You are here:
EPIC Alert >>
 EPICAlert 10
EPIC Alert 2.10  EPICAlert 10 (24 September 1995)
Volume 2.10 September 24, 1995
Published by the Electronic Privacy Information Center (EPIC)
Washington, DC infoepic.org http://www.epic.org/
*Special Edition: International Privacy*
--> CPSR Annual Conference is October 7-8 in Chicago <--
Table of Contents
 PI Calls for CCTV Debate
 PI/EPIC Conference Explores Surveillance Technologies
 Dutch-Canadian Report Endorses Anonymity
 CSA Announces Privacy Standards
 Around the Globe: Privacy Notes
 Upcoming Conferences and Events
 Privacy International Calls for CCTV Debate
[On September 8, ABC News 20/20 ran a special segment on Closed CircuitTelevision and the growth of surveillance technologies. Simon
Director General of Privacy International, spoke about the threat todemocratic government. He provided this statement from London]
In recent years, the use of Closed Circuit Television (CCTV) in the UKhas grown to unprecedented levels. Between 150 and 300 million
poundsper year is now spent on a surveillance industry involving an estimated200,000 cameras. According to the British Security Industry
more than three quarters of these systems have been professionallyinstalled. Most towns and cities are moving to CCTV surveillance
ofpublic areas, housing estates, car parks and public facilities. Growthin the market is estimated at fifteen to twenty per cent
Many Central Business Districts in Britain are now covered bysurveillance camera systems involving a linked system of cameras withfull
pan, tilt, zoom and infrared capacity. Their use on private
property is also becoming popular. Increasingly, police and localcouncils are placing camera systems into housing estates and red
districts. Residents Associations are independently organising their ownsurveillance initiatives. Tens of thousands of cameras operate
inpublic places,; in phone booths, vending machines, buses, trains, taxis,
alongside motorways and inside Automatic Teller Machines. Barclays has
pioneered the use of pin-hole cameras in its cash machines, and thislead is being followed by other banks.
The government is heavily promoting the use of video surveillance as a
key plank in its law and order strategy. One initiative was to offer a
funding pot to support local CCTV projects. The Home Secretary first
announced the CCTV competition on 18 October 1994. There were 480 bids
from local authorities, community groups, schools and industrial
estates. Nationally, more than one hundred schemes received a share of
the 5 million funding, with a further 13.8 million levered in from other
partnerships. National winners of the Home Office CCTV competition wereannounced in March.
These systems involve sophisticated technology. Features include nightvision, computer assisted operation, and motion detection facilities
which allows the operator to instruct the system to go on red alert when
anything moves in view of the cameras. Camera systems increasingly
employ bullet-proof casing, and automated self defence mechanisms.
The clarity of the pictures is usually excellent, with many systems
being able to read a cigarette packet at a hundred metres. The systems
can often work in pitch blackness, bringing images up to daylight level.
According to statistics published by police districts and local
councils, the effect on crime is dramatic. Car theft is reduced by up to
ninety percent, while assaults and theft drop by as much as 75 per cent.
The justification for CCTV is seductive, but the evidence is not
convincing. In a report to the Scottish Office on the impact of CCTV,
Jason Ditton, Director of the Scottish Centre for Criminology, argued
that the claims of crime reduction are little more than fantasy. "All
(evaluations and statistics) we have seen so far are wholly unreliable",
The British Journal of Criminology described the statistics as
"....post hoc shoestring efforts by the untrained and self interestedpractitioner.
In short, the crime statistics are without credibility. They arecollected over too short a time, in dubious circumstances, and without
regard for statistical conventions. Different categories of crime areindiscriminately combined, concealing possible increases in some
anddecreases in others.
The crime statistics rarely, if ever, reflect the hypothesis that CCTV
merely displaces criminal activity to areas outside the range of the
cameras. One of the features of current surveillance practice isthat the cameras are often installed in high-rent commercial areas.
Crime may be merely pushed from high value commercial areas into low
rent residential areas. Councils often find that it is impossible toresist demands for such systems.
