Your search terms are highly sensitive and very private. They are also uniquely identifiable. Examining what you search for can reveal deeply personal facts about you, such as your online reading habits, medical history, finances, sexual preferences and political affiliations.

A database of search terms, linked to subscriber accounts, would be a clear violation of the privacy rights of everyone who uses the Internet in Europe.

I’ve written to my MEPs urging them not to sign Written Declaration 29 and to withdraw their signature if they have already signed. You should do the same – it takes two minutes through writetothem.com

Here’s my letter (but, as always, please use your own words for maximum effect).

Dear Timothy Kirkhope, Edward McMillan-Scott, Andrew Brons, Godfrey Bloom, Diana Wallis and Linda McAvan,

Written declaration 29 [pdf] calls on the European Commission to extend the data retention directive (2006/24/EC) to Internet search-engines. If this were to happen all private searches done on Google et al would be monitored. I feel this would be an intolerable violation of article 8 ECHR privacy rights.

Written declaration 29 is being marketed within the European Parliament by using an emotionally-loaded picture of a child and talking about the need to set up an ”early warning system” to combat child abuse. Laudable though that aim is, as a technical expert it’s my opinion that these measures cannot achieve it, and the marketing is therefore misleading. Some MEPs have already said they feel they have been misled into signing the declaration because of the way in which it was presented to them.

If the declaration is adopted the names of the signatories will be made public.

If you have signed written declaration 29 and feel you have been misled I urge you to withdraw your signature.

Christian Engström MEP has published more information on his website.

1. Scrap the ID card scheme, the National Identity register, the next generation of biometric passports and the ContactPoint Database.
2. Outlaw the finger-printing of children at school without parental permission.
3. Extend the scope of the Freedom of Information Act to provide greater transparency.
4. Adopt the Scottish approach to stopping retention of innocent people’s DNA on the DNA database.
5. Defend trial by jury.
6. Restore rights to non-violent protest.
7. A review of libel laws to protect freedom of speech.
8. Safeguards against the misuse of anti-terrorism legislation.
9. Further regulation of CCTV.
10. Ending of storage of internet and email records without good reason.
11. A new mechanism to prevent the proliferation of unnecessary new criminal offences.
12. End the detention of children for immigration purposes.

Oh my!

As a digital- and civil-rights campaigner this list fills my heart with joy. The successful passage of this Bill through Parliament would not end the need to champion human rights in the digital era* however it would be a famous victory for that cause: we could say with certainty that this election, that the ousting of Labour from Government, was the point at which the high-water mark of authoritarian social policy in Britain was reached.

Some fellow campaigners have today urged caution and are reserving judgement until the details of the Bill are published. I cannot fault them for their cynicism however I am filled with hope that today we have seen not only the dawn of a new politics in Britain, but a new era of liberty, freedom, privacy and respect for human rights in the UK.

I shall be raising my glass to the death of ID cards and the Database State tonight!

* Three omissions stand out: repeal clauses 11-18 of the Digital Economy Act; make the NHS Summary Care Record opt-in rather than opt-out; end the Vetting and Barring scheme, abolish the Independent Safeguarding Authority and reform CRB checks to make them fair. It’s possible that these will be included in the detail of the Bill.

British civil liberties have been dismantled systematically since 2001. The National Identity Register, biometric passports, the NHS spine, Contactpoint and the Vetting and Barring Scheme are just a few of the most egregious privacy invasions we have suffered.

Our every move is watched with suspicion by the authorities. ANPR systems record every journey we make. Video and audio Surveillance Systems (SS) watch us in every public space and many private ones too. Thousands of public bodies abuse their RIP Act powers to spy on us for trivial reasons. The police can stop us and search us arbitrarily, and they keep “pre-crime” databases on the innocent. Our private communications are monitored, analysed and recorded both by the Government and private companies.

Yet often MPs want one rule for us and another for them. The children of MPs can be “shielded” on ContactPoint to protect their privacy – but ours can’t. Very few MPs have an ID card even though ministers have been doing everything in their power to coerce the public into “volunteering” for them. Many MPs voted to exempt themselves from the Freedom of Information Act, to protect their “privacy”, whilst passing laws that erode ours.

When it comes to liberty in Britain today, all animals are equal, but some are more equal than others. This hypocrisy has to end and the systematic assault on our civil liberties must be reversed.

The Power2010 campaign is conducting a letter writing campaign asking Prospective Parliamentary Candidates to:

…commit that, if you are elected, you will vote to repeal the Identity Cards Act 2006 and will defend our privacy as fiercely as you would defend your own and that of your family.

The above reproduces what I sent to Sheffield Central PPCs. You can take part in the campaign here.

Mobile ANPR cameras are also used by some police forces. These are deployed in popular locations such as shopping centres for so-called “lockdown” operations, where every vehicle entering the area is checked against records as police fish for reasons to impound cars and fine drivers. One such operation in November 2008, which was filmed for television (relevant segment starts at 21m30s), saw 369 vehicles stopped, 84 tickets issued, 51 cars seized and 12 people arrested at Bluewater shopping centre in Kent – in a single day.

It’s no longer a case of “follow that car” but “follow every car.”

ACPO defend their wholesale surveillance system by pointing to a few high-profile cases where ANPR evidence has formed part of a prosecution. They’re less keen to highlight the cases of mistaken identity, inaccurate record-keeping and official ineptitude that have left innocent people standing on the kerbside holding a ticket as an officer drives away in their vehicle. Even if these drivers manage to prove the database wrong they can end up paying hundreds of pounds in fees to get their car back – if it hasn’t been crushed.

