Warning

JUser: :_load: Unable to load user with ID: 65

These days, of all human rights the right to privacy finds itself under the most pressure. Therefore, it is of great importance that the government, being the largest privacy violator, is tightly controlled by means of proper legislation. With good checks & balances, for the government itself as well as for monitoring possible privacy violators such as Microsoft, Google, Apple and large ICT companies like Cisco and Intergraph that set up entire electronic surveillance infrastructures in China.

Under the ‘principle of security’, current Western democracies are increasingly being led by suspicion, hate and control instead of the principles of trust, love and freedom. And all of this to protect those last three mentioned? In the view of Privacy First, the line in the sand has already been drawn in 2001. Under the guise of security our legislation has been heavily modified to the disadvantage of individual citizens and through function creep the boundaries of the application of this legislation are continuously being stretched. Will loitering youth and football hooligans soon be seen as criminal or terrorist organisations under our judicial system? And what about everyone who thinks or acts differently? Where can we draw the line? And who makes the decisions over this? And who will scrutinize the decision maker and the executor?

At the moment, it is under the big heading of ‘profiling’ that ever more privacy violations take place. The aim of profiling is tracking entire populations or target groups in order to identify so-called 'outliers' through criteria and norms that are to be imposed. Outliers are deviations from the norm: people who behave differently than the ‘normal group’, or a specific group the government has set its eyes upon, whoever it may concern. People who have unpaid bills, who drive too fast, who gather in groups, attorneys, journalists, activists, airplane passengers, those entitled to public aid, sect members, etc. Just identify and track them, you never know if there’s someone amongst them who hasn’t abided by the rules or who fits a certain profile you’re looking for.

Profiling is characterised by four aspects that in our perception are in conflict with the Dutch Constitution as the basis for our constitutional State:

  • The reversion of a fundamental principle of law: citizens are tracked en masse without a concrete, reasonable suspicion of a crime. Through profiling everyone becomes a potential suspect and everyone’s privacy can be violated unpunished.
  • With the current state of technology, profiling is aimed at continuous, real-time identification instead of passive registration and analysis of data of a citizen under reasonable suspicion. So we move from registration to identification, without the authorization and awareness of the trustful citizen. In this way, out of its own distrust the government abuses the good faith of citizens and in so doing imposes its own standard criteria. Without any democratic evaluation or strict legal guarantees.
  • The application of the technology used for profiling is based on the principle that ‘everything’s allowed if it’s technically possible’. For the greater part this development is invisible for citizens. Subway stations, trains, busses, trams, inner cities, police helmets and even parking machines (!) in Amsterdam are incessantly being equipped with cameras. These are linked to central control rooms and, where possible, fitted with identification and pattern recognition software in order to be able to directly perceive ‘suspicious matters’. The mantra of our government: ‘ill doers are ill deemers’.
  • Increasing restrictions to internet freedom of companies and individuals. Since 2010 all our personal telephone and email correspondence are being stored. All this is being done to prepare for profiling. At the moment the US Congress is working on a legislative proposal (Cyber Intelligence Sharing and Protection Act, CISPA) which grants private businesses and the US government the right to spy on citizens at any given moment and for as long as they want and to report them in case there are ‘outliers’. All of this without the need for a warrant. WikiLeaks, child porn, copying illegal content and the like are all too readily used to introduce new legislation to further restrict our internet freedom and which is to be applied in other areas the government wants to have control over. Preferably on a worldwide scale, without any democratic scrutiny. The government obliges citizens to increasingly use online services: the Citizen ‘Service’ (Control that is) Number (in Dutch: Burger Service Nummer, BSN), the Electronic Child File (Elektronisch Kind Dossier, EKD/DDJGZ), the Electronic Student File (Elektronisch Leerlingen Dossier, ELD), Diagnosis Treatment Combinations in healthcare (Diagnose Behandel Combinaties, DBC’s), etc. Of every citizen an ‘electronic life file’ comes into existence which in conjunction with electronic traces are to become able to predict suspect or deviant behaviour. Preferably in real-time and online. All of this, naturally, to protect our freedom...

