BBA 2009 results: Ministry of Health is "Biggest administrative sleuth"

12. 11. 2009 | 00:00

The results of the fifth annual Big Brother Awards were announced at a festive evening in Prague's Theatre Na Pradle. A jury of experts chose from almost 80 nominations entered by the public.

Among those awarded are the Czech Ministry of Schools, Youth and Sports for gathering information about pupils and students, Nokia company for its efforts to legalize snooping in its employees' email communication, the social networking site Facebook for its inconsistent approach to user privacy protection, the Czech Ministry of Health, the State Institute for Drug Control and National Health Registries, or the French "HADOPI law", nicknamed the "electronic guillotine".
The "Statement of the year" went to the General Manager of the state-owned lottery operator Sazka, for demanding that slot-machines be equipped with ID scanners. He thinks this would prevent people who receive social benefits from gambling. "It is a question of a greater control or an increase in gambling," says Mr. Ales Husak. The positive prize was awarded to the citizens of Iran for boycotting telephones manufactured by Nokia Siemens, because a telecommunication surveillance system was sold by this company to the Government of Iran.

The Big Brother Awards are held in more than ten European countries with the aim of warning against dangers threatening citizen's privacy. The first ceremony in the Czech Republic took place in 2005. Similarly to previous years there are eight categories - Longterm Violation of Human Privacy (for companies and public organizations), Biggest Corporate Snoop (for companies), Biggest Government Agency Snoop (for government organizations), Dangerous New Technology, Big Brother Law, Snoop Among Nations, Statement of a Big Brother and finally the positive award for Achievements in Protecting Privacy. The Czech Awards are held by the non-governmental organization Iuridicum Remedium.

Members of the jury:
Zbynek Loebl, lawyer specializing in IT law, member of the remonstrance commission of the Office for Personal Data Protection
Oldrich Kuzilek, consultant and an expert on open public administration
Vaclav Vlk, lawyer specializing in human rights
Jiri Peterka, freelance consultant and publicist, computer networks and communication lecturer at Charles University School of Mathematics and Physics
Radek Smolik, IT security consultant and publicist, former director of Symantec GMBh for the Czech Republic
Lenka Nejezchlebova, journalist, Tyden magazine
Jitka Seitlova, Deputy Public Defender of Rights
Filip Pospisil, expert at Iuridicum Remedium's program Human Rights and Technology, deputy editor in chief of the A2 magazine
You can find more information on the contest and prizewinners in the attachment.


Award: Biggest Government Agency Snoop

Prizewinner: Ministry of Schools, Youth and Sports for gathering of information about pupils and students
Reason why: The Ministry of Schools, Youth and Sports is gathering information about hundreds of thousands of pupils and students into centralised databases, their purpose and operation rules not adequately explained to the public. Subjects are not informed about the storage of their personal data or about principles of personal data protection.
As early as in 1999 data of all university students were gathered by the Ministry, utilizing a system developed and operated by Masaryk University Institute of Computer Technology. The system called Student Registries Information Pool contained in June 2009 data on 801,103 students, including their birth identification number, detailed information about place of study, program of study, duration and course of study, its financing, usage of services (dormitory) etc. This database is not operated under a clearly given legal base, precise rules on who has access are not disclosed, nor is it clear for how long are the data stored. Students are not adequately informed about the possibility to control, change or delete data, and they are not asked to give their agreement to the usage of information.
As of January 1, 2006, the Ministry - through the Institute for Information on Education - had begun with the storage of data on children, pupils and students of lower educational stages. Until the first half of this year, data of about 800,000 pupils/students were collected, whereas according to estimates of the Institute for Information on Education, this number is to double in the future. The database contains entries such as birth identification number year and month of birth, state nationality, code of place of residence, an entry about previous education, an entry concerning current education (grades, class, specialization, study program and its duration, foreign languages codes, suspension of study, repetition of a school year, and entries on completion of study, such as type of exam, or the number of diploma.

Award: Biggest Corporate Snoop
Prizewinner: Nokia Company

Reason why: For the persistent effort (rather almost extortion) to legalize snooping in its employee's emails, the jury decided to give the Biggest Corporate Snoop Award to Nokia. The jurors want to draw attention to a widespread corporate practice. Neither in the Czech Republic is snooping in employee's email an exception.
In April, the Finnish parliament passed an act, which for long months stirred the waters of thousands of local lakes. This act, dubbed the "Lex Nokia", allows monitoring employee's emails. And it was the mobile telephones manufacturer Nokia, who heavily supported the act. Finnish newspapers reported in February, that Nokia is pushing MP's into the corner by saying it will otherwise leave the country. Given that Nokia is the biggest Finnish employer, this would have dire consequences for the economy. Although it is impossible to prove the act was passed because of this pressure, it had some significance without doubt. Not only Finnish experts criticise the act, according to them it gives no limits for employees email communication monitoring, it is vague and could be interpreted as a permission to follow all IT communications, including some customers.