Supporters of ANPR technology claim vehicle license-plate data is exempt from the Data Protection Act because it’s not “personal information” (it’s about the vehicle not the driver). However the Driver and Vehicle Licensing Agency (DVLA) sells access to the names and addresses of registered vehicle-keepers for £2.50p a time, making this distinction academic.

In common with the National Identity Register, National DNA Database and all the other tentacles of the database state, once this information is collected there’s nothing to stop it falling into the hands of other public or private organisations, either by accident, commercial arrangement or official decree. Wouldn’t you like to know where your partner really drives off to while you’re at work? I bet there’s a good number of private investigators who would.

The Information Commissioner’s Office is currently “working with” ACPO to determine whether the national ANPR network is “appropriate and proportionate” – which means nobody bothered to ask those questions before the system was commissioned.

Who stands up for the public interest in the rush to implement new technologies like ANPR for official convenience? I don’t recall there being a public or Parliamentary debate on giving the police these game-changing surveillance powers. Has anyone considered the down-side of collecting all this data?

Somehow I doubt it.

The title of the talk was “The Future of Privacy” and Schneier’s treatment of his topic was comprehensive. He started by listing some technologies and practices that can threaten our privacy: overt surveillance systems; mobile phones, RFID tags and the like that produce personal information as a byproduct; automatic identification technologies such as ANPR; and unique identifiers in gadgets such as digital cameras or colour laser-printers.

Schneier reminded us of his famous saying, that just as greenhouse gasses are the polution of the industrial age, data is the polution of the information age. Data is generated when we transact business, swipe our loyalty cards, use a travel card or drive through an automatic toll-booth. We give it away when we socialise by email, instant messenger and Facebook. Sometimes other people release data about us – possibly without our consent. As the cost of processing and storing all this information falls to zero even data of marginal value becomes worth keeping. In fact it’s often cheaper to keep everything than to decide what should be deleted! Data that was ephemeral 20 years ago is now stored.

In the information society most data about us isn’t controlled by us. In the US, laws protect the data that is under our control, but in the information society it tends not to be. Our Gmail, phone records, medical records, financial transactions and photos of us on Facebook are all controlled by someone else. EU law is substantially better in this area but it could still be improved.

Such a wealth of data enables new forms of surveillance. For example, surveillance can now occur backwards in time. This was done in London after the 7/7 bombings – the people responsible, and the route they took on the day, were identified after the fact from surveillance-system footage. Pervasive data collection also enables wholesale surveillance – not “follow that car” but “follow every car.”

What will be the privacy impact of our society’s continuing technological advancement?

Schneier believes a step change is coming. We live in a unique time: cameras are everywhere AND we can see them; identity checks happen all the time AND we know they’re happening. However technology is a great distrupter of equilibriums and Moore’s law is a friend of intrusive tools. Soon face-recognition software will obviate the need to carry ID – when you walk into your workplace they’ll already know who you are and whether you’re supposed to be there.

New invasive technologies will emerge and become pervasive: digital video surveillance with automatic face recognition; networked cameras that can track people through a city automatically; better tracking of our personal devices through their radio signatures or RFID tags; better quality images from cameras. Our era will herald the death of ephemeral conversation. Soon everything we say and do will be on the record. We could try to reject these technologies, but once general adoption occurs, opting out starts to look suspicious. In some cases the authorities have already argued that, “They left their mobile phone at home, which shows they didn’t want anyone to know where they were going.”

What can we do about these threats to our privacy?

Schneier doesn’t believe we can engineer our way back to a more private world. Privacy-enhancing technologies already exist and they could go a long way towards retoring the balance if they gained widespread adoption. However people are seduced by convenience so they tend to make bad privacy trade-offs. We’re on Facebook because our friends are, and while we’re chatting to them we’re focused on the conversation, not on how much data we’re releasing or to whom.

A lot can be done by paying attention to the default settings of software and systems. Most of us won’t change these so if they are secure from the outset any loss of privacy will be minimised. However companies like Facebook make more money the more public we make our data so there’s no incentive for them to set privacy-enhancing defaults.

We need to press for legislation that protects privacy: comprehensive laws regulating what can be done with personal information about us and more privacy protection from the police. However the law finds it difficult to keep up with the pace of technological change.

We also need to start talking about the value of privacy. We want it as a social good. Individual privacy protects us from those in power and it’s also a fundamental human need. Privacy is a part of dignity.

Schneier rejects the security versus privacy notion as a false dichotomy. Only identity-based security reduces privacy and the effectiveness of this is limited. Physical security measures such as locks and burglar alarms don’t reduce privacy. Nor does knowing that you might have to fight back if terrorists hijack your flight. We don’t need to know who’s sat next to us on an aeroplane – we just need to know know whether they’re planning to blow it up! However checking intent is difficult so we check identity instead and pretend that’s the same thing.

Privacy and openness have different effects on Governments and citizens. Government secrecy increases its power whereas transparency and openness reduces it. Conversely, forced openness in people increases the inbalance in power between them and the state, yet forced openness in Government reduces the gap. The balance we need to strike is between liberty and control not privacy and security. Real security comes from having both liberty and privacy.

The above notwithstanding, sometimes we are forced to trade between security and privacy, for example when we give the police the power to search our homes. In such cases we can maintain the balance of power through audit and oversight. Search warrants are a security measure that restrict police searches to only those cases where a magistrate – an impartial advocate for the suspect – can be convinced there are reasonable grounds for suspicion.

Schneier concluded that the death of privacy is over-stated. Left unregulated and unconstrained, technology tends to tip the balance of our society against individual privacy, however it doesn’t make the balancing act go away. Society can choose to deliberately reset the balance with legislation.

We may ultimately have to wait for a new generation of digitally-savvy lawmakers to take office before the the future of privacy can be guaranteed in the information age.