Privacy Aware Summer 2009-10 by alendar


More Info
									Vol 8 No 4

n The Scanning

   Game: Should
                      Too Much – and Too Little
                      Helen Versey Privacy Commissioner
   We Play It?
                      When reading the reports of the failed terrorist    Privacy Principle (IPP) 1.1, which is binding on
                      attempt on the flight from Amsterdam by Umar        all organisations including law enforcement
                      Farouk Abdulmutallab, two things struck me.         agencies, requires that an organisation only
n Watch this          Firstly, in spite of the masses of information      collects information necessary for its functions.
                      collected by the US through passenger lists and
   Space: Children,   other sources designed to identify and prevent      At the same time, organisations that receive
                      possible terrorists boarding flights to the US,     requests for information sometimes hand over
   Young People       this person was able to get onto the flight. This   whole databases, even where this involves more
                      was despite the fact that his own father had        personal information than is actually needed
   and Privacy        contacted US security officials six weeks before    or requested. Disclosures for public interest
                      and the fact that the US Homeland Security          purposes should be targeted – not part of a
   Conference         Chief confirmed that he had been placed on an       fishing exercise or because it is more convenient
                      intelligence database. Secondly, he had been        to let someone else sort out what information is
                      banned from entry to the UK after he had been       needed. Excessive disclosure may well breach
                      refused a student visa for security reasons. This   IPP 2. Ultimately, both collection and disclosure
                      highly relevant piece of information had not        should be limited to what is necessary.
n Planning for
                      been passed on to the appropriate authorities.
                                                                          Too Little
   Emergencies        The reports reflect two major concerns I
                                                                          The second concern is that organisations
                      have when advising the public sector. Many
                                                                          often refuse to share information even when
   Protects Privacy   of the consultations with this office are
                                                                          this is permitted under privacy legislation.
                      about projects which involve the sharing of
                                                                          Sometimes this refusal is justified because
                      information. The data sharing proposed is
                                                                          other legislation imposes secrecy obligations
                      often for law enforcement, revenue protection
                                                                          on the organisation, and such obligations
                      and public safety – all legitimate public
                                                                          override permitted disclosures under the
                      interest purposes which the Information
                                                                          Information Privacy Act.2 But in the absence of
                      Privacy Act recognises and permits.1
                                                                          other legislative restrictions, IPP 2 expressly
                                                                          permits disclosure where necessary for such
                      Too Much                                            public interest purposes as: preventing or
                      My primary concern is that organisations seek       lessening a serious threat to public health,
                      to collect more and more information on the         safety and welfare; investigating suspected
                      chance that it may prove useful, sometimes          unlawful activity; and to law enforcement
                      in amounts out of all proportion to the harm        agencies for law enforcement purposes.
                      they are seeking to address. The problem is
                      that however much information is collected,         The Guidelines to the Information Privacy
                      organisations still depend on humans to be          Principles Edition 2 published by this Office
                      able to properly analyse the information for        and available on our website give plenty of
                      it to be of real value. As stated in our most       advice on how to apply IPP 2. Organisations
                      recent information sheet Emergencies and            should be familiar with them, and have
                      Privacy, collecting too much data can be as         policies and procedures in place to deal
                      counter-productive as not collecting enough.        with these issues when they arise.
                      Because at the end of the day someone has           The Information Privacy Act does not prevent
                      to decide what is relevant and what isn’t –         necessary collection or disclosure of personal
                      and if there is simply an overload of data,         information. However, it does require some
                      vital information may get overlooked. Where         judgement to be exercised when doing so. n
                      data sharing and matching occurs, collecting
                      organisations should be clear about what
                      personal information is required to achieve         1
                                                                            See Information Privacy Principle 2.1 Schedule 1 Information
                      the object of the data matching and limit the       Privacy Act 2000
                      collection to only that information. Information    2
                                                                            Section 6 Information Privacy Act

The Scanning Game:                                                                              Security Theater
                                                                                                Body scanners are an example of what
                                                                                                privacy and security expert Bruce Schneier

