December 20, 2004

Privacy in the age of blogging

Posted by Eszter

Jeffrey Rosen has a piece in yesterday’s NYTimes Magazine about the practice of blogging intricate details about one’s dating and sex life on one’s blog. (I was going to say “one’s private life”, but how private is it once it’s been blogged and read by hundreds?) As usual with journalistic pieces such as this one, it is hard to tell how widespread the phenomenon is, but it is out there to some extent and may be worth some thought. I certainly know that people in my social circles – friends, family members, colleagues – do wonder what I will and will not blog about from our interactions and sometimes even preface comments by saying “this is not for blogging”. I always reassure these people that I never blog information about other people without permission and in general rarely mention any names or other identifying information (except to give credit, but I check in such cases as well). However, from reading the article one would think my practices are more the exception than the rule.

Since I do not blog anonymously there is more social control over what I decide to make public. After all, everything I say reflects on me in return. Outing information about others that many may find inappropriate will have negative repercussions on me. So even if I had no concerns, whatsoever, about the privacy of people around me – but I do – a solely self-interested approach would still dictate that I keep information about others’ lives private in order not to upset people and in turn lose credibility and trust in the future. However, such social control operates much less effectively among those who can hide behind the veil of a pseudonym.

As I prepare for my upcoming undergraduate class in which students will be required to maintain blogs, I have spent quite a bit of time thinking about how to comply with the Family Educational Rights and Privacy Act (FERPA). According to FERPA, I have to make sure that certain details about student enrollment in my classes are kept private. In the process, I have realized that this is a one-way street. There is nothing preventing my students from blogging whatever information they decide about me. Of course, social sanctions may still exist. Students may decide it is not worth upsetting their instructor through such practices. Nonetheless, there will be plenty of opportunities for blogging things after class is over. Moreover, they may have individual blogs not associated with the class that are written anonymously and can serve as an outlet for commentary about others.

Of course, we all have different selves depending on the social situations in which we find ourselves and there is no reason one should let down certain guards in front of a classroom or when with a group of colleagues. Perhaps the most disturbing part about the phenomenon described in the article is that people are blogging intricate details about their private lives, which in turn includes the private lives of others. Of course, as long as this is a known fact one can accept it and behave accordingly (or not accept it and stop spending time with the person assuming that’s an option). But it sounds like this practice often only becomes clear after the fact, which seems to put unfortunate added pressure on private interactions.

September 02, 2004

The joy of my world is Mark Kleiman (Beautiful, beatiful Kleiman)

Posted by Ted

I just wanted to be part of the Allelujah chorus on this:

Atrios reports gleefully that a Republican Congressman, asked point-blank about his sexual orientation, refused to answer.

Good for him! (The congressman, I mean.) The right answer to that question, from anyone except a potential sexual partner, is “None of your f—-ing business.”

I really, really disapprove of gay-baiting, even if the gays being baited hold disgusting political positions. And I thought that attitude was part of the definition of liberalism.

When did that change? Did I miss the memo?

August 02, 2004

Maybe that's where they're going wrong ...

Posted by Daniel
I’m usually about the ninetieth person to get these things (thanks to the pal who emailed it to me), but this one is quite funny:
The Central Intelligence Agency is committed to protecting your privacy and will collect no personal information about you unless you choose to provide that information to us.
Bit of a new departure for the CIA, innit?

July 22, 2004

Shut up

Posted by Ted

Need a fresh reason to dislike Bill O’Reilly?

O’Reilly scolds guest who outed gays, then calls judge a lesbian

Fox News Channel’s star talk-show personality, Bill O’Reilly, says he is uncomfortable with the practice of outing gay political figures—except, it seems, when he is doing the outing.

On his show Monday night, O’Reilly chastised guest Michael Rogers for maintaining a Web site publicizing the names of gay staffers working for politicians who oppose gay marriage….

But on the same show—and for at least the third time in the last year—O’Reilly described one of the justices on the Massachusetts Supreme Judicial Court as a lesbian, a claim that the justice herself, through a spokeswoman, denies.

For the record, I am opposed to outing, whether it’s done by Bill O’Reilly or by people on my side.

UPDATE: “I gave up the homosexual lifestyle four years ago.” Terrific New Republic first-person story on gay marriage.

July 16, 2004

Pizza, cholesterol check, the works

Posted by Eszter

This little Flash movie by the ACLU about the loss of privacy is hilarious and, of course, scary at the same time.

