Why I’ll be voting Green – and it’s not about the environment!

Green PartyThe forthcoming European elections are important in a lot of ways – but one of them, for me a critical one, is barely making the news. This European election could be crucial for privacy – and that’s one of the main reasons that I will be voting Green in May.

There are many, many issues that are coming into the public debate on the European elections within the UK. Our very future in the EU, for a start. The spectre of the rise of UKIP – whose campaign poster launched over the Easter weekend was truly vile and xenophobic. The likely humiliation for the Lib Dems – their duplicity and complicity in the nastiness of the Coalition government  has not been forgotten, and neither should it be. The subject of privacy – and in particular data privacy – has been barely mentioned – and therein lies the problem. We in the UK do not, in general, take privacy seriously at all. The limpness of our reaction to the revelations of Edward Snowden is just one example. The way the government is attempting to sell health data (and more recently HMRC trying to sell our tax data) is another: privacy is very low on the priority list. Data protection is the best example of all – the UK resisted proper data privacy from the start, and has continued to campaign against it, with a mixture of whinging and wining and actual undermining of the legislation: the UK’s implementation of the 1995 Data Protection Directive was flawed to say the least.

That has continued with the current drive to reform the data protection regime for the internet era. Negotiations on that reform have been going on for some years – and the UK government has been doing its best to water down the potential reform, to weaken our privacy rights as much as possible. They’re doing so still, both in public and in the background – and at a time when we need those rights, that protection, more than ever. Data protection is deeply flawed and fundamentally incomplete – but it is still a crucial part of the picture, and one of the few forms of protection that we have.

One key to the reform as it is currently set out is that it is a regulation rather than a directive – which means, in effect, that it will be automatically implemented in a uniform way across the EU. Specifically, we in the UK would not be able to produce a weaker implementation, more ‘business-friendly’ (i.e. less privacy-friendly) with more holes in it to exploit. The UK government is still lobbying against this move – though it seems unlikely that they will succeed.

However, the reform is at a pivotal stage. The European Parliament has passed it in a fairly strong (though far from perfect) form – but with the intricacies of the European system, that does not mean that everything is finished. There are several stages to go through, and the Council of Ministers (effectively the representatives of the governments of the member states) still have a hand in it. It seems entirely likely that they will attempt to water it down – effectively to reduce our privacy protection. At that point, there will need to be as strong a European Parliament as possible to resist this. If we care about privacy, we need strong data protection – and that means we need to do our best to get a European Parliament that understands the issues and is willing and able to drive this through.

That’s where the European elections come in. It would be great if the regulation was agreed before the election – but it seems very unlikely now. That, ultimately, is the reason I shall be voting Green. The Tories have consistently tried to undermine data protection. The Lib Dems have largely done what their Tory masters have told them. Labour are just as bad – and just as much in the hands of the industry lobbies as the Tories are. UKIP are so repellent in every way that even if they were fully in favour of strong data protection reform, I would never vote for them. The Greens, on the other hand, get the issue right. It’s in the manifesto of the Green candidates in my particular area – and the Greens throughout Europe have been very positive for privacy. Jan-Phillip Albrecht, a Green MEP from Germany, has played the lead role in ensuring that the reform has not been driven off track by the lobbyists.

What is more, in my region at least, a Green vote could well be effective. Because there is a form of proportional representation in the European elections, in our region, the East of England Region, it will not take that much of a swing to elect a Green MEP. People should check their own regions carefully to see whether the same would work for them. If there’s a chance, I think it’s a chance worth going for.

There are of course other excellent reasons to vote Green – but this one is quite specific and is one of the particular areas where (in my opinion) European politics and European law can really help. If left to our major political parties, we in the UK would make a godawful mess of the whole thing.

Posted in data protection, Politics, Privacy | 29 Comments

Who killed privacy?

Here are the slides from my presentation at BILETA 2014: ‘Who killed privacy?’

In 1999, Scott McNealy, then CEO of Sun Microsystems, famously said:

“You have zero privacy anyway. Get over it.”

Events and developments since 1999 have hardly improved the prospects for privacy: the growth of social networking, technological developments like smartphones, geo-location, business ideas such as behavioural tracking and, most recently, the revelations from Edward Snowden about the near universal surveillance systems of the NSA, GCHQ and others. If privacy was in trouble in 1999, the argument that it is at least close to death in 2014 is much stronger.

