Since January 2014 the Dutch Data Protection Authority has observed that snack chain Febo, through its use of the Bluetrace data tracking system, was violating its patrons’ privacy by collecting information without their permission, according to the Personal Data Protection Act. And after several warnings, nothing has changed, but the agency is pissed off enough to fine Bluetrace if they don’t clean up their act within the next six months.
According to Bluetrace’s website, they claim to “respect the privacy of persons”, since “after 24 hours, all anonimized data is being erased from our systems”. However, that “anonimizing” they carry out is apparently very easy to undo, so basically nothing at all has been done to protect people’s privacy for quite some time.
Febo also has to make sure that they don’t collect personal data of people who live nearby, make sure they tell people explicitly that their data is being collected, and tell them how long their data will be stored, etc., which they don’t. Dutch law states that “the processing of any personal data requires the data subject’s unambiguous consent,” like a sign at Febo that warns people. Bluetrace has said that they place signs, but that’s not the case in the 30 or so Dutch municipalities where their system is operational.
Turning off your phone was a retarded Dutch government answer, because even when your phone is off, it could still be giving out information through radio signals and possibly with malware, if Edward Snowden has taught the world anything.
Febo is just an example, as many other companies and towns who use Bluetrace are also violating the law, and I’d dare say, even flaunting it, since 2014. Why the authorities are only getting serious now remains a mystery.
Tags: FEBO, privacy
As of 2015 Dutch citizens will be able to file charges with the police using DigiD, the national government’s digital identification system. If there’s a company that’s not thrilled with that idea, it’s advertising agency Digi-D in Waalwijk, Noord-Brabant.
For years, Digi-D, who opened shop three years before DigiD came along, have been receiving people’s personal data erroneously and trying relentlessly to get the government’s full attention on the matter. The government decided first to bully the ad agency into changing its name, which was too expensive. At the moment, the government is listening a bit more closely and is trying to come up with a solution, albeit not fast enough. As of 27 November, Digi-D has received 45,282 wrongly addressed requests with people’s personal data, so you can imagine how antsy they are about getting police reports as well. Oh, and they are also the victims of hackers who can’t spell. The company is run by two people and they surely have better things to do than monitor municipalities who keep telling their residents to register with Digi-D because they can’t spell either.
Tags: Digi-d, DigiD, police, privacy
In and around the city of Ede, Gelderland, several DIY chain stores have decided to film anyone buying tools such as big screwdrivers, chisels, crowbars or lump hammers under suspicion of being potential robbers. Once you’re on film with your new tools, the cops look at the footage to see if you’re a robber that matches their files (ha, pun).
Besides being a potential privacy breach, this is a useless strategy. Webwereld and surely other sources have listed the stores doing the filming so robbers can either take from a toolbox instead of buying new tools or just go to another store. Even better, hop over to Germany or get the missus to do the shopping for you as I bet the cops will only look at men on the film. A Dutch white female pushing a pram should do the trick.
(Link: webwereld.nl, Photo of screwdriver by Noel Hankamer, some rights reserved)
Tags: Ede, police, privacy, tools
This morning Privacy First, a foundation committed to preserving and promoting the right to privacy, is in court in Amsterdam over having to enter one’s license plate number when parking on the city’s streets.
Bas Filippini, who when parking in Amsterdam enters the license plate number ‘NOWAY’ (see film linked to the source), says the problem is two-fold: 1) a person in Amsterdam now has no choice but to enter their license plate number and 2) people cannot pay with cash, which both breach the right to privacy and anonymity, never mind being a pain for tourists or other visitors who don’t have the right bank card or mobile phone.
Filippini is in court because of a 60 euro fine he got for not entering his license plate number. According to Privacy First, every free citizen has the right to privacy in the sense of anonymity in public spaces, including parking one’s car, a right stated by Article 8 of the European Convention on Human Rights (PDF).
We’ve been parking cars on the streets in Amsterdam for decades without the city knowing anything about our cars, and continue to gleefully do so across the country. Article 8 says unless matters such as, “national security, public safety or the economic wellbeing of the country, for the prevention of disorder or crime, for the protection of health or morals, or for the protection of the rights and freedoms of others” come into play, which I cannot possible imagine they do.
UPDATE: The verdict is due 23 December 2014. Postponed for six weeks.
UPDATE No. 2: Verdict out: “The council considers that using the wrong number plate is the same as not paying but the court disagreed. Not finding a payment corresponding to a real number plate could be evidence that no payment was made but the person parking can demonstrate they did pay in a variety of ways”.
