onsdag den 30. juli 2008

Swedish Surveillance Case - New Comments



According to Computerworld.dk, http://www.computerworld.dk/art/47163?a=newsletter&i=1914, the Swedish MOD Sten Tolgfors has stated in the media that surveillance of all electronic communication is crucial to evaluate and act against external threats and plots directed towards Swedish interests, citizens or authorities. This of course is the reasoning behind the newly accepted and much debated Swedish act, that allows the Swedish Defense Radioservice (FRA) to collect and analyze the content of all electronic communication going in and out of Sweden.

But the Swedish minister added to this general statement, that the way the FRA is operating based on the new law will be in a way where individuals, particularly Swedish inidviduals are not the target for the surveillance, but other states and organisations in other countries with a direct interest in Sweden. Tolgfors further claimed that the only individuals that would have their electronic communication surveilled would be known terrorists or gangsters. He also lifted the curtain or the type of technology used to scan this enourmous amount of data:

'Very advanced search techniques are being deployed,' her said, 'that ensures that only information concerning some of the key variables for which FRA is looking, will be selected and stored. Everything else will pass on.' (Svenska Dagbladet) ( http://www.svd.se/nyheter/inrikes/artikel_1436287.svd ). He also stated that it would be 'practically impossible' to scan all communnication, and further that a parliamentary committee is looking at ways to clarify the legiaslation and to build integrity measures into the rules, that eventually will govern the practical apllication of the law.

For lay people and for some fanatics this is not good enough, but it clearly illustrates the dillemma that all nations are facing these days: Even if natural disasters are muh more likely than terrorism to kill and injure people, there is a strong political interest in strengthening surveillance to increase the perceived security level. And if you look into it, the Swedish Minister may have a point, depending on how the legislation in it's final form actually will be formulated.

Without amendments a simple permission to capture any communication would without doubt be contractory to the wording and the spirit of the European Human Rights as stated in my earlier blog. This goes without any argument like 'it is not practically possible' - because storage constraints are disappearing, and technology progressing; instead an amendment stating that the surveillance will be made following clear criteria and using advanced techniques to encrypt any linkage until a 'hit' with a wanted list or linkage of message to known criminals occur.

Tools like this actually exist - but the exact wording of the Swedish Law plus the accompanying administrative rules should be discussed the Working Party 29 before the law comes into effect - this advice would help clarify for all European nations where the borderline is between privacy and security. The discussions following the Swedish Act clearly illustrates the need to draw this line in a way that can be communicated also to people without technical understanding as well as to Stefan Engberg.

(Illustration above made by Anders Duus Østergaard - another way of identifying an ugly duckling or? )