That brings the question: if privacy is dead, who killed it? Is it the activities of government agencies like the NSA and GCHQ, or of businesses like Google and Facebook? Further, if privacy is in fact dead, is there a route towards its resurrection?

There are three immediately obvious suspects. Us – did we kill our own privacy, largely for what can loosely be described as convenience? The authorities – and in particular the NSA and GCHQ. Did they kill privacy so as to pursue their own agenda, whether it be the ostensible agenda of security or some kind of empire-building or power grabbing? Or, was it the commercial operators on the internet – the Facebooks and Googles – that killed privacy for their own financial benefit?

As the video above shows, the conclusions that I draw are that ‘we’ are most like unwitting accomplices, the NSA and GCHQ are mostly opportunist accomplices – and that the most guilty suspects are the corporate, commercial operators on the internet.

Their role is both deeper and more significant either than is often believed or than the role of governments and government agencies on their own. They have operated in a wide range of different ways in which commercial entities to contribute to the decline of privacy:

  1. Systematic – they have undermined privacy both in technological and business model senses, developing technologies to invade privacy and business models that depend on systematic and essentially covert gathering of personal data.They have systematically lobbied to reduce the effectiveness of legal privacy protection on both sides of the Atlantic.
  2. Cooperative – they have been working with governments, sometimes willingly, sometimes unwillingly, sometimes knowingly and sometimes unknowingly.
  3. Normative – they have been attempting to undermine the idea that privacy is something to value and something of importance. Mark Zuckerberg’s suggestion that ‘privacy is no longer a social norm’ is reflected not just words but actions, encouraging people to ‘share’ information of all kinds rather than consider the privacy impact.

The positions taken by business in the post-Snowden environment, in particular the more ‘pro-privacy’ stance demonstrated by businesses at least in words might be a starting point, if it means anything more than words.

If we wish to bring about the resurrection of privacy,the three roles noted above – systematic, cooperative and normative – would need to be reversed.

  1. Systematic – could businesses play a part by building more robust technology and more privacy-friendly business models?
  2. Resistant – could businesses not just be more transparent in their dealings with governments but act as a barrier and protection for their users in their dealings with governments?
  3. Normative – could businesses play a part in changing the message so that it becomes clearer that privacy is a social norm?

As well as reversing the corporate role, we need to rein in and control the authorities – and though the recent declaration that the Data Retention Directive is invalid is a very good sign, it would still probably take a miracle to rein in the authorities properly. We also need the public to become more active, more enraged and more engaged in the struggle to reassert our right to privacy. I can see some signs… but we need much more than signs!


Posted in Privacy | 5 Comments

The price of everything and the value of nothing…

Oscar Wilde In Lady Windemere’s Fan, Oscar Wilde had Lord Darlington quip that a cynic was ‘a man who knows the price of everything and the value of nothing.‘ As with so much of what Wilde wrote or said, it’s more than just a nice turn of phrase – it hits at the heart of the problems of society. Lady Windemere’s Fan was written in 1892, but what Wilde wrote is even more true now than it was 122 years ago. These days, our government, our businesses, our media and more seem to be dominated by what Wilde would have described as cynics. The idea that anyone in the ‘real world’ should even consider ethical, moral, philosophical or cultural values to be on a par with financial or economic ‘value’ appears whimsical, sentimental, even romantic. Hard-nosed, sensible, rational, practical people ‘know’ otherwise. It’s the economy, stupid.

And yet have we really thought through the implications of this kind of attitude? For my sins, I used to be an accountant – in the 80s, at the height of Thatcherism – and if Wilde’s saying applies to cynics, it can apply twice as directly to accountants, at least in their professional capacity. Accountants are taught, amongst other things, how to put together models of systems – in particular things like expense systems or tax systems – that allow you to ‘test’ different scenarios so as to get specific outcomes. Turning a set of rules into an Excel spreadsheet makes this easy – in some ways too easy – so that you can easily work out how to get the best from a system. You can look at the probability of getting a particular outcome, and look at the ‘downsides’ of this outcome. You can use this kind of logic to determine the best price to charge to a product – perhaps you’ll be better off selling a smaller number at a higher price, perhaps a larger number at a lower price. You can use it to decide whether to buy a cheap product with a greater chance of breaking, or an expensive product that will last longer. You can use it to work out whether it’s worth breaking the law – looking at the probability of being detected and the penalties if you are detected, and compare that with the extra expense of complying with the law. With a ‘good’ accountant all these kinds of calculations become relatively simple. You need to know prices, have a little bit of expertise in Excel, and be good at estimating probabilities (which is particularly easy in the era of big data) but not a great deal more than that.