Originally installed to deter burglary, assault and car theft, in
practice most camera systems have been used to combat what town
officials call ''anti-social behavior,'' including many such minor
offences as littering, urinating in public, traffic violations,
fighting, obstruction, drunkenness, and evading meters in town parking
lots. They have also been widely used to intervene in other undesirable
behaviour such as underage smoking and a variety of public ordertransgressions.
According to a Home Office promotional booklet, CCTV can be a solution
for such problems as vandalism, drug use, drunkenness, racial
harassment, sexual harassment, loitering and disorderly behaviour. Otherinnovative uses are constantly being discovered. The cameras
areparticularly effective in detecting people using marijuana and other
Authorities in Britain are slowly pushing out the limits of camera
surveillance. For the past ten years, hospitals have used Covert Video
Surveillance (CVS) to monitor parents who visit their children. These
videos are taken by concealed cameras and microphones located behind the
walls of specially prepared surveillance rooms, and are used in casesof unexplained injuries or illnesses.
The video surveillance boom is likely to extend even inside the home.
Andrew May, Assistant Chief Constable of South Wales, has urged victims
of domestic violence to conceal video cameras in their homes to collect
evidence. Michael Jack, then Minister for State at the Home Office was
reported as responding that the idea brought a "freshness of approach"
which highlighted the role of new technology.
Privacy International believes the CCTV trend involves a number of grave
risks. A situation is developing in which CCTV surveillance is socommonplace that fundamental changes are occuring in policing, community
development policy and personal privacy.
Privacy International is calling on the UK government to prohibit or
restrict the use of three categories of CCTV equipment, and to institute
a range of protections and legislation to cover all systems.
The categories that require immediate restriction are :
Computerised Face Recognition (CFR) systems that have the capacity to
automatically compare faces captured on CCTV, with a database of
facial images. Several police and commercial organisations are developing this technology. Manchester City Football Club has
installed a system at its Maine Road Ground.
Infra-red, high sensitivity equipment, and systems operating outside
the visible light spectrum. These include Forward Looking Infra-red
Radar (FLIR) systems able to detect activity behind walls, and infra-red systems able to detect activities in darkness.
Miniature and micro-engineered devices designed for covert
surveillance. Around 125,000 of these devices are sold each year
from UK surveillance equipment outlets.
The current legal situation is that visual surveillance escapes the
cover of law. Privacy International believes this is an unacceptable
situation. Surveillance should not be conducted without legal
protections, and legislation should be passed without delay. Planning
jurisdiction should be returned to Councils to re-establish some
democratic mechanism in the development of wide-scale urban CCTV
There is a grave risk that the CCTV industry is out of control. Fueled
by fear of crime, the systems take on a life of their own, defying
quantification and quashing public debate. In a very short time, thesystems have challenged some fundamental tenets of justice, and
createdthe threat of a surveillance society. Other more traditional approaches
to law enforcement and social justice are being undermined without due
CCTV is emerging as one of this centuries most profoundly important
developments, and its implications need urgently to be debated.
[More information about Privacy International may be found athttp://www.privacy.org/pi/]
 PI Conference Explores Surveillance Technologies
More than 60 people attended the joint EPIC/Privacy International
conference on Advanced Surveillance Technologieson September 4, onCopenhagen, Denmark. Presentations explored the revolution in
policingtechnologies, individual tracking in modern transportation systems,
surveillance of Internet communications, and identification systems.
The conference was reported in the Sunday Times of London,
the New Scientist, and several other European publications.
Privacy International and EPIC announced that they would host AdvancedSurveillance Technologies II on September 17, 1996 in Ottawa,
Canadain conjunction with the 18th International Conference of Data Protection
and Privacy Commissioners.