April 30, 2004

Europe and the War on Liberty II

Posted by Maria

I’m running between meetings and trying to get this story into the print media (why do these things always happen on a Friday afternoon?) of an important development in the privacy of communication, so I will just point you to a leaked document hosted by the indefatigable people over at Statewatch.

Ireland, Britain, France and Sweden have proposed that the European Council of Ministers pass a Framework Decision on the retention of communications and mobile phone location data throughout the EU. This is the latest in an ongoing effort of certain European law enforcement interests (led by the UK, pushed by the US) to create a total surveillance capacity over anyone who uses a communications device of any kind, anywhere in the EU. This is sad, bad and disastrous news.

Yet again, policies which fundamentally change the relationship between the citizen and the state are being pushed through the most secretive and unaccountable decision-making body of the EU. Yet again, so-called anti-terrorism measures are being opportunistically introduced - this time in reaction to the Madrid bombings - but applied far beyond terrorism related investigations.

As comparisons go, this measure will far exceed the Patriot Act. It is obscenely dismissive of European data protection law - which now applies to multinationals using call centres but not to curb the state excesses it was created to prevent. It is absolutely sickening to see the Irish government using its presidency of the EU to endorse measures that cut the heart right out of European human rights.

For any decision-makers who haven’t been listening to the years of pleas and demands that EU states not use the promise of information and communications technologies to surveil their citizens, hear this: we don’t trust you, we don’t support you, and unlike you we haven’t forgotten the historical reasons Europe chose to stop governments compiling databases of their citizens’ most innocent acts.

January 23, 2004

Citizens or data subjects

Posted by Maria

Just by the by, and for those with more than a passing interest in the subject, here’s a draft of a rather opinionated survey article on privacy that I’ve just written for a UK think tank. Health warning; it’s over 2000 words. Plus side; I’ve tried to keep it reasonably chatty. Apologies to any commenters (if indeed there are any) - I’m off to Chamonix for two days of terror on the nursery slopes so won’t be checking back in until Monday.

Citizens or data subjects? The erosion of privacy in the U.K.

The Labour government’s policy on personal data is simple; ‘we want all the data on all the people all the time’. But the government’s voracious appetite for citizens’ personal data is matched only by secrecy about its own objectives.

We are living through the unfortunate coincidence of a famously illiberal Home Secretary and an amorphous and open-ended ‘war on terror’. David Blunkett regards civil liberties as airy fairy, and opponents of compulsory identity cards as ‘intellectual pygmies’. The Anti-Terrorism, Crime and Security Act 2001 was a rushed measure tinged by naked opportunism – a veritable Christmas list of radical measures rejected from other Home Office bills in the previous two years. The Civil Contingencies Bill has had a longer gestation but cuts just as deeply into long cherished civil rights.

Britain knows from experience that emergency measures introduced to fight terrorism tend to linger on for decades, and are only repealed when absorbed into general criminal justice legislation. If some civil servants see anti-terrorism legislation as a chance to extend draconian powers in the general criminal law, their political masters are motivated by the fear of being condemned later on for not having ‘done something, anything’.

The use of personal data by governments of the hard left and hard right has a dirty history. It’s no accident that data protection laws – rules that limit the collection and use of personal data, and give data subjects clear rights – were developed in Germany in the late 1960s and 1970s. Since then, democratic governments and international organisations have worked hard to establish what is acceptable and workable when dealing with the personal information of their citizens and of consumers in general.

The OECD produced its influential privacy guidelines in 1980, and these principles were put into action by the 1995 European data protection directive (95/46). Data protection principles were applied to the world of electronic communications by a 1997 directive, and in 1998 the U.K. produced its own Data Protection Act. Also in the 1990s, and after much lobbying by computer experts in the U.S. and U.K., many restrictions on cryptography were lifted, giving individuals the practical means to protect their own information and communications.

But by 2002, when the time came to revise the 1997 directive on privacy of communications, the tide had turned, leaving privacy rights and legislation beached above the high tide line, abandoned and unloved (by governments at least). Despite the efforts of many members of the European Parliament, the combined force of member state governments, led by the UK, and the Commission gutted from the directive any protection against using the communications infrastructure to do constant and mass surveillance of the entire citizenry. For the past three years, the U.K. government has consistently worked to undermine privacy rights, both at home and abroad. Not content with making Britain the most surveilled democracy in the world, the Labour government has turned to Brussels to undermine privacy throughout the European Union.