Life’s a game….

This can be very useful – and was one of the reasons why, when I left university in the early 80s the accountancy firms were the biggest recruiters of graduates in the UK. The problem is that its ease and attractiveness can be seductive and misleading. To borrow an old idiom, accountancy is a good servant but a very poor master. Being able to quantify things, to measure things, to compare and analyse can make it easy to miss the underlying issues. Focusing on the price makes it easy to miss the real value – and can turn what should be complex decisions based on combinations of ethics, morals, culture, empathy, philosophy and understanding of society into much simpler games based on numbers and calculations.

That word game is the key – when all the values are removed, these things just become games. Mathematical games – where the key is to maximise your results. In the 1980s, when I began my working life, this attitude seemed to pervade almost everything - the growth of the use of spreadsheets mirrored what felt to me like a hardening of attitudes. The idea of ‘efficiency’ was king – and efficiency was intended in a very narrow sense. Cutting costs, maximising income, improving the bottom line… and this was seen as the key to almost everything in life.  I remember friends who didn’t just record their mileage in their cars for business purposes, but who kept little books with exactly when they bought petrol, where from, at what price, and what mileage their cars had done, so that they could enter them onto spreadsheets and work out exactly how efficient their cars had been, so they could make better, more efficient decisions about purchases in the future.

So what’s the problem with this? It seems sensible, doesn’t it? You can save money. You can make sure that you live an efficient, practical life – and maximise your results. In fact, you’d be stupid not to do it, wouldn’t you? Ultimately, it becomes a mantra, something basic and unquestioned. It becomes a way of life.

MPs’ expenses and tax avoidance

In these terms, the MP’s expenses scandal is quite easy to understand – and so are the reactions of Maria Miller and indeed the media to the whole affair. Where there is a system for expenses, the sensible, practical and efficient person looks at the rules and finds a way to maximise their benefit. Of course they do. It would be stupid to do anything else. That means things like flipping houses is only sensible. So is claiming expenses for a second home even if you don’t need it. Again, you’d be stupid not to, wouldn’t you?

The story is pretty much identical on tax avoidance – though of course the word ‘avoidance’ wouldn’t be the one that springs to mind. ‘Tax management’ or ‘tax efficiency’ would seem much more appropriate. What might look like ‘avoidance’ if there is any sense of moral or ethical value inserted is simply a matter of efficiency. Lowering your ‘tax burden’ makes perfect sense – and if that means using off-shore investments, getting paid in gold-bars, putting your investments into Scottish forests when you really don’t give a damn about forests or Scotland, that’s neither here nor there. Maximising returns is all that matters.

Doing all of this makes perfect sense – and not doing it would be simply stupid. Anyone brought up in a world where this kind of logic prevails can see that – which is why to MPs, the expenses scandal doesn’t really seem like, well, a scandal. That’s why David Laws was allowed to come back into government after a short penance, and why many MPs seem to expect the same from Maria Miller. She’ll be back as soon as the public furore has quietened down a bit. That’s also why the media – or at least the Westminster media – doesn’t really understand the public anger about this. For many of the Westminster journalists – and you can see it particularly when people like the BBC’s Nick Robinson talks about it – this kind of logic makes perfect sense. Many of them may well have been gaming their own companies’ expense systems in just the same way – and managing their investments identically. This is just a game, and a game that anyone with any sense should be playing.

Thinking on their terms…

That’s where things get even worse. The game is so ingrained in so many of them that they seem to assume that everyone is playing. That, I suspect, is why so many of them think that benefit claimants are cheating – because they assume that everyone is playing the same game. If they were in that situation they’d be gaming the system – so they assume that others must be too. It stands to reason, doesn’t it?

