WorldLII Home | Databases | WorldLII | Search | Feedback

EPIC Alert

You are here:  WorldLII >> Databases >> EPIC Alert >> 1995 >> [1995] EPICAlert 10

Database Search | Name Search | Recent Articles | Noteup | LawCite | Help

EPIC Alert 2.10 [1995] EPICAlert 10


Volume 2.10 September 24, 1995

Published by the Electronic Privacy Information Center (EPIC)
Washington, DC

*Special Edition: International Privacy*

--> CPSR Annual Conference is October 7-8 in Chicago <--

Table of Contents

[1] PI Calls for CCTV Debate
[2] PI/EPIC Conference Explores Surveillance Technologies
[3] Dutch-Canadian Report Endorses Anonymity
[4] CSA Announces Privacy Standards
[5] Around the Globe: Privacy Notes

[6] Upcoming Conferences and Events

[1] Privacy International Calls for CCTV Debate

[On September 8, ABC News 20/20 ran a special segment on Closed CircuitTelevision and the growth of surveillance technologies. Simon Davies,
Director General of Privacy International, spoke about the threat todemocratic government. He provided this statement from London]

In recent years, the use of Closed Circuit Television (CCTV) in the UKhas grown to unprecedented levels. Between 150 and 300 million poundsper year is now spent on a surveillance industry involving an estimated200,000 cameras. According to the British Security Industry Association,
more than three quarters of these systems have been professionallyinstalled. Most towns and cities are moving to CCTV surveillance ofpublic areas, housing estates, car parks and public facilities. Growthin the market is estimated at fifteen to twenty per cent annually.

Many Central Business Districts in Britain are now covered bysurveillance camera systems involving a linked system of cameras withfull pan, tilt, zoom and infrared capacity. Their use on private
property is also becoming popular. Increasingly, police and localcouncils are placing camera systems into housing estates and red light
districts. Residents Associations are independently organising their ownsurveillance initiatives. Tens of thousands of cameras operate inpublic places,; in phone booths, vending machines, buses, trains, taxis,
alongside motorways and inside Automatic Teller Machines. Barclays has
pioneered the use of pin-hole cameras in its cash machines, and thislead is being followed by other banks.

The government is heavily promoting the use of video surveillance as a
key plank in its law and order strategy. One initiative was to offer a
funding pot to support local CCTV projects. The Home Secretary first
announced the CCTV competition on 18 October 1994. There were 480 bids
from local authorities, community groups, schools and industrial
estates. Nationally, more than one hundred schemes received a share of
the 5 million funding, with a further 13.8 million levered in from other
partnerships. National winners of the Home Office CCTV competition wereannounced in March.

These systems involve sophisticated technology. Features include nightvision, computer assisted operation, and motion detection facilities
which allows the operator to instruct the system to go on red alert when
anything moves in view of the cameras. Camera systems increasingly
employ bullet-proof casing, and automated self defence mechanisms.

The clarity of the pictures is usually excellent, with many systems
being able to read a cigarette packet at a hundred metres. The systems
can often work in pitch blackness, bringing images up to daylight level.

According to statistics published by police districts and local
councils, the effect on crime is dramatic. Car theft is reduced by up to
ninety percent, while assaults and theft drop by as much as 75 per cent.

The justification for CCTV is seductive, but the evidence is not
convincing. In a report to the Scottish Office on the impact of CCTV,
Jason Ditton, Director of the Scottish Centre for Criminology, argued
that the claims of crime reduction are little more than fantasy. "All
(evaluations and statistics) we have seen so far are wholly unreliable",
The British Journal of Criminology described the statistics as
" hoc shoestring efforts by the untrained and self interestedpractitioner.

In short, the crime statistics are without credibility. They arecollected over too short a time, in dubious circumstances, and without
regard for statistical conventions. Different categories of crime areindiscriminately combined, concealing possible increases in some anddecreases in others.