What are the principles of European data protection law?

 Collection of personal data should be limited, lawful and fair, and the data should only be processed with the clear consent of the individual or data subject.
 No more than the essential data should be collected, and it should be kept accurate, complete and kept up-to-date.
 Individuals should be told why their personal data are collected at the time of data collection and the data should not be used for other purposes.
 Individuals should be told who holds their personal data and given access and correction rights to it. If personal data is to be passed to a third party, individuals should be told who and why at the time their data is collected.
 Data controllers must take proper security measures to protect the data.
 There are extra protections for personal data that reveal individuals’ racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, and the processing of data concerning health or sex life.

Data protection law is equally binding on private and public organisations, but EU governments can restrict it use to safeguard security and defence, fight crime, protect important economic or financial interests of the government or EU, protect the data subject himself or the rights and freedoms of others.

For the purposes of the government, there are two types of personal data; that collected and held by government departments and agencies, and by the private sector. Publicly held personal data includes tax returns, medical data, property information, criminal records, and social benefits information. The private sector collects personably identifiable data such as billing and subscription records, financial data, communications data such as numbers called or the location of a mobile phone, details of email and internet access, and products and services purchased.

The government has worked assiduously to be able to comb through both publicly and privately held data-sets, and with plenty of useful applications;

 To find out when a declared income of £20,000 doesn’t match up to a Sainsburys loyalty card record suggesting a £60,000 lifestyle.
 Using mobile phone location data, to establish if a suspect individual (or at least their phone) was in the vicinity when a crime was committed.
 To analyse phone, mobile and internet records to see who’s talking to who in the criminal fraternity.
 To combine data from school registers and local authorities to trace and help families whose children have fallen through cracks in the system.
 To aggregate data for research to better analyse public needs and improve policy development and delivery.

But to actually do ‘joined up government’, you need the ability to create and access ‘joined up data sets’ as the need arises.

This requires that:
 The private sector keep and make available the necessary personal data,
 The public sector share personal data amongst agencies and departments, and
 The government can reliably identify and track all its citizens.

Private sector held personal data can be a rich source of useful information for law enforcement and intelligence agencies, Customs & Excise, and the Inland Revenue. There are well-established powers to compel phone companies, retailers, airlines and so on, to hand over specific personal data in response to production orders. As long as proper restrictions and oversight procedures are in place, few people would question the need for these powers.

However, law enforcement agencies in the UK argue that it’s not enough to approach, for example, a phone company when the police have already identified their suspect(s) and begun an investigation. What if the data have been erased already? After all, the Data Protection Act requires companies to delete personal data when it is no longer commercially necessary. Nor are the UK police content with the power of data preservation entailed in the Council of Europe Convention on Cybercrime. A data preservation order could be issued to a phone company simply asking it to freeze all the data relating to an individual, pending a production order to give the police access to the data later on. A year before the 9/11 attacks, the Association of Chief Police Officers said it would be satisfied with no less than the forced retention by phone and internet companies of all communications data of all customers all the time for a period of seven years. The Home Office concurred, but saw no way politically to achieve this.

The Anti-Terrorism, Crime and Security Act (2001),rushed through Parliament in the weeks following 9/11, mandated communications data retention as a means to fight terrorism. The only critical analysis of the Act was in the House of Lords where a determined band of Liberal Democrats and Conservatives wrested a small number of concessions from the government. One so-called concession was that widescale communications data retention was to be done only for the purposes of fighting terrorism.

This seemed like a small win for civil liberties. It wasn’t. It doesn’t matter that internet service providers are compelled to keep all the details of their customers’ emails and web-surfing for the purposes of fighting terrorism when the regime for access to that data (the Regulation of Investigatory Powers Act 2000) allows it to be released for investigating crime and many other purposes, and not just terrorism. Indeed, when the secondary legislation for access to citizens’ communications data was finally passed in November 2003, it gave access rights to peoples’ phone and internet records to a wide variety of government agencies and quangos.

Is it legally permissible to store vast quantities of personal data of citizens who are not suspected of any wrongdoing, just in case it might some day be useful? No one is sure. The government’s position is quite simple; this restriction of data privacy in the name of security is necessary and therefore legal, and the government should be trusted to make that judgement. With the war on terror giving carte blanche to push aside data protection law in order to protect security, data protection is increasingly disregarded just when it is most needed.