And yet, it doesn’t. Not everyone does think on those terms. Many can’t think on those terms – because they’re too busy struggling just to keep going. The games of expense maximising and tax minimising are luxuries only available to people with the time to play them, or the money to employ others (accountants, lawyers etc) to play them for them. Many people – perhaps most people – don’t have the inclination to play these games, the time to play these games, the skills to play these games – or even the knowledge that these games are available to be played. It doesn’t fit into how they live – or how they would like to live.

Can anything be done?

It’s hard to know what, if anything, can be done about it. For me, this kind of logic is so ingrained in the system it’s almost impossible to root it out. It’s not a party political thing – which is why MPs and MEPs of all parties (very definitely including UKIP) have been found out. They really are all in it together. It’s not just in politics. It’s in businesses, from banks and their bonuses downward. It was one of the key factors that fuelled the toxic debt crisis that lay behind the financial crash in 2008. It’s in government agencies and operations of all kinds, from things like the Bedroom Tax to the target-driven cultures of the police (see the massaging of statistics) and education – and in parents, trying to game the catchment area system. It’s in universities trying their best to achieve official ‘REF’ results rather than encouraging imaginative research. Almost everywhere you look, the same kind of thing prevails.

It’s hard to see anything changing – but I don’t think that means we should give up.  Where we see it, we should complain, loudly and clearly. We should not let ourselves be convinced by any arguments that those caught are a few rotten apples – this is far, far deeper than that.  We shouldn’t let ourselves be fobbed off with a few little enquiries and a few nice words – we should look for root and branch change. I’m not holding my breath for any change, though.

One thing I won’t do, however, is play their game. I may not know the price of everything, but I do know that there are many things more valuable than money.

Posted in Politics | 4 Comments

Data Retention: taking privacy seriously

The repercussions of yesterday’s landmark ruling of the  Court of Justice of the European Union that the Data Retention Directive is invalid, and has been so since its inception are likely to be complex and wide-ranging. Lawyers, academics, politicians and activists have been reading, writing, thinking and speculating about what might happen. With the directive declared invalid, what will happen to the various national implementations of that directive – in the UK, for example, we have The Data Retention (EC Directive) Regulations 2009. Will it need to be repealed? Will it need to be challenged – and if so how, and by whom? What will the various communications service providers – the ISPs, the telecommunications companies and so forth – do in reaction to the declaration? What will happen to other legislation that at least in part relies on retained data – the Regulation of Investigatory Powers Act 2000 (RIPA) for example. Will the police and intelligence services change what they do in any way, shape or form? Will the various governments attempt some kind of replacement for the Data Retention Directive? If so, what form will it take?

These are just some of the open questions – and the answers to them are only just starting to emerge. Some will be clear – but a great many will be very messy, and will take a lot of time, energy and heartache to sort out. The question that should immediately spring to mind is how that all this mess, and the resultant wastes of time, energy, expertise and heartache could have been avoided. Actually, the answer is simple. It could have been avoided if privacy had been taken seriously to start with.

Underestimating privacy

For a long time, privacy hasn’t been taken nearly seriously enough. It hasn’t been taken seriously by the big operators on the internet – Facebook, Google, Apple, Microsoft, Yahoo! and so forth. Their policies and practices have treated privacy as a minor irritant, dealt with by obscure and unfathomable policies that people will at best scroll through and click OK at the bottom of without reading. Their products have treated privacy as an afterthought, almost an irrelevance – a few boxes to tick to satisfy the lawyers, that’s all. Privacy hasn’t been taken seriously by the intelligence agencies or the police forces either – just the province of a few geeks and agitators, the tinfoil hat brigade. It hasn’t been taken seriously by some of the open data people – the furore over care.data is just one example.

Privacy, however, does matter. It matters to ordinary people in their ordinary lives – not just to geeks and nerds, not just to ‘evil-doers’, not just to paranoid conspiracy theorists. And when people care enough about things, they can often find ways to make sure that those things are treated with respect. They fight. They act. They work together – and often, more often than might immediately seem apparent, they find a way to win. That was how the Communications Data Bill – the ‘Snoopers’ Charter’ was defeated. That is why Edward Snowden’s revelations are still reverberating around the world. That’s why behavioural advertising has the bad name that it does – and why the Do Not Track initiative started, and why the EU brought in the ‘Cookies Directive’, with all its flaws.

