10 reasons to leave Facebook…

If you’re looking for a New Year’s Resolution – have you considered leaving Facebook? There are many reasons to do so, and getting more compelling all the time – all it takes is a little resolution.

1) Privacy

Everyone should be aware that privacy is an issue with Facebook. So many people put so much ‘private’ information onto Facebook that the possibility that your private information, photos, stories etc might get known to a wider public should be obvious. We shouldn’t be shocked when bad things happen – and yet even Randi Zuckerberg, sister of Facebook’s founder Mark Zuckerberg, still seemed surprised and upset when a ‘private’ family photograph she posted somehow made its way onto Twitter. It wasn’t hacked, scraped, leaked or anything nasty – it’s just that Facebook is designed that way. The private becomes public all too easily – ‘sharing’ means you lose control. If Randi had just emailed the pic to her family, or put it on a genuinely private site, none of this would have happened.

2) Real Names Policy

Facebook’s policy is that people should only ever use their real names – and this can have very bad consequences. There are many people for whom using real names is dangerous, from whistle-blowers to political dissidents, from victims of domestic abuse to people just wanting to harmlessly let off steam. And it’s not just in the extremes that it matters: forcing a real names policy can matter to almost anyone. It helps anchor your ‘online’ life to your ‘offline’ life – meaning that anyone wishing to take advantage of you, to manipulate you, to take information out of context etc, and link what they find out about you online to your offline existence. Real names policies are potentially deeply pernicious – and not only does Facebook have one, but it is ratcheting up its efforts to enforce it. Snitchgate, about which I blogged in September, was just one example, where they experimented with getting people to ‘snitch’ on their friends for not using their real names. For Facebook, a real names policy has value – it makes their data on you more valuable when they want to sell it to others – but for people, it is both limiting and risky.

3) Monetization

Facebook is a business, and in business to do just one thing: make money. What that means is that they want to make money from their assets – your data. The recent furore over Instagram’s altered terms of service was just one example – and in many ways it was typical. Instagram has access to a huge collection of photographs – and since Facebook acquired Instagram for $1 billion earlier in 2012, it has been looking for ways to make money out of those photographs. The internet community’s reaction to that change was dramatic – and Instagram quickly changed tack (or at least appeared to) but make no mistake, the issue will recur. Facebook will look to make money – since the far-from-stellar IPO, the pressure to make money has been growing. Facebook has to satisfy its shareholders first of all, its advertisers next, and its ‘users’ last of all. The users don’t provide money directly, after all – so Facebook has to make money from their data. That drive to make money means that what happens to you when your data is used is of very little consequence….

4) Profiling – and self-profiling

One of the best ways to describe Facebook is as a ‘self-profiling service’. Everything you put up on Facebook, every ‘like’ button you press, every silly game you play, every person you ‘friend’ (and every person that ‘friends’ you) helps build up that profile. The profiles are used primarily for advertising – but also to build up their database of profiles. Profiling is something that is risky in two diametrically opposite ways: if profiling is accurate, it impinges on your privacy, whilst if it is inaccurate it can mean that bad decisions are made for you or about you. What’s more, profiling data is particularly vulnerable – allowing far more accurate and dangerous forms of identity fraud and similar scams.

5) Facial recognition

Facebook loves facial recognition – and it’s not just a coincidence of names. Facial recognition allows them to make more and more links, which helps them to profile better, and also to anchor information in the ‘real’ world, just like their ‘real names policies. Their practices with facial recognition – including ‘automatically’ tagging photographs – may have been rebuffed in Europe on the grounds of data protection, but just as with the Instagram issue (see (3) above), make no mistake, it’s coming back. The risks will still be there – they’re inherent in the concept – but they’ll find a way to get what at least purports to be consent from users in order to satisfy the letter of the law.  Anyone who has put a photo of themselves on Facebook should be concerned.

6) You never know who’s watching

Most Facebook users imagine that the people who look at their pages are their ‘friends’, or perhaps their ‘potential friends’, and don’t consider who else might look at what they post – and there are vast numbers of other groups who will look. Those who are slightly less naïve might understand that their employers might look, or their potential employers – but what about insurance companies, looking to see if people are engaging in risky activities, or credit agencies wanting to make more ‘accurate’ assessments? Or the authorities, looking for people doing ‘bad’ things – or people who ‘might’ do bad things? Show some interest in anything political… again, the risks are both ways: accurate watchers finding out things you don’t want them to find out, inaccurate watchers making bad decisions based on incorrect assumptions.