By massively increasing its powers to compel data retention by private companies, the government acted in bad faith, losing face and trust. The stated objective of fighting terrorism was used to impose a measure which is disproportionate when it comes to the broad range of criminal and non-criminal investigations which data retention serves.

The second requirement of joined up data sets is for the public sector to share personal data between agencies and departments. The Cabinet Office Strategy Unit produced a report in 2002 on the benefits of data-sharing between public services. The report emphasised the many benefits to the public of data-sharing, but acknowledged that the government had a lot of work to do to improve the public’s trust in how the government uses personal data.

One largely cosmetic measure has followed; a public consultation on a Public Services Trust Charter, or guarantee, about how public bodies deal with individuals’ personal data. Though written clearly in plain English, the guarantee is very much a watered down version of data protection principles, and doesn’t even mention individuals’ rights of access to their data. It gives a ‘mother knows best’ response to who will have access to the data and how long it will be kept, saying no-one will have access ‘who shouldn’t’ and it won’t be kept any longer ‘than necessary’. But the most telling response to the draft charter was the significant body of public servants who worried that it gives an unrealistic impression to the public of how their data will be treated. Perhaps it is time for the Information Commissioner to take a long and hard look at whether public bodies are fully complying with data protection law.

Data-sharing has many benefits for the public. But public bodies have clear difficulties complying with data protection law, maintaining accurate and up to date data, properly managing access privileges, implementing basic standards of information security, and preventing abuse or wrongful access to data. Until government departments and agencies can be seen to be complying with existing data protection law and meeting recognised information security standards, creating bigger pools of personal data, and wider access to that data, is simply a bad idea.

Thirdly, joined up data sets require that the government can reliably identify and track citizens. It’s a couple of years since we’ve heard much about a national public key infrastructure with digital signatures for one and all. It’s not at all clear that sufficient tracking can’t be done using social insurance numbers. But David Blunkett’s heart’s desire, that every UK citizen over the age of 16 carry an identity card, just won’t go away.

The various rationales for compulsory ID cards – fighting terrorism, dole fraud, identity theft, illegal immigration – seem to change as often as the Daily Mail’s headline. But the theory underneath is the same; a reversal of the liberal and constitutional tradition of the U.K. which holds that the state exists for the benefit of the people, and not the other way around.

So when we think about privacy and the role of the state, and how individual liberty and privacy must be traded off against the public interest, we should ask ourselves, what exactly do we mean by ‘the public interest’?. Who defines it? Surely not the public servants who benefit from the extension of their powers and role.

We also need to question the worn-out platitude that we must ‘balance privacy and security’, and its inherent assumption that privacy will always come off worse. More often than not, the trade-offs aren’t between privacy and security, but between projected cost and efficiency savings – such as tracking down deadbeat dads, finding and removing illegal immigrants, preventing dole fraud - and individual privacy and liberty. For some people, these trade-offs are acceptable, for others, not. But in order to even debate these questions, we have to drill right down through government spin and into the policy and legislative proposals to examine whether their stated objectives are their actual ones. Only then can we determine whether the sacrifices are worth it.

Finally, three concrete suggestions for avoiding the pitfalls this government seems intent on plunging into:
 Use the scheduled review and sunset provisions of the Anti-Terrorism, Crime and Security Act to repeal the parts that are not specifically counter-terrorism measures, and re-introduce these powers in general criminal justice legislation where they will be subject to proper Parliamentary scrutiny.
 Support a test case to the European Court of Human Rights, under Article 8 of the European Convention on Human Rights, on the legality of widescale data retention regarding non-suspect individuals.
 Begin an audit, reporting and compliance process of all public services that handle the public’s personal data to ensure absolute compliance with the Data Protection Act. Implementation of a concrete information security standard like BS7799, in whole or in part as appropriate, should also be encouraged.

October 08, 2003

Dipping one's pen in the company ink

Posted by Daniel

Amitai Etzioni has a post up about workplace relationships, which addresses a number of genuine issues, and it certainly says far more about me than anything else that I can’t stop giggling about them.

