PE 166.499/Int.St./Exec.Sum./en
TABLE OF CONTENTS
2. Developments in surveillance technology
This Study represents a summarised version of an Interim Study, 'An Appraisal of the Technology of Political Control' (PE 166.499), referred to throughout this document as the Interim Study, prepared by the Omega Foundation in Manchester and presented to the STOA Panel at its meeting of 18 December 1997 and to the Committee on Civil Liberties and Internal Affairs on 27 January 1998.
When it became known that the issue of electronic surveillance was to be on the agenda of the September 1998 part-session of the European Parliament, the Omega Foundation was requested to prepare an updated Executive Summary of the Interim Study for use as a background document. The updated Executive Summary covers the various areas of the subject of technologies of political control dealt with in the Interim Study. However, the document in its present form concerns only the specific topic of electronic surveillance. The full version alone contains the footnotes and bilbiography.
The Interim Study aroused great interest and the resultant high-profile press comment throughout the European Union and beyond indicates the level of public concern about many of the innovations detailed by the Study. This updated Executive Summary is framed by the same key objectives as the Interim Study, namely:-
(i) To provide Members of the European Parliament with a succinct reference guide to recent advances in the technology of political control;
(ii) To identify and describe the current state of the art of the most salient developments, further clarifying and updating the areas of the Interim Study which have aroused the greatest public concern and comment;
(iii) To present MEP's with an account of current trends both within Europe and Worldwide;
(iv) To suggest policy options covering regulatory strategies for the future democratic control and management of this technology;
(v) To provide some further succinct background material to inform the Parliament's response to the proposed declaration by the Commission on electronic evesdropping which has been put on the agenda for the plenary session of the European Parliament, on Wednesday 16 September 1998.
Surveillance technology can be defined as devices or systems which can monitor, track and assess the movements of individuals, their property and other assets. Much of this technology is used to track the activities of dissidents, human rights activists, journalists, student leaders, minorities, trade union leaders and political opponents. A huge range of surveillance technologies has evolved, including the night vision goggles; parabolic microphones to detect conversations over a kilometre away; laser versions, can pick up any conversation from a closed window in line of sight; the Danish Jai stroboscopic camera can take hundreds of pictures in a matter of seconds and individually photograph all the participants in a demonstration or March; and the automatic vehicle recognition systems can tracks cars around a city via a Geographic Information System of maps.
New technologies which were originally conceived for the Defence and Intelligence sectors have after the cold war rapidly spread into the law enforcement and private sectors. It is one of the areas of technological advance, where outdated regulations have not kept pace with an accelerating pattern of abuses. Up until the 1960s, most surveillance was low-tech and expensive since it involved following suspects around from place to place, using up to 6 people in teams of two working 3 eight hour shifts. All of the material and contacts gleaned had to be typed up and filed away with little prospect of rapidly cross checking. Even electronic surveillance was highly labour intensive. The East German police for example employed 500,000 secret informers, 10,000 of which were needed just to listen and transcribe citizens' phone calls.
By the 1980s, new forms of electronic surveillance were emerging and many of these were directed towards automation of communications interception. This trend was fuelled in the US in the 1990's by accelerated government funding at the end of the cold war, with defence and intelligence agencies being refocussed with new missions to justify their budgets, transferring their technologies to certain law enforcement applications such as anti-drug and anti-terror operations. In 1993, the US department of defence and the Justice department signed memoranda of understanding for "Operations Other Than War and Law Enforcement" to facilitate joint development and sharing of technology. According to David Banisar of Privacy International, "To counteract reductions in military contracts which began in the 1980's, computer and electronics companies are expanding into new markets - at home and abroad - with equipment originally developed for the military. Companies such as E Systems, Electronic Data Systems and Texas Instruments are selling advanced computer systems and surveillance equipment to state and local governments that use them for law enforcement, border control and Welfare administration."What the East German secret police could only dream of is rapidly becoming a reality in the free world."
In fact the art of visual surveillance has dramatically changed over recent years. Of course police and intelligence officers still photograph demonstrations and individuals of interest but increasingly such images can be stored and searched. Ongoing processes of ultra-miniaturisation mean that such devices can be made to be virtually undetectable and are open to abuse by both indivduals, companies and official agencies.