Tags: Amsterdam, parking, privacy
The business court of The Hague has determined that Dutch Rail can abolish paper train tickets even though the law says a traveller has a right to an objective proof of the right to travel.
The court felt that the new electronic travel card system (OV Chipkaart) suffices because there are five places where you can confirm you have the right to travel. Arnoud Engelfriet lists them all:
- The display of the electronic gate at the time of checking in.
- The display of the vending machine.
- A paper print-out at the service desk.
- A transaction data listing on the Dutch Rail website.
- The display of the train conductor’s travel card reader.
Engelfriet and his commenters point out that there are numerous problems with this verdict.
- The electronic display only shows that you’ve checked in for a very short time, especially if somebody checks in a fraction of a second later (this happens a lot during rush hour).
- If you are in a rush, you are not going to stand in line at the vending machine or service desk.
- The Internet listings are only updated after a significant delay.
- Train conductors are “masters at being impossible to find”, according to Rikus Spithorst of travellers association ‘Voor Beter OV’ (‘for better public transport’). (Doesn’t that make train conductors hobbits?)
Basically this means that you either show up five minutes early for your daily commute to double check you are actually checked in or you pay a tax in the form of fines every time you fail to check in for whatever reason.
What bothers me is that in the case of a conflict between a traveller and Dutch Rail (and only the OV Chipkaart in place) travellers now have to rely completely on the antagonistic party to provide them with the proof that they have in fact travelled legally. Travelling without a valid ticket is a criminal offence, so why would the state make rules that make it practically impossible for a suspect to defend their innocence?
Tags: courts, crime, Dutch Rail, OV Chipkaart, privacy
I went to Interference last weekend, a hacker convention run by anarchists in a former squat called Binnenpret. Most Dutch people know the part of the complex called OCCII, a music venue on Amstelveenseweg.
The talks were somewhat similar to what I have encountered at other hacker conventions in the past. If there was a difference, it was that in the Q&As audience members were criticizing language that could be used as a weapon, as a means to disempower outgroups.
Also, the hosts did not appear to serve coffee.
Cory Shores had a talk about post-humanism and spoke about the blind man’s cane. This is apparently an issue of some contention in philosophy: is the cane part of the man, of the self? A blind man ‘sees’ with the tip of the cane after all, his hand being no more than a relay.
A similar extension of the self was identified by Paulan Korenhof and Janneke Belt who pointed out technological differences in the way people remember things, such as remembering a shopping list versus writing one down. They did not further explore the issue of the self, but instead looked at where our shopping lists (and therefore maybe parts of ourselves) end up: in the cloud, specifically in the indexes of search engines owned by international companies.
Earlier this week I mocked visitors of the Lowlands festival in a posting who gave away their privacy for RFID trinkets, but perhaps my commentary wasn’t entirely fair. The Lowlands RFID wristbands do have some value to the user as they extend the self, even if the company behind them is solidly grounded in the philosophy of “if we give you something for free, you are in fact the product”.
See also: the Interference reader.
Tags: anarchy, capitalism, hacking, privacy, punk, society
Have you ever gone to a music festival but got too drunk to remember which acts you saw?
Yeah, me neither, but apparently now there’s a solution. For the price of whatever was left of their privacy, visitors of the Lowlands festival last weekend could get a ‘free’ wristband that allowed them to keep a diary of sorts.
Every time you held the Nedap-developed wristband against a scanning station, the station would register your ID, time and location in order to be able to present you with a slew of data on the spot or afterwards. The data contained the location of both you and bracelet-wearing friends, the bands that played nearby, photos of you and your friends, ‘spotified’ set lists, and so on.
According to the video below by Face Culture, some people ‘hacked’ the system by trying to get into the top ten of the people that scanned their bracelets the most. Other advantages mentioned were the ability to remember the names of obscure bands you saw and not having to trawl through 20,000 photos online before finding yours. One person complained that she still had a sliver of privacy left: she wanted more scanning stations so that she could also see when she had gone for a burger.
A Campign Flight to Lowlands Paradise (its full name) is an annual festival held near Biddinghuizen in the province of Flevoland.
(Photo of Waldo at Lowlands 2008 by Gabe McIntyre, some rights reserved; if only he had worn an RFID tag, you would have spotted him instantly; link: AD)
Tags: cloud computing, Gabe McIntyre, Lowlands, Nedap, privacy, RFID, social media
Article 13 of the Dutch constitution declares a secrecy of correspondence, meaning the government and others are not allowed to snoop on your mail.