mandag den 21. juli 2008

Impressions from WMSCI


I enjoyed participating in a remarkable event in Orlando, Florida from June 29th to July 3rd.
It happened to be the 12th consecutive ‘World Multi-Conference on Systemics, Cybernetics and Informatics’. http://www.sciiis.org/wmsci2008/website/default.asp?vc=1 .The ‘Multi’ should be taken quite literally: It consists of the RMCI – Symposium on Risk Management and Cyber-Informatics, of the International Symposium of Energy, Informatics and Cybernetics, of MEI, the International Symposium of Management, Engineering and Informatics, of BMIC, international symposium of Bio-Medical informatics, PISTA, The international Conference on Politics and Information Systems (See http://www.socioinfocyber.org/imsci2008/website/default.asp?vc=4 ), Technologies and Applications, as well as eISTA, conference on Education, Information, Technology and Applications.
The idea behind this enormous conference is rather unique; all the participants are speakers at one of the conferences, and you are free to pick and choose from all the sub-conferences. So this is really a place where the audience is extremely active and alive, and all the speakers try to do their best as they are in front of knowledgeable colleagues from universities, industry, governmental and research institutions. (I have participated as a speaker on several occasions, in PISTA as well as RMCI.) And it is indeed a very productive conference: every morning at breakfast 2 lessons are given in plenum and this time covered a wide range from Gary S. Metcalf’s (http://www.interconnectionsllc.com/management.htm )extremely interesting presentation on ‘Patterns of Significance – Complexities between Human and Scientific Decision Making, to prof. Yaroslav Sergeyev’s (http://www.informatik.uni-trier.de/~ley/db/indices/a-tree/s/Sergeyev:Yaroslav_D=.html ) views on ‘The infinity Computer’, and a remarkable overview of the history of Cybernetics by prof. Ranulph Glanville (http://www.univie.ac.at/constructivism/people/glanville/ ) – plus of course several others.
In my own session – labeled Human Information Systems – I was co-chair together with a Russian born, now US resident, Dmitry Zinoviev, that gave a very interesting presentation on how to describe topology and geometry of on line social networks. This is indeed very useful when we expand on the line, which I produced, the joint paper between me and Michael Hvass, my assistant, on ‘eGovernment 2.0 – how can government benefit from Web 2.0?’. Our paper was later acknowledged ‘Best Paper in Session’, so I was deeply honored.
If you scan through the list of presentations and papers you will be astonished to see the span of the articles – regardless of your line of profession there is bound to be something of interest: From molecular Bio-Engineering, to Energy preservation, to managing risks in banks, preventing terror, assessing risk and warning systems for the mining industry, demonstrating how robots can assist in emergency situations and so on and so forth.
What struck me as one of the most interesting sessions happened to be presented by an IBM colleague, Ray Strong, coming from the Almaden research Lab in California. (See http://www.almaden.ibm.com/ ).
Together with colleagues Ray developed an exciting methodology for technology outlook and future studies. And this is not ‘just’ 5 years ahead: Based on a request from NASA a few years ago, Almaden lab was forced to think of meaningful ways to develop foresight methodologies to look 40 or even 50 years into the future. This of course cannot in any way be accurate forecasts, but the methodology actually develops what Ray calls ‘Sign posts’ , events, inventions or breakthroughs, that mark a breaking point, and once these signposts occur, there is a sort of roadmap attached to it, so it is relatively clear, what a threshold or signpost would possibly open up for. At the Almaden homepage you can find and download general descriptions of this methodology, which we in fact sell as a part of the IBM consulting offering to corporations or Governments that want to look into the future. (www.ispim.org/ispim2008/files/Ray%20Strong.ppt ) Examples such as mobile phone companies, utility companies, energy and oil companies, NASA – of course – and many others have gained insight from this. My friends at the Danish technology Council (See description of Foresigt : www.tekno.dk/pdf/aarsberetning02/aarsberet2del.pdf ) would be impressed, this is more than the traditional foresight methods, although the starting point in any engagement is the creation of scenarios combined with analysis of patent trends and disruptive trends in consumption, production or ecological factors. I intend to follow this development and see how ‘Future Planning’ as a discipline is coming to fruition.

tirsdag den 15. juli 2008

Sustainable Energy for 1000 years – Hot in Iceland


During a stay in Iceland last week I was taken to a Thermo Power plant 27 kms outside Reykjavik that demonstrated the benefits of a country residing on top of volcanoes; Orkuweita geothermal plant is a fantastic building and a not less fantastic story to tell: From a number of drillings down to 1- 1.5 km. beneath earth, the power and heating plant gets 200 degrees centigrade steam and hot water. Water, because the pressure is around 22 BAR. The water is separated from the steam, the steam drives a number of turbines producing 120 Megawatt. The hot water is used to heat lake water from Lake Thingvellir, and this is it’s turn used to heat the houses in Reykjavik and a population of around 170.000.
The hot water from the boreholes is re-circulated and brought back to it’s original depth to keep the pressure. It is estimated that this could last for another 1000 years.
No wonder why the Icelanders are fond of their sustainable energy – and that to the extent that they are not any more so keen on inviting in new aluminium plants as the real environmentalists think it is a shame if all this nice and green energy should be wasted on an industry that simply consumes what it can get. This will probably give Greenland a chance to attract more plants, but that’s another story! See http://www.c40cities.org/bestpractices/renewables/reykjavik_geothermal.jsp
In the meantime it is going to be interesting to see if Iceland can find out ways to export their energy without too much loss. When that day occurs, Scotland, Shetland, Orkney and the Faroe Islands will probably be the first to benefit.
In the meantime Iceland is aiming at attracting large back up centers from Google, Yahoo, IBM, MS and whoever is interested in being really green.
Co2 savings? This power plant/heating system saves at leas4 4 mio tons of C02 pr. year.