The attitude to CCTV camera networks varies greatly in the European Union, from the position in Denmark where such cameras are banned by law to the position in the UK, where many hundreds of CCTV networks exist. Nevertheless, a common position on the status of such systems where they exist in relation to data protection principles should apply in general. A specific consideration is the legal status of admissibility as evidence, of digital material such as those taken by the more advanced CCTV systems. Much of this will fall within data protection legislation if the material gathered can be searched eg by car number plate or by time. Given that material from such systems can be seemlessly edited, the European Data Protection Directive legislation needs to be implemented through primary legislation which clarifies the law as it applies to CCTV, to avoid confusion amongst both CCTV data controllers as well as citizens as data subjects. Primary legislation will make it possible to extend the impact of the Directive to areas of activity that do not fall within community law. Articles 3 and 13 of the Directive should not create a blanket covering the use of CCTV in every circumstance in a domestic context.
A proper code of practice such as that promoted by the UK based Local Government Information Unit (LGIU, 1996) should be extended to absorb best practice from all EU Member States to cover the use of all CCTV surveillance schemes operating in public spaces and especially in residential areas. As a first step it is suggested that the Civil Liberties Committee formally consider examining the practice and control of CCTV throughout the member States with a view to establishing what elements of the various codes of practice could be adopted for a unified code and an enforceable legal framework covering enforcement and civil liberties protection and redress.
The revolution in urban surveillance will reach the next generation of control once reliable face recognition comes in. It will initially be introduced at stationary locations, like turnstiles, customs points, security gateways etc. to enable a standard full face recognition to take place. The Interim Study predicted that in the early part of the 21st. century, facial recognition on CCTV will be a reality and those countries with CCTV infrastructures will view such technology as a natural add-on. In fact, an American company Software and Systems has trialed a system in London which can scan crowds and match faces against a database of images held in a remote computer. We are at the beginning of a revolution in 'algorithmic surveillance' - effectively data analysis via complex algoritms which enable automatic recognition and tracking. Such automation not only widens the surveillance net, it narrows the mesh.(See Norris, C., et. al, 1998)
Similarly Vehicle Recognition Systems have been developed which can identify a car number plate then track the car around a city using a computerised geographic information system. Such systems are now commercially available, for example, the Talon system introduced in 1994 by UK company Racal at a price of £2000 per unit. The system is trained to recognise number plates based on neural network technology developed by Cambridge Neurodynamics, and can see both night and day. Initially it has been used for traffic monitoring but its function has been adapted in recent years to cover security surveillance and has been incorporated in the "ring of steel" around London. The system can then record all the vehicles that entered or left the cordon on a particular day.
It is important to set clear guidelines and codes of practice for such technological innovations, well in advance of the digital revolution making new and unforseen opportunities to collate, analyze, recognise and store such visual images. Already multifunctional traffic management systems such as 'Traffic Master' , (which uses vehicle recognition systems to map and quantify congestion), are facilitating a national surveillance architecture. Such regulation will need to be founded on sound data protection principles and take cognizance of article 15 of the 1995 European Directive on the Protection of Individuals and Processing of Personal Data. Essentially this says that : "Member States shall grant the right of every person not to be subject to a decision which produces legal effects concerning him or significantly affects him and which is based solely on the automatic processing of data.(1) "There is much to recommend the European Parliament following the advice of a recent UK House of Lords Report (Select Committee Report on Digital Images as Evidence, 1998). Namely: (i) that the European Parliament ...."produces guidance for both the public and private sectors on the use of data matching, and in particular the linking of surveillance systems with other databases; and (ii) that the Data Protection Registrar be given powers to audit the operation of data matching systems"
Such surveillance systems raise significant issues of accountability, particularly when transferred to authoritarian regimes. The cameras used in Tiananmen Square were sold as advanced traffic control systems by Siemens Plessey. Yet after the 1989 massacre of students, there followed a witch hunt when the authorities tortured and interrogated thousands in an effort to ferret out the subversives. The Scoot surveillance system with USA made Pelco cameras were used to faithfully record the protests. The images were repeatedly broadcast over Chinese television offering a reward for information, with the result that nearly all the transgressors were identified. Again democratic accountability is only the criterion which distinguishes a modern traffic control system from an advanced dissident capture technology. Foreign companies are exporting traffic control systems to Lhasa in Tibet, yet Lhasa does not as yet have any traffic control problems. The problem here may be a culpable lack of imagination.
A wide range of bugging and tapping devices have been evolved to record conversations and to intercept telecommunications traffic. In recent years the widespread practice of illegal and legal interception of communications and the planting of 'bugs' has been an issue in many European States. However, planting illegal bugs is yesterday's technology. Modern snoopers can buy specially adapted lap top computers, and simply tune in to all the mobile phones active in the area by cursoring down to their number. The machine will even search for numbers 'of interest' to see if they are active. However, these bugs and taps pale into insignificance next to the national and international state run interceptions networks.
