A rich and lively time had yesterday at the yearly ORG conference – an event that should not be missed by anyone with an
interest in privacy (one might say, everyone!).
After an introduction from Jim Killock,
Executive Director of ORG, Tim Wu gave the opening talk based on his book 'The
Master Switch'. Promoting a view of media as connection he discussed radio (in
its original two-way guise) before moving to more recent networked media.
Pointing to grassroots endeavor in the 1920s he remarked upon the general
tendency towards centralization, homogenization, conglomerate status, loss of
amateur spirit, loss of idealism and that concentration leads to censorship.
Linking the experience of radio that was used for Nazism (Goebbels's interest in
radio was discussed) Wu asked can we prevent the same happening to the
internet, i.e. it used being as a totalitarian tool?
His wider (and slightly milder) point being
that what is created in one context can be used quite differently in another was
very apt for the day – not least given reports by the Washington Post and The Guardian on PRISM in the US. Where then TCP/IP protocols were once open, this
is no longer guaranteed and one only has to look at PRISM to chart new levels
of control. As technologies move beyond
doing what we want them to do, Wu suggests in answering the self-posed question of
what we can do: 1) more consumer power to promote alternatives and non
high-tech solutions; 2) defense of rights (e.g. ORG/EFF), the need for civil
liberties and pressure groups more broadly. Of particularly interest to me was
his discussion of non-visceral privacy, i.e. privacy breaches not as obvious as
having one’s home broken into. A key idea of the book I am writing at the
moment is “affective privacy” and the ways in which a visceral layer of
understanding is required (indeed, privacy in affective terms may be seen
positively, e.g. the sense of getting into one’s car or arriving home and
closing the door). He also pointed to privacy as an attention economy, somewhat
reminiscent of Dallas Smythe and later work to follow on the audience's attention-as-commodity. Back on
topic of what we can do, he pointed to 3) net neutrality, and the fact that we
can complain and make a noise (e.g. to MPs). Concluding he stated that we are
serviced by too few products and asking whether will amateur inventors create something new
to break-up and re-boot a corrupted media system?
The next event at 11am focused on the
Snoopers Charter and the situation now. Peter Sommer got things
underway providing the legislative background to the rise of the Communications
Data Bill. The investigative journalist Duncan Campbell provided a spirited
history of mass surveillance ultimately stating that the secrecy of these
activities removes from society the checks and balances provided by democratic
functioning. Julian Huppert (Lib-Dem MP) is also concerned about the concentration
of power (the Lib-Dems have opposed the CDB). This is partly due to MPs in
general not ‘getting’ the internet and that they are not malicious, they just
do not understand. He also remarked on Woolwich [rightly] attacking Theresa
May’s opportunism. He noted too Labour’s Alan Johnson had also voiced support
for CDB. While clearly there was a little electioneering going-on, the point
was well made that Lib-Dems will block the CDB and ensure to does not get
passed. Bendert Zevenbergen presented the Digital Surveillance report and what
should be done about CDB.
The next event I attended at 12pm was on
the Data Protection Regulations and changes therein. Anna Fielder from Privacy
International remarked that regulations are out of date with neither consumers
or businesses happy with the state of things, and pointed out that the
revisions are an evolution not a revolution. Key problems she has witnessed
are: what is the data subject (anything more than an IP address?; consent as a
key sticking point (see my paper on consent here), and that the word “explicit”
is causing all sorts of problems (this has huge implications for how industries
process data).
David Smith, Deputy Information
Commissioner, pointed to the problem of reaching agreement across so many
actors on legislation that is so complex. The legislation thus needs to be
sensible and proportionate; balanced with freedom and expression, and has to be
realistic if it is to be applied. Consent again us a key point. He also
discussed the need for privacy by design and accountability by data controllers
(compliance).
Kasey Chappelle, Global Privacy Counsel,
from Vodafone also high made the case that Vodafone has ben having an internal
discussion about privacy. She pointed out that they have had problems of
permissions and consent, and the ways in which these are collected. She also
acknowledged consumer and policy-maker frustration. They key problem as she
sees it is that privacy has been a matter of legal compliance and that it has
not been consumer driven. It has been interpreted as a set of rules to be
abided by at the absolute minimum cost. It is thus a legal problem, not one of
sociology (her words). What then of user experience in a lawyer-driven
environment of legal compliance? Currently the situation is that companies will
only go beyond the minimum if there is an economic advantage. This then is the
heart of the abuse of consent as it turns into a compliance machine (one only
has to look towards the behavioral economics literature [summarised in The Mood of Information]).
