surveillance

Last week, the Swedish government made vital changes to the law they approved this summer.

According to Digi.no (sorry, only Norwegian), the Swedish government has changed the law, and there is no longer legal to do surveillance without consent.

In July, I covered the story when the Swedish approved the new law, allowing their police and surveillance teams to tap into ANY and ALL internet traffic that came through their country - no matter if there where any suspicions or not at hand. This meant that everyone suddenly became victims, and no-one would be able stay off their radar - innocent or not.

This time, the Swedish government where forced to redo the law. They had to add a quality control mechanism, something that has been a very well accepted rule in the western world for centuries - that any surveillance must be following (not followed by) a suspicion. Thus following the principle - innocent until proved guilty.

In the past (mainly since 9/11/2001), we have seen dramatic changes in how this principle is followed. Privacy is lessened by the day. Surveillance increases - with or without our consent. Our legal rights are set aside by the governments increased lack of control. And our politicians constantly fail to understand how technology changes the world - no, not slowly, but at speeds that keeps spinning the world around so fast that no-one are really able to grasp even the smallest of implications.

Today, laws tends to come around way too late to tackle the initial challenge. And instead of allowing the technology be an enabler, they tend to force into action regulations that are no longer relevant, to challenges no longer available.

I applaud the Swedish government for extremely quick action when they discovered their error. This kind of reaction is exactly what is required to stay up to date for any government. Don't just sit around, poking your stick in the ground, waiting for someone to decide for you.

Governments challenge is to turn their reactive regulations into proactive delegations. By using laws as enablers, as opposed to regulators as they are today, governments will be able to change the way we do business, and the way we use technology. And the way we interact.

It is summer in my part of the world. Sun is shining for a few hours, then rain is cooling everything back down. And when the refreshment is over, sun warms and invites us all to go to the beach and enjoy.

It surely is hard to work under these conditions!

Late last week (I was away the computer all week - only occationaly checking mail on my cellphone...puh, I am hot...), my ears picked up a heated discussion on the radio. IKT-Norge (the organization for ICT in Norway) was extremely conserned (sorry, Norwegian text) about the fact that the Swedish government decided to allow surveillance of all the internet traffic in the Swedish backbones.

IKT-Norway claimed that this would become an extreme security threat to Norway (almost all the backbones in Norway are connected through Sweden - thus most of the Internet traffic to and from Norway is routed through Sweden). And this guy Hallstein Bjerke at IKT-Norge said things like the Swedish surveillance team might pick up sensitive and secure data from the Norwegian DoD, as well as from Norwegian multinationals and oil companies.

I say: Duh - time to wake up. If you think your members are NOT evaluating risk, and taking the propper precautions when communicting over the Internet, I think you have in the wrong place.

One of the examples was that  Sweden (one of two potential suppliers of new Jet-Fighters to the Norwegian Airforce) are now able to surveille and read all communications the Norwegian DoD have with the competitor Jet Fighter supplier - just by reading the emails.

HELLO!!! Do you REALLY think that the Norwegian DoD would email such information JUST LIKE THAT? Do you REALLY think that the DoD have NO CLUE WHAT SO EVER about the e-mail communication protocol? And that they have made NO precautions? The DoD in the US MADE the Internet back in the days. Norway was one of the very first countries OUTSIDE of the US to join the Internet in 1972.

What planet are you on, really?

 

Another example was the Oil company Statoil Hydro in Norway, and how the Swedish now may tap into all the e-mail communication they send and use.

I happen to know a fair bit of how such organizations think about security. Some think they are a bit too paranoid. Companies like this one is successful due to their ability to measure and counter risks. Further, they are technology driven, and have a very clear understanding of both their core business and values, and ICT - both from a maintenance and developement point of view, AND from a security/Risk point of view.

These companies would not use Internet to send and recieve ANY (valuable) information unless they previously weighted the risks involved, and put in place counter measurements (alternative communication tools like SatPhone, encryption, snail mail and personal delivery).

These companies ARE NOT STUPID.

 

The third example is about surveillance of the Norwegian Governments communication with the EC. I am the first to admit that I do not know much about professional politicians. But I do find it hard to believe that there are no training; or common security awareness in the government. Yes, we do see that they post their traveling itineraries on public websites from time to time, but I am pretty sure that not even politicians would be using e-mail and other non-secure communication channels when they are discussing matter of national security. I may be wrong, of course - they are politicians after all.