The crime statistics rarely, if ever, reflect the hypothesis that CCTV
merely displaces criminal activity to areas outside the range of the
cameras. One of the features of current surveillance practice isthat the cameras are often installed in high-rent commercial areas.
Crime may be merely pushed from high value commercial areas into low
rent residential areas. Councils often find that it is impossible toresist demands for such systems.

Originally installed to deter burglary, assault and car theft, in
practice most camera systems have been used to combat what town
officials call ''anti-social behavior,'' including many such minor
offences as littering, urinating in public, traffic violations,
fighting, obstruction, drunkenness, and evading meters in town parking
lots. They have also been widely used to intervene in other undesirable
behaviour such as underage smoking and a variety of public ordertransgressions.

According to a Home Office promotional booklet, CCTV can be a solution
for such problems as vandalism, drug use, drunkenness, racial
harassment, sexual harassment, loitering and disorderly behaviour. Otherinnovative uses are constantly being discovered. The cameras areparticularly effective in detecting people using marijuana and other

Authorities in Britain are slowly pushing out the limits of camera
surveillance. For the past ten years, hospitals have used Covert Video
Surveillance (CVS) to monitor parents who visit their children. These
videos are taken by concealed cameras and microphones located behind the
walls of specially prepared surveillance rooms, and are used in casesof unexplained injuries or illnesses.

The video surveillance boom is likely to extend even inside the home.
Andrew May, Assistant Chief Constable of South Wales, has urged victims
of domestic violence to conceal video cameras in their homes to collect
evidence. Michael Jack, then Minister for State at the Home Office was
reported as responding that the idea brought a "freshness of approach"
which highlighted the role of new technology.

Privacy International believes the CCTV trend involves a number of grave
risks. A situation is developing in which CCTV surveillance is socommonplace that fundamental changes are occuring in policing, community
development policy and personal privacy.

Privacy International is calling on the UK government to prohibit or
restrict the use of three categories of CCTV equipment, and to institute
a range of protections and legislation to cover all systems.

The categories that require immediate restriction are :

Computerised Face Recognition (CFR) systems that have the capacity to
automatically compare faces captured on CCTV, with a database of
facial images. Several police and commercial organisations are developing this technology. Manchester City Football Club has
installed a system at its Maine Road Ground.

Infra-red, high sensitivity equipment, and systems operating outside
the visible light spectrum. These include Forward Looking Infra-red
Radar (FLIR) systems able to detect activity behind walls, and infra-red systems able to detect activities in darkness.

Miniature and micro-engineered devices designed for covert
surveillance. Around 125,000 of these devices are sold each year
from UK surveillance equipment outlets.

The current legal situation is that visual surveillance escapes the
cover of law. Privacy International believes this is an unacceptable
situation. Surveillance should not be conducted without legal
protections, and legislation should be passed without delay. Planning
jurisdiction should be returned to Councils to re-establish some
democratic mechanism in the development of wide-scale urban CCTV

There is a grave risk that the CCTV industry is out of control. Fueled
by fear of crime, the systems take on a life of their own, defying
quantification and quashing public debate. In a very short time, thesystems have challenged some fundamental tenets of justice, and createdthe threat of a surveillance society. Other more traditional approaches
to law enforcement and social justice are being undermined without due

CCTV is emerging as one of this centuries most profoundly important
developments, and its implications need urgently to be debated.

[More information about Privacy International may be found at]

[2] PI Conference Explores Surveillance Technologies

More than 60 people attended the joint EPIC/Privacy International
conference on Advanced Surveillance Technologieson September 4, onCopenhagen, Denmark. Presentations explored the revolution in policingtechnologies, individual tracking in modern transportation systems,
surveillance of Internet communications, and identification systems.
The conference was reported in the Sunday Times of London,
the New Scientist, and several other European publications.

Privacy International and EPIC announced that they would host AdvancedSurveillance Technologies II on September 17, 1996 in Ottawa, Canadain conjunction with the 18th International Conference of Data Protection
and Privacy Commissioners.