All these conflicts – and the disaster that is the Data Retention Directive – could have been avoided or at least ameliorated if the people behind these various initiatives, laws, processes and products had taken privacy seriously to start with. This is one of the contentions of my new book, Internet Privacy Rights – people believe they have rights, and when those rights are infringed, they care about it, and increasingly they’re finding ways to act upon it. Governments, businesses and others need to start to understand this a bit better if they’re not going to get into more messes like that that surrounds the Data Retention Directive.  It’s not as though they haven’t had warnings. From the very start, privacy advocates have been complaining about the Directive – indeed, even before its enactment the Article 29 Working Party had been strongly critical of the whole concept of mass data retention. That criticism continued over the years, largely ignored by those in favour of mass surveillance. In 2011, Peter Hustinx, the European Data Protection Supervisor, called the Data Retention Directive “the most privacy-invasive instrument ever” - and that was before the revelations of Edward Snowden.

They should have listened. They should be listening now. Privacy needs to be taken seriously.


Paul Bernal, April 2014

Internet Privacy Rights – Rights to Protect Autonomy is available from Cambridge University Press here. Quote code ‘InternetPrivacyRights2014′ for a 20% discount from the CUP online shop.

Posted in data retention, Privacy, surveillance | 5 Comments

Data retention: fighting for privacy!

This morning’s news that the Court of Justice of the European Union has declared the Data Retention Directive to be invalid has been greeted with joy amongst privacy advocates. It’s a big win for privacy – though far from a knockout blow to the supporters of mass surveillance – and one that should be taken very seriously indeed. As Glyn Moody put it in his excellent analysis:

“…this is a massively important ruling. It not only says that the EU’s Data Retention Directive is illegal, but that it always was from the moment it was passed. It criticises it on multiple grounds that will make it much harder to frame a replacement. That probably won’t be impossible, but it will be circumscribed in all sorts of good ways that will help to remove some of its worst elements.”

I’m not going to attempt a detailed legal analysis here – others far more expert than me have already begun the process. These are some of the best that I have seen so far:

Fiona de Londras: http://humanrights.ie/civil-liberties/cjeu-strikes-down-data-retention-directive/

Daithí Mac Síthigh: http://www.lexferenda.com/08042014/2285/

Simon McGarr: http://www.mcgarrsolicitors.ie/2014/04/08/digital-rights-ireland-ecj-judgement-on-data-retention/

The full impact of the ruling won’t become clear for some time, I suspect – and already some within the European Commission seems to be somewhat in panic mode, looking around for ways to underplay the ruling and limit the damage to their plans for more and more surveillance and data retention. Things are likely to remain in flux for some time – but there are some key things to take from this already.

The most important of these is that privacy is worth fighting for – and that when we fight for privacy, we can win, despite what may seem overwhelming odds and supremely powerful and well-resourced opponents. This particular fight exemplifies the problems faced – but also the way that they can and are being overcome. It was brought by an alliance of digital rights activists – most notably Digital Rights Ireland – and has taken a huge amount of time and energy. It is, as reported in the Irish Times by the excellent Karlin Lillington, a ‘true David versus Goliath victory‘. It is a victory for the small people, the ordinary people – for all of us – and one from which we should take great heart.

Privacy often seems as though it is dead, or at the very least dying. Each revelation from Edward Snowden seems to demonstrate that every one of our movements is being watched at all times. Each new technological development seems to have privacy implications, and the developers of the technology often seem blissfully unaware of those implications until it’s almost too late. Each new government seems to embrace surveillance and see it as a solution to all kinds of problems, from fighting terrorism to rooting out paedophiles, from combatting the ‘evil’ of music and movie piracy to protecting children from cyberbullies or online pornography, regardless of the evidence that it really doesn’t work very well in those terms, if at all. Seeing it in that way, however, misses the other side of the equation – that more and more people are coming to understand that privacy matters, and are willing to take up the fight for privacy. Some times those fights are doomed to failure – but sometimes, as with today’s ruling over data retention, they can succeed. We need to keep fighting.

Posted in data protection, data retention, surveillance | 6 Comments

Rumpole in defence of the criminal bar…


I posted a ‘shelfie’ for the ‘books for prisoners’ campaign last week – and was just looking at it and noticed that one of the books on the shelf was ‘The Best of Rumpole’. Rumpole was (and is) one of my heroes – so I took down the book, and started reading the introduction.