In case fingerprints in passports will be replaced by new biometric features, the road will be cleared for a much worse form of profiling. Through the use of facial scans in databases, citizens will be able to be identified and tracked in public spaces in real-time and to be singled out through profiling on the basis of criteria predetermined by ‘someone’. In this process the government deliberately focuses on modifying the technology. As a result, there is 'fortunately' no need to talk about whether or not biometrics are actually desirable in our society, and if so, under which conditions and guarantees. Privacy First advocates for 'privacy by design' and privacy enhanced technologies as well as strict legislation with regard to biometrics and profiling. Because we don’t want to leave our children behind in an electronic concentration camp...

For a free, open and vivid 2012!

Bas Filippini,
Chairman of the Privacy First Foundation

Postscript: in the context of the National Privacy Debate, this column has also been published (in Dutch) as an Opinion by Dutch web-magazine Webwereld: http://webwereld.nl/opinie/110383/profiling-het-grootste-gevaar-voor-privacy--opinie-.html and http://nationaalprivacydebat.nl/article/ww/110383/profiling-het-grootste-gevaar-voor-privacy-opinie

Published in Columns
Friday, 13 April 2012 16:11

Save the internet from the U.S.

The following (translated) call reached us this week from Avaaz (in Dutch) and is fully supported by Privacy First:

‘‘At this very moment, the American Congress wants to secretly adopt a legislative proposal which enables them to spy on internet users everywhere in the world, hoping the world won’t notice it. Last time around we contributed to the fight against the attack on the internet, now let’s do it again.

Over a 100 Congress members support the legislative proposal (CISPA) which grants private businesses and the American government the right to spy on every one of us, at any given moment and for as long as they want without the need for a warrant. This is the third time the American Congress tries to attack our internet freedom. We helped defeat the Stop Online Privacy Act (SOPA) and the Protect IP Act (PIPA) – now we can defeat this new ‘Big Brother law’.

Our global indignation has previously played a leading role in protecting the internet against governments that want to track and control us online. Let’s once more stand united and thwart this law for good. Sign the petition and forward it to anyone who uses the internet: http://www.avaaz.org/en/stop_cispa

The Cyber Intelligence Sharing and Protection Act (CISPA) determines that in a mere case of suspicion of a cyber threat, companies that allow us internet access have the right to collect information about our online activities, to share this information with the government and to refuse notifying us about this. Afterwards they enjoy immunity from prosecution for privacy violations or whichever other illegal activity it may concern. This implies an insane dismantling of the privacy we all have faith in during our daily habits of sending emails, having Skype chats, performing search actions, etc.

But we know the American Congress is afraid of the world’s reaction. It is the third time that they put the attack on our internet freedom in a new jacket in order to push it through after all. The name of the law is repeatedly being changed in the hope that citizens won’t notice it. NGOs that deal with internet rights, like the Electronic Frontier Foundation, have already condemned the legislative proposal on account of violation of privacy protection. It’s time for us to speak out.

Sign the petition for Congress against CISPA. As soon as we have 250.00 signatures we will hand over our petition to every one of the 100 American representatives who support this law: http://www.avaaz.org/en/stop_cispa

Every day internet freedom has to endure the threats from governments from all over the world, but the US can cause the greatest damage since most of the internet’s infrastructure is situated there. Time and again our movement has proved that global public opinion contributes to stopping the US from threatening our internet. Let’s do this again.’’

Published in Online Privacy

Thanks to a FOIA-request by the Privacy First Foundation, the official figures about look-alike fraud with Dutch passports and ID-cards have today, for the first time, become public. From these figures it emerges that the Dutch biometric passport with fingerprints is an absolutely disproportionate measure, the introduction of which should never have been allowed.

The primary argument from the Dutch government for introducing fingerprints in passports and ID-cards has for years been the same: fighting look-alike fraud. Look-alike fraud is a form of abuse whereby someone uses an authentic travel document of someone else to whom his appearance resembles. This kind of swindler is also called an impostor. Questions about the scale of this type of fraud have hardly ever been asked, not by members of Dutch Parliament, nor by scientists or journalists. Those who raised a question about it in the last ten years were usually provided with an answer that left them none the wiser: figures about look-alike fraud would be ‘unknown’, ‘not publicly available’, ‘confidential’, or ‘secret’. The answer to the most recent parliamentary question in this respect dates back to October 2010:

