A report accidentally published on the Internet provides insight into a secretive European Union surveillance project designed to monitor its citizens, as reported by Wikileaks earlier this month. Project INDECT aims to mine data from television, internet traffic, cellphone conversations, p2p file sharing and a range of other sources for crime prevention and threat prediction. The €14.68 million project began in January, 2009, and is scheduled to continue for five years under its current mandate.
INDECT produced the accidentally published report as part of their “Extraction of Information for Crime Prevention by Combining Web Derived Knowledge and Unstructured Data” project, but do not enumerate all potential applications of the search and surveillance technology. Police are discussed as a prime example of users, with Polish and British forces detailed as active project participants. INDECT is funded under the European Commission’s Seventh Framework Programme (FP7), and includes participation from Austria, Bulgaria, Czech Republic, France, Germany, Hungary, Poland, Slovakia, Spain, and the United Kingdom.
Testing Project INDECT’s potential usefulness, and the leaked ‘sales-pitch’
Indicated in the initial trial’s report, the scope of data collected is particularly broad; days of television news, radio, newspapers, and recorded telephone conversations are included. Several weeks of content from online sources were agglomerated, including mining Wikipedia for users’ and article subjects’ relations with others, organizations, and in-project movements.
Watermarking of published digital works such as film, audio, or other documents is discussed in the Project INDECT remit; its purpose is to integrate and track this information, its movement within the system and across the Internet. An unreleased promotional video for INDECT located on YouTube is shown to the right. The simplified example of the system in operation shows a file of documents with a visible INDECT-titled cover taken from an office and exchanged in a car park. How the police are alerted to the document theft is unclear in the video; as a “threat”, it would be the INDECT system’s job to predict it.
Throughout the video use of CCTV equipment, facial recognition, number plate reading, and aerial surveillance give friend-or-foe information with an overlaid map to authorities. The police proactively use this information to coordinate locating, pursuing, and capturing the document recipient. The file of documents is retrieved, and the recipient roughly detained.
Conclusions, implications, potential investigative journalism impact
Technology research performed as part of Project INDECT has clear use in countering industrial and international espionage, although the potential use in maintaining any security and predicting leaks is much broader. Quoted in the UK’s Daily Telegraph, Liberty‘s director, Shami Chakrabarti, described a possible future implementation of INDECT as a “sinister step” with “positively chilling” repercussions Europe-wide.
“It is inevitable that the project has a sensitive dimension due to the security focused goals of the project,” Suresh Manandhar, leader of the University of York researchers involved in the “Work Package 4” INDECT component, responded to Wikinews. “However, it is important to bear in mind that the scientific methods are much more general and has wider applications. The project will most likely have lot of commercial potential. The project has an Ethics board to oversee the project activities. As a responsible scientists [sic] it is of utmost importance to us that we conform to ethical guidelines.”
Although Wikinews attempted to contact Professor Helen Petrie of York University, the local member of Project INDECT’s Ethics board, no response was forthcoming. The professor’s area of expertise is universal access, and she has authored a variety of papers on web-accessibility for blind and disabled users. A full list of the Ethics board members is unavailable, making their suitability unassessable and distancing them from public accountability.
One potential application of Project INDECT would be implementation and enforcement of the U.K.’s “MoD Manual of Security“. The 2,389-page 2001 version passed to Wikileaks this month — commonly known as JSP-440, and marked “RESTRICTED” — goes into considerable detail on how, as a serious threat, investigative journalists should be monitored, and effectively thwarted; just the scenario the Project INDECT video could be portraying.
When approached by Wikinews about the implications of using INDECT, a representative of the U.K.’s Attorney General declined to comment on legal checks and balances such a system might require. Further U.K. enquiries were eventually referred to the Police Service of Northern Ireland, who have not yet responded.
E.F.F. Europe reacts
Wikinews’ Brian McNeil contacted Eddan Katz, the International Affairs Director for the Electronic Frontier Foundation (E.F.F.). Katz last spoke to Wikinews in early 2008 on copyright, not long after taking his current position with the E.F.F. He was back in Brussels to speak to EU officials, Project INDECT was on his agenda too — having learned of it only two weeks earlier. Katz linked Project INDECT with a September report, NeoConopticon — The EU Security-Industrial Complex, authored by Ben Hayes for the Transnational Institute. The report raises serious questions about the heavy involvement of defense and IT companies in “security research”.
On the record, Katz answered a few questions for Wikinews.
- Eddan Katz When the European Parliament issued the September 5, 2001 report on the American ECHELON system they knew such an infrastructure is in violation of data protection law, undermines the values of privacy and is the first step towards a totalitarian surveillance information society.
- E.K. What’s concerning to such a large extent is the fact that the projects seem to be agnostic to that question. These are the searching systems and those people that are working on it in these research labs do search technology anyway. […] but its inclusion in a database and its availability to law enforcement and its simultaneity of application that’s so concerning, […] because the people who built it aren’t thinking about those questions, and the social questions, and the political questions, and all this kind of stuff. [… It] seems like it’s intransparent, unaccountable.
The E.U. report Katz refers to was ratified just six days before the September 11 attacks that brought down the twin towers of the World Trade Center. In their analysis of the never-officially-recognized U.S. Echelon spy system it states, “[i]n principle, activities and measures undertaken for the purposes of state security or law enforcement do not fall within the scope of the EC Treaty.” On privacy and data-protection legislation enacted at E.U. level it comments, “[such does] not apply to ‘the processing of data/activities concerning public security, defense, state security (including the economic well-being of the state when the activities relate to state security matters) and the activities of the state in areas of criminal law'”.
Part of the remit in their analysis of Echelon was rumors of ‘commercial abuse’ of intelligence; “[i]f a Member State were to promote the use of an interception system, which was also used for industrial espionage, by allowing its own intelligence service to operate such a system or by giving foreign intelligence services access to its territory for this purpose, it would undoubtedly constitute a breach of EC law […] activities of this kind would be fundamentally at odds with the concept of a common market underpinning the EC Treaty, as it would amount to a distortion of competition”.
Ben Hayes’ NeoConoptiocon report, in a concluding section, “Following the money“, states, “[w]hat is happening in practice is that multinational corporations are using the ESRP [European Seventh Research Programme] to promote their own profit-driven agendas, while the EU is using the programme to further its own security and defense policy objectives. As suggested from the outset of this report, the kind of security described above represents a marriage of unchecked police powers and unbridled capitalism, at the expense of the democratic system.