7) Facebook is forever

Many users of Facebook start off ‘young’ – perhaps in age, but perhaps in naïveté. They put material up that they think is funny, or cool, and don’t think how it might look in the future. This doesn’t just mean the odd drunken photo being seen by a potential employer – it means pretty much everything you put on Facebook. There was a big story in September 2012 when people thought their old ‘private messages’ were being posted onto their timelines, and they were hugely upset.It wasn’t true: what was actually happening was that some of their old public posts, posts from a few years ago, were reappearing – and people had forgotten the kind of things that they used to post. What you want to be public one year, you might well wish to forget in a few year’s time: with Facebook, that’s close to impossible! These days you can delete your account – but even if you do, that may not be enough. Services like profileengine.com keep old Facebook profiles even when they’ve been deleted….

8) Monopoly

Facebook is proud that it has now got more than 1 billion users – which makes it pretty close to the only game in town. Monopolies are very, very rarely a good thing – and if Facebook becomes (or perhaps has already become) the default, that puts a huge amount of extra power in their hands. Effectively, they can do whatever they want, and we’ll still have to be there. That can’t be good – and shouldn’t be good, particularly is you really CAN leave, and really DON’T need to be on Facebook. There are alternatives….

9) Concentration

…and those alternatives offer a solution to another risk involved in Facebook. Facebook wants to be all things to all people – and that means all your data, all your links, all aspects of your life concentrated in one place. That means much more accurate profiling, but also much greater vulnerability. If Facebook knows everything about you, they have much more power over you – and their profiles become much more powerful, so if compromised, sold, hacked, given to the authorities, to some other ‘enemy’ of yours, they have much more potential for damage. What would be much better – though somewhat harder work – would be to use different services for different features. Use one provider for email, use twitter for mass communication, set up your own blog on a different provider, put your photos on your own website, play games on yet another and so forth. Much less risk – and much more freedom to get better services. Also, much less dependency…

10) Dependency – and bad habits…

The last reason I’m going to mention here is dependency. Many people seem to be becoming deeply dependent on Facebook. They use it for everything – and seem totally lost if it goes down. They can’t contact their real friends and relations – they haven’t even kept a record of their email addresses. That means they end up spending far too much time on Facebook – and get into lots of bad habits, habits that Facebook encourage. Too much sharing (which to Facebook sounds like blasphemy), too many pictures posted online, too much information given out (e.g. geo-location data) without a real thought to the consequences. If you leave Facebook, and instead set up particular systems for particular functions, you’re far less likely to become dependent – and you’re far less lost if one or other of those services goes down for some reason or other.

And if that’s not enough…

…there are many other reasons. One that matters to people like me is that the only way that Facebook will ever change in any meaningful way, the only way it will start to take users’ privacy and other rights seriously, is if it starts to lose users. If enough people start leaving, it will have to do something differently, and start to take us more seriously rather than just treat us as cattle to be herded and milked….

So why not do it? Make it your New Year’s Resolution: leave Facebook!

Here is a link to instructions as to how to delete your Facebook account. If you have the strength, go for the real ‘deletion’ rather than the ‘deactivation’ method. If you just deactivate, you’re leaving your data there for Facebook and their partners to exploit…..

12 days…. of privacy?

NOW ALSO AVAILABLE ON VIDEO (if you want proof that I can’t sing): here

Privacy is the gift that keeps on giving…. and for privacy advocates and lawyers, this year particularly! To keep festive, here’s a little song for the season…. Now if only I could sing!

—————————————–
On the first day of Christmas
My true love gave to me
The Leveson Inquiry
—————————————–
On the second day of Christmas
My true love gave to me
Two Royal boobies (1)
And the Leveson Inquiry
—————————————–
 On the third day of Christmas
My true love gave to me
Three data breaches (2)
Two Royal boobies
And the Leveson Inquiry
 —————————————–
On the fourth day of Christmas
My true love gave to me
Four Cops resigning (3)
Three data breaches
Two Royal boobies
And the Leveson Inquiry
 —————————————–
On the fifth day of Christmas
My true love gave to me
The News – of the – World
Four cops resigning
Three data breaches
Two Royal boobs
And the Leveson Inquiry
—————————————– 
On the sixth day of Christmas
My true love gave to me
Six BBC fiascos (4)
The News – of the – World
Four cops resigning
Three data breaches
Two Royal boobs
And the Leveson Inquiry
 —————————————–
On the seventh day of Christmas
My true love gave to me
Seven super-injunctions (5)
Six BBC fiascos
The News – of the – World
Four cops resigning
Three data breaches
Two Royal boobs
And the Leveson Inquiry
 —————————————–
On the eighth day of Christmas
My true love gave to me
Eight hacks arrested (6)
Seven super-injunctions
Six BBC fiascos
The News – of the – World
Four cops resigning
Three data breaches
Two Royal boobs
And the Leveson Inquiry
—————————————– 
On the ninth day of Christmas
My true love gave to me
Nine leakers leaking
Eight hacks arrested
Seven super-injunctions
Six BBC fiascos
The News – of the – World
Four cops resigning
Three data breaches
Two Royal boobs
And the Leveson Inquiry
—————————————– 
On the tenth day of Christmas
My true love gave to me
Ten snoopers snooping (7)
Nine leakers leaking
Eight hacks arrested
Seven super-injunctions
Six BBC fiascos
The News – of the – World
Four cops resigning
Three data breaches
Two Royal boobs
And the Leveson Inquiry
 —————————————–
On the eleventh day of Christmas
My true love gave to me
Eleven bloggers blogging
Ten snoopers snooping
Nine leakers leaking
Eight hacks arrested
Seven super-injunctions
Six BBC fiascos
The News – of the – World
Four cops resigning
Three data breaches
Two Royal boobs
And the Leveson Inquiry
 —————————————–
On the twelfth day of Christmas
My true love gave to me
Twelve tweeters tweeting
Eleven bloggers blogging
Ten snoopers snooping
Nine leakers leaking
Eight hacks arrested
Seven super-injunctions
Six BBC fiascos
The News – of the – World
Four cops resigning
Three data breaches
Two Royal boobs
And the Leveson Inquiry
—————————————–
Notes:
(1) The Duchess of Cambridge was photographed topless in France… and if you don’t remember that farrago, lucky you.
(2) Actually far, far more than three data breaches…….
(3) To be more accurate, two resigned, one was suspended and one put on extended leave. 
(4) There may be fewer, but it feels like at least six, from the Savile and Newsnight cases downwards! Poetic license….
(5) It’s not clear precisely how many have been granted – but far fewer than people might think!
(6) Actually significantly more, even in connection with Leveson alone. A lot. 
(7) If the Home Office had had its way, we’d have had far, far more than 10 snoopers snooping with the Snoopers’ Charter (Communications Data Bill). Fortunately, we managed to head them off at the pass, at least for now!
 

