Wiċċ b’ieħor

Safe City Malta, li tifforma parti minn Projects Malta li tippjana proġetti ta’ tisħib mas-settur privat, qed tippjana li jkunu installati cameras CCTV b’kapacità li jidentifikaw l-uċuħ ta’ dawk li x-xbieha tagħhom tinqabad fuq is-CCTV. Qed jingħad li b’dan il-mod ikun possibli li jkunu identifikati persuni li jkunu involuti f’attività kriminali.

Dwar dan ukoll hemm referenza fid-diskors tal-Baġit fejn kien tħabbar li : “Fl-aħħar xhur kienet għaddejja ħidma biex ġie installat l-apparat neċessarju f’data centre għal użu fuq bażi sperimentali u fejn l-apparat ta’ sorveljanza viżiva qiegħed jintuża biss f’ambjent mhux pubbliku u f’rispett sħiħ tal-liġijiet tal-privatezza billi jiġu wżati prattii etiċi internazzjonali.” Ġejna infurmati li Paceville u l-Marsa, probabbilment li jkunu minn tal-ewwel li jospitaw dan l-esperiment. Dan kellu jsir wara li sseħħ konsultazzjoni pubblika.

Imma s’issa ma seħħet l-ebda konsultazzjoni. Nafu iżda li x’aktarx li diġa ġie iffirmat memorandum of understanding mal-Huawei, kumpanija Ċiniża li hi meqjusa ġgant globali fil-qasam tat-teknoloġija tal-komunikazzjoni. Fix-xhur li ġejjin probabbilment tibda l-implementazzjoni. Dan ifisser li jekk il-konsultazzjoni sseħħ ma jkollha tifsira ta’ xejn, għax id-deċiżjonijiet jidher li lesti.

Iktar kmieni din is-sena, Huawei, ftehmu mad-Dipartiment tas-Sigurtà Pubblika tar-reġjun ta’ Xinjiang fil-punent taċ-Ċina. Intefqu flejjes kbar f’dan ir-reġjun biex f’Xinjiang ikun possibli li tkun ippruvata t-teknoloġija għall-għarfien tal-uċuħ, osservazzjoni diġitali u l-applikazzjoni tal-intelliġenza artifijali għal xogħol il-pulizija. Huawei ser jipprovdu lill-pulizija tar-reġjun l-appoġġ tekniku biex ikunu żviluppati l-kapaċitajiet tan-nies involuti u b’hekk tissodisfa l-ħtiġijiet diġitali tal-industrija tas-sigurtà pubblika, ġie rappurtat li qal Fan Lixin, il-Viċi Direttur tad-Dipartiment tas-Sigurtà Pubblika ta’ Xinjiang . Din il-kooperazzjoni kienet meqjusa li tista’ tassigura “l-istabilità soċjali u s-sigurtà fit-tul ta’ Xinjiang”.

Dan jikkuntrasta ma dak li nsibu fir-rapport annwali ta’ Huawei għas-sena 2017 li jwassal messaġġ ċar: Huawei jimpurtha ħafna mill-privatezza. Jgħidulna li fl-2017 “Huawei continued to strengthen compliance in multiple business domains, including trade, cyber security, and data and privacy protection.” Jgħidulna ukoll dwar “il-ħsiebijiet ta’ Huawei dwar is-sigurtà elettronika – li tissaħħaħ bl-innovazzjoni, bil-kollaborazzjoni u bl-iżvilupp tal-fiduċja fid-dinja diġitali.” Probabbilment li dan il-kuntrast jirriżulta minħabba li l-messaġġi huma indirizzati lejn udjenzi differenti!

Iktar viċin tagħna, l-pulizija fir-Renju Unit ilhom ftit taż-żmien jesperimentaw bit-teknoliġija li tirrikonoxxi l-uċuħ. Big Brother Watch, grupp li jikkampanja favur id-drittijiet ċivili fir-Renju Unit jirrapporta li s-sistemi użati jagħtu riżultati żbaljati 9 darbiet minn 10. F’rapport twil 56 paġna, li kien ippubblikat f’Mejju li għadda bit-titlu Face Off. The lawless growth of facial recognition in UK policing. kien konkluż li 95 fil-mija tal-uċuħ identifikati mis-sistema kienu żbaljati: kienu wiċċ b’ieħor. Identifikaw uċuħ ta’persuni innoċenti. Dan apparti li r-ritratti biometriċi ta’ persuni innoċenti inżammu u nħażnu mill-Pulizija b’mod sfaċċat kontra kull regola bażika tal-ħarsien tad-data.