Should We Play It?
                                                                                                calls “security theater”.18 That is, they
                                                                                                give the illusion of safety without actually
                                                                                                making us safer. The devices cannot
                                                                                                detect low density materials hidden
Dr Anthony Bendall Deputy Commissioner                                                          under clothing, such as liquid, powder,
                                                                                                or thin plastics. Nor can they detect
                                                                                                materials of any density hidden in body
On 25 December 2009, Umar Farouk                The prospect of use at Australian airports      cavities. In other words, they sacrifice our
Abdulmutallab, a Nigerian citizen,              gained momentum in early January 2010,          privacy without ensuring our security.
allegedly attempted to detonate explosives      during a visit to Australia by the deputy
                                                                                                It is possible to design and use the
hidden in his underwear during a flight         head of the US Department of Homeland
                                                                                                body scanners in a way that protects
from Amsterdam to Detroit, which                Security, Jane Holl Lute. She reportedly
                                                                                                privacy without diminishing security
resulted in a fire on board the aircraft.       discussed the scanners with the federal
                                                                                                – but governments have consistently
                                                Transport Minister, the Hon. Anthony
In the days following this apparent                                                             failed to do so. Researchers who
                                                Albanese, during a one-hour briefing at
incident, some have advocated3 for wider                                                        developed the machines at the Pacific
                                                Sydney Airport. The meeting was part of
implementation of whole body imaging                                                            Northwest National Laboratory offered
                                                a two-week, ten country trip by Ms Lute
machines. Apparently, they have public                                                          an alternative design more sensitive to
                                                to discuss stronger security measures
opinion on their side: a recent USA Today                                                       privacy.19 They proposed to project any
                                                after the Christmas Day incident.
poll found that 78% of respondents                                                              concealed contraband onto a neutral,
approved of their use at airports.4             Ms Lute and Mr Albanese reportedly              sexless mannequin while scrambling
                                                spent an hour discussing a combined             images of the passenger’s naked body
President Obama has ordered the US              response, including the prospect of using       into a nondescript “blob”. The Bush
Department of Homeland Security                 full-body scanners at Australian airports.      administration rejected this option. From
to install $1 billion worth of airport          The Australian Government conducted             his comments following the Australian
screening equipment,5 and the                   a six-week trial of the scanners at three       Government announcement on 9 February
Transportation Security Administration          airports in late 2008 to assess their           2010, however, the Transport Minister
(TSA) hopes to include an additional            effectiveness, but a report on that trial has   seemed to indicate that this version of the
300 scanners.6 Britain, France, Italy,          only recently been given to the Minister.11     scanner would be adopted in Australia.20
and the Netherlands have all made
similar pledges to expand their use.            On 9 February 2010, the Australian              When the devices were initially introduced
                                                Government announced that full-body             into the USA, the TSA introduced one
On 4 January 2010, the UK government            screening would be introduced at                privacy protection: agents who review
announced that scanners are to be               Australia’s international airports from         the images of the naked bodies are in
introduced into all British airports.7          2011.12 The Government stated that it           a separate room and, therefore, can’t
The UK Equality and Human Rights                “understands the privacy concerns some          see the passengers as they’re being
Commission (EHRC) has written to the            travellers may have with body scanning          scanned.21 According to the TSA website,
Home Secretary, arguing that the devices        technologies and will implement                 the technology blurs all facial features
risked breaching an individual’s right to       appropriate privacy and facilitation            and, based on some news accounts,
privacy under the Human Rights Act.8            measures to mitigate these concerns.”           private parts have been blurred as
In its letter, the EHRC calls on Home
Secretary Alan Johnson to set out in            Privacy organisations and others have
detail the justification for bringing in body   continued to object to these devices,13
scanners, and clarify what safeguards           citing the invasive nature of the scans,14
will be put in place. The watchdog has          the ineffectiveness of the machines15 and
said the proposals are likely to have a         the lack of government transparency16
negative impact on privacy, especially in       concerning privacy safeguards.
relation to certain groups such as disabled
people, the elderly, children and the           The scanning devices use high energy
transgendered community. Despite this,          x-rays that are more likely to scatter
the UK Government has announced that            than penetrate materials as compared
passengers will have no right to refuse         to lower-energy x-rays used in medical
to go through a full-body search scanner        applications. Although this type of x-ray is
when the devices are introduced at              said to be harmless, it can move through
Heathrow airport in early February 2010.9       other materials, such as clothing.