Tiny steps… almost real….

The Director of Public Prosecutions issued ‘Interim guidelines on prosecuting cases involving communications sent via social media’ today – in response to the plethora of cases that have been gathering attention over the last few years. There have been many: from the ‘Twitter Joke Trial’ to the racist tweets following the collapse of footballer Fabrice Muamba, the ‘grossly offensive’ tweets about April Jones and so forth. The issuance of such guidelines is in general a good thing – it is important that the CPS gets a better grip over the realities of the social media – and the guidelines themselves seem to represent a small step forward in that direction. It is important to understand, however, that these are just guidelines, and that what is needed, in my view at least, is a change in the law itself. That, of course, is quite rightly not the business of the DPP. It will be up to Parliament to deal with – and whether Parliament is up to the task is a huge question.

My main thoughts on the guidelines are:

  1. Their very existence is a good thing – they will force prosecutors to think a bit more deeply about how the social media functions
  2. The real test of their success or failure will not be how they look, but how they work out in practice. The proof of this pudding is very definitely in the eating. Only time will tell – but I’m not overly optimistic.
  3. The three types of communication separated out for comment individually (credible threats, communications targeting specific individuals, breaches of court orders) are dealt with pretty much as expected: the law is outlined in a straightforward fashion. However, with regard to the ‘credible threats’ section at least, the evidence of the Twitter Joke Trial does not inspire confidence in the interpretation – and the lack of acknowledgement (let alone contrition) from the DPP of how poorly the CPS dealt with that trial only makes that worse. Have the DPP and CPS learned from that fiasco, or have they merely licked their wounds and brooded? Again, only time will tell.
  4. The talk of a ‘high threshold’ – emphasised in the guidelines – is very much to be welcomed. The guidelines say that prosecutors should only proceed with a case when they are satisfied that the communication in question is more than: offensive, shocking or disturbing; satirical, iconoclastic or rude comment; or the expression of unpopular or unfashionable opinion about serious or trivial matters, or banter or humour, even if distasteful to some or painful to those subjected to it. This is good – but again, time will tell how well it works out in practice.
  5. The suggestion that prosecutions are unlikely to be in the public interest when the communication has been swiftly removed, or remorse shown, or if it wasn’t intended for a wide audience etc is also very much to be welcomed.

Overall, then, these represent small steps, and could help – but as noted, the real test is how they work out in practice. As far as they go, these guidelines seem to be as good as we could have expected in the circumstances. The CPS cannot decide unilaterally not to apply the law – quite rightly – and this law does exist. Whether it should exist, particularly in the form that it currently exists, is another matter entirely. Parts of the law do seem to be close to unfit for purpose in the age of social media: in my opinion they need to be reassessed with some degree of urgency

In particular, the Malicious Communications Act 1988 and Section 127 of the Communications Act 2003, together with the Part 1 of the Public Order Act 1986 need a much more careful examination. More intelligent, up-to-date and sensitive interpretation can only take us part of the way – and if the CPS fails to live up to the promises in this report it may not take us far forward at all. What’s needed, in my opinion, is a new look at the law itself. The social media is now of sufficient importance that it deserves this kind of attention. The guidelines talk relatively positively about the need to take freedom of expression into account – in the current age, the social media is a crucial element of that freedom of expression. that needs to be considered very seriously indeed.

