Category: Privacy

Belgian eavesdropping increased in 2009

Following this article (French), official phone eavesdroppings again increased in Belgium in 2009: Belgian police listened 5265 times to private conversations. The French transcript is here.

Evolution of the number of official eavesdropping in Belgium

One doesn’t get much more than these numbers: nothing about the number of hours spent listening, nothing about the percentage of effectiveness/results, nothing about internet eavesdropping (e-mail e.g.). One thing struck me: all requests for eavesdropping were accepted. Or, at least that what the Minister implied when he wrote “there is no distinction between the number of requests and the number of effective eavesdropping”.

Belgian State Security report 2008

When I first opened the Belgian State Security Report 2008 (PDF in French or in Dutch), I had the a feeling of déjà vu: the cover picture is in fact a part of the Great Court of the British Museum in London, UK. Strange for a report on Belgian security and surveillance …

The British Museum as illustration for a Security report
Comparison between an actual photo of the British Museum Great Court (left, by Guillermo Viciano, under CC-by-sa) and the cover of the Belgian State Security Report 2008 (right)

Then I saw it’s only a light version for the web, not the full version. I had a look at the Justice website and the Security web page but I couldn’t find the original version (if you have the full version, I’m interested).

The report summarizes all the activities done by the Security in 2008, including the groups, countries and activities watched, a report on the cases where it was involved (Belliraj, Benali, Trabelsi cases, a.o.) and a broad view of what they did to check people background, protect some others and check various accreditations.

The most interesting part for me, however, was a short description of a bill about data collection methods by the Security. This bill was submitted to the Belgian Senate in December 2008 and was recently adopted (the full text is here, in French). It’s now submitted to the Belgian king for signature.

Briefly, this bill modifies an existing law from 1998 and, among other things, tells apart ordinary data collection methods from specific (articles 18/7 and 18/8) and exceptional ones (articles starting from 18/9). As expected, the bill allows the use of techniques to intercept and read private communications between persons. The bill also allows entering into computer systems, removing protections, installing spyware, decrypting and collecting data (but it does not allow their destruction).

All these methods are controlled post hoc by two different bodies, an ad hoc administrative commission composed of magistrates (renewed each year by the king following a suggestion by the government) and a permanent “R” committee. Specific and exceptional methods needs to be approved first by the administrative commission but there is always the possibility for the Security hierarchy to bypass this and send a written notice to the commission later on. How many times can this last step be forgotten?

Although it’s nice to have the reference to the bill and be able to look for it on the internet, I would have liked to see some statistics about how many times these specific and exceptional measures were applied, how many times they were refused by the administrative commission, how many times the hierarchy allowed a mission and informed the commission later on, etc. in the same way they proudly show graphs of the number of hours spent protecting VIPs. I know details are protected by secret but it would still have been nice to have an idea on how often these methods are used.

Live picture from the Bruxelles Grand Place

On the Bruxelles website, you can watch from and move a webcam on the Grand Place. The resolution is good enough to distinguish faces in you zoom. But what is more interesting (imho), is that the stream from the webcam is just a stream of still images from http://www.brucity.be/webcam.jpg. The image below was the current image from the webcam when you loaded this page ; reload the page to see another picture …

webcam Grand Place Bruxelles

Now you can watch people on the Bruxelles Grand Place and watch what is interesting for people operating the webcam …

Belgian police is storing personal details in a database

If you live in Belgium, you probably noticed a small buzz about a database police is building about Belgian citizens and, more precisely, about the access control of this database. The “problem” is that this database already exists and it has a legal basis since … 1998 (10 years!). But mainstream media won’t tell you that (or I’m unaware of it). I don’t think there is a conspiracy. It’s just that, sadly, the current economic environment doesn’t leave much space for this kind of information. The Minister of Justice’s website has more info on this database and its content (excerpt of translation below):

The database already appeared a royal decree. This decree states that the police can store a bunch of sensitive data about certain categories of Belgian citizens since they are 14-years-old.
These include information on about family ties, consumption habits, ethnicity, physical and mental health, political and religious beliefs, membership of trade unions and political parties and suspicions of criminal offenses.

So what can we do about it? Human rights organisations as well as members of the Parliament (La Chambre, look for “P0499”) questioned the Minister of Justice, Jo Vandeurzen. He agreed that there should be both internal and external controls on what is inserted, who have access to the data, who can check the data and the access, … He promised the “Committee P“, the privacy committee and a supervisory body headed by a magistrate will be consulted. Let’s see …

Online photos and privacy

Last week-end, I walked in the city center and posted some photos of sceneries and people on Flickr. It was the first time I posted photos of people I really don’t know (I already posted photos with people from parties where attendees want to see them online).

I recently read some articles (1, 2, 3) and blog posts about privacy and a new service from Google: Street view. I was then wondering if they are rules or regulations regarding online privacy for non-publishers (for online media).

If you have the opportunity to post your own photo and you don’t want to be online, you may just not publish it. Here I’m talking about people whose picture is being taken in public places and published online without their explicit consent.

A recent post from Slashdot discusses an article on the privacy implications of online photo-tagging (pdf). The issue here is a bit different since they are mainly talking about photos tagged with names of people on the picture (I didn’t go that far). But a stakeholder posted excerpts of the EU Data Protection Directive (already adopted in the Belgian law). You can find the text and some explanations on the EC data protection website. Other explanations and a good summary of differences regarding privacy between Europe and USA is in the Wikipedia article. Since Flickr is a US website/company, it’s not a surprise there are no references to nor guidelines regarding privacy of people on the pictures. But if I strictly follow the Belgian law, I should perhaps remove those photos. A lot of my contacts on Flickr do not take/publish pictures of unknown people. Is it on purpose?

I didn’t decided yet what to do, where is the right equilibrium between privacy concerns, hobby and knowledge/information sharing. Any insight is welcome.