- Question: ‘‘Is it true that the figures of look-alike fraud with ID documents are known, but that you are unwilling to provide them to the House of Representatives? Are you actually prepared to provide these figures to the House of Representatives?’’
- Answer by Dutch State Secretary Ank Bijleveld (Ministry of the Interior): ‘‘No, this is not true. Since such figures are unknown to me, it’s obvious I cannot send them to you.’’ (Dutch source)

Those who have been asking supplementary questions in recent years were often told we would be facing a massive phenomenon. In this way the idea of a 'dark figure' of crime of almost mythical proportions came into existence. That is to say, without any trace of evidence. So recently the Privacy First Foundation filed a FOIA-request to the department of the Dutch government that has been keeping track of the figures on look-alike fraud for years: the Dutch Expertise Centre on Identity fraud and Documents (Expertisecentrum Identiteitsfraude & Documenten, ECID) based at Schiphol Airport. The ECID falls under the Royal Netherlands Marechaussee (KMar) and is thus part of the Dutch Ministry of Defence. Privacy First knew from a reliable source that those figures could be found in the clear annual reports of the ECID from 2008 onwards. So recently we have simply made a request for those reports by email. Subsequently Privacy First received the Statistic Annual Overviews on Document Fraud (Statistische Jaaroverzichten Documentfraude) from 2008 to 2010 from the Ministry of Defence. (Update: the statistics from 2011 followed on 29 May 2012.) The following figures result from these annual reports relating to look-alike fraud with Dutch passports and ID-cards on Dutch soil:   

2008: 46 cases (source: Statistisch Jaaroverzicht Documentfraude 2008, p. 45)

2009: 33 cases (source: Statistisch Jaaroverzicht Documentfraude 2009, pp. 42-43)

2010: 21 cases (source: Statistisch Jaaroverzicht Documentfraude 2010, pp. 52-53)

2011: 19 cases (source: Statistisch Jaaroverzicht Documentfraude 2011, pp. 52-53).

The Netherlands has 17 million inhabitants. By now almost 7.5 million of those had their fingerprints taken to combat a handful of cases of look-alike fraud. By any standard this is a completely disproportionate situation and thereby forms a collective violation of the right to privacy of all Dutch citizens. Privacy First regards these figures as a strong backing in its lawsuit against the Dutch government regarding the new Dutch Passport Act and hereby makes a call to the government to immediately stop the compulsory taking of fingerprints for passports and ID-cards. Regardless of whether or not that’s against European policy.

Update 22 March 2012: At first Privacy First showed the numbers 63 (2009) and 52 (2010). However, those figures were based on a calculating error (they were counted twice), for which we apologise.  

Update 30 March 2012: internal documents from the Dutch Ministry of the Interior from 2004 also imply a relatively low figure for fraud and, moreover, high costs for introducing biometric technology in travel documents. Privacy First recently obtained these documents through a large-scale FOIA investigation that has been ongoing since April 2011.

Update 29 May 2012: Today Privacy First finally received the long-awaited Statistisch Jaaroverzicht Documentfraude 2011 from the Dutch Ministry of Defence. The number of cases of look-alike fraud with Dutch passports and ID-cards on Dutch soil (as far as the KMar is aware) according to this report were respectively... 11 and 8, so just 19 in total. We have updated the list of cases from 2008 to 2010 above with the figures from 2011. So the idea of look-alike fraud as a very small-scale phenomenon is once more confirmed. To burden the entire Dutch population with biometric passports and ID-cards as a countermeasure is and will be completely disproportionate and therefore unlawful.