In Canada, the government has announced         A passenger is scanned by “rastering”
increased use of the devices, but has           or moving a single high energy x-ray
pledged to implement privacy enhancing          beam rapidly over their body. The signal
measures, such as only operating the            strength of detected backscattered
devices as secondary screening tools,           x-rays from a known position then
offering passengers a choice between            allows a highly realistic image to be
the scanners and a traditional pat-down,        reconstructed. The image resolution
and ensuring the process is anonymous.          of the technology is high, so details of
The Canadian Privacy Commissioner               the human form of airline passengers
is monitoring their implementation.10           present significant privacy challenges.17

well. But because the TSA and most                           Overwhelmingly, the greatest privacy
of its international equivalents remain                      concern is that the images will be stored
free of independent oversight and                            and transmitted. As soon as a celebrity is
there is no law regulating their use, it’s                   required to use a scanner, the temptation
impossible to tell precisely how the                         to save the picture and send it to the
scanners are actually being used.                            tabloids will be almost irresistible.
Most troubling of all, the TSA website                       Even if the body scanners better
claims that “the machines have zero                          protected privacy, Schneier insists, they
storage capability” and that “the                            still would be a waste of money: the
system has no way to save, transmit                          next plot rarely looks like the last one.
or print the image.”22 But documents                            It’s magical thinking: If we defend
recently obtained by the Electronic                             against what the terrorists did last time,
Privacy Information Center reveal that,

                                                                                                                         WaTCh ThIS
                                                                we’ll somehow defend against what
in 2008, the TSA told vendors that the                          they do next time. Of course this doesn’t
machines it purchases must have the                             work. We take away guns and bombs,

ability to send or store images when                            so the terrorists use box cutters. We
in “test” mode. (The TSA has stated                             take away box cutters and corkscrews,
to CNN that the test mode cannot be                             and the terrorists hide explosives in
enabled at airports, but again there
is no real scrutiny of this claim.)23
                                                                their shoes. We screen shoes, they use
                                                                liquids. We limit liquids, they sew PETN                 Children,
                                                                                                                         Young People
                                                                into their underwear. We implement full-
Due to the lack of regulations prohibiting                      body scanners, and they’re going to do
the TSA from storing images, US                                 something else. This is a stupid game;
Representative Jason Chaffetz (R, Utah,
3rd District) introduced legislation into
                                                                we should stop playing it.25
                                                                                                                         and Privacy
the US House of Representatives in                           But, if we must waste money on theatrical
April 2009 to limit the use of full-body                     technologies that don’t really make us
imaging scanners at airports. Chaffetz’s                     safer, let’s at least make sure that they
bill, which would ban the use of body                        don’t unnecessarily shred our privacy.
                                                                                                                         Privacy Victoria’s not-to-be-missed one
scanning machines for primary screening                      We all want to be safe, especially
                                                                                                                         day national conference Watch this
and prohibit images from being stored,                       when we fly. The ways in which we
                                                                                                                         Space: Children, young people and
passed the House but now seems                               seek to ensure this should be rational,
                                                                                                                         privacy on 21 May 2010 will be MC’d
unlikely to gain Senate approval.24                          proportional and, most of all, effective. n
                                                                                                                         by renowned Australian actor and
                                                                                                                         media personality Noni Hazlehurst.