More information about the Advanced Surveillance Technology conference
is available at http://www.privacy.org/pi/conference/
 Dutch-Canadian Report Endorses Anonymity
The Dutch Data Protection Authority (Registratiekamer) and the
Information and Privacy Commissioner for the Province of Ontario, Canada(IPC) have just released a new report "Privacy-Enhancing Technologies:
The Path to Anonymity." The study is the first ever undertaken by two
privacy agencies and offers a strong policy basis for privacy-enhancing
The report recommends that:
1. International information systems design standards should be
developed incorporating the need to examine whether an individual's
identity is truly required for the operation of various process within
2. At the design stage of any new information system, or when revisingone, the collection and retention of identifiable personal informationshould
be kept to an absolute minimum.
3. Consistent with the privacy principles that information system should
be transparent and open to view to data subjects, they should also
provide users with the ability to control the disclosure of their
personal information. Data subjects must be placed in a position to
decide for themselves whether or not their identity should be revealed
or maintained in an information system.
4. Data protection commissioners, privacy commissioners and their staffshould make every effort to educate the public and raise levels
awareness in the area of privacy-enhancing technologies. The use of
privacy-enhancing technologies by public and private sector
organizations should be also encouraged.
The report is available from Office of the Information and Privacy
Commissioner/Ontario, 80 Bloor St., West, Suite 1700, Toronto, Ontario
Canada M5S 2V1 or 1/800-387-0073 416/326-3333 fax 416/325-9195. There is
no cost for the report.
 CSA Announces Privacy Standards
The Canadian Standards Association has released a new report to promoteprivacy standards in the private sector, "Implementing Privacy
of Practice" is a comprehensive review of the development andimplementation of privacy codes. The report includes the CSA ModelCode
and describes methods for implementation.
The CSA Model Code is based on the following ten principles thatshould apply to all technologies and types of businesses:
1. *Accountability.* An organization is responsible for personal
information under its control and shall designate a person who is
accountable for the organization's compliance with the following
2. *Identifying Purposes.* The purposes for which personal informationis collected shall be identified but he organization at or before
thetime the information is collected.
3. *Consent.* The knowledge and consent of the individual are requiredfor the collection, use, or disclosure of personal information,
4. *Limiting Collection.* The collection of personal information shallbe limited to that which is necessary for the purposed identified
bythe organization. Information shall be collected by fair and lawfulmeans.
5. *Limiting Use, Disclosure, Retention.* Personal information shall notbe used or disclosed for purposed other than those for which
collected, except with the consent of the individual as required by law.
Personal information shall be retained only as long as necessary for the
fulfillment of those purposes.
6. *Accuracy.* Personal information shall be as accurate, complete andup-to-date as is necessary for the purposes for which it is
7. *Safeguards.* Personal information shall be protected by securitysafeguards appropriate to the sensitivity of the information.
8. *Openness.* An organization shall made readily available to an
individual specific information about its policies and practices
relating to its handling of personal information.
9. *Individual Access.* Upon request an individual shall be informed ofthe existence, use, and disclosure of personal information
about theindividual and shall be given access to that information. An individualshall be able to challenge the accuracy and completeness
information and have it amended as appropriate.
10. *Challenging Compliance.* An individual shall be able to challenge
compliance with the above principles with the person who is accountablewithin the organization.
David McKendry, National Director of Consumer Affairs Consulting atPrice Waterhouse and chair of the CSA's Technical Committee onPrivacy,
said "Consumers need to be assured that their personalprivacy is not threatened in the information age."
This is a comprehensive report that should be very useful to privateorganizations that are planning to implement privacy codes. Thereport
includes particularly useful tips for making privacy codeswork in practice such as organizational incentives for adoptingprivacy
The report was prepared by Canadian privacy expert Colin Bennet who
is also author of Regulating Privacy: Data Protection and Public
Policy in Europe and the United States (Cornell 1992).
More information about the CSA report is available from
bankjcsa.mhs.compuserve.com or The Director, Standards Programs,
Standards Development, Canadian Standards Association, 178 Rexdale
Blvd., Etobicoke, Ontario, Canada M9W 1R3.
 Around the Globe: Privacy Notes
[From *Privacy Times,* an excellent newsletter on privacy issues.