The communitarian position on workplace relationships is not, as I’d expected, the unequivocal condemnation that one might have expected (simply on the basis that a random sampling of communitarian position papers suggested to me that they might be against anything fun). It’s quite nuanced and well worth a read. It’s all very easy to get all moralistic and say that this, that or the other kind of relationship is “off limits”, but to be frank, with working culture going the way it’s going, where the hell else are we going to meet people our own age?

Update: To make it clearer, the post is specifically about the University of California’s code of employment which basically is meant to stop professors from interfering with the cargo. I have to say it seems like an extraordinary imposition to me:

“However, as one professor argues, the rules are necessary because of the power gap that exists between professors and students, which precludes such relationships from ever being truly consensual. “

Is it just me, or is this unbelievable balderdash? Are we really trying to claim that a relationship between a dashing young prof and a graduate student can never be “truly consensual”? Only according to a standard by which there have been approximately five “truly consensual” relationships in the history of sex. You don’t have to be Michel Foucault to see through this one.

September 05, 2003

Privacy and Human Rights 2003

Posted by Maria

Today, EPIC & Privacy International launch ‘Privacy and Human Rights 2003, an international survey of privacy laws and developments’. It is a meaty tome that summarises developments in privacy law and policy in 55 countries during the past year.

This year’s review “finds increased data sharing among government agencies, the use of anti-terrorism laws to suppress political dissent, and the growing use of new technologies of surveillance.” Familiar themes to readers of my entries…

It includes an introductory chapter on the war on terror and a country by country guide. Each country entry is a short essay on the key developments with links to many original sources. Within the introductory essays, there is excellent information and analysis to be found on topics like biometrics, airline passenger data, electronic surveillance, WHOIS, Total/Terrorist Information Awareness, and so on. It really is an indispensable guide to a still rather under-reported field, given the massive erosions of personal liberty in the past couple of years.

By way of disclosure - I did the chapter on Ireland and bits and pieces on the UK, EU and electronic surveillance. A great big tip of the hat to Tiffany Stedman who was the law clerk at EPIC working on my chapter, and of course to Cedric Laurant who pulled the whole thing together.

There’ll be a webcast of today’s launch at the National Press Club (1300 ET) on the EPIC home page.

August 09, 2003

Canadian Lawful Access Consultation

Posted by Maria

The Canadian justice ministry has published the results of last year’s consultation on communications interception. Reading it is like entering an alternate universe where sanity and moderation prevailed. There’s no sign of the draft legislation yet, but the signs are good that it may actually contain the ‘balance’ between law enforcement, human rights and industry interests we’re always hearing about but I have yet to see. And for a justice ministry, the Department of Justice of Canada runs an exemplary consultation.

I’ve blogged before on the corrosive effects of justice ministries scrambling to make the most of September 11th to extend their powers at the expense of citizens’ rights. So it’s refreshing to see a justice ministry that, going on the external signs only, is bucking this trend. A few stand-out features of the Canadian consultation are:

- It has a clear statement that the consultation and resulting legislation are meant to serve the three most affected interests; law enforcement, privacy / human rights, and the communications industry.

- Law enforcement agencies seem to have been encouraged to publicly make their case on the same basis as other stakeholders. Sure, they probably still get privileged access to decision makers behind closed doors, but having to argue for and explain to the rest of us the reasoning behind increased law enforcement powers can only be a good thing. And it makes for informative and thought-provoking reading too.

- The ministry states explicitly that this legislative work is not a direct outcome of September 11th, but follows from Canada’s obligation to ratify the Council of Europe Convention on Cybercrime and also G8 responsibilities for mutual cooperation. This is an important signifier of intent and it sets a tone of reasonableness which I haven’t seen in debates elsewhere.

- The Canadians re-state unequivocally that data retention is not on the table, and that data storage, a much more human rights compliant policy, is going to be introduced. (For explanation of these two policies in this context, see the ministry’s helpful FAQ.)

The proof of the pudding is in the eating of course, and there’s no indication of when the draft legislation will be published. But comparing both the content and conduct of this consultation to others I’ve seen on this issue, I find the Canadian approach encouraging. They give all impression of actually wanting to hear what people think.

One little aside; of the 200-odd submissions the Canadian government received from individuals, only 2% were from women.

July 10, 2003

Suggest a Caption

Posted by Kieran

For this.

