Today I have been explaining that I am not against CCTV- but if it is going to be used the cameras should be able to provide clear images and all of the evidence should be usable in court. Currently only 20% is usable. At the moment we just have a placebo effect for Citizen UK.

Many of the Samizdata comments focus on Davis’ support for CCTV as evidence of a less-than-liberal outlook, however I think he makes a partially valid point. I agree that the quality of images from CCTV systems needs to be sufficient to identify individuals: the evidence they collect is useless otherwise. Likewise, cameras should be installed so they are actually capable of capturing images of faces. Lenses on 10m posts look down on nothing but the tops of heads (and blouses, apparently). However, as I have previously noted, calling for better CCTV doesn’t imply support for more CCTV. This is where I too part company with Davis.

I fear the CCTV genie cannot be persuaded back into its bottle by rational argument, as public perception and the psychology of security theatre have significant bearing on the current situation, however I think we should be pressing for a massive reduction in CCTV covareage; effective regulation and licensing of schemes that can be proven useful; and improved installation- and technical standards all round.

Wouldn’t it be better if social workers, teachers, the police, healthcare professionals and others in public service were empowered to build respectful, constructive relationships with their clients, and to exercise professional judgement to achieve positive outcomes, rather than being under the cosh of an inflexible, kafkaesque bureaucracy that often causes the very tragedies it’s supposed to prevent? Social workers should do social work, not politicians!

I wrote about the wholesale surveillance of children and families back in 2006.

Hat tip: ARCH blog (highly recommended reading, by the way).

• it introduces other security and privacy risks that wouldn’t otherwise exist;
• the money could be better spent on actual security; and
• Panoptic surveillance changes the behaviour of innocent people.

The CCTV genie won’t be returning to its bottle in the foreseeable future, so we need to push for strategic and legislative changes to address these issues and resolve the failings of the current system. Fortunately, at least one of the three main political parties now seems to agree: the Tories announced Wednesday that a Conservative government would put strict new limits on the use of surveillance cameras. (It will be interesting to see if they follow up the headlines with substantive proposals!) Once again, Spy Blog provides good commentary, along with a commendable wish-list of changes that, if implemented, would see CCTV in the UK transformed from being a privacy-violating white elephant into a legitimate and proportionate crime-fighting tool.

Let’s start an evidence-based debate in favour of making CCTV more respectful of individual privacy, more cost-effective and more than just a sticking plaster on crime in the UK.

There’s discussion on Slashdot and Spy Blog has some analysis.

Path Intelligence - the makers of the FootPath system - claim shoppers’ anonymity is preserved, but that doesn’t sit well with the technical details. FootPath doesn’t just aggregate anonymous data on shoppers’ movements. Use-cases promoted by the manufacturer include taking decisions and actions based on individual behaviour. Under “security” they list “identify unauthorized individuals in ‘no go’ areas” as a feature. Presumably the idea is that minimum-wage security guards can then be dispatched to escort the offending person from the premises. I wonder how anonymous those lucky shoppers will feel.

Individual phones are tracked using their IMEI, which is unique to each mobile regardless of the installed SIM. Path Intelligence don’t make clear whether this unique reference is preserved and recorded, or deleted in favour of an internal primary key. Apparently the system actually tracks TMSIs, which are “…hashed as soon as [the system receives] them to make it much more difficult to combine them with other data”. This provides greater anonymity than tracking IMEIs, however even given that the data is rendered pseudonymous, it could still be cross-referenced with other sources of information to personally identify shoppers: CCTV systems, cash register records, credit-card data, ANPR cameras and RFID stock-control tags all come to mind.

Mobile phone outlets are likely to be especially interested in the FootPath technology. These are the retail arms of the cellular networks so they may already be able to link people to their IMEIs using billing records. …but apparently this can’t be done if the system uses TMSIs. I (still) imagine they’d jump at the chance to see which of their existing customers are visiting their rivals so they could bombard them with special offers or incentives not to switch.

If the system were deployed across multiple retail sites, a retail chain with a presence at each could follow customers between locations, providing an even more detailed record of individual habits and behaviours. TMSIs change frequently as users roam between locations, so it shouldn’t be possible to associate tracks plotted in different localities.

It’s not just retailers and shopping centre managers who might be interested in the data collected by FootPath. Police and other law enforcement agencies will inevitably grok the system’s potential to track “persons of interest” - and the people whose company they keep - with a much greater level of accuracy than traditional cell-based triangulation. The long arm of the law would also be more able than commercial organisations to reach into and cross-reference other data systems. I bet they wouldn’t need a warrant to request this kind of data either! It would be easy to imagine customers being investigated for “shopping in the vicinity of a terrorist” given the current practice of snooping on people driving near a suspect vehicle.

Some commentators have raised the question of informed consent relating to this tracking activity. I agree it would be best practice to inform shoppers that their every move will being watched by an automated system, but as FootPath deployments have so far been restricted to private property (shopping centres and transport interchanges tend to be privately owned in the UK), there’s a question over whether the managers of such places have any obligation to notify the public. I think there’s a legal requirement to display warning signs about CCTV systems - at least, I’ve seen such signs being displayed - but FootPath might not be covered under the same rules. Does anyone know anything more on this point?

It’s also been mentioned that the system might either be illegally receiving radio signals or is somehow pretending to be a mobile phone network in order to obtain IMEIs TMSIs. I don’t have a good enough understanding of the GSM to comment on the latter, but I’d be interested to hear your opinions in the comments. On the former, it would appear that in the UK one needs a license to listen to wireless telegraphy signals not intended for public consumption (i.e. broadcasts). Perhaps there are sufficient grounds for reporting the matter to Ofcom here. Again, if anyone knows more, please drop me a line.

UPDATE 2008/05/14 23:15:

Shortly after this post was published, I received an email from Cardiff Council:

Dear Mr King

I refer to your request submitted on 15th April. I regret that there has been considerable disruption to our FOI service as a result of an accident to our FOI Officer on the weekend of 19 April, as a result of which he is likely to be off work for several months.

(continues)

I assume this message was auto-generated by some kind of script, arriving as it did 37 minutes after the legal deadline for a response, and signed as it was by the “information manager”. I’ve just pinged back a reply to ask when they now expect to be able to send me the information I requested, given the (clearly unfortunate) circumstances.

On a personal note: there have been too many people around here suffering serious injuries lately. Look after yourselves, everyone - I don’t want to hear about any more.