The Interim Study set out in detail, the global surveillance systems which facilitate the mass supervision of all telecommunications including telephone, email and fax transmissions of private citizens, politicians, trade unionists and companies alike. There has been a political shift in targeting in recent years. Instead of investigating crime (which is reactive) law enforcement agencies are increasingly tracking certain social classes and races of people living in red-lined areas before crime is committed - a form of pre-emptive policing deemed data-veillance which is based on military models of gathering huge quantities of low grade intelligence.
Without encryption, modern communications systems are virtually transparent to the advanced interceptions equipment which can be used to listen in. The Interim Study also explained how mobile phones have inbuilt monitoring and tagging dimensions which can be accessed by police and intelligence agencies. For example the digital technology required to pinpoint mobile phone users for incoming calls, means that all mobile phone users in a country when activated, are mini-tracking devices, giving their owners whereabouts at any time and stored in the company's computer . For example Swiss Police have secretly tracked the whereabouts of mobile phone users from the computer of the service provider Swisscom, which according SonntagsZeitung had stored movements of more than a milion subscribers down to a few hundred metres, and going back at least half a year.
However, of all the developments covered in the Interim Study, the section covering some of the constitutional and legal issues raised by the USA's National Security Agency's access and facility to intercept all European telecommunications caused the most concern. Whilst no-one denied the role of such networks in anti terrorist operations and countering illegal drug, money laudering and illicit arms deals, alarm was expressed about the scale of the foreign interceptions network identified in the Study and whether existing legislation, data protection and privacy safeguards in the Member States were sufficient to protect the confidentiality between EU citizens, corporations and those with third countries.
Since there has been a certain degree of confusion in subsequent press reports, it is worth clarifying some of the issues surrounding transatlantic electronic surveillance and providing a short history & update on developments since the Interim Study was published in January 1998. There are essentially two separate system, namely:
(i) The UK/USA system comprising the activities of military intelligence agencies such as NSA-CIA in the USA subsuming GCHQ & MI6 in the UK operating a system known as ECHELON;
(ii) The EU-FBI system which is linkeding up various law enforcement agencies such as the FBI, police, customs, immigration and internal security;
As there is still a risk of confusion in the title of item 44 on the agenda for the Plenary session of the European Parliament on September 16, 1998 (2), in intelligence terms, these are two distinct "communities". It is worth looking briefly at the activities of both systems in turn, encompassing, Echelon, encryption; EU- FBI surveillance and new interfaces with for example access to internet providers and to databanks of other agencies.
The Interim Study said that within Europe, all email, telephone and fax communications are routinely intercepted by the United States National Security Agency, transferring all target information from the European mainland via the strategic hub of London then by Satellite to Fort Meade in Maryland via the crucial hub at Menwith Hill in the North York Moors of the UK.
The system was first uncovered in the 1970s by a group of researchers in the UK (Campbell, 1981). A recent work by Nicky Hager, Secret Power, (Hager,1996) provides the most comprehensive details todate of a project known as ECHELON. Hager interviewed more than 50 people concerned with intelligence to document a global surveillance system that stretches around the world to form a targeting system on all of the key Intelsat satellites used to convey most of the world's satellite phone calls, internet, email, faxes and telexes. These sites are based at Sugar Grove and Yakima, in the USA, at Waihopai in New Zealand, at Geraldton in Australia, Hong Kong, and Morwenstow in the UK.
The ECHELON system forms part of the UKUSA system but unlike many of the electronic spy systems developed during the cold war, ECHELON is designed for primarily non-military targets: governments, organisations and businesses in virtually every country. The ECHELON system works by indiscriminately intercepting very large quantities of communications and then siphoning out what is valuable using artificial intelligence aids like Memex. to find key words. Five nations share the results with the US as the senior partner under the UKUSA agreement of 1948, Britain, Canada, New Zealand and Australia are very much acting as subordinate information servicers.
Each of the five centres supply "dictionaries" to the other four of keywords, Phrases, people and places to "tag" and the tagged intercept is forwarded straight to the requesting country. Whilst there is much information gathered about potential terrorists, there is a lot of economic intelligence, notably intensive monitoring of all the countries participating in the GATT negotiations. But Hager found that by far the main priorities of this system continued to be military and political intelligence applicable to their wider interests.