This leads Chappelle to advocate
repositioning privacy as a branding tool and to consider its components of
trust and emotion. He also suggested privacy wizards and to aim for full
disclosure. She also highlighted the need for the strong European regulations
that to help create consumer trust. I have remarked a number of times at
various privacy events on the need address companies at the level of
reputation. Dealing with privacy and technical and legal levels are key
approaches, but brands matter to these companies and there is much mileage to
be made by early adopters of good privacy behavior. Others will follow as
better standards are set.
Caspar Bowden’s talk at 2pm was the
standout event of the day. Focusing on recent PRISM events, the ex-Chief Privacy Adviser for Microsoft (MS) had much to say. His detailed slides are
available here. He opened saying that he only had an inkling of PRISM while
working at MS, and that he does not trust MS. He also remarked and provided
evidence that allies have always spied on allies so we should not be too
surprised about these events. This was a complex presentation but it generally
centered on PRISM as about foreign intelligence and as US license to spy on
foreign affairs of others using corporate databases to do this (e.g. Google,
Facebook, Skype and MS). This is done by splitting internet traffic with
deep-packet inspection and filtering to the National Security Agency (NSA). This essentially provides the NSA with a terminal to
corporate data centres. What PRISM represents then is the mass surveillance of
cloud computing (or cloud-veillance). This came about because of the 2008 FISA
Amendment Act that allows targeting only of non-US citizens (US citizens are
protected by 4th Amendment rights). This is utterly at odds with the
Universal Declaration
of Human Rights (UDHR). The 4th Amendment
then is fine for one, but not for the rest of the world.
US companies have concurrently been
lobbying Europe hard in cloudwashing
endeavours and playing down all fears that data might be spied on are treated
differently to high European standards (as per the Safe Harbor Agreement). On
solutions, Bowden pointed to the need to build indigenous cloud services. He
also remarked (but was later questioned on) that the soliciting of information
by UK GCHQ is not the main problem here (as fairly widely reported in the
press), but that we are being surveilled by a foreign state.
The last event of the day was John
Perry Barlow of Electronic
Frontier Foundation (EFF)
at 4:30. He opened by pointing out the extreme liberational and sinister
potential for online media. He commented that we are increasingly closing in on
a situation where anyone in the world can know all there is to know about a
given topic as it is possible to know. Heady stuff for human history. Taken to
task later for some of these points, he remarked that we will be spared of the
most sinister side of things because of governmental incompetence, and that
information isn’t everything and a bigger haystack doesn’t make it easier to
find needles.
He also pointed out that privacy is
contextual. On what for me was the most alarming part of his talk (other
delegates please correct me on this) he suggested that transparency means that
people’s idiosyncrasies will come to the fore and that greater tolerance of
difference will be forced. This is highly reminiscent of Richard Posner’s Economics of Justice argument. Radical
transparency sounds fine in theory but it will cause may people pain where the
net gain is unclear, and possibly unachievable. On how to deal with the
informational industries he again pointed to the need for greater competition
(like Wu at the beginning of the day). This is doubly important as despite
government’s claims otherwise, the like centralization (it make surveillance
much easier). We also need to ‘create tunnels though networks’. This points to
the language of open conspiracies and disruption rather than attacking head-on.
Barlow was questioned by Caspar Bowden
on the premise that libertarians such as Barlow are not concerned enough about
the extension of 4th Amendment rights to non-US citizens. Bowden’s
phrasing was ‘a gun aimed at the rest of the world’. Initially evasive, Barlow
later agreed and stated that this should be extended. He was also questioned
about Julian Assange. While pointing out that Wikileaks has provided a net
benefit to society, he has penned himself into a corner with the Swedish rape
charges (Barlow was also heckled for phrasing this as mistaken behavior).
No comments:
Post a Comment