Published in FOIA Requests

Privacy-wise these are turbulent times. Partly because of the pressure by Privacy First, a positive change is ongoing since last year. Privacy is higher up on the Dutch political agenda. Dutch media more often and more extensively report on privacy matters. This enhances privacy awareness among the Dutch population. It also reinforces our democratic constitutional State. Examples of positive developments are the abandonment of the electronic toll system (no ‘espionage units’ in cars), voluntary instead of compulsory ‘smart energy meters’, voluntary instead of compulsory body-scans at airports, abandonment of the storage of fingerprints under the Dutch Passport Act and the introduction of Privacy Impact Assessments for new legislation that invades the privacy of citizens. All of these developments go hand in hand with Privacy First’s motto: ‘‘your choice in a free society’’. Meanwhile, privacy restricting forces from the old days still have their say. Bad habits die hard. In recent months this became particularly obvious through developments towards a private restart of the Dutch Electronic Health Record (Elektronisch Patiëntendossier, EPD). Earlier this year the Senate had rightly binned the EPD. Apparently some policy makers and commercial parties are having none of this. With similar stubbornness others are currently trying to press through their old plans for Automatic Number Plate Recognition (ANPR) and camera surveillance along the Dutch border. These plans were already on the drawing board years ago, in a time in which privacy increasingly seemed to become a taboo. A time in which the American Bush administration was able to burden the entire European Union with biometric passports and associated databases. That time is over, but the heritage of that era still exerts its influence to this day...

In the meantime privacy is back where it once was. Privacy is the ‘‘new green.’’ In that respect advocates of the national EPD and ANPR are behaving like a bunch of old environmental polluters. They’re like rusty old factories from the 70s being teletransported to the year 2011, without them realizing it. The Dutch House of Representatives seemed to have a good sense for this when last week it unanimously accepted a motion about something that Privacy First has been emphasizing since its foundation: ‘‘Privacy by Design’’. In other words, incorporating privacy from scratch in a technical sense, at the micro level, through Privacy Enhancing Technologies (PET). In the view of Privacy First, however, the principle of ‘‘Privacy by Design’’ also applies to the meso- and macro-levels. That is to say, in an organizational and legislative sense. After all, this is the way you get to a privacy-friendly design as well as a privacy-friendly reality of a sustainable information society as a whole. Well, you can pursue your own line of thoughts here. As a source of inspiration Privacy First is pleased to provide the entire text of the parliamentary motion:

The House of Representatives,

on the advice of the deliberation,

considering that in ICT projects of the government there is too little attention for the protection of privacy and too little attention for the prevention of abuse of these systems;

considering that the privacy of citizens is not to be invaded any more than is strictly necessary and that insecure systems can put privacy in danger;

considering that systems that can easily be hacked seriously affect the reputation of government;

considering that modifying systems to safeguard privacy and enhancing security afterward, is usually more expensive and more often leads to a lower level of protection compared to when privacy and security are prerequisites from the outset of the project;  

requests the government to apply privacy by design and security by design in the development of all new ICT projects in order for new ICT systems to be more secure and better prepared against abuse and only to contain privacy-sensitive information when strictly necessary,

and proceeds to the order of the day.

Published in Law & Politics

On Tuesday 24 May 2011, the Dutch Senate accepted an important motion in which a number of privacy guarantees in new legislation are being confirmed and reinforced. The motion was accepted by an overwhelming majority (Dutch liberal party VVD was the only party to vote against). The previous week the motion was filed (during the Parliamentary debate about digital data processing) by senator Hans Franken (of the Christian-democratic party CDA) and even the Minister of the Interior and Kingdom Relations Piet Hein Donner (CDA) and the State Secretary for Security and Justice Fred Teeven (VVD) had remarked that ‘‘there are a lot of things in there that we can live with just fine’’. Even though formally the motion is not legally binding, part of its contents are and a great deal of political importance is accrued to it. The entire motion reads as follows: 

MOTION BY MEMBER OF THE SENATE FRANKEN AND OTHERS

Proposed 17 May 2011

The House of Representatives,

on the advice of the deliberation,

considering that the fundamental right to the protection of privacy is of great importance in our democratic constitutional State,

considering that there are tendencies to increase and reinforce possible limitations to this fundamental right in new legislation,

considering also that in the event of making new legislation, particular attention should be paid to the question whether or not limitations to the fundamental right to the protection of privacy are justified,

considering that in order to answer this question, it must subsequently be measured up against treaty obligations on the basis of the following criteria:

  • 1. The necessity, effectiveness and practicality of the measure,
  • 2. The proportionality; the infringement may not be greater than is strictly necessary,
  • 3. The results of a Privacy Impact Assessment, in order for the risks that the measure implies to be examined beforehand,
  • 4. The possibility of effective supervision and control of the bringing into practice of the measure, which is to be realized through audits by an independent supervisor,
  • 5. Limitations to the period of validity through a sunset clause or at least an evaluation clause,

requests the government to take the above mentioned criteria into consideration in the deliberation and decision-making process of developing legislative proposals in which there are limitations to the fundamental right to protection of privacy, and to report about this in the explanatory memorandum of the legislative proposal concerned,

and proceeds to the order of the day.