A thousand words?

One of the big stories on the net over the last couple of days has surrounded Instagram, the photo-sharing site acquired by Facebook for around $1 billion earlier in 2012. Instagram, it appeared, was going to change its terms and conditions giving it, in the words of the BBC news website, “the right to sell users’ photos to advertisers without notification.”

Instagram’s suicide note?

The reaction was, in many ways, predictable – or at least should have been. Users were ‘outraged’ – and word spread quickly around the internet that Instagram was doing something terrible, and that everyone should leave, and leave now. Cord Jefferson, in Gawker, put it like this:

‘Instagram’s Absurd New Terms of Use Agreement Is Already Being Called Its ‘Suicide Note’’

Links to websites explaining how to download your photos from Instagram, and others explaining how to delete your account, spread around twitter like wildfire, and stories made it from the technical press and the blogosphere right into the heart of the mainstream media – the BBC new story noted above was (and still is, at time of writing) prominently displayed on its home page.

Instagram moved pretty quickly – they put out a blog post last night suggesting that it was all a misunderstanding. ‘Legal documents are easy to misinterpret’ they suggested, and moved to change the words a little, and to sooth the hurt feelings of their users, and reassure them that nothing was wrong. Will it work? Do the new words mean anything substantially different? And was it all a twitterstorm in a teacup anyway?

What’s so bad?

The problem raises a number of issues. The first question to ask is why people were so outraged. After all, they ‘share’ these pictures with the world – what’s so bad about sharing them a bit further, and at the same time allowing Instagram to put together a business model that actually works, and hence allows them to provide the ‘free’ service that so many people have been enjoying. The second is whether they were right to be outraged – or at least, whether they would be right to be outraged if the story as presented was true. I can see a number of reasons for both – but to unpick them, we need to look at the different kinds of pictures that people might put on Instagram.

What’s a picture worth?

There are two very different issues at play here: intellectual property and privacy. From an intellectual property perspective, people seemed to be outraged that Instagram are ‘exploiting’ their photographs for financial gain. After all, these photos are ‘theirs’, not Instagram’s – so what right to Instagram have to sell them on to advertisers? Instagram has been very direct in making sure that people know that Instagram is NOT claiming any kind of ownership rights to people’s photographs, both in its terms and conditions and in its new, explanatory blog – but is that really the point?  The idea, at least as I understand it, isn’t really that they would ‘sell’ the photos to the advertisers, but allow the advertisers to ‘use’ the photos – a kind of licensing agreement.

From Instagram’s perspective, that probably seems fair enough – they provide a service, we let them ‘use’ our photos. Quid pro quo. They may even be right – there’s no such thing as a free lunch, and users of the internet need to start understanding that a bit better. If a company provides you with a ‘free’ service, either they’ve got to make money out of it somehow or they’re going to die a painful death. What’s more, professional photographers should have been aware of the issue – and I’m sure most of them are – so shouldn’t be putting their real, professional work on Instagram or anything like it. By all means put low-res tasters on Instagram, but keep the real things for your own website, or some professional service. If professionals didn’t know that already, this little storm should have been a wake-up call.

To me, then, the pure intellectual property issue isn’t the big one. The big issue is privacy…

Pictures and privacy

Some people have a somewhat superficial idea of privacy – that it’s about ‘hiding’ things. The ‘nothing to hide/nothing to fear’ argument is made all too often, but it fundamentally misunderstands the nature of privacy. A better way to look at privacy is that it’s about control – not complete control, but a degree of control – over what you show to whom, and when, and how. We say different things to our families and our colleagues, to our partners and our children, to people we meet in the street, to our bank managers and our employers. That’s the fundamental fallacy in the Instagram argument, at least insofar as personal, private (rather than professional) pictures are concerned. Just because we share a picture with one group of people, we don’t necessarily want to share it with others.

What’s more, privacy is as much about how and where you share, as to whom. Putting a picture up on Instagram is one thing – having your face, or your children’s faces on an advertisement is quite another. Taking it a step further, most people would like to know what their pictures are being used to advertise. It was a poignant coincidence that the story that the same ‘hardworking family‘ being used by the Conservative Party in their campaign against benefit ‘scroungers’ was also being used to advertise yoghurt, a Christian home-schooling CD, cod liver oil and a Spanish Dentist came out at the same time as the Instagram story – it shows how images can be used for many, varied purposes.

There are other issues of course – the possibility of facial recognition software or other analytical tools being used on photos, and the information gleaned being misused (e.g. for credit rating or insurance purposes, by potential employers to making hiring/firing decisions). The potential is huge. That, though, is part of the point. Pictures are worth a lot more than the ‘intellectual property’ value associated with them. A thousand words? Much, much more than that.

