PI Releases its annual report for 2008

21/12/2008

The 2008 Annual report reviews PI's activities and goals for the past year, and discusses our sources of funding, and potential projects for the new year. The document is available here in PDF.

Previous years' reports are available below:

• Activity Report for 2002 and 2003
• Activity Report for 2004 and 2005
• Activity Report for 2006
• Activity Report for 2007

Themes of our Work in 2008

Every year we are called on to focus our attention to new issues. As a result, in any given year we are focussing on dozens of issue areas. In 2008 our core activities can be grouped into three domains: Advancing and Protecting Privacy and Transparency Rules, Engaging with International Institutions and Processes, and Monitoring Anti-Terrorism Policies and other forms of Exceptional Surveillance.

Advancing and Protecting Privacy and Transparency Rules

In 2008 we expanded our activities significantly into the area of advancing privacy safeguards. While previously much of our work has focussed on responding to new threats to privacy, in this work area we focussed instead on advancing the cause of privacy law and privacy protections. We conducted this in three ways: working with companies to enhance their regards for privacy protections, working with partners in Asia to assess opportunities for a positive agenda for privacy, and working on government transparency rules.

In our 2007 AGM the Privacy International Advisory Board and Trustees encouraged us to work more closely with industry to develop meaningful safeguards for privacy. Over the year, we worked with the key IT firms and online service companies including AOL, Facebook, Google, Microsoft, and Oracle to discuss privacy issues and to promote the adoption of privacy-protecting practices. We would raise concerns about their products and systems' designs, engage closely with their staff, and try to come up with solutions. For instance, twice in the past year we have trained Facebook staff on privacy dynamics. Similarly, we have met with key Microsoft product teams to push for further changes to their data collection practices and to enhance end-user control over their privacy preferences.

As for our work in Asia, in PI's early days we conducted a number of campaigns and research projects in Asian countries, and particularly South-East Asia. In more recent years a great deal of our focus has been on Western governments. In 2008 we returned to Asia, enabled by funds from the International Development Research Centre in Canada, who asked us to review the policy landscape in Asian Developing countries. We travelled to Bangladesh, India, Malaysia, Pakistan, the Philippines, and Thailand to meet with government officials, industry groups, consumer and human rights groups, journalists, and legal experts. We ran public workshops in Bangladesh, the Philippines and Pakistan, and spoke at meetings in Thailand and India as we gauged the interest in privacy protections and assessed the 'hot-button' topics in each country. We will release a report in 2009 about our experiences and our assessment of likely strategies for changing the policies in these countries to enhance consumers' and citizens' privacy. Finally, we continue to file strategic Freedom of Information requests in the UK in order to compel the disclosure of essential information about surveillance programs. We have also spoken to international audiences on FOI and transparency rules. We are also pursuing a case against the UK Government at the Information Tribunal on indiscriminate surveillance of travel in London.

Engaging with International Institutions and Processes

For a number of years we have been monitoring the activities of international institutions and inter-governmental organisations as we saw them as 'launderers' of bad policies. This year was no different as we campaigned against the European Union as it adopted rules regarding the use of biometrics at borders, and established its plans to copy the U.S. by profiling passengers who are flying in to and within the EU. This led to high-profile media coverage of these issues. We also co-authored a letter to the International Telecommunications Union, with the American Civil Liberties Union, calling for greater transparency in their work on 'traceability' of internet communications. Finally, we co-authored a letter to the next White House Administration about the need to reverse the Clinton and Bush Administration's tendencies to launder bad policies through international organisations.

This year we also worked with international institutions. For instance, we were approached by the United Nations High Commissioner for Refugees (UNHCR) to assist them in their management of refugees' personal information. In recent years the UNHCR has moved to a database platform for managing the flux of refugees in camps and cities around the world. In some cases they also began using fingerprinting and iris biometrics to keep track of these refugees. PI staff offered, on a pro bono basis, to assist the UNHCR is analysing their practices to ensure that refugees' privacy is adequately considered in their systems design, and in turn, protected through policies and procedures. We spent six weeks travelling around refugee centres and camps in Djibouti, Ethiopia, Kenya, and Malaysia auditing their practices, and testing the effectiveness of the technologies. We will release a report in 2009 regarding this project.

We have also worked closely with European institutions. We worked closely with the European Parliament again this year, giving evidence, drafting briefings, and speaking at meetings and seminars on privacy issues. We also wrote commissioned reports for these institutions. Most notably, David Banisar was asked by the Council of Europe to write a study on the effects of anti-terrorism policies on free expression. The report was presented to the CoE in November 2008.

Anti-Terrorism Policy and other forms of Exceptional Surveillance

Unfortunately, anti-terrorism policies continue to be a driver for many intrusive and illegal surveillance policies. For instance, after the failed attacks on London in the summer of 2007, the UK Government ordered that all data on cars driving into London, recorded for the 'congestion charging' scheme, would be submitted over en masse to the intelligence agencies, and this data could then be sent elsewhere around the world. We filed a complaint at the UK Information Tribunal to question the legality of this measure, arguing that such a decision needs to be made by Parliament and not through a secret declaration by the Government. We continue to await the decision of the Tribunal.

But anti-terrorism policies are no longer alone in pushing invasive and often disproportionate and ineffective surveillance mechanisms. Basic border and law-and-order policies are now making use of significantly invasive techniques as well. In 2008 we continued our work on the spread of biometric technologies at borders, and this included our high-profile work on forcing Heathrow Airport to dismantle their plans for fingerprinting all travellers through the new Terminal 5 as well as through Terminal 1. We knew that if Heathrow was permitted to indiscriminately fingerprint all passengers, then every other airport around the world would swiftly follow. We complained to the UK Information Commissioner, and this complaint led to a reversal of the policy, at least for the time being.

We also worked with a number of other organisations on a number of other surveillance techniques. We filed an amicus brief on the Marper case at the European Court of Human Rights about the UK government's policy on collecting and retaining the fingerprints and DNA of all those arrested, even though they are later not charged or acquitted. Nearly a million innocent individuals are on the UK DNA database. The case was decided in favour of the complainants in December 2008, which means that the UK government is going to have to seriously limit the retention of fingerprint and DNA data. We will closely monitor this situation in 2009.

We are also working with groups around the world on new regimes of communications surveillance, and we commented extensively on developments in the U.S., Sweden, and the United Kingdom, and will also continue to do so into 2009.

Related:
About Privacy International
About PI - International Advisory Board
About Supporting PI