775

Smart Witness Journey Recorder: Camera and GPS device for evidence gathering on a vehicle – http://www.smartwitness.com/product/3/vehicle_journey_recorder_with_cctv_camera_and_gps_logging

Panasonic SD5 cameras: has video motion detection (can be configured to detect and track intruders, and also detect left or removed objects) – http://www.prosecurityzone.com/Customisation/News/Surveillance/IP_and_Megapixel_cameras/SD5_technology_cameras_available_from_Norbain.asp

Panasonic IP Cameras - http://catalog2.panasonic.com/webapp/wcs/stores/servlet/ModelDetail?displayTab=O&storeId=11201&catalogId=13051&itemId=373000&catGroupId=14471&surfModel=WV-NW502S

http://catalog2.panasonic.com/webapp/wcs/stores/servlet/ModelDetail?displayTab=O&storeId=11201&catalogId=13051&itemId=360500&catGroupId=14471&surfModel=WV-NP502

ONSSI Ocularis: IP Video Management System, incorporating BriefCam[17] search and review analytics, enabling – http://www.onssi.com/ocularis.html

Vista Bullet Camera VBC520: Discrete IP camera – http://www.vista-cctv.com/news/ref:N4AC47CCD37F0D/

Copper Eye IPRS: IP Camera data retention and retrieval system – http://www.coppereye.com/news_press/pressreleases/?id=46

Napco iSee Video: Products enabling remote viewing of CCTV camera feeds over internet connections, including “live video on the Apple iPhone, and...live Motion JPG images on any web enabled cell phone”. Latest addition “Single Channel Gateway” extends this ability to analogue camera feeds – http://www.napcosecurity.com/video.html

Samsung Techwin SDC-435: Day and Night camera – http://www.samsungtechwin.com/prd/pro_view.asp?pro_uid=4682&cat_uid=14&cat_biz=CTV&cat_lev=AA

Vista SmartDisc: IP camera recording and alarm transmission system - http://www.vista-cctv.com/news/ref:N4AE01F49D923B/

Phone Monitoring

Storacall Voistore Systems: Makes recording of all mobile phone calls made on device and can store them on a central server – http://www.storacall.co.uk/svs_voistore.htm

ASC InspirationPro 9.0 and EvoIP 9.0: Voice over Internet Protocol products. InspirationPro provides analysis of recorded call data and screen activities. EvoIP captures telephone calls from the network and enables storage, playback and archiving of the entire interaction. http://www.asctelecom.com/download/presse/ASC_Gitex_INSPIRATIONpro_EVOip_9_0.pdf

Biometrics

Cognitec FaceVACS-DBScan matches photographs to images from trusted databases of images - http://www.cognitec-systems.de/FaceVACS-DBScan.21.0.html?&L=0

Cognitec FaceVACS-VideoScan compares faces in video streams to “possible ‘watch-list’ matches” - http://www.cognitec-systems.de/FaceVACS-VideoScan.20.0.html?&L=0

Cognitec FaceVACS-Sentry compares face on video feed with prior photographs - http://www.cognitec-systems.de/FaceVACS-Sentry.14.0.html?&L=0

Crossmatch Lookout Matcher: Facial recognition software that compares inputted images to a database or “watchlist” for potential matches - http://www.crossmatch.com/LookoutMatcher.html

Crossmatch Lookout Collecter: A combined digital video recorder and facial collection software locate and extract facial images from video footage for automated identification and verification. Available as a standalone unit or can be networked to Lookout Matcher – http://www.crossmatch.com/LookoutCollector.html

Cogent Systems Mobile Ident III: Multi-biometric handheld fingerprint identification device for “remote subject identification, disaster scene management, ID document authentication, traffic citation, etc” – http://www.cogentsystems.com/MobileIdentIII.asp

Crossmatch Be.U Mobile: Range of handheld fingerprint and smartcard readers. The Be.U SMC-800MC3 ePassport reads RFID chips – http://crossmatch.com/BeU_Mobile.html

Databases and Datamining

Vodafone Bespoke Service for South Yorkshire Police: Mobile access (via Blackberry) to Criminal Records Database: http://www.vodafone.com/start/media_relations/news/local_press_releases/uk_press_releases/2007/south_yorkshire_police.html

Product Categorisation

Cameras

·  CCTV

·  GSM/Infinity Cameras

·  Infrared Cameras

·  IP Cameras

Audio Surveillance

·  Range of bugs using GSM, UHF an VHF technology disguised as clocks, plugs etc. http://www.spycatcheronline.co.uk/spy-phones-c-52.html?spyid=7f03f93e6286532489e51fbcf141f859

Scanners

·  Millimetre Wave technology Body Scanners for catching people smuggling e.g. weapons. For use at airports.

·  http://www.smithsdetection.com/eng/threat_people_screening.php

·  Body Orifice Security Scanner (Boss). A chair which will search the subject’s body cavities while they are fully clothed. For use in prisons.

·  http://www.bodyorificescanner.com/

·  Cargo container/Truck scanner http://www.smithsdetection.com/eng/narcotics_x-ray.php

·  Narcotics/explosives trace detector. Will pick up traces of TNT, C4, RDX, PETN, Semtex, Detasheet, TATP and Urea Nitrate and Heroin, Cocaine,

·  Amphetamine, Methamphetamine, MDA, THC, LSD and Ecstasy with other substances available on request. http://www.scenttech.

·  com/index.aspx?id=3334

·  Walk through narcotics/explosives detector http://www.smithsdetection.com/eng/Sentinel.php

Vehicle Trackers

·  Vehicle tracking equipment. http://www.spycatcheronline.co.uk/vehicle-tracking-c-48.html

Phone Monitoring

·  Landline

·  Mobile

·  Software for mobile phones that, without any change to normal functioning, will notify a third party

-  Whenever the phone is switched on

-  Whenever a text is sent/call is made

-  Will send information on what number has been called/texted

-  Will send a copy of the text

-  Enables you to ‘phone in’ and listen to the call

-  Enables you to phone in and listen in to whatever the microphone can pick up, effectively turning the phone into a bug http://www.spycatcheronline.co.uk/interceptor-software-with-nokia-phone-list-included-p-746.html

·  Range of Mobile Phone Tracking Services http://www.mobilelocate.co.uk/, http://www.google.co.uk/latitude/intro.html

Computer Monitoring

·  ‘Trojans’

·  Key logging equipment: easily installed, keeps a record of the input into a computer http://www.spycatcheronline.co.uk/type-logger-p-585.html

·  Device for recovering deleted texts from mobile phones http://www.eyetek.co.uk/section/0/deleted-text-spy

Databases and Datamining

Biometrics

·  10 finger and palm print Livescan systems - digitises finger/palm print for cross referencing with central (FBI) databases http://www.crossmatch.com/10print_live_scanners.html

·  Single/dual fingerprint scanner http://www.crossmatch.com/single_finger_scanners.html