 

The only good thing about the action taken from IKT-Norge is the fact that now more people know that:

1. Sweden has a legal manner to tap into ALL communication on the Internet (that passes through their network), thus they no longer need to hide their surveillance (the way most other countries does it),

2. regular people may (or may not) have gotten a better idea of how EASY it is to use the Internet to gather information.

 

Still, somehow I've got the gutfeeling that the regular users do not see the relevancy of this. After all, most act like "I have nothing to hide!", and thus allow the legal AND the illegal surveillance teams to gather extremely attractive profiles.

For companies - yes, people in Norway are naïve (in a good way, always thinking the best of people), but most companies and business people do realize that the world is smaller, and that precautions are needed.

We may be naïve - but we are not stupid.

 

CCTV (Closed Circuite TV – not the Chinese television station) has become a comodity these days. Everyone wants it, and everyone seems to think I should sell it. At leased if I take a look at the requests I get from CCTV manufacturer around.

Sure, I reccognize the need for surveilance. And yes, CCTV offers a very good value to do just that. Particularly these days, when you get IP-based CCTV that connects directly to your LAN and even WAN. Your surveillance technology makes it easier all the time. These days, you no longer need to hire specialists and pay big bucks for CCTV systems – you can just shop online or by a variety of catalogues. And if you know your way around computers and networks, you can set it all up by yourself.

I am not selling these things. I am not even an expert on it. I do, however, have opinions on the increased “big brother” tendensies we have around the world. I just don’t like it. Hey, you even got cams in the public toilets these days. And my regular readers know how I prefer my toilet visits!

If you are located in the US (as many of my readers seems to be), and are into CCTV, you might find this site of interest. They sell CCTV, no surprise there. When browsing their site, you might also find “spy” cams – hidden in a nice looking toy, or in a motion decting lamp. They even say that these things are so common, that noone will ever suspect they are hidden cams! So go ahead, start spying on your wife, neighbour or even your boss! They will never suspect it, will they? If they are anything like me, they don’t even have a reason to suspect it!

If you are the more conventional type, you get all the wistles and fun of traditional cams of course. These things I see a point in, though. Not as a means to “protect yourself and your loved ones” as cams will never be able to actually protect you, but as a means to monitor hazardious areas or as a way to document theft.

Those who are serious about video surveillance you know you need more than the actual CCTV cams. You need a monitoring system, and today there are no reasons not to use a computer/PC based setup. Personally, I prefer IP-based communication, as it enables me to use all data/communication over one cable, but many CCTV systems still use old technology based on RCA or BNC for the video. For smaller systems, this might not be a challenge, but for larger or growing installations, I suggest you consider IP based technology.

Another monitoring issue is the option of remotely access your video streams. This comes in handy when monitoring off-site places, production facilities in different areas, or just as a way to avoid on-location security staff on remote locations. With alarms and remote IP access, you get access to the live stream from anywhere with an Internet connection.

Just keep in mind – a camera (or a number of cams) will never be able to prevent the theft itself – it can only help you spot it – during stakeout, during the theft itself, or later when you review the taped video. 

In some areas and countries (Norway being one), CCTV is not allowed in public space unless you have a permit. You might want to check if this is true in your area before setting up your new toys.

I have one saying – if someone wants something bad enough, there will be no way to stop them. All you can do is to make it harder for them to get at it. And CCTV might help doing just that. 

 

 

I meet many people who still believe that face recognition and other automatic surveillance systems is not available on a large scale. I keep saying that they are wrong.

According to Liquidmatrix, now China is on the track as well: 

 At least 20,000 police surveillance cameras are being installed along streets here in southern China and will soon be guided by sophisticated computer software from an American-financed company to recognize automatically the faces of police suspects and detect unusual activity.

What is even more disturbing in the article is the chips they are distributing to the population - it includes privacy data - birth history, work history, contact info: 

 Data on the chip will include not just the citizen’s name and address but also work history, educational background, religion, ethnicity, police record, medical insurance status and landlord’s phone number. Even personal reproductive history will be included, for enforcement of China’s controversial “one child” policy.

Still not convinced, are you?

Consider that human rights has many different faces - and they tend to stay strong in the so-called western world. Move out of US, Canada or Europe, and they soon start to melt away. Go far enough (not even so far as China), and they are considered interesting and funny ideals.

We scream for respect, and they laugh! 

But you do not have to go to China for this sort of things - UK - with its DNA database, and anti-terror policies, has been considered the Police State of Europe. And Monaco has a long history of being the country with most surveillance in Europe for many years.   

I believe it is evident. We are moving back in time. Back to 1984. But we do not care, because we are living in the Brave new world!