Hager quotes from "highly placed intelligence operatives" who spoke to the Observer in London. "We feel we can no longer remain silent regarding that which we regard to be gross malpractice and negligence within the establishment in which we operate." They gave as examples. GCHQ interception of three charities, including Amnesty International and Christian Aid. "At any time GCHQ is able to home in on their communications for a routine target request," the GCHQ source said. In the case of phone taps the procedure is known as Mantis. With telexes its called Mayfly. By keying in a code relating to third world aid, the source was able to demonstrate telex "fixes" on the three organisations. With no system of accountability, it is difficult to discover what criteria determine who is not a target.
Indeed since the Interim Study was published, journalists have alleged that ECHELON has benefited US companies involved in arms deals, strengthened Washington's position in crucial World Trade organisation talks with Europe during a 1995 dispute with Japan over car part exports. According to the Financial Mail On Sunday, "key words identified by US experts include the names of inter-governmental trade organisations and business consortia bidding against US companies. The word 'block' is on the list to identify communications about offshore oil in area where the seabed has yet to be divided up into exploration blocks"..."It has also been suggested that in 1990 the US broke into secret negotiations and persuaded Indonesia that US giant AT & T be included in a multi-billion dollar telecoms deal that at one point was going entirely to Japan's NEC.
The Sunday Times (11 May 1998) reported that early on the radomes at Menwith Hill (NSA station F83) In North Yorkshire UK, were given the task of intercepting international leased carrrier (ILC) traffic - essentially, ordinary commercial communications. Its staff have grown from 400 in the 1980s to more than 1400 now with a further 370 staff from the MoD. The Sunday Times also reported allegations that converstaions between the German company Volkswagen and General Motors were intercepted and the French have complained that Thompson-CSF, the French electronics company, lost a $1.4 billion deal to supply Brazil with a radar system because the Americans intercepted details of the negotions and passed them on to US company Raytheon, which subsequently won the contract. Another claim is that Airbus Industrie lost a contract worth $1 billion to Boeing and McDonnel Douglas because information was intercepted by American spying. Other newspapers such as Liberation 21 April 1998) and Il Mondo (20 March 1998, identify the network as an Anglo-Saxon Spy network because of the UK-USA axis. Privacy International goes further. Whilst recognising that 'strictly speaking, neither the Commission nor the European Parliament have a mandate to regulate or intervene in security matters...they do have a responsibility is harmonised throughout the Union.
According to Privacy International, the UK is likely to find its 'Special relationship' ties fall foul of its Maastricht obligations since Title V of Maastricht requires that "Member States shall inform and consult one another within the Council on any matter of foreign and security policy of general interest in order to ensure that their combined influence is exerted as effectivelly as possible by means of concerted and convergent action." Yet under the terms of the Special relationship, Britain cannot engage in open consultatuion with its other European partners. The situation is further complicated by counter allegations in the French magazine Le Point, that the French are systematically spying on American and other allied countries telephone and cable traffic via the Helios 1A Spy sattelite. (Times, June 17 1998)
If even half of these allegations are true then the European Parliament must act to ensure that such powerful surveillance systems operate to a more democratic consensus now that the Cold War has ended. Clearly, the Overseas policies of European Union Member States are not always congruent with those of the USA and in commercial terms, espionage is espionage. No proper Authority in the USA would allow a similar EU spy network to operate from American soil without strict limitations, if at all. Following full discussion on the implications of the operations of these networks, the European Parliament is advised to set up appropriate independent audit and oversight porocedures and that any effort to outlaw encryption by EU citizens should be denied until and unless such democratic and accountable systems are in place, if at all.
Much of the documentation and research necessary to put into the public domain, the history, structure, role and function of the EU-FBI convention to legitimise global electronic surveillance, has been secured by Statewatch, the widely respected UK based civil liberties monitoring and research organisation.
Statewatch have described at length the signing of the Transatlantic Agenda in Madrid at the EU-US summit of 3 December 1995 - Part of which was the "Joint EU-US Action Plan" and has subsequently analysed these efforts as an ongoing attempt to redefine the Atlantic Alliance in the post-Cold War era, a stance increasingly used to justify the efforts of internal security agencies taking on enhanced policing roles in Europe.Statewatch notes that the first Joint Action 'out of the area" surveillance plan was not discussed at the Justice and Home Affairs meeting but adopted on the nod, as an A point (without debate) by of all places, the Fisheries Council on 20 December 1996.