However, there is an unfortunate loophole: the law specifically talks about paper mail. E-mail was never included and therefore exists in a legal limbo.
According to Internet lawyer Arnoud Engelfriet, the council of ministers of the Netherlands has now proposed a change in the constitution that will not actually name e-mail, but which will make the phrasing of Article 13 more generic. A change in the constitution requires two consecutive parliaments to vote for that change, the idea being that the change can be made an issue in the elections.
Not that it matters much, as the Dutch constitution, which is now 200 years old, is more of a guideline than law. Judges are not allowed to ignore laws based on their constitutionality. The constitution may be said to have a normative function, for example, it could show courts how to interpret a vague law, but a 2009 study by the national government claims that this normative function is eroding (PDF). Instead a societal function is emerging, as the constitution aims to hold up a mirror to the citizens of the kingdom and to show us what our shared values are.
See also: an English translation of Article 13.
(Photo of the constitution of 1814 by Grondwetfestival.nl, used with permission)
Tags: constitution, e-mail, laws, privacy
In a fascinating article by anthropologist Lizzy van Leeuwen in De Groene Amsterdammer last month, she describes how farmers’ association LTO, together with the Dutch government, has set up a system for detecting and dealing with early warning signs of the mistreatment of farm animals.
A database kept by Vetrouwensloket Welzijn Landbouwhuisdieren (the confidential office for the well-being of farm animals) tracks symptoms such as excess deaths and diseases, hurt and crippled animals, parasites, poor development of young animals, and so on.
Nobody could object to such a system, but the database also registers information about the farmers themselves based on the idea that unhappy farmers make unhappy farm animals. This information includes attendance at meetings and the number of friendships a farmer maintains. Do farmers stop answering their phones and do their relationships fail? It is all registered.
If the signals reach a certain danger level, a team is sent to the farmers in question to try and help them get back on track. Magazine Veeteelt ran a headline in 2010 that aptly describes the duality of this approach: “Animal neglect can happen to anyone. [This system] prevents a negative image of the industry.”
The result is that some farmers—the loners, the ‘known’ problem cases—are pushed into extreme transparency through a finely mazed network of ‘reporters’ or ‘snitches’, depending on who you talk to. These are often the ‘erfbetreders’, a Dutch word I did not know until yesterday meaning ‘those who walk onto the farmyard’—the people who have to be on the farm for business and who rat out the farmer on the side.
Van Leeuwen’s four page article goes into incredible detail on how farmers are viewed by the general public. She hypothesizes that the Dutch have lost contact with farming world. Between 1947 and 1990 the percentage of people working in agriculture dropped from 20% to 4%. The general public are now in the habit of seeing farmers through isolated incidents, such as the 2011 tragedy in which a farmer from Brummen, Gelderland killed about 100 cows with a tractor and then killed himself. Van Leeuwen speaks of “a trend of viewing farmers as professional animal abusers”.
The result is that farmers have not just become an out-group, but in order to close the ranks they have decided to nip rare and extreme cases of animal abuse in the bud by creating their own out-group of lonely and eccentric farmers. Ironically, this does not seem to apply to factory farming, a practice to which pretty much everybody turns a blind eye.
Van Leeuwen’s article, “De weg van alle vlees—dierverwaarlozing op de boerderij“, is available on the web (in Dutch), but unfortunately behind a pay wall.
Tags: excentrics, farm animals, farmers, farming, farms, loners, LTO, privacy
For years local governments have been mistakingly pointing tens of thousands of citizens if not more to an advertising agency called Digi-D in Waalwijk, Noord-Brabant instead of to the Dutch national government’s digital identification system called DigID (no hyphen, and ID in capitals), indispensable for filing taxes and other matters nowadays. In October 2012 10,000 people sent their details to Digi-D. It’s June 2014 and the wesbite the agency set up to tell people about this serious cock-up counted 40,805 mislead people on 6 June.
Digi-D the agency has been around since 2002, while DigID started up in 2005. The government’s game plan has been to strong arm the agency into changing its name, but the agency claims that it would cost them 110,000 euro to change their name, never mind lawyering up for something they didn’t mess up. To make it worse, the agency is being forced to store all this data to prove that it is a nuisance to them, but if ever the data leaked, the government would blame the agency for it!
Tags: automation, DigiD, government, identity theft, privacy, Waalwijk