Award: Longterm Violation of Human Privacy
Prizewinner: Czech Ministry of Health, the State Institute for Drug Control and National Health Registries

Reason why: For their long-term advocacy and operation of various databases holding sensitive information, without informing patients, or an adequate explanation and in some cases without legal basis.
This year the State Institute for Drug Control - answering to the Ministry of Health of the Czech Republic - started recording sales of medicine to single patients. After a complaint by the Czech Chamber of Pharmacists, the procession of personal and sensitive data in the so-called central electronic prescription storage, operated by the State Institute for Drug Control, was investigated by the Office for Personal Data Protection. The investigation showed that the collection of such data by the State Institute for Drug Control - daily up to 200,000 entries on prescribed medicaments - violated the Czech law, and a deletion of the data was ordered.
Apart from this database, the Ministry operates the National Medical Information System, which holds for years data about citizen's health. Data in this system are stored in more than a dozen of registries such as the National Oncological Registry, the National Registry of Hospitalized Patients, the National Registry of Pregnant Women, the National Newborns Registry, the National Congenital Defects Registry, the Registry of Doctors, Dentists and Pharmacists, the Registry of Abortions, the National Blood-Vessel Surgery Registry, the National Cardiac Surgery Registry, the National Joint Replacements Registry, the National Occupational Diseases Registry, the National Cardiovascular Interventions Registry,  the National Registry of Persons Refusing Postmortem Tissue Donation, etc. Sensitive data are stored for 5 - 40 years from the input, or patient's death. The reason of the storage duration is unclear, as is the whole concept of operation of these registries. Too many medical staff can potentially access the data. No one asks the patient's permission with the usage of their data.

Award: Snoop Among Nations
Prizewinner: French HADOPI law, nicknamed "the three strikes policy" or "the electronic guillotine"

More precisely French MP's who voted in support of the act, the French Government and President Nicolas Sarcozy, who actively supported the passage of the law.
Reason why: The law introduced a "3-strike" procedure, in which the connection owner, from which a copyright holder denunciation is claimed, is after two warning emails denied internet connection and has to pay a fine. The owner is disconnected for 2 months to 1 year, blacklisted and third party ISPs are prevented to provide him an internet connection.
Under the act a new authority is created, called "Haute Autorité pour la Diffusion des Œuvres et la Protection des Droits sur Internet", or the "High Authority of Diffusion of the Art Works and Protection of the (Copy) Rights on Internet". Main goal of the office is to control that the internet subscribers screen their Internet connections in order to prevent the exchange of copyrighted material without prior agreement from the copyright holders.
 The law is problematic in several ways, for example it derogates the right to access the Internet. The Constitutional Council of France considered Internet access a basic human right. An Internet connection is in this compared to electricity or drinking water and the like. Because of this a part of the HADOPI law that would have allowed sanctions against internet users accused of copyright violations without a judicial review, was struck down for unconstitutionality. In a new law, dubbed "HADOPI 2", judicial review is part of the disconnection process. HADOPI establishes a new institution with the main objective to monitor French citizens, namely their activities on the Internet. We can assume that the measures will affect mainly "small fish" - unknowing users. There are ways, how experienced users can bypass surveillance. Nor will the law affect big subjects, such as file-hosting companies, which make huge profits by offering copyright works without authorization, but who have their seat off-shore.
The French approach has become a model which is pushed forward by lobby groups into the EU legislature and globally.
Persons are identified by their IP addresses, from which an unauthorized copyrighted material sharing is taking place. This gives responsibility to the connection owner and not necessarily the real wrongdoer. Under the law innocent victims, with insufficiently secured networks can be punished, such as public WiFi hotspot owners.

Award: Dangerous New Technology
Prizewinner: The social networking website Facebook

Reason why: Facebook earned the Dangerous New Technology Award for an inconsistent approach to user security. It is mainly the range of users' personal data that Facebook collects and processes, the unclarity of which third parties have access to personal data, or the unclarity in what happens with personal data and user content after the Facebook account is deleted. Further it is collecting about users from third parties resources, which Facebook justifies by saying it wants to offer personalized services.
New social networking sites like Facebook come with new possibilities for privacy breaches. For example a new unique application made by the smart phone applications developing company “The Astonishing Tribe” allows to make information from a Facebook account, a telephone number or email address accessible to all people. All these information are readable directly from your face.
Facebook and similar social networking websites are excellent and for many people very useful services. However in connection with new technologies, such as the above mentioned application, these services level down citizen privacy and not only in cases the citizens have agreed. Contrary to other social networking websites, Facebook is at least partly closed, that is, protected by a password. But this is insufficient. What's more, no one knows for sure who has access to Facebook communication.

Award: Big Brother Law
Prizewinner: Amendment of the Road Traffic Act introducing electronic labels allowing tracking of vehicles, instead of the currently used highway stickers.
More precisely the Chamber of Deputies of the Czech Parliament, especially Mr. Oldrich Vojir (ODS - Civic Democratic Party), the MP, who proposed the amendment and put the bill through, effectively avoiding regular legislative process.

