Sunday 9 June 2013
Open Rights Group Conference (ORG 2013)
A rich and lively time had yesterday at the yearly ORG conference – an event that should not be missed by anyone with an interest in privacy (one might say, everyone!).
After an introduction from Jim Killock, Executive Director of ORG, Tim Wu gave the opening talk based on his book 'The Master Switch'. Promoting a view of media as connection he discussed radio (in its original two-way guise) before moving to more recent networked media. Pointing to grassroots endeavor in the 1920s he remarked upon the general tendency towards centralization, homogenization, conglomerate status, loss of amateur spirit, loss of idealism and that concentration leads to censorship. Linking the experience of radio that was used for Nazism (Goebbels's interest in radio was discussed) Wu asked can we prevent the same happening to the internet, i.e. it used being as a totalitarian tool?
His wider (and slightly milder) point being that what is created in one context can be used quite differently in another was very apt for the day – not least given reports by the Washington Post and The Guardian on PRISM in the US. Where then TCP/IP protocols were once open, this is no longer guaranteed and one only has to look at PRISM to chart new levels of control. As technologies move beyond doing what we want them to do, Wu suggests in answering the self-posed question of what we can do: 1) more consumer power to promote alternatives and non high-tech solutions; 2) defense of rights (e.g. ORG/EFF), the need for civil liberties and pressure groups more broadly. Of particularly interest to me was his discussion of non-visceral privacy, i.e. privacy breaches not as obvious as having one’s home broken into. A key idea of the book I am writing at the moment is “affective privacy” and the ways in which a visceral layer of understanding is required (indeed, privacy in affective terms may be seen positively, e.g. the sense of getting into one’s car or arriving home and closing the door). He also pointed to privacy as an attention economy, somewhat reminiscent of Dallas Smythe and later work to follow on the audience's attention-as-commodity. Back on topic of what we can do, he pointed to 3) net neutrality, and the fact that we can complain and make a noise (e.g. to MPs). Concluding he stated that we are serviced by too few products and asking whether will amateur inventors create something new to break-up and re-boot a corrupted media system?
The next event at 11am focused on the Snoopers Charter and the situation now. Peter Sommer got things underway providing the legislative background to the rise of the Communications Data Bill. The investigative journalist Duncan Campbell provided a spirited history of mass surveillance ultimately stating that the secrecy of these activities removes from society the checks and balances provided by democratic functioning. Julian Huppert (Lib-Dem MP) is also concerned about the concentration of power (the Lib-Dems have opposed the CDB). This is partly due to MPs in general not ‘getting’ the internet and that they are not malicious, they just do not understand. He also remarked on Woolwich [rightly] attacking Theresa May’s opportunism. He noted too Labour’s Alan Johnson had also voiced support for CDB. While clearly there was a little electioneering going-on, the point was well made that Lib-Dems will block the CDB and ensure to does not get passed. Bendert Zevenbergen presented the Digital Surveillance report and what should be done about CDB.
The next event I attended at 12pm was on the Data Protection Regulations and changes therein. Anna Fielder from Privacy International remarked that regulations are out of date with neither consumers or businesses happy with the state of things, and pointed out that the revisions are an evolution not a revolution. Key problems she has witnessed are: what is the data subject (anything more than an IP address?; consent as a key sticking point (see my paper on consent here), and that the word “explicit” is causing all sorts of problems (this has huge implications for how industries process data).
David Smith, Deputy Information Commissioner, pointed to the problem of reaching agreement across so many actors on legislation that is so complex. The legislation thus needs to be sensible and proportionate; balanced with freedom and expression, and has to be realistic if it is to be applied. Consent again us a key point. He also discussed the need for privacy by design and accountability by data controllers (compliance).
Kasey Chappelle, Global Privacy Counsel, from Vodafone also high made the case that Vodafone has ben having an internal discussion about privacy. She pointed out that they have had problems of permissions and consent, and the ways in which these are collected. She also acknowledged consumer and policy-maker frustration. They key problem as she sees it is that privacy has been a matter of legal compliance and that it has not been consumer driven. It has been interpreted as a set of rules to be abided by at the absolute minimum cost. It is thus a legal problem, not one of sociology (her words). What then of user experience in a lawyer-driven environment of legal compliance? Currently the situation is that companies will only go beyond the minimum if there is an economic advantage. This then is the heart of the abuse of consent as it turns into a compliance machine (one only has to look towards the behavioral economics literature [summarised in The Mood of Information]).