lørdag den 12. juli 2008

When neighbours are peeping through your windows..



On June 18 the Swedish parliament accepted a law that enforces the Swedish Armed Forces (Försvarets Radioanstalt) to listen into the content of all electronic traffic going in and out of
Sweden.
This is – on a European scale – quite remarkable, as the surveillance directive for tele services so far has only required that the ID’s of telecommunication between sender and receiver to be logged and stored for a limited period of time.

It created a lot of critical articles in Sweden and even demonstrations in front of the Parliament. http://www.vasabladet.fi/story.aspx?storyID=22256 – but the law was passed with only 4 members majority. (See also http://www.aftonbladet.se/nyheter/article2712002.ab )
The new law covers e-mails, SMS, on-line traffic as well as phone conversations.
According to Computerworld a similar legislation is on it’s way in
UK.
http://www.computerworld.dk/art/46358?a=rss&i=0

This may not be a major issue if not for the fact that some of the major Swedish tele companies like Telia is also servicing customers in other countries, among them Denmark and – behold – the Danish Parliament. http://www.computerworld.dk/art/46613?

At the first glance this seems to be in direct conflict with the European Human Rights declaration:

http://www.hri.org/docs/ECHR50.html#P1

ARTICLE 8

  1. Everyone has the right to respect for his private and family life, his home and his correspondence.

But in Article 8, paragraph 2, it is stated:

  1. There shall be no interference by a public authority with the exercise of this right except such as is in accordance with the law and is necessary in a democratic society in the interests of national security, public safety or the economic well-being of the country, for the prevention of disorder or crime, for the protection of health or morals, or for the protection of the rights and freedoms of others.

So the real question is whether or not the threat level in Sweden (or for that matter, in Europe) has risen to the point where it can said that it is politically acceptable to have a major surveillance of every kind of correspondence from every citizen or company.

To my knowledge this has not yet been discussed in the committee that are the official watch dogs of the Human Rights declaration. The so-called WP29 – Working Party or sub-committee responsible for advising the European Parliament on human rights issues as stated in Article 29, has not yet discussed the Swedish legislation. (See http://www.privacyinternational.org/article.shtml?cmd%5B347%5D=x-347-559540 for a description of the WP29).

The question is if the Swedish Law is in conflict with the Data Protection Directive 94/96.

As this has not yet been discussed by WP29, it is obvious that we can look at the outcome of a similar case just a few years back where it suddenly came to the attention of the authorities that the data content of data in international money transfer using the Belgium based SWIFT system, was actually decoded by US authorities. This was discussed by the WP29 that concluded that SWIFT had to adhere to the 94/96 European directive on data protection.(See www.cbpweb.nl/downloads_int/Opinie%20WP29%20zoekmachines.pdf )

It seems that the Swedish are on a thin ice, and I expect that the case will be brought up for the WP29. In the meantime, Swedish critics suggests that everybody encrypts their data; this may be OK, but you have to take into account that the Swedish Defense actually owns a 128 Terraflop supercomputer and has asked for additional funding, so ..

In a follow-on article I will dig into the recommendations on protection of personal data as proposed by the PRISE consortium and the result of the EU project to describe policies and best practices when investing EU funds in IT projects that might infringe on individual’s privacy.

http://prise.oeaw.ac.at/