Tuesday, July 10, 2007

Privacy without Anonymity*

Yesterday, Manolo remarked that the two Senate bills to require registration of SIM cards might "irk the public". It probably will, but such a step is necessary in these times. Registration of SIM cards is essential for law enforcement especially now that cell phones are used as triggering devices for car bombs.

Maybe the public will be less irked if they are assured that sacrificing anonymity does not necessarily mean giving up privacy. The lawmakers who would take away the phone user’s anonymity are also responsible for putting more safeguards to that same phone user’s privacy.

In addition to requiring SIM card registration, the Telco's (e.g. Globe, SMART and Sun) should also be required to log the coordinates of every called number (gps coordinates if possible) as part of the call data record as an aid to subsequent investigation(s). However, such records should be kept confidential under normal circumstances.

As i told fellow commenter Baycas last year, society has to find a way to accept the loss of anonymity while strengthening safeguards to privacy.

One example of eliminating anonymity is the requirement to clearly identify a person as well as centralize personal information for easy access (via Identity Cards and a corresponding online database) which is in itself is a very useful for security and administrative purposes. However, this will only be acceptable if such information is treated with the same level of sanctity as a Swiss Bank Account accessible only by the person himself or through a valid court order. Making a person carry around his/her Identity Card and demanding it to be shown at will, opens the system to abuse resulting in further discontent and/or loss of freedom.

While we're on the subject, over at Crookedtimber, there is an informative entry on a form of information theft called phishing. It narrates specific cases of possible phishing incidents in the photo sharing website flickr.

Update (July 11, 2007 12:16pm): In the comments section, blogger Manila Baywatch gives a detailed explanation of how such a system of privacy without anonymity works in France through the various stages of a French citizen's existence.

*First three paragraphs was also submitted as a comment in mlq3's blog.


MBW said...

Hi cvj,

Re "As i told fellow commenter Baycas last year, society has to find a way to accept the loss of anonymity while strengthening safeguards to privacy."

Strengthening safeguards to privacy is primordial if we are to accept that our identity becomes part and parcel of our desire for peace and security. This may sound all to difficult but actually a strong "policing" policy is also the antidote against our insecurity and fears.

You've outlined quite clearly how that could be done. France, one of the most "policed" states in Europe is also one of the countries where privacy protection is strongest! (Besides why be coy about this, BIG BROTHER IS ALREADY HERE, so why not formalize it and be out with it!)

There is no hiding in France but our being recorded in state records and archives is also our best guarantee for a better personal security.

You see, unlike in the UK or in the US, the French cannot change names nor opt for an alias and use a name other than his own as recorded in the State records; just won't do because your national ID contains that name without which, you can not have a or bank accounts, own properties, go to school, attend universities, have access to health care, travel, vote, rent a flat, employment becomes difficult, etc (illegal OFWs have legally no access to any of those things in France); a passport may serve as a temporary ID but it is not a legal proof that the person is registered with the State and therefore, a person who doesn't have a French national ID or a resident foreigner in France who doesn't have a valid carte de séjour (residence card which serves as the foreigner's French ID) will encounter problems along the way.

Let me cite how we are "policed":

As soon as a child is born, he/she is given immediately a number that will be his to the time he leaves this world; the newborn is also supplied by the State with a 'carnet de sante', a medical book that keeps track of the child's obligatory medical and health checks from the time he is born until 18 years of age (a monthly medical health check until the child is 2 or 3 and then bi-monthly until he receives all the booster shots or until the age of 9 and every 6 months from then on until he/she is 11 and so forth and so on); all these medical checks are absolutely for free.

(For those people who are naturalized French, their birth certificates are "frenchified," meaning the original birth certificate is surrendered to the French state and is transformed into an official French Republic birth certificate; the naturalized French citizen's birth certificate will now contain the same official jargon as one natural French-born citizen would expect of his own birth certificate; it is then kept in the State records and issued to the owner as if he/she had been originally a French citizen all throughout his existence except that he/she was born outside France so that a Pinoy who has become French doesn't need to run to Manila anymore to retrieve his/her birth certificate everytime he/she needs an official french document, ie, passport, marriage license, national ID, etc., etc., the new French person is considered by France as totally, wholly French... )

By the time the child is 12, his parents will be obliged by law to apply for a national identity card for the child which automatically connects that child to the Ministry of Interior and as such is linked to every single republican institution's computerized records.