RumpoleJohn Mortimer, who created and wrote the Rumpole stories, and who was himself a barrister, said some things in the introduction that reminded me why I find myself instinctively in tune with the criminal bar – though I am not a real lawyer at all. He wrote this introduction in 1992, but the words ring even more true today than they did back then. I’ll just repeat them as Mortimer wrote them:

“On the whole, lawyers are as unpopular as income tax collectors and traffic wardens. People think they tell lies and make a great deal of money. In fact, old criminal defenders like Rumpole don’t make much money and they stand up for our great legal principles – free speech, the idea that people are innocent until someone proves them guilty to the satisfaction of ten ordinary members of a jury, and the proposition that the police should not invent more of the evidence than is absolutely necessary. They protect the rights for which we have fought and struggled over the centuries, and do so at a time when jury trials and the rights of an accused person to silence are under constant attack from the government.”

That was back in 1992 – in 2014 the attacks from the government are far more intense, far more far-reaching, and sadly seem far more likely to succeed. We should be doing everything we can to defend the criminal bar from them, if we believe in any of these things. I don’t know about the rest of you, but I do.

Posted in Law, Politics | 12 Comments

Yashika, UKIP and us….

It was sadly poignant that the same day that Yashika Bageerathi was deported, UKIP leader Nigel Farage was trouncing Nick Clegg in a televised debate. The two things may seem unconnected – but they’re not, they’re intrinsically linked. Xenophobia rules the roost in the UK right now. The deportation of Yashika – and the death, just two days earlier, of Christine Case, in Yarl’s Wood Immigration Detention Centre – may look like tragic, individual events but they’re not. They’re what a ‘tough’ immigration policy looks like. Yashika’s case has been highlighted as particularly cruel, but to imagine that it is unique is naïve to say the least. All the hand-wringing over Yashika, important though her case is, misses the point to a great extent. We’ve build this system. These are the consequences.

Pressure has rightly been put on Theresa May and James Brokenshire over Yashika – because they could potentially have intervened – but there’s remarkable political consensus over immigration policy, which is even more depressing than the individual case. Labour’s response to the deportation amounted to ‘keep on going with the same policy but be nicer in her individual case’. The Lib Dems wrung their hands as they always do, but May and Brokenshire are ministers in their government, and this is their policy being brought into action. What’s more, they (almost all) voted through the effectively racist and authoritarian Immigration Bill in December – Labour abstained, which was tantamount to supporting the bill. ‘Toughness’ on immigration is pretty much the norm. Whether the major parties are supporting it ideologically, through fear of UKIP, through fear of the more rabid of the tabloids (the Mail and Express have a particularly poisonous role to play), because they have no principles and believe it to be electorally advantageous, or because they actually believe in this ‘toughness’ in the end doesn’t really matter. It certainly doesn’t matter to Yashika or her family, or to Christine Case, or to the large numbers of others suffering as a result of it.

What is clear is that almost no-one in the political establishment is challenging the ideas that underpin this ‘toughness’ agenda. The idea that immigration is somehow ‘bad’ or damaging. The economic case against immigration is flimsy at best – most of the evidence seems to suggest that immigration is essentially beneficial to the economy. The historical case is equally flimsy – we’re a country of immigrants, the product of wave after wave of immigrants and invasions, from the Celts onwards. The moral case, as exemplified by Yashika and Christine Case, is even worse. And yet no politicians from major parties even dare to challenge the current anti-immigration rhetoric to a serious degree. A few (notably the Lib Dems in a recent policy document) dare talk about the positives, but only with huge caveats and statements about making sure it’s the ‘right kind’ of immigration and so on. Mostly, though, the consensus is clear. Clear, xenophobic, and wrong.

Why is this? Can we shift the blame to supine politicians playing to the tune of the tabloids and the tabloids’ masters? I don’t think so. We’re complicit in this, and deeply. We’ve let it happen – I don’t mean at the detail level, and I know lots of individuals who have spoken up boldly and bravely about it, but as a nation, this seems to be the way we’re going, and what we seem to be accepting – and even applauding, if the enthusiasm for Nigel Farage last night is anything to go by. That is profoundly depressing, and we should be deeply ashamed.

Posted in Politics, Uncategorized | 23 Comments