More information about the Advanced Surveillance Technology conference
is available at

[3] Dutch-Canadian Report Endorses Anonymity

The Dutch Data Protection Authority (Registratiekamer) and the
Information and Privacy Commissioner for the Province of Ontario, Canada(IPC) have just released a new report "Privacy-Enhancing Technologies:
The Path to Anonymity." The study is the first ever undertaken by two
privacy agencies and offers a strong policy basis for privacy-enhancing

The report recommends that:

1. International information systems design standards should be
developed incorporating the need to examine whether an individual's
identity is truly required for the operation of various process within
the system.

2. At the design stage of any new information system, or when revisingone, the collection and retention of identifiable personal informationshould be kept to an absolute minimum.

3. Consistent with the privacy principles that information system should
be transparent and open to view to data subjects, they should also
provide users with the ability to control the disclosure of their
personal information. Data subjects must be placed in a position to
decide for themselves whether or not their identity should be revealed
or maintained in an information system.

4. Data protection commissioners, privacy commissioners and their staffshould make every effort to educate the public and raise levels of
awareness in the area of privacy-enhancing technologies. The use of
privacy-enhancing technologies by public and private sector
organizations should be also encouraged.

The report is available from Office of the Information and Privacy
Commissioner/Ontario, 80 Bloor St., West, Suite 1700, Toronto, Ontario
Canada M5S 2V1 or 1/800-387-0073 416/326-3333 fax 416/325-9195. There is
no cost for the report.

[4] CSA Announces Privacy Standards

The Canadian Standards Association has released a new report to promoteprivacy standards in the private sector, "Implementing Privacy Codes
of Practice" is a comprehensive review of the development andimplementation of privacy codes. The report includes the CSA ModelCode and describes methods for implementation.

The CSA Model Code is based on the following ten principles thatshould apply to all technologies and types of businesses:

1. *Accountability.* An organization is responsible for personal
information under its control and shall designate a person who is
accountable for the organization's compliance with the following

2. *Identifying Purposes.* The purposes for which personal informationis collected shall be identified but he organization at or before thetime the information is collected.

3. *Consent.* The knowledge and consent of the individual are requiredfor the collection, use, or disclosure of personal information, exceptwhere inappropriate.

4. *Limiting Collection.* The collection of personal information shallbe limited to that which is necessary for the purposed identified bythe organization. Information shall be collected by fair and lawfulmeans.

5. *Limiting Use, Disclosure, Retention.* Personal information shall notbe used or disclosed for purposed other than those for which it was
collected, except with the consent of the individual as required by law.
Personal information shall be retained only as long as necessary for the
fulfillment of those purposes.

6. *Accuracy.* Personal information shall be as accurate, complete andup-to-date as is necessary for the purposes for which it is being used.

7. *Safeguards.* Personal information shall be protected by securitysafeguards appropriate to the sensitivity of the information.

8. *Openness.* An organization shall made readily available to an
individual specific information about its policies and practices
relating to its handling of personal information.

9. *Individual Access.* Upon request an individual shall be informed ofthe existence, use, and disclosure of personal information about theindividual and shall be given access to that information. An individualshall be able to challenge the accuracy and completeness of the
information and have it amended as appropriate.

10. *Challenging Compliance.* An individual shall be able to challenge
compliance with the above principles with the person who is accountablewithin the organization.

David McKendry, National Director of Consumer Affairs Consulting atPrice Waterhouse and chair of the CSA's Technical Committee onPrivacy, said "Consumers need to be assured that their personalprivacy is not threatened in the information age."

This is a comprehensive report that should be very useful to privateorganizations that are planning to implement privacy codes. Thereport includes particularly useful tips for making privacy codeswork in practice such as organizational incentives for adoptingprivacy codes
The report was prepared by Canadian privacy expert Colin Bennet who
is also author of Regulating Privacy: Data Protection and Public
Policy in Europe and the United States (Cornell 1992).