War on Terror - the ripple effect

Posted by Maria

Much is made of the damage to US civil liberties of Ashcroft, Poindexter et al’s new crusade against the enemy within. But, as Henry and I discovered at CFP 2003, few people Stateside have really grasped the deep and permanent damage the war on terror is doing to European human rights and civil liberties. This isn’t simply a case of the US pushing unpalatable policies on its hapless allies (though there’s plenty of that going about), but is a more complicated situation in which the law enforcement / Justice and home affairs crowd have used the US war on terror to ram through retrograde measures that no civilised democracy should tolerate.

The war on terror is being used as a means to unpick, thread by thread, the European privacy protection regime. In two key issues in the last 18 months - communications data and airline passenger data - the Bush Administration has pushed the EU either to gut its privacy protections or simply to flout them. And Justice / Interior ministries throughout the EU member states have been beside themselves with happiness at the prospect of hoovering up terabytes of information about European citizens on the pretext of fighting terrorism.

On communications data, President Bush wrote to the President of the European Commission in October 2001 asking that the protections against the widescale retention of citizens’ data in a draft Directive on communications privacy simply be removed. The European Council of Ministers pushed hard to get Bush’s request implemented, and eventually the European Parliament rolled over. Since then, the Council of Justice and Home Affairs ministers has been manouevring to introduce mandatory retention of traffic data by communications providers (i.e., information on who you’ve called, which websites you’ve surfed to etc). It secretly surveyed member states last summer about their own retention practices. My favourite respnse was from Ireland who answered the question «Have you received any reports from your law enforcement authorities that have indicated an obstruction of their work due to the non-existence of appropriate legal instruments concerning traffic data retention?” with a simple “No.” The Irish Dept. of Justice had just introduced a secret, temporary measure to require telcoms providers to retain their customers’ data for 3 years, the longest period in Europe.

Within six weeks of the September 11 attacks, the UK introduced within a piece of omnibus legislation that covered immigration and asylum, electronic surveillance, disease control, etc. In effect, the bill Anti-Terrorism, Crime and Security Act 2001 was a patchwork quilt of the nastiest measures the Home Office had failed to get through Parliament in previous criminal justice and immigration bills. It was railroaded through Labour’s supine majority in the House of Commons, and only the few brave souls in the House of Lords who threatened to hold it up until after Christmas managed to wrangle some concessions out of a Home Secretary who was completely dismissive of“airy fairy” civil liberties concerns. (I don’t mind saying this episode entirely changed my views about the merits of the House of Lords, but that’s another day’s blog.) This Act introduced mandatory data retention, though it described it as voluntary; the Home Office is still wrangling with industry players on how to implement it. By requiring all citizens’ data to be kept all of the time, and giving access to third parties for reasons that have nothing to do with fighting terrorism or even serious crime, data retention is a disproportionate measure that probably contravenes Article 8 of the European Convention on Human Rights. But until case law determines more precisely the concept of proportionality in this context, some will continue to argue that keeping everyone’s data ‘just in case’, is a proportionate response to terror.

Whether through a single harmonising European instrument, or through piecemeal legislation by EU member states, Bush’s request for mandatory communications data retention in Europe will probably be met within the next year or so. And not simply because the Bush Administration intervened in internal European policy making, but because the powerful domestic law enforcement and security lobbies saw their chance to seize the upper hand, and grabbed it.

Airline passenger data is a slightly different story. Informal agreements between the European Commission and the US government give the US access to EU citizens’ personal data, and force airlines to act in a way that is clearly unlawful. This sorry story deserves a post in itself; suffice to say that earlier this year, the US threatened to stop planes flying from Europe if European airlines did not open their passenger databases to a myriad of unspecified US government agencies and allow those agencies to retain that data for up to 7 years. Just this week, the Swiss data protection commissioner’s annual report directly criticised the US War on Terror for forcing airlines to break Swiss law by handing over passengers’ personal data to US law enforcement without consent or limit. It is galling that these anti-terrorism measures are being eagerly used by some governments to push a radically anti-immigration agenda. I blogged a while back about the Spanish government’s efforts to goldplate access measures to passenger data and push them through the secretive and undemocratic Council of Justice and Home Affairs Ministers.

Two questions. How would the US public react if the EU was seen to involve itself so forcefully in US questions of fundamental rights? And why are the European governments that most strongly supported the US in its war in Iraq - the UK, Spain and Italy - making the most of the war on terror to tip the balance in favour of law enforcement and against privacy and assorted human rights?