The proof of the pudding…

christmas pudding with custardThe news that Lord McAlpine has started legal proceedings against Sally Bercow for libel over her tweets has been greeted in some quarters by dismay. I don’t see it that way: from an academic perspective, and potentially for future tweeters in related circumstances, it could end up being good news. One of the difficulties at the moment is that we really don’t know exactly where we stand. A high profile High Court battle could help us find out – and a high profile battle it seems likely to be, with Bercow having engaged those renowned lawyers Carter-Ruck. In the law in England and Wales, it’s hard to know where you are without a proper court case: the proof of the legal pudding is very much in the eating.

What’s more, in this case, all possible outcomes have their upside. I’m not going to speculate as to how the case will go – though you might want to look at my guide to defamation on twitter, which is here. I look forward to following the case closely, if it does actually come to trial – and it is important to understand what the main possible outcomes are, and what impact each of them might have. There are three main possibilities:

  1. Lord McAlpine could lose;
  2. Lord McAlpine could win, but be awarded relatively small damages; or
  3. Lord McAlpine could win, and be awarded substantial damages.

If the first happens, and Lord McAlpine ends up with a legal bloody nose, many tweeters will breathe a huge sigh of relief. The chilling effect will be effectively melted, and twitter will feel a freer, more comfortable place.

If the second happens, though the result won’t be as ‘freeing’ for tweeters, it might well mean that potential claimants are less likely to pursue people for defamatory tweets. If the damages to be gained are lower, and the costs are still substantial, why bother? Just ask for an apology, or move on. Cases that are pursued would only occur in very serious circumstances, or where the defamation is very clear and very damaging – in which case it may well be entirely appropriate! Twitter does need to have some kind of responsibility…

If the third happens, the result may be pretty hideous for Bercow herself – but it is important to understand that damages in libel cases in England and Wales are no longer as high as at their peak in the 80s. The £50,000 that Lord McAlpine is reported to have asked from Bercow would be a hefty figure by recent standards, for example. Even so, from the perspective of the future, there is an upside to this – it would make it crystal clear that defamation law, insofar as it relates to the social media, is in dire need of reform.

I have argued elsewhere for this – and for the development of a ‘defence of responsible tweeting’ to provide clarity and reassurance for tweeters. This is a key moment – for the first time in many years, a new defamation bill is making its way through parliament. If we are going to change the law, this is the moment. A case like the Bercow/McAlpine case could provide the ammunition that is needed to convince parliament that a change is needed, a change that would support the developing social media community.

That’s why I am not dismayed at Lord McAlpine’s move – I can see a good way forward whichever result comes from the case. In a way, the worst thing would be if it didn’t make it to court. That is also still entirely possible. Some kind of settlement might happen, or McAlpine might even drop the case. That would leave us with more uncertainty – and uncertainty is rarely good in a legal context. I’d like to see something out in the open, something proved.

Fanciful and misleading…

The Joint Committee on the Draft Communications Data Bill produced its report today – (available here) and it’s a devastating piece of work, ripping the bill, and process through which it was drafted, to shreds. As tweeter @EinsteinsAttic put it, the committee concludes that the bill is ‘overreaching, poorly drafted, ill-defined, not based on evidence or proper consultation, and misleadingly costed.’ And yet I’m sure I won’t be the only privacy advocate who is a little disappointed by the final result – though I’m probably asking too much! I have not yet been through the piece with a fine-tooth comb, and will write more when I have, but these are my initial thoughts.

Fanciful and misleading…

One of the best turns of phrase in the report is the description of the some of the cost-benefit analysis provided by the Home Office as ‘fanciful and misleading’ – but it would have been good to see such a comment broadened to cover the entire basis of the ‘case’ made by the Home Office, not just the costs. Instead, there seems to be an assumption that this case, regardless of the lack of evidence and lack of consultation with experts, is a reasonable one. There has not even been ‘private’ evidence given by the Home Office and intelligence services to the committee – though the committee has seen the recommendations of the Intelligence and Security Committee, who have been given evidence by the intelligence services.

The way that any evidence in support of the bill is hidden is something which, though understandable, seems to be wrong. It seems to me that given the seriousness of the infringements on privacy, free speech, free association, free assembly and other human rights, we have the right to know more. A bill like this needs public support – and that means we need to know more.

Insufficient attention

Having said this, the report is pretty devastating. In privacy terms, it is quite clear:

“[W]e believe that the draft Bill pays insufficient attention to the duty to respect the right to privacy, and goes much further than it need or should for the purpose of providing necessary and justifiable official access to communications data”

That conclusion is what people like me have been saying from the very start – and it is very good to see that the Committee did take it on board and, ultimately, believed us more than it believed the Home Office, despite sustained attacks, culminating in Theresa May’s suggestions last week that “Anybody who is against this bill is putting politics before people’s lives.”.