Signed by:

Franken (CDA)

Tan (PvdA)

Strik (GroenLinks)

Holdijk (SGP)

Slagter-Roukema (SP)

Staal (D66)

Published in Law & Politics

This week an important policy debate took place in the Dutch Senate with the Minister of the Interior and Kingdom Relations Piet Hein Donner (of the Christian-democratic party CDA) and the State Secretary for Security and Justice Fred Teeven (of the liberal party VVD) about ‘the role of the government in digital data processing’. In the week following up to the debate Privacy First had expressed its views to the Senate. We are pleased to see that many of our views have been accepted (and even literally copied by some parties) throughout the Senate and that even government members Donner and Teeven proved not to be insensitive to them. This goes for both classic rights and principles that need to be reconfirmed as well as some new starting points:

- the right to express, prior and fully informed consent of citizens in the use of their personal data, both by the government and corporations;

- strict purpose limitation and necessity when using personal data;

- the right of citizens to access, correction and deletion of their personal data;

- privacy, freedom of choice, transparency and effectiveness as leading principles in the drafting of new legislation;

- the importance of evaluation and sunset clauses in (new) legislation;

- public cost-benefit analyses;

- public disclosure of departmental feasibility studies, pilot projects and research reports;

- introduction of privacy impact assessments (PIAs) and privacy by design;

- support of the legislative process by means of expert meetings and external advice.

However, the statement by minister Donner that destroying the fingerprints which are stored by Dutch municipalities would still take months is a great disappointment. The same goes for the fact that there is still no ‘fingerprint-free’ ID card; this too could have been implemented a long time ago. Recently Privacy First urged the minister to execute this process as quickly as possible (be it through modifying relevant legislation or through technical modifications).

A draft report of the Parliamentary debate can be found HERE. Our own audio recordings of the debate can be downloaded HERE. A great number of interesting passages from the debate (both by Members of Parliament as well as members of the government) can be found HERE (in Dutch).

Published in Law & Politics

For the benefit of the policy debate in the Dutch Senate on 17 May 2011 about digital data processing the Privacy First Foundation today has sent the following focal points to Senate members. Privacy First hopes that these focal points will take on a guiding role in the debate between the members of the Senate and members of the Dutch government.

Privacy’s First motto is ‘‘your choice in a free society’’ For citizens, this translates into:

- the right to express, prior and fully informed consent of citizens in the use of their personal data, both by the government and corporations;

- any use of personal data is to be strictly necessary and purpose bound;

- citizens have the right to access, correction and deletion of their personal data at all times;

- relevant legislation needs to be known and to be accessible to citizens;

- no new legislation without prior democratic (public) debate.

For the government and Parliament, this translates into:

- privacy, freedom of choice, transparency and efficiency as guiding principles in the drafting of new legislation;

- a preference for formal laws instead of Orders in Council and ministerial regulations;

- no so-called ‘gold-plating’ (add-ons) in the implementation of European legislation;

- mandatory evaluation and sunset clauses;

- an integral approach by considering every new law in conjunction with other, already existing laws and treaties;

- an integral approach by considering all new technical applications in conjunction with other, already existing technical applications;

- public cost-benefit analyses;

- public disclosure of relevant official feasibility studies, pilot projects and research reports;

- making privacy impact assessments (PIAs), privacy by design and privacy enhancing technologies (PET) compulsory;

- support of the legislative process by means of expert meetings and external advice.

For further information or questions regarding the above Privacy First is available at all times.

Published in Law & Politics
Sunday, 17 April 2011 19:17

Be smart: choose for opt-in!