Contact Evan Hendricks at privacytimesdgs.dgsys.com]
Canadian Privacy Commissioner Bruce Phillips has issued a strong callfor legislation giving consumers rights to control information
themselves held by banks, telecommunications firms and interpovincialtransportation companies.
"Reluctantly, and by stages I have come to the view that 'volunteerism'
is inadequate," said Phillips. "Collection of personal informationinformation, much of it without knowledge or consent, is now a
hugebusiness and getting more huge all the time. as individuals we have a
right to exercise some control over this traffic, but all the jawboning
of recent years has had little impact." Phillips report discuss theinformation superhighway, encryption, DNA, drug testing, and model
privacy codes. Contact Office of Privacy Commission, 112 Kent St.,
Ottawa, Ontario K1A 1H3 613/995-2410, 613/995-1501 (fax).
In New Zealand, Privacy Commissioner Bruce Slane has published aproceeding of the June 1995 Privacy Issues Forum held at the Victoria
University of Wellington. The 280-page report covers technology,
genetic information, surveillance and investigation, children'srights, employer/employees rights, credit reporting, tasks of aprivacy
officer, data matching and public registers. Slane has alsoannounced the creation of a home page: http://www.kete.co.nz orhttp://www.kete.co.nz/privacy/welcome.htm.
Contact: PO Box 466,
New Zealand, (64-9 302 2160; 6-49 202-2305 (fax)).
Elizabeth France, the United Kingdom's Data Protection Registrar, has
issued he first annual report since replacing Eric Howe last September.
"Using Law to Protect Your Information" discusses efforts to spread
awareness and create a culture of data protection. Contact: D.P.
Registrar, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF; 44
625 535 711; 44 625 524 510 [fax])
 Upcoming Privacy Related Conferences and Events
Electronic Democracy '95. October 2-3. Ottawa, Ontario. Sponsored byRiley Information Services. Speakers include Robert Ellis Smith,
Jim Warren, Ontario Privacy Commissioner Tom Wright and CanadianNational Archivist Jean-Pierre Wallot. Contact 416/593-7352,
416/593-0249 (fax) or email 76470.336compuserve.
The Good, the Bad, and the Internet, A Conference on the Big Issues in
Information Technology, CPSR Annual Meeting, 750 South Halsted, Chicago
Circle Center, University of Illinois - Chicago, IL, October 7-8.
Plenary sessions on:
* Democratizing the Internet * Which way for Privacy and Civil Liberties ?
* Technology and Jobs: New jobs ? No jobs? Rethinking work * Local Initiatives in Democratizing Technology * Election Year
1996: Towards a Technology Platformplus workshops, hands-on demos, and a virtual conference
18th National Information Systems Security Conference. October 10-13.
Baltimore, MD. Sponsored by NSA and NIST. Contact: 301-975-3883.
Smithsonian Institution, "Frontiers in Cyberspace: Encryption, Privacy,
and Cybercodes. October 25, 1995. Marc Rotenberg, Director, Electronic
Privacy Information Center (EPIC), Philip Zimmerman, Creator, Pretty
Good Privacy (PGP); Stewart Baker, Attorney, Steptoe & Johnson. Contact:
Melody Curtis (CurtisMaol.com)
Managing the Privacy Revolution. October 31 - November 1, 1995.
Washington, DC. Sponsored by Privacy & American Business. Speakers
include Mike Nelson (White House) C.B. Rogers (Equifax) and Marc
Rotenberg (EPIC). Contact Alan Westin 201/996-1154.
Innovation and the Information Environment. November 3-4. University
of Oregon School of Law in Eugene, Oregon. Contact: Keith AokiKAOKIlaw.uoregon.edu.
National Privacy and Public Policy Symposium. November 2-4., Hartford,
Cosponsored by the Connecticut Foundation for Open Government. Contact
Richard Akeroyd, rakeroydcsunet.ctsateu.edu 203/566-4301 (tel),
22nd Annual Computer Security Conference and Exhibition. November 6-8,
Washington, DC. Sponsored by the Computer Security Institute.
Global Security and Global Competitiveness: Open Source Solutions.