Far too broad

The biggest problem with the bill is Clause One – the very essence of the bill – and the committee recognises that. The clause as drafted effectively allows the Home Office to require any communications provider to gather pretty much whatever data the Home Office asks for – with the one ill-defined exception of ‘content data’. This the committee effectively rejects, suggesting instead  a much more restricted set of powers – limiting the types of data that can be gathered to “those categories of data for which a case can now be made.”

In the opinion of people like me, this would actually mean reducing the amount of data gathered from what is currently gathered, though one suspects that the final result will be something rather different. Even so, this is a very welcome suggestion. The report also recommends, crucially, that expansions into new areas and new data types would require proper parliamentary oversight, either through primary legislation or a “super-affirmative procedure which would guarantee fuller Parliamentary consideration than a standard affirmative order.” This would at least provide some protection from function creep – not enough, in my view, but a great deal better than the current plan.

There is some additional protection suggested – the committee recommends that the bill ‘should provide for wilful or reckless misuse of communications data to be a specific offence punishable in appropriate cases by imprisonment.’ As a deterrent this might also help – but it remains to be seen how effective it might be – and whether it would actually be used if it was included in the bill.

Where data exists it is vulnerable

What is missing, at least from my first review, is a recognition that the warranting process should – or at the very least could – take place before the gathering of data, rather than before the filtering of data. It means that, sadly, the committee is still suggesting that all of us could be snooped on all the time, and that data (though less limited data than that originally suggested) could be gathered and held about all of us. There is a small amount of attention paid to the vulnerability of this data – and a recognition that the current bill doesn’t pay sufficient attention to the security of data, or how much ensuring that security would cost – but it seems to me that it doesn’t pay enough attention to this issue. It is a fundamental: where data exists, it is vulnerable. That point means that even a new, amended bill on the basis of this report would still create new risks, new vulnerabilities…

Restricting availability

The report makes admirable suggestions about limiting who can access the data gathered, requiring first of all that they be specified in the Bill itself, and secondly that the number of public bodies getting access be reduced:

“Any public authorities which make a convincing business case for having access to communications data should, like the six we have specified in paragraphs 128 and 129, be listed on the face of the Bill. We expect this to be a greatly reduced number when compared to the authorities currently listed in the Regulation of Investigatory Powers (Communications Data) Order 2010.”

This does deal with one of the key issues with RIPA – and, in practice, could well reduce the level of abuse. I hope so.

The report also attacks the breadth of the reasons suggested as to why data might be accessed – but pulls its punches a little. Effectively ti says that the scope is too broad, but doesn’t say how to narrow it:

“We are concerned that the long list of permitted purposes for which communications data can be requested adds to public disquiet about the breadth of the Bill. While we do not make specific recommendations about how this list could be shortened, we recommend that the Government should consult on whether all the permitted purposes are really necessary.”

I would have hoped for something a lot clearer – and that when the Government consults about this, they consult properly…. something which they conspicuously failed to do in the run up to the drafting of the bill in the first place.

A proper consultation…

This is the area in which the report is the strongest, from my perspective. It makes it very clear that the Home Office ‘consultation’ was feeble at best. This is where the key should be. As the report suggests:

“Before re-drafted legislation is introduced there should be a new round of consultation with technical experts, industry, law enforcement bodies, public authorities and civil liberties groups. This consultation should be on the basis of the narrower, more clearly defined set of proposals on definitions, narrower clause 1 powers and stronger safeguards which are recommended in this report.”

That’s what we really need. A proper consultation. A really proper consultation, where the proper experts are given the opportunity to make their views heard. Overall, I’d say the committee did a good job in the circumstances – but those circumstances were far from ideal. The consultation period (for written evidence) was short, over a summer, when many people (particularly those in academia) have little time to contribute – and it was a consultation ‘after the fact’, with the bill already drafted. We needed – and deserved – much more time. The committee says so, and says so loud and clear.

Will the Home Office listen?

That’s the big question – and one that many of us observing have been wondering for a while. This report is pretty devastating, at least in the detail – and the Home Office should get the message pretty clearly. There’s a lot that I haven’t covered in this post – the fanciful and misleading cost-benefit analysis, for example, and the technical details – but the overall conclusion is pretty clear. What they’ve done has simply not been good enough – and they need to go back and think again.

Will they? Or will they just lick their wounds and carry on regardless, accusing those of us who oppose their plans of risking lives, and of having blood on our hands?  Number 10 seems to be saying now that they will ‘accept’ the criticism (see here, for example) but how much they will ‘accept’ remains to be seen. I hope they listen – but if they don’t, or just pay ‘lip service’ to the issue, they need to know that they have a fight on their hands. This report gives us a pretty good weapon to use in that fight.

And what of the Labour Party?