More information about the CSA report is available from or The Director, Standards Programs,
Standards Development, Canadian Standards Association, 178 Rexdale
Blvd., Etobicoke, Ontario, Canada M9W 1R3.

[5] Around the Globe: Privacy Notes

[From *Privacy Times,* an excellent newsletter on privacy issues.
Contact Evan Hendricks at]

Canadian Privacy Commissioner Bruce Phillips has issued a strong callfor legislation giving consumers rights to control information about
themselves held by banks, telecommunications firms and interpovincialtransportation companies.

"Reluctantly, and by stages I have come to the view that 'volunteerism'
is inadequate," said Phillips. "Collection of personal informationinformation, much of it without knowledge or consent, is now a hugebusiness and getting more huge all the time. as individuals we have a
right to exercise some control over this traffic, but all the jawboning
of recent years has had little impact." Phillips report discuss theinformation superhighway, encryption, DNA, drug testing, and model
privacy codes. Contact Office of Privacy Commission, 112 Kent St.,
Ottawa, Ontario K1A 1H3 613/995-2410, 613/995-1501 (fax).

In New Zealand, Privacy Commissioner Bruce Slane has published aproceeding of the June 1995 Privacy Issues Forum held at the Victoria
University of Wellington. The 280-page report covers technology,
genetic information, surveillance and investigation, children'srights, employer/employees rights, credit reporting, tasks of aprivacy officer, data matching and public registers. Slane has alsoannounced the creation of a home page: or Contact: PO Box 466,
New Zealand, (64-9 302 2160; 6-49 202-2305 (fax)).

Elizabeth France, the United Kingdom's Data Protection Registrar, has
issued he first annual report since replacing Eric Howe last September.
"Using Law to Protect Your Information" discusses efforts to spread
awareness and create a culture of data protection. Contact: D.P.
Registrar, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF; 44
625 535 711; 44 625 524 510 [fax])

[6] Upcoming Privacy Related Conferences and Events

Electronic Democracy '95. October 2-3. Ottawa, Ontario. Sponsored byRiley Information Services. Speakers include Robert Ellis Smith,
Jim Warren, Ontario Privacy Commissioner Tom Wright and CanadianNational Archivist Jean-Pierre Wallot. Contact 416/593-7352,
416/593-0249 (fax) or email 76470.336compuserve.


The Good, the Bad, and the Internet, A Conference on the Big Issues in
Information Technology, CPSR Annual Meeting, 750 South Halsted, Chicago
Circle Center, University of Illinois - Chicago, IL, October 7-8.

Plenary sessions on:
* Democratizing the Internet * Which way for Privacy and Civil Liberties ?
* Technology and Jobs: New jobs ? No jobs? Rethinking work * Local Initiatives in Democratizing Technology * Election Year 1996: Towards a Technology Platformplus workshops, hands-on demos, and a virtual conference

18th National Information Systems Security Conference. October 10-13.
Baltimore, MD. Sponsored by NSA and NIST. Contact: 301-975-3883.

Smithsonian Institution, "Frontiers in Cyberspace: Encryption, Privacy,
and Cybercodes. October 25, 1995. Marc Rotenberg, Director, Electronic
Privacy Information Center (EPIC), Philip Zimmerman, Creator, Pretty
Good Privacy (PGP); Stewart Baker, Attorney, Steptoe & Johnson. Contact:
Melody Curtis (

Managing the Privacy Revolution. October 31 - November 1, 1995.
Washington, DC. Sponsored by Privacy & American Business. Speakers
include Mike Nelson (White House) C.B. Rogers (Equifax) and Marc
Rotenberg (EPIC). Contact Alan Westin 201/996-1154.

Innovation and the Information Environment. November 3-4. University
of Oregon School of Law in Eugene, Oregon. Contact: Keith

National Privacy and Public Policy Symposium. November 2-4., Hartford,
Cosponsored by the Connecticut Foundation for Open Government. Contact
Richard Akeroyd, 203/566-4301 (tel),
203/566-8940 (fax)

22nd Annual Computer Security Conference and Exhibition. November 6-8,
Washington, DC. Sponsored by the Computer Security Institute.
Contact: 415-905-2626.