In February 2011, the Dutch Senate adopted a revised, more privacy-friendly legislative proposal on the introduction of 'smart energy meters'. But does this really enhance the protection of citizens' privacy? Dr. Jaap-Henk Hoepman of the Radboud University Nijmegen puts this in doubt and advocates for opt-in instead of opt-out
[translated by Privacy First from the original article in Dutch]

‘‘In the legislative act, the following things have changed: smart meters are no longer compulsory and refusing a smart meter is no longer an economic crime. Monitoring energy consumption continuously is no longer allowed. This is only allowed when making an invoice, in the event of relocation or where technical management is due. When moving to a house where a smart meter is already installed, you can request to have the meter turned off ‘administratively’. The distribution network operator is obliged to accept this request. Basically an administratively disabled meter behaves like a traditional, ‘dumb’ meter. This sounds hopeful.  

However, the extent to which ‘administratively turned off’ in practice truly does mean ‘turned off’ still depends on further requirements that will be imposed on smart meters. Of course there’s a big difference between a meter that never passes on information and a meter that does so every once in a while even though the information is then being ignored by the distribution network operator. Administratively turned off could also mean that the operator promises not to make a request for information to the meter. But what if someone else does this instead? And what if operators are required by law enforcement agencies to make a request for information to the meter after all? Would the meter simply respond to it? A ‘dumb’ meter would never do such a thing...

In my view a greater objection is the opt-out character of the law. A consumer is allowed to request for the smart meter to be disabled. It would have been better to make that into an opt-in rule. When a smart meter is delivered and whenever a relocation takes place the meter is automatically turned off. Consumers can then request for the smart meter to be administratively turned on.  

Citizens are not in a position to choose not to use systems such as smart meters, an electronic toll system or the Electronic Health Record which have been introduced by the government. Therefore a great deal of responsibility to protect citizens against abuse lies with the government. The default state should therefore be a good protection of privacy. And opt-in should be the norm. Be smart: choose for opt-in!’’  

Dutch source: Jaap-Henk Hoepman's blog, 'Opt-in, da's pas slim', http://blog.xot.nl/2011/04/11/opt-in-das-pas-slim/, 11 April 2011.

Published in Smart Grids

With the exception of Great-Britain, of all countries in the European Union the Netherlands is worse off in terms of privacy. This emerges from a large-scale survey by the British organisation Privacy International. In the Netherlands there is endemic surveillance in no less than 10 areas, among which are the biometric passport/ID-card, the exchange of personal data, the storage of communication data, medical and financial information, telephone and internet tapping and border controls. Furthermore, with regard to privacy, in the Netherlands there are no effective constitutional safeguards, insufficient judicial supervision and a lack of political leadership. You can read the entire survey HERE.

The findings of Privacy International confirm that a radical change of direction is needed in the Netherlands in the area of privacy: from worst practice to best practice, moving from the position of a ‘privacy third world country’ towards that of a ‘privacy leading nation’. The Netherlands has the knowledge and the means to make this step. Privacy First is eager to contribute its mite in this well-needed ‘privacy U-turn’.

Published in Meta-Privacy
Monday, 29 November 2010 21:25

Hague impressions of the Passport Trial

Below is an extensive photo impression of the day of our Passport Trial at the Palace of Justice in The Hague. These pictures were taken by press photographer Guus Schoonewille of Fastfoto and can be used freely under the following title: "Privacy First Foundation, 29 November 2010, Trial against the new Passport Act. Photo: Guus Schoonewille". Click on the picture of your choice to see a larger version which you can download using your right mouse button.


gs_paspoortwet 025-220

gs_paspoortwet 063-220

gs_paspoortwet 071-220

gs_paspoortwet 007-vincent-christiaan220

gs_paspoortwet 008_christiaan-vincent220

gs_paspoortwet 076c-220

gs_paspoortwet 055-220



gs_paspoortwet 050c-220

gs_paspoortwet_021c-220


gs_paspoortwet 015-220

gs_paspoortwet 019-220

gs_paspoortwet 038-rechters-publiek220

gs_paspoortwet 052e-220

gs_paspoortwet 069-220

Published in Litigation
Page 8 of 8

Our Partners

logo Voys Privacyfirst
logo greenhost
logo platfrm
logo AKBA
logo boekx
logo brandeis
 
 
 
banner ned 1024px1
logo demomedia
 
 
 
 
 
Pro Bono Connect logo
Procis

Follow us on Twitter

twitter icon

Follow our RSS-feed

rss icon

Follow us on LinkedIn

linked in icon

Follow us on Facebook

facebook icon