The final part of the equation is the Labour Party. The Liberal Democrats have come out firmly against the bill, which is important, and my own MP, Julian Huppert, in particular, needs to be given a lot of credit for that – but if the Labour Party fails to oppose it, that may not be enough. I’m looking forward to hearing what they have to say. I have heard noises that Yvette Cooper is going to make what I would think of as the right call, and a report in the Guardian suggests that she will, and this good piece by Nick Brown in the Independent gives me hope that the Labour Party is finally finding its way on this issue. Let us hope so! It would be good to have some kind of all-party consensus on this issue. Privacy, in general, is not a party political issue – there are groups within all parties that support it, and groups within all parties that see it as something that is of little importance in relation to security and other related issues. One of the things that has been most interesting about the struggle against the Communications Data Bill has been the way it has drawn together allies from all parts of the political spectrum. In the end, that has to be a good thing.

Start all over again

My overall view is clear – this bill doesn’t just need a few tweaks, it needs abandoning entirely. Nick Clegg has suggested going back to the drawing board – I agree. We should start from a totally different premise – we should be cutting down on internet surveillance rather than expanding it, and working towards the repeal of the Data Retention Directive and its implementation in the UK. The issues discussed in this damning report are equally applicable to existing law, which already compromises privacy in an excessive manner. Let’s start again – and put people’s privacy first.

They’re taking over the internet!

bond_vill05There’s a big story going around at the moment: the UN’s trying to take over the internet, or some variant of that. It’s all based on the current ITU proposals at the World Conference on International Telecommunications (WCIT) currently taking place in Dubai… Lots of people – and I mean LOTS of people – are spreading this story of terror and danger. What’s at stake? Freedom of expression, anonymity, privacy, the whole openness of the internet etc etc…

…and yet I find it very difficult to get enthusiastically behind the fight, though I’m a fierce advocate of all of those things, and care deeply and passionately about the future of the internet as an open and free place. So why do I find it hard? Not because I agree with the ITU’s proposals – I don’t, I think they’re generally very bad and very unhelpful. There are, however, a few reasons:

  1. The prime characteristic of the ITU, as for so many UN bodies, is not an ability to actually do anything – let alone control or ‘take over’ anything. UN peacekeepers aren’t exactly brilliant at keeping peace, UN resolutions tend to be ignored by almost anyone who might be affected (ask anyone who pays attention to what goes on in Israel and Palestine), UN charters are aspirational at best. Whatever they do is unlikely to have any real effect – unless others want it to have an effect. The UN has some great strengths – and some of the UN bodies do excellent work – but for those strengths to come into play, they need the states involved to want them to work. The various Human Rights declarations, for example, help to set standards that were then applicable (and applied) worldwide…
  2. The ITU itself is far from the most competent of ‘secret’ organisations – for all their supposed secrecy, they just ‘gave’ the information on their DPI proposals to the excellent @Asher_Wolf when she asked them for it….
  3. What’s more, opposition to the ITU’s proposals is already huge – and if anyone imagines that the US or the EU will quickly acquiesce to whatever the ITU suggests, they really don’t understand international politics or international law
  4. To suggest that these ITU proposals offer the biggest threat to any of the issues concerned at the current moment. In every areas there are far greater threats, far closer to home.
  5. You want a threat to privacy? Look more closely at our own governments – what the UK government is proposing with the Communications Data Bill, that’s a REAL threat to privacy. What’s being revealed by the NSA whistleblower William Binney about surveillance in the US is a vastly, vastly worse than anything imagined by the ITU. Our governments don’t need the ITU in order to invade our privacy….
  6. You want a threat to anonymity on the internet? Look much more close to home – look at Facebook’s ‘real names’ policy, and the same for Google! Google are one of the strongest supporters of the fight against the ITU – and yet they still have what amounts to a real names policy for Google plus!
  7. You want a threat to freedom of expression? Look very hard at the ‘entertainment industry’, whose copyright trolls do more to block people’s expression than almost anyone else. They use notice and take down, they want ‘piracy’ sites blocked, they want to be able to block users from accessing the internet at all if there’s suspicion of piracy.

…and yet it’s the UN, and in particular the ITU that’s the target of the attacks. I don’t particularly like the ITU, and I don’t like these proposals one bit, but they won’t destroy the openness of the internet – because they won’t be able to make it happen. The others, on the other hand – our own governments, our ‘own’ industries, from Facebook and Google to the ‘entertainment’ industries, they’re already doing a lot to restrict all those freedoms that they claim to care so passionately about. Why? Because there’s money in it for them…. just as that’s the main real reason for their concerns about the ITU proposals – one part is to effectively levy a kind of tax on companies like Google. When money matters, it’s easy for industry to play the ‘good guys’. When money works the other way…..

No reason to be complacent – keep fighting!