Global Security and Global Competitiveness: Open Source Solutions.
November 7-9. Washington, D.C. Sponsored by OSS. Contact: Robert

11th Annual Computer Security Applications Conference: Technicalpapers, panels, vendor presentations, and tutorials that address theapplication of computer security and safety technologies in the civil,
defense, and commercial environments. December 11-15, 1995, New Orleans,
Louisiana. Contact Vince Reed at (205)890-3323 or

Computers Freedom and Privacy '96. March 27-30. Cambridge, Mass.
Sponsored by MIT, ACM and WWW Consortium. Contact or
Conference on Technological Assaults on Privacy, April 18-20, 1996.
Rochester Institute of Technology, Rochester, New York. Papers should
be submitted by February 1, 1996. Contact Wade Robison,
by FAX at (716) 475-7120, or by phone at (716) 475-6643.

Australasian Conference on Information Security and Privacy June24-26, 1996. New South Wales, Australia. Sponsored by AustralasianSociety for Electronic Security and University of Wollongong. Contact:
Jennifer Seberry (

Visions of Privacy for the 21st Century: A Search for Solutions.
May 9-11, 1996. Victoria, British Columbia. Sponsored by The Office
of Information and Privacy Commissioner for the Province of British
Columbia and the University of Victoria. Program at
18th International Conference of Data Protection and Privacy
Commissioners. Sponsored by the Privacy Commissioner of Canada.
September 18-20, 1996. Ottawa, Canada.

Advanced Surveillance Technologies II. Sponsored by EPIC and PrivacyInternational. September 17, 1995. Ottawa, Canada. Contact
International Colloquium on the Protection of Privacy and PersonalInformation. Commission d'acces a l'information du Quebec. May 1997.
Quebec City, Canada.

(Send calendar submissions to

The EPIC Alert is a free biweekly publication of the ElectronicPrivacy Information Center. To subscribe, send the message:

to You may also receive the Alert by reading theUSENET newsgroup

Back issues are available via orFTP/WAIS/Gopher/HTTP from /cpsr/alert/ and on Compuserve (GoNCSA), Library 2 (EPIC/Ethics).

The Electronic Privacy Information Center is a public interestresearch center in Washington, DC. It was established in 1994 tofocus public attention on emerging privacy issues relating to theNational Information Infrastructure, such as the Clipper Chip, theDigital Telephony proposal, medical record privacy, and the sale ofconsumer data. EPIC is sponsored by the Fund for ConstitutionalGovernment and Computer Professionals for Social Responsibility. EPICpublishes the EPIC Alert and EPIC Reports, pursues Freedom ofInformation Act litigation, and conducts policy research on emergingprivacy issues. For more information, email, WWW atHTTP:// or write EPIC, 666 Pennsylvania Ave., SE, Suite
301, Washington, DC 20003. (202) 544-9240 (tel), (202) 547-5482 (fax).

The Fund for Constitutional Government is a non-profit organizationestablished in 1974 to protect civil liberties and constitutionalrights. Computer Professionals for Social Responsibility is anational membership organization of people concerned about the impactof technology on society. For information contact:
If you'd like to support the work of the Electronic Privacy InformationCenter, contributions are welcome and fully tax-deductible. Checks
should be made out to "The Fund for Constitutional Government" and sent
to EPIC, 666 Pennsylvania Ave., SE, Suite 301, Washington DC 20003.

Your contributions will help support Freedom of Information Actlitigation, strong and effective advocacy for the right of privacy andefforts to oppose government regulation of encryption and funding ofthe National Wiretap Plan..

Thank you for your support.

END EPIC Alert 2.10

WorldLII: Copyright Policy | Disclaimers | Privacy Policy | Feedback