L-użu tat-teknoloġija biex jingħarfu l-uċuħ tan-nies bħala għodda ta’ l-ordni pubbliku hi għall-qalb il-pulizija, li fuq il-karta jistgħu jgħidu li qed isaħħu l-kapaċitajiet tagħhom fil-ġlieda kontra l-kriminalità. Għall-bqija imma, dan hu ħmar-il lejl u dan billi jekk it-teknoloġija ma tintużax fil-parametri tar-regoli bażiċi tal-ħarsien tad-data tkun invażjoni tal-privatezza li kull wieħed u waħda minna aħna intitolati għaliha.

Il-Kummissarju għall-Ħarsien tad-Data u l-Informazzjoni Saviour Cachia, f’intervista mal-Orizzont iktar kmieni din il-ġimgha qal li kien jistenna li l-awtoritajiet jagħmlu analiżi addattata qabel ma jagħmlu użu ta’ teknoloġija li kapaċi tagħraf l-uċuħ. Is-Sur Cachia emfasizza li għad baqa’ ħafna xi jsir qabel ma nistgħu nikkunsidraw meta u kif it-teknoloġija għall-għarfien tal-uċuħ tista’ tuntuża fil-qasam tas-sigurtà. Ħadd ma jaf jekk l-analiżi li ġibed l-attenzjoni għaliha s-Sur Cachia saritx, jew jekk tal-inqas inbdietx. Din it-teknoloġija tinvadi l-privatezza ta’ kulħadd b’sogru li tikser d-drittijiet fundamentali tagħna lkoll.

Meta jkun eżaminat dettaljatament kif l-użu ta’ din it-teknoloġija jista’ jkollha effett fuq l-attività kriminali inkunu f’posizzjoni aħjar biex niddeċiedu x’sens jagħmel li nissagrifikaw il-privatezza tagħna, anke jekk b’mod limitat, biex l-istat jissorvelja u sa ċertu punt jikkontrolla parti minn ħajjitna. L-esperjenza tal-użu ta’ din it-teknoloġija fir-Renju Unit għandha twassalna għall-konklużjoni waħda: għandna nsemmgħu leħinna u nieqfu lill-istat li jrid jissorvelja ħajjitna.

Il-Gvern għandu l-obbligu li jibda konsultazzjoni pubblika immedjatament u jpoġġi l-pjanijiet tiegħu taħt il-lenti tal-iskrutinjun pubbliku.

 

Ippubblikat fuq Illum : Il-Ħadd 11 ta’ Novembru 2018

Standing up to the surveillance state

Safe City Malta, part of the government’s public-private partnership arm Projects Malta, is planning to deploy high-definition CCTV cameras with facial recognition software. It is claimed that these cameras can identify those involved in criminal activity. The subject was referred to in the budget speech in which it was announced that, after adequate public consultation, such technology will be introduced in a number of areas. Paceville and Marsa are the prime candidates for this technology.

So far, no consultation has taken place, but a Memorandum of Understanding has apparently already been signed with the Chinese global communication technology giant Huawei, and implementation could begin in the coming months. So, the consultation, if carried out, will serve no purpose because the decisions have already been made.

Earlier this year, Huawei entered into an agreement with the Public Security Bureau in Xinjiang, China’s largest province. The Chinese authorities have spent heavily on making Xinjiang a testing ground for the use of facial recognition, digital monitoring and artificial intelligence in policing.

Huawei will provide the region’s police with technical support, help build up human technical expertise and “meet the digitization requirements of the public security industry”. A local government website paraphrased Fan Lixin, Xinjiang Public Security Bureau’s deputy director, as saying that such co-operation would guarantee “Xinjiang’s social stability and long-term security.”

The above quote is in contrast to the contents of Huawei’s Annual Report for 2017,  which drives home the message that Huawei cares a great deal about privacy. We are told that, in 2017, “Huawei continued to strengthen compliance in multiple business domains, including trade, cyber security and data and privacy protection.” We are furthermore informed of the “Huawei’s cyber security concepts – building security through innovation, enhancing security through collaboration and jointly building trust in a digital world.”