All this ranting isn’t meant to stop people fighting the ITU proposals – we should! They should be opposed with vigour, because they’re not good at all. There are some distinctly worrying things about these proposals, and some particular risks attached. There’s the risk that they can be used to spread the idea that surveillance, that the removal of any effective form of anonymity, become the norm – and that they are allowed to spread as a result of this kind of thing. The UN is an ‘aspirational’ organisation, so ideas spread by it can be seen as somehow acceptable, and supportable – and used in some ways to ‘justify’ bad things that are happening.

This risk – of the ‘normalisation’ of this kind of thing – is something that we need to oppose, and oppose strongly. It is, however, something quite different from the suggestion that the UN is actually trying to take over the internet. That idea shouldn’t be overblown, or hyped up to the degree that it is. There’s an element in crying wolf about this too – if we keep going on about something being likely to ‘destroy the internet’ we’ll miss the real threats. I don’t want that to happen – and to an extent is is already happening, with ideas like Facebook and Google’s ‘real names’ policies not being subject to nearly sufficient scrutiny, and the copyright lobby still wielding enormously disproportionate power. Let’s get things a bit more in proportion….

Turning the tables…

————————————————————————–

Imagine you’ve just been appointed the head of the online secret police for an oppressive dictatorship. Your leader comes to you with a worried expression. The internet bothers him, he tells you. People get to say whatever they want, to talk to whoever they want, and it’s spreading dissent and destabilising the government. ‘It’s a disaster,’ he says. ‘What are you going to do about it? We need to keep this under control.’

You think about it a bit and then come up with a plan. Our main problem, you tell him, is that we don’t know enough about what is going on. We need to monitor everything. ‘If we know who is talking to who, what sites they’re visiting on the internet, which social networking systems they’re using, and for what, then we can start to take back control.’

A smile starts to appear on the leader’s face. ‘What next?’ he asks.

‘Next we need to set up a system to be able to search through all that information – some kind of filtering system to find what we want to find.’

‘You mean like a kind of Google for private communications and internet activities?’

‘Exactly. We can search for whatever we want – and whoever we want. But there’s more: we can use that information to do much more. They think the internet’s a tool for their free speech – we can turn it into a way to find them, to arrest them, to block them, to find out who likes what they say. We can access their activities in real time and respond to them before they know what’s happening. We can turn the tables on them.’

Your leader smiles and rubs his hands together. ‘Go for it,’ he says.

————————————————————————–51DW9DbldKL._SL500_AA300_

This is the opening section of an article I’ve just had published in Digital Frontiers, the new volume of the excellent Index on Censorship. It’s a fascinating magazine – and this edition includes pieces by such luminaries as Rebecca MacKinnon, Ethan Zuckerman, Gabriella Coleman, Jennifer Granick, Privacy International’s Eric King amongst others. It covers many different aspects of the issues surrounding the internet – from free speech and surveillance to child protection and the power of microblogs.

I feel privileged to have been able to contribute – my piece, as the opening might suggest, is about the dangers of the UK’s Communications Data Bill, the ‘snoopers’ charter’ in terms of free speech, and how it could contribute to a worldwide ‘chilling effect’. I’d seriously recommend buying the magazine – it’s currently available only in print form – not for my piece, but for all the rest, and to support the excellent work of Index on Censorship.

You can find details of how to buy it – and to subscribe to Index on censorship, by clicking here…

My snoopers’ charter posts…

With Theresa May now trying to scare us into accepting the snoopers charter, I realised quite how much I’ve written about the subject since it raised its ugly head earlier this year. Here are links to some of my main posts on the subject….

April 2012:

If you build it, they will come: why building a system like this will create vulnerabilities

Scrambling for safety: my report of the excellent meeting organised by the Open Rights Group, Privacy International, FIPR and Big Brother Watch

May 2012:

A wake up call: lessons from those who know what a real police state is like…

I do not like this CCDP: my poem, Dr Seuss style….

June 2012

A police state: what does a ‘police state’ really mean, and why the snoopers charter might suggest we’re going that way?

Labour and the Snoopers Charter: can we persuade the Labour Party to oppose the bill… and if not, why not?

My submission to the Joint Committee on Human Rights

July 2012

The Myth of Technological Solutions: why it’s foolish to assume technology will solve our security problems….

The Draft Communications Data Bill and the ECHR: my blog for the UK Constitutional Law Group

August 2012

A summary of my submission to the Communications Data Bill Committee

October 2012

An open internet begins at home Mr Hague! My blog for The Justice Gap

My communications data bill Venn diagram – complete with Bond villains and white cats

November 2012

Choose your dystopia – how we’re following fiction: 1984, Brave New World etc… with the snoopers charter.

Wishful thinking – how the whole case for the bill is based on wishful thinking. My talk (and report) from the ISPA conference.

The politics of privacy - why, even if the Lib Dems end up opposing the bill, we may find it hard to defeat!

I’m almost sorry to have written so much – but I do think this is a very important subject… and we shouldn’t let Theresa May’s scare tactics frighten us away… the bill needs to be opposed, and defeated!