By 18, he will have received an electoral voting card.

When that child who has now become 18 years of age, applies for a bank account independent of his parents, say in BNP (Banque Nationale de Paris or in any bank for that matter) his name will be transmitted immediately to the Banque de France which will now "oversee" every banking and financial transaction that he/she makes. If the child, who is now technically an adult (because he is 18 years of age) commits the error of issuing a bouncing check, the Banque de France will immediately notify all banks, I mean ALL banks in the hexagon, of the misdemeanour and the erring bank account holder will be notified that unless he settles his debt within 1 week at most, he will no longer be able to apply for a checking account nor have access to a credit card account for at least 1 year in any bank in the hexagon; if he commits the same mistake 3 times, he will forfeit the right to own a checking account, a credit card account, etc for the next 10 years and will fall under the law of "interdiction bancaire" (banking interdiction), in other words, there is no way for that erring individual to hide. In a capsule, the sellers or the provider of the goods who had been victimized know that whoever tries to con him out of his hard work know that the law will run after the con-artist.

In spite of the "police methods" of the French state to keep tab of every person in the country and everyone of its citizens outside France, I don't feel that the State is infringing upon my privacy because there's not one instant when my privacy had been infringed upon - my identity in the safekeeping of the state is my protection; we in France feel that only those people who have something nasty to hide have anything to fear.

Furthermore, in France where our personal identities are in state blotters, you will find that there's less identity theft than in say, in the UK or in the US where the occurence is so prevalent nowadays. Why? Because if and when an id theft is discovered, the state immediately enters the picture to uncover the crime and help recover the identity of the owner that's been "temporarily robbed" of his/her identity and punish the culprit.

Same thing with selling/buying properties; because every single transaction made on a property is recorded and archived in the local, regional and even in national archives, an official notary public (there's a maximum number of notary publics in France that cannot be exceeded), can trace the titles, the deeds and ensure that the buyer and the seller are in good faith. It usually takes 120 days for the final sale and transfer of a property to be effected - bans to this effect are posted by the notary public; the notary public does the investigating and as an officer of the court, he has the power to unearth all records pertaining to a real estate property or to any transaction involving official documents; that notary public is all we need to ensure that there can be no fraud involved in the transaction (unlike in the Philippines); we need no extra lawyer to draft the contract of sale for us either to do all the tedious tasks of registering for us, in that way, we can sleep soundly knowing that we have not bought a fake title or whatever.

But you see, all this is possible because we trust our government not to abuse or breach that trust. There's enough provisions in the laws to safeguard our interests.

It is in countries where they do not have a centralized national ID that I feel insecure because of the lingering thought that it would be more difficult for the State to protect me in case of problem. That's how much faith we have in the system in France.

cvj said...

Hi Anna, thanks for the thorough explanation! I was discussing this matter with a Biometrics consultant (from the USA) ten years ago and he told me that public resistance to a population-wide fingerprint database (with corresponding personal information attached) can be overcome if there are guarantees that such information is under the control of the concerned individual as protected by the State. With your concrete description, we can see more clearly under what conditions such a system would work. Here in the Philippines, the right to privacy to personal information is especially urgent since we still have Palparan-type soldiers who force civilians to eat their cedula.

MBW said...

Gosh, cvj. Hahahaha!

Looking at and re-reading my post, am not quite sure, it was all that thorough despite it's kilometric length in the sense that they don't convey the method that I would have wanted to point out in how one protects one's privacy when one loses one's anonimity.

Too difficult for a little sailor's brain like mine.

cvj said...

MBW, in the past, i have already come across material (like this) which explains the EU's committment to protecting privacy. Your comment above is one of the first ones i've read explaining the lack of anonymity side of the equation. So for me at least, it's thorough enough.

kegler747 said...

In Brunei prepaid mobile phone users are registered. They want to stop gambling through telephone as it is a Muslim country. The government suspects the operators of gambling are the chinese and the filipinos. Even jueteng is now being exported!