The contrast is probably the result of the messages being directed towards different audiences!

Closer to home, police in the United Kingdom have been experimenting with facial recognition technology for some time. Big Brother Watch, a UK based civil liberties group, reports that the systems in use are on average, incorrect nine times out of ten. A 56-page report published in May, entitled Face Off: the lawless growth of facial recognition in UK policing. concluded that “a staggering 95 per cent of matches wrongly identified innocent people”. To add insult to injury, innocent people’s biometric photographs were taken and stored without their knowledge in blatant disregard of basic data protection norms.

The use of facial recognition technology as a law and order tool has been welcomed by the police, as it can theoretically enhance their capabilities in the fight against crime. The proposal, however, is a nightmare for the rest of us because if it is not used within the parameters of data protection legislation, facial recognition technology will be an unacceptable invasion of the basic norms of privacy to which each one of us is entitled to.

The Commissioner for Information and Data Protection Saviour Cachia, interviewed by the GWU’s daily newspaper earlier this week emphasised that he expected that a proper assessment to be carried out by the authorities prior to the use of facial recognition technology. Mr Cachia emphasised the fact much more needs to be done before considering when and how facial recognition technology is used for security purposes. No one is aware whether or not the required assessment indicated by Mr Cachia has, in fact, been done or even if work on it has commenced.

This technology invades our privacy in an indiscriminate manner and our fundamental human rights are at risk of being breeched left , right and centre.

Examining in detail the impacts that this technology could have on criminal activity would help us determine whether it makes any sense to sacrifice our privacy (even minutely) in order for the surveillance state to take over and control segments of our life. If the UK experience is anything to go by, there is one logical conclusion: we should stand up to the surveillance state.

The Government should initiate a public consultation at the earliest opportunity and lay all its cards on the table for public scrutiny.

published in The Malta Independent on Sunday: 11 November 2018

Min ser jiddefendina mill-Pulizija li jabbuża?

DARIO FO

 

Qiegħed naqra u nisma’ dwar id-deċiżjoni tal-Information and Data Protection Commissioner dwar kif informazzjoni kunfidenzjali mill-files tal-Pulizija spiċċat f’idejn il-gazzetti.  Dario Fo kien ikollu xalata b’din l-informazzjoni, dwar kif il-Pulizija titfa’ l-ġebla u taħbi idha.

Għax l-iktar punt interessanti li qed joħroġ, għalija, hu: kif il-protezzjoni tas-sorsi jispiċċa protezzjoni tal-abbuż tal-poter.

L-istorja dwar il-pubblikazzjoni tar-records kunfidenzjali tal-Pulizja dwar l-Ispettur Elton Taliana hi tat-tkexkix.

L-Independent illum tgħidilna li kien il-Kummissarju tal-Pulizija (Peter Paul Zammit) innifsu li għadda l-informazzjoni lill-Malta Today. It-Times min-naħa l-oħra hi iktar kawta u tgħidilna li meta ħarġet l-informazzjoni l-file in kwistjoni kien fl-uffiċċju tal-Kummissarju Peter Paul Zammit.

Il-gazzetti huma protetti milli jikxfu s-sors tal-informazzjoni li jirċievu. Dan hu tajjeb għax hu neċessarju li l-ġurnaliżmu serju u investigattiv ikun protett.

Dak li jippubblikaw il-gazzetti jirrifletti l-valuri li jħaddnu dawk li jmexxuhom. F’dan il-każ il-Malta Today iktar tat piz lill-aħbar dwar x’għamel jew m’għamilx l-Ispettur Elton Talana mill-aħbar ikbar li xi ħadd imlaħħaq fil-Korp tal-Pulizija bla skrupli ta’ xejn dehrlu li kellu jikxef informazzjoni kunfidenzjali li l-Korp kellu f’idejh.

Jekk anke l-Pulizija huma fl-ixkora, min ser jiddefendi liċ-ċittadin mill-abbuż meta l-gazzetta, biex tipproteġi s-sors tal-informazzjoni  tagħha tostor lil min jabbuża?

Data on patients in hospitals and the General Elections on 9 March 2013

The Information and Data Protection Commissioner replied today 21st January 2013 to a complaint which I submitted on behalf of Alternattiva Demokratika. He has questioned  “the purpose of providing ………..lists of patients in hospitals, so early before the polling day when, I would say, the majority of those patients will be returning home before polling day and will not be casting their vote at the hospital.”