In February 1997, Statewatch reported that the EU had secretly agreed to set up an international telephone tapping network via a secret network of committees established under the "third pillar" of the Mastricht Treaty covering co-operation on law and order. Key points of the plan are outlined in a memorandum of understanding, signed by EU states in 1995.(ENFOPOL 112 10037/95 25.10.95) which remains classified. According to a Guardian report (25.2.97) it reflects concern among European Intelligence agencies that modern technology will prevent them from tapping private communications. "EU countries it says, should agree on "international interception standards set at a level that would ensure encoding or scrambled words can be broken down by government agencies." Official reports say that the EU governments agreed to co- operate closely with the FBI in Washington. Yet earlier minutes of these meetings suggest that the original initiative came from Washington. According to Statewatch, network and service providers in the EU will be obliged to install "tappable" systems and to place under surveillance any person or group when served with an interception order.
These plans have never been referred to any European government for scrutiny, nor to the Civil Liberties Committee of the European Parliament, despite the clear civil liberties issues raised by such an unaccountable system. The decision to go ahead was simply agreed in secret by "written procedure" through an exchange of telexes between the 15 EU governments. We are told by Statewatch the EU-FBI Global surveillance plan was now being developed "outside the third pillar." In practical terms this means that the plan is being developed by a group of twenty countries - the then 15 EU member countries plus the USA, Australia, Canada, Norway and New Zealand. This group of 20 is not accountable through the Council of Justice and Home Affairs Ministers or to the European Parliament or national parliaments. Nothing is said about finance of this system but a report produced by the German government estimates that the mobile phone part of the package alone will cost 4 billion D-marks.
Statewatch concludes that "It is the interface of the ECHELON system and its potential development on phone calls combined with the standardisation of "tappable communications centres and equipment being sponsored by the EU and the USA which presents a truly global threat over which there are no legal or democratic controls."(Press release 25.2.97) In many respects what we are witnessing here are meetings of operatives of a new global military-intelligence state. It is very difficult for anyone to get a full picture of what is being decided at the executive meetings setting this 'Transatlantic agenda.' Whilst Statewatch won a ruling from the Ombudsman for access on the grounds that the Council of Ministers 'misapplied the code of access', for the time being such access to the agendas have been denied. Without such access, we are left with 'black box decision making'. The eloquence of the unprecedented Commission statement on Echelon and Transatlantic relations scheduled for the 16th. of September, is likely to be as much about what is left out as it is about what is said for public consumption. Members of the European Parliament may wish to consider the following policy options:-
(i) That a more detailed series of studies should be commissioned on the social, political commercial and constitutional implications of the global electronic surveillance networks outlined in this Study, with a view to holding a series of expert hearings to inform future EU civil liberties policy. These studies might cover:-
(ii) The European Parliament has the option of urging rejection of proposals from the United States for making private messages via the global communications network (Internet) accessible to US Intelligence Agencies. Nor should the Parliament agree to new expensive encryption controls without a wide ranging debate within the EU on the implications of such measures. These encompass the civil and human rights of European citizens and the commercial rights of companies to operate within the law, without unwarranted surveillance by intelligence agencies operating in conjunction with multinational competitors.
(iii) That the European Parliament convene a series of expert hearings covering all the technical, political and commercial activities of bodies engaged in electronic surveillance and to further elaborate possible options to bring such activities back within the realm of democratic accountability and transparency. These proposed hearings might also examine the issue of proper codes of practice to ensure redress if malpractice or abuse takes place. Explicit criteria should be agreed for deciding who should be targeted for surveillance and who should not, how such data is stored, processed and shared and whether such criteria and associated codes of practice could be made publicly available.
(iv) To amend the terms of reference of the Civil Liberties and Internal Affairs Committee to include powers and responsibilities for all matters relating to the civil liberties issues raised by electronic surveillance devices and networks and to call for a series of reports during its next work programme, including:-
(v) Setting up procedural mechanisms whereby relevant committees of the European Parliament considering proposals for technologies which have civil liberties implications (e.g. the Telecommunications Committee) in regard to surveillance, should be required to forward all relevant policy proposals and reports to the Civil Liberties Committee for their observations in advance of any political or financial decisions on deployment being taken.
(vi) Setting up Agreements between Member States Agreement whereby annual statistics on interception should be reported to each member states' parliament in a standard and consistent format. These statistics should provide comprehensive details of the actual number of communication devices intercepted and data should be not be aggregated. (To avoid the statistics only identifying the number of warrants, issued whereas organisations under surveillance may have hundreds of members, all of whose phones may be intercepted).
(1) Common Position EC No/95, Adopted by the Council on 20 February 1995, Directive 95/EC of the European Parliament and the Council, 'On the Protection of Individuals With regard to the Processing of Personal Data and on the Free Movement of Such Data'.
(2) Commission Statement - Transatlantic relations/Echelon System. Transatlantic relations following 18 May EU-US Summit and the use of monitoring techniques in the field of communications.
© European Parliament: 1998