Reason why: The Prize is presented for avoiding the routine stages of legislative process, for an overpriced uneconomical solution, which moreover violates privacy and brings the possibility of citizen tracking. The parts establishing electronic stickers were entered into the considered bill as a MP proposed amendment by Oldrich Vojir in the second reading, without consideration in a committee. In this way nor the Government, nor Ministries that will issue regulations implementing the statute and setting up its system, nor the majority of MP's had a chance to consider the bill. The amendment had no explanatory report, the Office for Personal Data Protection was not asked for its opinion or informed in any other way. So now according to the statute, in 13 months citizens are obliged to get into their car a device, while its parameters, price and cash bail, operator and the exact range of processed data is not given by the law, but will be given only by a regulation. We don't know how the data showing driver's movement will be secured, for how long and where are they going to be stored or who will have access nor how this will be controlled.
The problem of such devices, that will be installed obligatory into cars starting on 1 January, 2011, is that these devices have to be checked with a reader that can remotely read the device's chip contrary to today’s stickers that can be controlled visually. The amendment does not mention the usage or placement of reading devices, and leaves a back door open for additional later regulations, that could connect gathered information with other databases. Such digitalized and easily processable data could be used to monitor the movement of specified vehicles, so that - connected with a database of car owners and operators - anonymous travel on Czech highways will be history.

Award: Statement of a Big Brother
Prizewinner: General Manager of the state-owned lottery operator Sazka a.s., who proposes every slot-machine should have an ID scanner. He thinks this would prevent people who receive social benefits and minors from gambling. "It is a question of a greater privacy control or an increase in gambling," says Mr. Ales Husak.

Reason why: The statement of Sazka's General Manager shows a heavily distorted perception of human freedom. The famous novella by Ivan Vyskocil called "What a life a torso could have" (Takove torzo, to by si teprve zilo), in which he calculates how much money a person could get from an insurance for amputated fingers, nose, ears, or arms and legs and how lovely he could live from it. It is clear to the reader that trading wealth for mutilation is not a good idea.
But when it comes to immaterial values, Sazka's manager, like most technocratic managers, does not understand that freedom can also be amputated with modern technologies and that life without it is not wort much.
Following a deformed view like that illustrated by Mr. Husak, a view that superordinates a practical benefit of a controlling technology in one situation, not noticing a much greater danger, we could outline an even better solution:
Citizens, who receive social benefits or owe money to the state, would get implanted chips that would prevent them from spending too much. Every cash register in stores will have a scanner connected with a central database of social benefits receivers and tax debtors. These people could buy only bread and milk, but not for example alcohol or caviar. “It is not difficult. These devices would be equipped with simple ID scanners. Every prize would be assigned to a specific person. Before every game the ID would be checked. The scanner connected to a database would find out if the person does receive social benefits,” explained his view Mr. Husak.
The Charter of Rights and Freedoms guarantees the right to “protection against unlawful collection, disclosement or any other misuse of personal data”. The word “unlawful” does not mean that all it takes is to put such idea into a law and this makes it “lawful”. A measure would be lawful only if the desired purpose, which is at least as important as the freedom that is about to be breached, can not be achieved by any other measure.
Sazka is a problematic private company and there is no reason for allowing it to access social benefits receivers databases. In the same manner pawn shops or restaurants could ask for the same access to databases.

Award: Achievements in Protecting Privacy

Prizewinner: A group of activists, who convinced that people boycott the Nokia Siemens Company for selling communication control software to the Iranian Government.

Reason why: The positive award for enforcing respect for others’ privacy goes to the people of Iran for boycotting phones made by Nokia Siemens, because the company sold a system for supervising communications to the Iranian Government. Thanks to initiative of a group of activists, phone sales dropped by up to 50%.
This award is extraordinary because it is presented to a huge number of citizens who in this way protested against the practices of this company wanting to gain a commercial advantage at the expense of their basic right of human privacy protection. At the same time this is a clear proof of disapproval of many Iran’s citizens with restrictions against basic pillars of their freedom and against possible communications censorship or misuse of personal data for political interests.
Such public protests supporting privacy protection in a country out of our economic and political area, with a different historic and cultural environment, do confirm the general and timeless value of this basic human right. New advances that come with the extremely fast development of communications systems bring high risks with globally connected systems and with the previously unthinkable concentration of huge amounts of data.
These risks are greater when it comes to personal and sensitive data. The boycott is positive also in the dimension of the widest debate over the current consumer society. It is possible to say, that the value of freedom and privacy protection has become a market- and consumption-criterion.
The initiative of this activists group, in which thousands of Iran’s citizens participated, has significance not only for this one country. It strengthens the awareness about the importance of privacy protection in the political and economic field.


Ke stažení

 Jak funguje internet

 Ochrana OÚ

 CC příručka obálka

 CC samospráva


 CC manuál pro města a obce

Kdo jsme

  • Tento web provozuje iure, neziskovka zabývající se ochranou občanských svobod.

Logo IuRe


Support us