He consequently  strongly recommended  “that the Electoral Commission should require the submission of data, in terms of article 82 of the General Elections Act, not earlier than as from the Monday before polling day.”

The Information and Data Protection Commissioner was replying to a complaint submitted on the 18th December 2012 with reference to the provisions of articles 80, 81, 82, 83 and 84 of the General Elections Act  amended during one of the last sittings of Parliament

The recommendation of the Data and Information Protection Commisisoner which cuts down to size the draconian provisions of the law agreed to unanimously in Parliament by the PL and the PN thereby protecting patients from the unwarranted intrusion of political parties.

(full text of correspondence follows)

________________________________________________________________

Our Ref: CDP/158/2012

Mr Carmel Cacopardo

Deputy Chairman

Alternattiva Demokratika

_____________________

Dear Mr Cacopardo,

I refer to your message hereunder and, after investigating your submissions, would like to submit the following:

In terms of sub-article 9(c) of the Data Protection Act (Chapter 440 of the Laws of Malta), hereinafter referred to as “the Act”,

“Personal data may be processed only if :

(c) processing is necessary for compliance with a legal obligation to which the controller is subject;”

Therefore, on the basis of the above-mentioned provision, the submission by the persons responsible for the administration of retirement homes to the sub-committee, established in terms of article 81 of the General Elections Act (Chapter 354 of the Laws of Malta), and subsequently to the political parties, lists of residents and employees, as required in terms of sub-articles 82(1)(a) and (b), (2)(b), (3) and (4) of the General Elections Act, is in conformity with the above-mentioned provision of the Act.

The Act defines “sensitive personal data” as “personal data that reveals race or ethnic origin, political opinions, religious or philosophical beliefs, membership of a trade union, health, or sex life”.  There is no doubt that, according to this definition, the data referred to in sub-article 82(2)(a) of the General Elections Act, constitutes “sensitive personal data”  since it relates to persons’ health.  The processing of “sensitive personal data” is subject to the provisions of article 12 of the Act which states that:

“ (1) Subject to the other provisions of this Act no person shall process sensitive personal data:

Provided that such personal data may be processed in those cases provided for under sub-article (2) and under articles 13 to 16 or as may be prescribed by the Minister having regard to an important public interest.”

Given that General and Local Council Elections constitute an “important public interest” the publication of Legal Notice 30 of 2013 on the Processing of Personal Data for the purpose of the General Elections Act and the Local Councils Act Regulations, 2013, provides, on the basis of article 12(1) of the Act, the legal vires for the processing of the “sensitive personal data” envisaged in terms of sub-articles 82(2)(a), (3) and (4) of the General Elections Act.

In the light of the foregoing, there are no legal impediments barring the administrators of retirement homes and hospitals from providing the sub-committee, set up in terms of article 81 of the General Elections Act, and subsequently to the political parties in terms of sub-article 82(3), with the personal data and sensitive personal data, according to article 82 of the General Elections Act.

However, in this particular instance, that is, where there is a time lapse of more than eight weeks from the publishing of the election writ to the polling day, the requirement for the Electoral Commission and the political parties to be provided with lists of persons at retirement homes and hospitals starting from three days following the publication of the writ, is seen as neither relevant nor proportionate.  More so, I question the purpose of providing such lists of patients in hospitals, so early before the polling day when, I would say, the majority of those patients will be returning home before polling day and will not be casting their vote at the hospital.  Therefore, taking into account the obligations of the sub-committee as set out in sub-article 77(4)(d) of the General Elections Act,  I strongly recommend that the Electoral Commission should require the submission of data, in terms of article 82 of the General Elections Act, not earlier than as from the Monday before polling day.

In view of this recommendation I am copying this communication to the Chief Electoral Commissioner for onward transmission to the Electoral Commission and the sub-committee.