This leads Chappelle to advocate repositioning privacy as a branding tool and to consider its components of trust and emotion. He also suggested privacy wizards and to aim for full disclosure. She also highlighted the need for the strong European regulations that to help create consumer trust. I have remarked a number of times at various privacy events on the need address companies at the level of reputation. Dealing with privacy and technical and legal levels are key approaches, but brands matter to these companies and there is much mileage to be made by early adopters of good privacy behavior. Others will follow as better standards are set.
Caspar Bowden’s talk at 2pm was the standout event of the day. Focusing on recent PRISM events, the ex-Chief Privacy Adviser for Microsoft (MS) had much to say. His detailed slides are available here. He opened saying that he only had an inkling of PRISM while working at MS, and that he does not trust MS. He also remarked and provided evidence that allies have always spied on allies so we should not be too surprised about these events. This was a complex presentation but it generally centered on PRISM as about foreign intelligence and as US license to spy on foreign affairs of others using corporate databases to do this (e.g. Google, Facebook, Skype and MS). This is done by splitting internet traffic with deep-packet inspection and filtering to the National Security Agency (NSA). This essentially provides the NSA with a terminal to corporate data centres. What PRISM represents then is the mass surveillance of cloud computing (or cloud-veillance). This came about because of the 2008 FISA Amendment Act that allows targeting only of non-US citizens (US citizens are protected by 4th Amendment rights). This is utterly at odds with the Universal Declaration of Human Rights (UDHR). The 4th Amendment then is fine for one, but not for the rest of the world.
US companies have concurrently been lobbying Europe hard in cloudwashing endeavours and playing down all fears that data might be spied on are treated differently to high European standards (as per the Safe Harbor Agreement). On solutions, Bowden pointed to the need to build indigenous cloud services. He also remarked (but was later questioned on) that the soliciting of information by UK GCHQ is not the main problem here (as fairly widely reported in the press), but that we are being surveilled by a foreign state.
The last event of the day was John Perry Barlow of Electronic Frontier Foundation (EFF) at 4:30. He opened by pointing out the extreme liberational and sinister potential for online media. He commented that we are increasingly closing in on a situation where anyone in the world can know all there is to know about a given topic as it is possible to know. Heady stuff for human history. Taken to task later for some of these points, he remarked that we will be spared of the most sinister side of things because of governmental incompetence, and that information isn’t everything and a bigger haystack doesn’t make it easier to find needles.
He also pointed out that privacy is contextual. On what for me was the most alarming part of his talk (other delegates please correct me on this) he suggested that transparency means that people’s idiosyncrasies will come to the fore and that greater tolerance of difference will be forced. This is highly reminiscent of Richard Posner’s Economics of Justice argument. Radical transparency sounds fine in theory but it will cause may people pain where the net gain is unclear, and possibly unachievable. On how to deal with the informational industries he again pointed to the need for greater competition (like Wu at the beginning of the day). This is doubly important as despite government’s claims otherwise, the like centralization (it make surveillance much easier). We also need to ‘create tunnels though networks’. This points to the language of open conspiracies and disruption rather than attacking head-on.
Barlow was questioned by Caspar Bowden on the premise that libertarians such as Barlow are not concerned enough about the extension of 4th Amendment rights to non-US citizens. Bowden’s phrasing was ‘a gun aimed at the rest of the world’. Initially evasive, Barlow later agreed and stated that this should be extended. He was also questioned about Julian Assange. While pointing out that Wikileaks has provided a net benefit to society, he has penned himself into a corner with the Swedish rape charges (Barlow was also heckled for phrasing this as mistaken behavior).
Subscribe to either posts or comments here
- Andrew McStay
- I am director of the Media and Persuasive Communication (MPC) network at Bangor University where I also lecture on political-economy of the media. I am currently working on a book provisionally titled Deconstructing Privacy for Peter Lang and leading two empirical projects in connection with privacy perception and the use of new media for smoking cessation. I am author of Creativity and Advertising: Affect, Events and Process (Routledge, 2013); The Mood of Information: A Critique of Behavioural Advertising (Continuum, 2011); and Digital Advertising (Palgrave-MacMillan, 2009). Please contact me at firstname.lastname@example.org if you are interested in Ph.D supervision or consultancy services.