November 7-9. Washington, D.C. Sponsored by OSS. Contact: Robert Steeleossoss.net.
11th Annual Computer Security Applications Conference: Technicalpapers, panels, vendor presentations, and tutorials that address theapplication
of computer security and safety technologies in the civil,
defense, and commercial environments. December 11-15, 1995, New Orleans,
Louisiana. Contact Vince Reed at (205)890-3323 or vreedmitre.org.
Computers Freedom and Privacy '96. March 27-30. Cambridge, Mass.
Sponsored by MIT, ACM and WWW Consortium. Contact cfp96mit.edu orhttp://www-swiss.ai.mit.edu/~switz/cfp96
Conference on Technological Assaults on Privacy, April 18-20, 1996.
Rochester Institute of Technology, Rochester, New York. Papers should
be submitted by February 1, 1996. Contact Wade Robison privacyrit.edu,
by FAX at (716) 475-7120, or by phone at (716) 475-6643.
Australasian Conference on Information Security and Privacy June24-26, 1996. New South Wales, Australia. Sponsored by AustralasianSociety
for Electronic Security and University of Wollongong. Contact:
Jennifer Seberry (jenniecs.uow.edu.au).
Visions of Privacy for the 21st Century: A Search for Solutions.
May 9-11, 1996. Victoria, British Columbia. Sponsored by The Office
of Information and Privacy Commissioner for the Province of British
Columbia and the University of Victoria. Program at
18th International Conference of Data Protection and Privacy
Commissioners. Sponsored by the Privacy Commissioner of Canada.
September 18-20, 1996. Ottawa, Canada.
Advanced Surveillance Technologies II. Sponsored by EPIC and PrivacyInternational. September 17, 1995. Ottawa, Canada. Contact
International Colloquium on the Protection of Privacy and PersonalInformation. Commission d'acces a l'information du Quebec. May 1997.
Quebec City, Canada.
(Send calendar submissions to Alertepic.org)
The EPIC Alert is a free biweekly publication of the ElectronicPrivacy Information Center. To subscribe, send the message:
SUBSCRIBE CPSR-ANNOUNCE Firstname Lastname
to listservcpsr.org. You may also receive the Alert by reading theUSENET newsgroup comp.org.cpsr.announce.
Back issues are available via http://www.epic.org/alert/ orFTP/WAIS/Gopher/HTTP from cpsr.org /cpsr/alert/ and on Compuserve (GoNCSA),
Library 2 (EPIC/Ethics).
The Electronic Privacy Information Center is a public interestresearch center in Washington, DC. It was established in 1994 tofocus
public attention on emerging privacy issues relating to theNational Information Infrastructure, such as the Clipper Chip, theDigital
Telephony proposal, medical record privacy, and the sale ofconsumer data. EPIC is sponsored by the Fund for ConstitutionalGovernment
and Computer Professionals for Social Responsibility. EPICpublishes the EPIC Alert and EPIC Reports, pursues Freedom ofInformation
Act litigation, and conducts policy research on emergingprivacy issues. For more information, email infoepic.org, WWW atHTTP://www.epic.org
or write EPIC, 666 Pennsylvania Ave., SE, Suite
301, Washington, DC 20003. (202) 544-9240 (tel), (202) 547-5482 (fax).
The Fund for Constitutional Government is a non-profit organizationestablished in 1974 to protect civil liberties and constitutionalrights.
Computer Professionals for Social Responsibility is anational membership organization of people concerned about the impactof technology
on society. For information contact: cpsr-infocpsr.org
If you'd like to support the work of the Electronic Privacy InformationCenter, contributions are welcome and fully tax-deductible.
should be made out to "The Fund for Constitutional Government" and sent
to EPIC, 666 Pennsylvania Ave., SE, Suite 301, Washington DC 20003.
Your contributions will help support Freedom of Information Actlitigation, strong and effective advocacy for the right of privacy
andefforts to oppose government regulation of encryption and funding ofthe National Wiretap Plan..
Thank you for your support.
END EPIC Alert 2.10