Yours sincerely,

Joseph Ebejer

Information and Data Protection Commissioner

Airways House, Second Floor,

High Street, Sliema SLM 1549,

MALTA

Tel: (+356) 2328 7100     Fax: (+356) 2328 7198

Website: www.idpc.gov.mt

c.c. Mr Saviour Gauci, Chief Electoral Commissioner

---

From: Perit Carmel Cacopardo [mailto:cacopardocarm@euroweb.net.mt]
Sent: 18 December 2012 16:23
To: Info at IDPC
Subject: for the attention of Mr Joseph Ebejer, Information and Data Protection Commissioner

To the Information & Data Protection Commissioner

Dear Sir,

On behalf of Alternattiva Demokratika I draw your attention to the provisions of sections 80, 81, 82, 83 and 84 of the General Elections Act.

In particular I draw your attention to the provisions of article 82 which provides for information relative to residents in retirement homes and patients in hospitals to be supplied to the Electoral Commission as well as political parties on a daily basis as from date when the writ proclaiming the date of the general election is published. In the case of hospitals this information is to include wards where patients are placed.

It is the opinion of Alternattiva Demokratika that providing this data relative to retirement home residents and hospital patients to political parties would infringe the provisions of the Data Protection Act as it involves the unnecessary dissemination of personal sensitive data which is a matter restricted under the provisions of the Act.

In view of the above I request that you investigate the matter at your earliest and that should you consider it appropriate issue such directives such that the privacy of residents at retirement homes and patients at hospitals is protected in terms of the Data Protection Act.

Kindly acknowledge receipt.

Carmel Cacopardo

Deputy Chairman – Alternattiva Demokratika

Voting at the Hospitals and Retirement Homes: 5. Infringement of data protection legislation

As  AD Deputy Chairman together with Prof Arnold Cassola on Monday 17 December 2012 I had a meeting with the Chief Electoral Commissioner relative to the amendments to the General Elections Act as applicable to state hospitals and state run retirement homes.

AD is worried that the said amendments require that the administrators of state hospitals as well as state run old people’s homes to submit regular updated list of patients and residents to the political parties for the purposes of monitoring the electoral process.

This information being made available permits the political parties not only to know who has been admitted to state run hospitals and retirement homes on a daily basis for practically two whole two months, but also to indirectly know what particular condition or ailment patients in hospitals are suffering from.

In a democratic country which gives value to the right to privacy this is totally unacceptable.

In view of this AD has requested the Data Protection Commissioner to investigate the manner in which the electoral process will invade the privacy of patients in state hospitals and residents in retirement homes when the list of patients/residents is provided to the political parties. The Data Protection Commissioner was requested to provide remedies ensuring that the provisions of the Data Protection Act are observed.

Smart meters and Alfred Sant

Smart meters have been advertised as being required for ARMS Limited to be able to issue bills for our water and electricity consumption in real time.  Differential billing depending on consumption patterns would now be possible. Visits by a meter reader will no longer be necessary.

The smart meters, we were told, is all positive for the consumer.

Through the smart meters ARMS Limited, Enemalta Corporation and the Water Services Corporation collect information on our households and businesses continuously.  They know what we do in the privacy of our homes. They know when we are in, whether we are on holiday or whether we are at work. They know when we switch on our television. When we switch on our air conditioner.

This is a major issue of privacy. We need to be assured that the safeguards protecting access to this massive data is in place and that it functions properly.

Unfortunately there have been a number of instances in the public sector where substantial doubts have arisen on the non-functioning of data protection safeguards. I will give two examples.

Early in 2008 just before the general elections a direct mail shot was sent by the PN Leader Dr Lawrence Gonzi  to employees in key sectors of industry. One such worker who received this mail shot was identified specifically in the letter sent and signed by Dr Gonzi as an employee in the pharmaceutical sector. Now as far as I am aware the information is available in the databases of ETC (Employment and Training Corporation) and the Inland Revenue Department. As it is improbable that the employer made his list of employees available to a political party it is logical to conclude that the PN had access to sensitive information notwithstanding  data protection safeguards.

The second example concerns former Labour Leader Alfred Sant who on the eve of the 2008 elections had detailed information on his state of health splashed on the media. The source of such information could only be the medical file held at Mater Dei Hospital. This information ought to have been protected in terms of data protection legislation as well as medical ethical standards. Yet it was not.

Faced with the above who can ensure that data protection standards are applied as it seems that the Data Protection Commissioner was ineffective.  The Smart meters will track much more then energy and water consumption unless the Data Protection Commissioner is wide awake!

This was first published in di-ve.com on Friday 21st September 2012