                                                                                                                         The conference will feature
  S. and Marper v. The United Kingdom (December 4, 2008) (Application nos. 30562/04 and 30566/04) Michael                experts from the field of privacy
Chertoff, “Former homeland security chief argues for whole-body imaging” The Washington Post, 1 January 2010,
available at                               regulation, law, cybersafety,
4                                                         media, youth work and health.
  President of the United States, “Remarks by the President on Strengthening Intelligence and Aviation Security”, 7
January 2010, see         To be opened by the Victorian Deputy
                                                                                                                         Premier, the Hon Rob Hulls MP the day
                                                                                                                         will include 25 presentations in both
  See; also                            concurrent and plenary sessions. Adam;                      Smith, CEO of the Foundation for Young
9                                                           Australians will deliver a keynote address
                                                                                                                         on what it means to be a young person in
   Dylan Welch, “US raises full body scanners in fly-by visit over terrorism”, Sydney Morning Herald, 11 January 2010,
available at;      Australia today and experienced internet
Andrew Heasley, “Thousands of Australians up for ‘nude’ airport scanners”, The Age, 5 February 2010, available at        safety consultant Robyn Treyvaud will
                                                                                                                         present a thought-provoking address
                                  ,                          ,                               ,
   The Hon Anthony Albanese MP The Hon Kevin Rudd MP The Hon Brendan O’Connor MP Joint Media Statement,
“Strengthening Aviation Security”, 9 February 2010,        on Children and Young People Living
AA024_2010.htm; Jonathan Pearlman, “Full-body airport scans part of security revamp”, The Age, 10 February 2010,         Very Public-Private Lives Online.
   See                                                                                 The conference will also include displays
   See Marc Rotenberg, “Opposing View: uniquely intrusive devices”, USA Today 12 January 2010,; Jeffrey Rosen, “Nude Awakening”,
                                                                                                                         from the Australian Communications
The New Republic, February 10, 2010,                                           and Media Authority, the Australian
   Ben Wallace, a British MP former army officer and employee of QinetiQ, one of the devices’ manufacturers,             Federal Police, the Department of
warns that the devices would not have stopped Abdulmutullab and are “not a big silver bullet”, see                                                                                  Broadband, Communications and
   The Electronic Privacy Information Center (EPIC) has posted more than 250 pages of documents it obtained in           the Digital Economy and Microsoft.
a Freedom of Information Act lawsuit concerning body scanners. The documents, released by the Department of
Homeland Security, reveal that Whole Body Imaging machines can record, store, and transmit digital strip search          Sponsored by the Department of
images. This contradicts assurances made by the TSA., see; and                                                                   Education and Early Childhood
17                                                                               Development and Microsoft, the
   Bruce Schneier, “Beyond Security Theatre”, 13 November 2009, available at                                             conference will be held at Melbourne’s                                                              Crown Promenade Hotel. The program
                                                                                                                         is available at
   see fn 10, above
21                                                                     privacy/web.nsf/content/conferences.
   See fn 10, above
   Bruce Schneier, “Post-Underwear Bomber Airport Security”, Cryptogram, 15 January 2010, http://www.schneier.                                                        3
Planning for emergencies
                                                                                               to do when confronted with a
                                                                                               request from an emergency body,
                                                                                               or during an emergency itself.

