Tag Archives: data protection

German Agency Wants to Snoop Social Networks to Analyse Creditworthiness

A German credit agency in is planning to analyse the creditworthiness of individuals by using information gathered from online sources such as Facebook and other social networking sites.

Schufa, Germany’s  largest credit agency intends to assess peoples ability to make repayments by using “crawling techniques,”  such as those used by Google, for the purpose of “identifying and assessing the prospects and threats.” A spokesman for Schufa told Spiegel Online that “everything is happening within the legal frameworks in Germany.”

Nevertheless, the proposal raises serious concerns over assessing a person’s reputation from information found on the web. Schufa is planning to analyse automatically recorded information on the Internet such as on social networks, and this can then be linked to the stored data gathered by the credit agency. Although Facebook pointed out that according to its terms and conditions, automatic registration of members was actually not permissible.

For a country with some of the strictest privacy laws in Europe, it is no surprise that the proposal has come under a strong criticism. Analysing data related to personal relationships which can be found on Facebook and Twitter in order to judge a persons creditworthiness is a severe invasion of privacy.

Since the German broadcaster NDR reported on the research project last  Thursday there has been a public outcry. Numerous privacy advocates and politicians have strongly criticised the proposal.

Sabine Leutheusser-Schnarrenberger,  the German Justice Minister, was quick to condemn the credit agency’s plans. She told the Spiegel that Facebook “friends and preferences” should not prevent an individual from, for example, being able to obtain a mobile phone contract. Leutheusser-Schnarrenberger stated “Schufa and other credit agencies should disclose their full intentions of using Facebook data to check creditworthiness.” She said that the data used to determine someone’s credit report is already controversial and called for the process to be made “fully transparent.”

On Thursday, the Justice Minister was joined by Consumer Protection Minister Ilse Aigner in warning Schufa and HPI about tracing individuals on social networks, and requested further information on the research plans. Rainer Brüderle a parliamentary member of the Free Democrats (FDP) stated that “Schufa’s plans go too far…social networks, like a circle of friends, are part of a person’s private life, and should therefore not be tapped.”

However, the Hasso Plattner Institute (HPI) which was to be commissioned by Schufa to develop a proposal for the project, has now pulled out due to mounting criticism from politicians and privacy advocates. The privately-funded information technology institute was going to explore the extent to which information from the Internet can help in evaluating the creditworthiness of individuals. HPI  announced that it has withdrawn from the contract with Schufa.

In a statement, the institute claimed there had been some “misconceptions” by the general public about their research approach. HPI Director Christoph Meinel stated that the project could no longer be carried out with the ease and in the “unburdened” conditions necessary.

The move by HPI, a clear blow for Schufa, has been welcomed by critics of the proposal, but it is unclear whether the credit agency intends to pursue the project regardless. The proposal could be hugely damaging to the privacy of individuals, linking their private relationships and their online reputation to their creditworthiness seems hugely invasive. Schufa’s plans could have detrimental effects on a person’s everyday life and further highlight the dangers of disclosing personal information on the internet. It is unclear whether Germany, a country with some of the most sophisticated privacy laws in the world would be able to justify such actions in accordance with its legal framework.

Advertisements

Scrambling for Safety Conference 2012: Data Gathering – What are the benefits?

Yesterday I attended the Scrambling for Safety conference at the LSE.
 I was really impressed by the wide range of speakers,
 from the leader of human rights group Liberty Shami Chakrabarti to the Conservative MP David Davis. Finally a real discussion featuring voices from a wide range 
of political and ideological affiliations, although noting the 
absence of any Labour politicians. It was a 
bit less exciting when I realised they all seemed to agree…

The members of the panel talked about the importance of privacy and the negative implications of the invasion of privacy. They also agreed, particularly Julian Huppert and David Davis MP, that politicians generally do 
not have a clue and often take advice from civil servants and security officials as fact. They often seem to rely on information without attempting to validate or research it themselves, probably due to the volume of information that relates to many issues. But what I really wanted to know was how much would it cost? Is it even viable or productive? 
Would it in any way benefit the general public in a way that would 
justify such an invasion of privacy? If not, why on earth was this 
happening? If stronger policies on surveillance are indeed necessary
 what are the alternatives?

Some light was shed on these questions in the second panel, who could not identify 
any real benefit of swamping the police with massive amounts of data
 and the chaos which would ensue as a result. Data gathering on such a
 large scale does not seem to make sense at all. If the government’s plans to combat serious crime and terrorism with these measures, this shows a clear lack of foresight. The panel emphasized that gathering data in this way would only catch very basic internet users, as there are so many 
ways to hide the data being picked up, such as using encrypted pages.
 Monitoring basic internet use, when more advanced users (you don’t 
need to be very advanced to use dropbox for example) know a way
 around it, would encourage a culture of “underground internet use”. This would only complicate things for the police/security 
services. It is also a waste of money and resources to invest in a 
policy that is fundamentally ineffective and extremely invasive of basic
 rights and freedoms. The costs are therefore certainly not outweighed by
 the benefits, which seem negligible if there even are any.

Whitfield Diffie, somewhat of a celebrity in the tech world, so I was told, addressed the issue of privacy of search terms such as e.g. divorce lawyers or cancer clinics which may be largely indicative of your private life. By accessing an individual’s search data the government would be enforcing a huge invasion of privacy, but it would also be largely counter productive and irrelevant to the police regarding surveillance matters.

A retired police officer in the 
audience stated that it appears the government are seeking to implement preemptive measures. Such data is often unusable and overwhelming to the police force
 because of the sheer volume. Analysing such data is complex and time 
consuming and thus provides little value in many investigations which
 need to be carried out swiftly. He gave the example of the recent
 shootings in Tolouse – France, where police had access to 500 intercepted email messages 
which provided a lead to the suspect. However the manpower to analyse and identify suspects in pressing operations will not always be
 available in relation to processing data. The police may not have enough people assigned to a particular case to be able to go through all the available data.

The conference was wrapped up by Nick Pickles from Big Brother Watch, who ended the day with a quote from David Cameron criticising Labour’s policies on surveillance. He pointed out that the coalition government must keep their word, something I fully agree with. He then added that he was standing for the Conservatives in the next election, making his short speech seem a little more like a self interested campaign. However the fact that the organisers were from a wide variety of civil society organisations allowed a broad discussion on an issue that affects everyone regardless of their political affiliation.

The main arguments made at the conference, appeared to be that the proposal is not only a gross invasion of fundamental rights and freedoms in both national and European law, but that it is also both costly and ineffective. The plan seems to be based on a misinformed and misguided policy relating to security, which doesn’t seem to provide any benefit to government, the police or national security. While this issue could have huge negative consequences it is still barely understood by either government or the public.

Shami Chakrabarti used the quote “they say the innocent have nothing to hide – but they do have something to protect”. At present there is little legislation relating to privacy law in the UK and Article 8 of the European Convention on Human Rights (ECHR) – the right to a private and family life, is often loosely applied. The Scrambling for Safety conference highlighted the fact that even current law on communications remains highly contentious. The proposed casual and constant invasion of privacy is not in the public interest, neither in terms of security nor cost. The proposal is unrealistic and inappropriate, what is really needed in the UK are stronger privacy laws/rights to protect our freedom and to fully integrate and apply Article 8 of the ECHR in national law.