Protects Privacy
                                                                                            2. Provide training to staff members in
                                                                                               privacy generally, but also specifically
                                                                                               in how to deal with emergencies.
                                                                                            3. Provide support to staff, in the form of
Privacy Victoria has released guidance       implement an “emergency data policy”              a structure which allows front-line staff
for Victorian Public Sector organisations    and set of protocols to let an organisation       access to managers with the ability
                                                                                               and authority to authorise a disclosure,
to ensure that privacy concerns              and its staff quickly and confidently handle
                                                                                               in line with the emergency policy.
do not hinder proper responses in            requests for information in an emergency
                                                                                            4. Ensure data quality – Take steps to
an emergency situation, such as a            situation. The Information Sheet also
                                                                                               ensure personal information held by the
bushfire or other natural disasters.         stresses the need for organisations to take       organisation is accurate, complete and
                                             steps to ensure data quality and security.        up-to-date – so it will be of maximum
“By being prepared, by anticipating the
                                                                                               assistance during an emergency.
types of situations where the sharing        “Advance planning and training of staff
of people’s personal information may         in anticipation of emergencies should          B During an emergency – when
assist an organisation deal with an          include the way in which personal                using/disclosing the information
emergency, and by putting in place           information will be handled and shared.        1. Follow the policy and procedures that were
appropriate systems and protocols            Development of policies and procedures            drafted in the preparatory stage above.
before an emergency happens, public          for an emergency context will allow
                                                                                            2. Make clear to recipients why
sector organisations can ensure people       staff to readily assess and respond to            information is being transferred and
and emergency response organisations         requests in a high-pressure emergency             what the purpose of the transfer is.
can get the help they need while             situation. Most people will accept the use     3. Ensure data security – Take steps to
                                             and disclosure, without consent, of their         ensure that the personal information is
still ensuring that this information is
                                             personal information to serve the public          shared and stored in such a way as to
protected from misuse or loss” says
                                             interest in dealing with an emergency”.           protect it from misuse, loss, unauthorised
Privacy Commissioner Helen Versey.
                                                                                               access, modification or disclosure.
                                             “But misuse of the information for other
“When developing the Information                                                            4. Make a record of the disclosure – What
                                             purposes, or lack of care in protecting           information was transferred, when, to
Privacy Act 2000, the Victorian Parliament
                                             personal information, will in the long run        whom, who authorised the transfer
recognised that in an emergency
                                             harm the reputations of organisations that        and under which section of IPP 2?
situation, the public interest in safety
                                             engage in such misuse or sloppiness.
will override the privacy requirements       Worse, it may sap public confidence in         C After an emergency situation
of the Act – even where emergency            services that rely on people to co-operate       has passed
response was not the primary reason for      with them readily and quickly when public      1. Request return or destruction of the
the collection of personal information.      safety is threatened” Ms Versey says.             information disclosed (where possible).
Privacy law does not stand in the way of                                                    2. Conduct an audit of the information
responding to legitimate emergencies”        Steps an organisation can                         and ensure it was disclosed
the Commissioner emphasised.                 take to better deal with an                       correctly, in accordance with the
                                             emergency situation:                              Information Privacy Act and with the
The Emergencies and Privacy information                                                        relevant organisational policies.
sheet describes the legal framework for      A Before an emergency –                        3. Review the policies and procedures,
the sharing of information during and          preparatory steps                               analyse how effective they were
after an emergency. The Commissioner         1. Draft a policy and set of procedures           and whether there is any scope
recommends that organisations                   to help staff know what they need              for improvement. n

Be aware                                     Copyright held by the Office of the
                                             Victorian Privacy Commissioner unless
                                             otherwise indicated. Permission to
                                                                                                 GPO Box 5057
                                                                                                 Melbourne Victoria 3001
Privacy Aware is published four times        reproduce work of others should be                  DX 210643 Melbourne
a year by the Office of the Victorian        separately sought.
Privacy Commissioner. The material                                                               Level 11, 10-16 Queen Street
in Privacy Aware is intended only to         One of the purposes of this newsletter              Melbourne Victoria 3000
inform. It should not be relied on as        is to increase public access to                     Australia
legal advice. Material is compressed         information about privacy. Articles
and simplified for newsletter purposes       in which the Office of the Victorian                Local telephone 1300 666 444
and should not create expectations           Privacy Commissioner holds copyright                Local fax 1300 666 445
about how the Privacy Commissioner           may be copied for non-commercial          
may deal with any specific matter in         use. The material should be used          
particular circumstances under the           fairly and accurately and Privacy
Information Privacy Act 2000 (Vic).          Aware should be acknowledged as
Privacy Victoria accepts no liability for    the source. The authors of material,
loss or damage that may be suffered          where known, should be credited,
by any person or entity that relies on       consistent with moral rights provisions
information in this newsletter.              of copyright law.

To top