Privacy is not the enemy – rebooted…

Today, Saturday February 23rd 2013, is International Privacy Day. To mark it, I’ve done a re-boot of an old blog post: ‘Privacy is not the enemy’. The original post (which you can find here) came back in December 2011, after I attended an ‘open data’ event organised by the Oxford Internet Institute – but it’s worth repeating, because those of us who advocate for privacy often find themselves having to defend themselves against attack, as though ‘privacy’ was somehow the enemy of so much that is good.

Privacy is not the enemy

Privacy advocates are often used to being in a defensive position – trying to ‘shout out’ about privacy to a room full of avid data-sharers or supporters of business innovation above all things. There is a lot of antagonism. Those we speak to can sometimes feel that they are being ‘threatened’ – some of the recent debate over the proposed reform of the Data Protection regime has had very much that character. And yet I believe that many of those threatened are missing the point about privacy. Just as Guido Fawkes is wrong to characterise privacy just as a ‘euphemism for censorship’ (as I’ve written about before) and Paul McMullan was wrong to suggest to the Leveson Inquiry that ‘privacy is for paedos’, the idea that privacy is the ‘enemy’ of so many things is fundamentally misconceived. To a great extent the opposite is true.

Privacy is not the enemy of free expression – indeed, as Jo Glanville of Index on Censorship has argued, privacy is essential for free expression. Without the protection provided by privacy, people are shackled by the risk that their enemies, those that would censor them, arrest them or worse, can uncover their identities, find them and do their worst. Without privacy, there is no free expression. The two go hand-in-hand, particularly where those without ‘power’ are concerned – and just as privacy shouldn’t just be something available for the rich and powerful, free speech shouldn’t only be available to those robust enough to cope with exposure.

Privacy is not the enemy of ‘publicness’ - in a similar way, to be truly ‘public’, people need to be able to protect what is private. They need to be able to have at least some control over what they share, what they put into the public. If they have no privacy, no control at all, how can they know what to share?

Privacy is not the enemy of law enforcement – privacy is sometimes suggested to be a tool for criminals, something behind which they can hide behind. The old argument that ‘if you’ve got nothing to hide, you’ve got nothing to fear’ has been exposed as a fallacy many times – perhaps most notably by Daniel Solove (e.g. here), but there is another side to the argument. Criminals will use whatever tools you present them with. If you provide an internet with privacy and anonymity they’ll use that privacy and anonymity – but if you provide an internet without privacy, they’ll exploit that lack of privacy. Many scams related to identity theft are based around taking advantage of that lack of privacy. It would perhaps be stretching a point to suggest that privacy is a friend to law enforcement – but it is as much of an enemy to criminals as it is to law enforcement agencies. Properly implemented privacy can protect us from crime.

Privacy is not the enemy of security – in a similar way, terrorists and those behind what’s loosely described as cyberwarfare will exploit whatever environment they are provided with. If Western Law enforcement agencies demand that social networks install ‘back doors’ to allow them to pursue terrorists and criminals, you can be sure that those back doors will be used by their enemies – terrorists, criminals, agents of enemy states and so forth. Privacy International’s ‘Big Brother Inc’ campaign has revealed the extent to which surveillance products developed in the West are being sold to despotic and oppressive regimes – in an industry worth an estimated $5 billion a year. It’s systematic, and understandable. Surveillance is a double-edged sword – and privacy is a shield which faces many ways (to stretch a metaphor beyond its limits!). Proper privacy protection works against the ‘bad guys’ as well as the ‘good’. It’s a supporter of security, not an enemy.

Privacy is not the enemy of business – though it is the enemy of certain particular business models, just as ‘health’ is the enemy of the tobacco industry. Ultimately, privacy is a supporter of business, because better privacy increases trust, and trust helps business. Governments need to start to be clear that this is the case – and that by undermining privacy (for example though the oppressive and disproportionate attempts to control copyright infringement) they undermine trust, both in businesses and in themselves as governments. Privacy is certainly a challenge to business – but that’s merely reflective of the challenges that all businesses face (and should face) in developing businesses that people want to use and are willing to pay money for.

Privacy is not the enemy of open data – indeed, precisely the opposite. First of all, privacy should make it clear which data should be shared, and how. ‘Public’ data doesn’t infringe privacy – from bus timetables to meteorological records, from public accounts to parliamentary voting records. Personal data is just that – personal – and sharing it should happen with real consent. When is that consent likely to be given? When people trust that their data will be used appropriately. When will they trust? When privacy is generally in place. Better privacy means better data sharing.

All this is without addressing the question of whether (and to what extent) privacy is a fundamental right. I won’t get into that here – it’s a philosophical question and one of great interest to me, but the arguments in favour of privacy are highly practical as well as philosophical. Privacy shouldn’t be the enemy – it should be seen as something positive, something that can assist and support. Privacy builds trust, and trust helps everyone.

———————————-

Over the time since I first wrote this post, privacy has if anything become bigger news that it was. If Facebook launches a new product (e.g. Graph Search, about which I wrote here and here), it makes privacy a centre-piece of the launch, regardless of the true privacy impact of the product. Apple has now put privacy settings into iOS for its iPhone and iPad. Privacy is big news! Let’s mark International Privacy Day by reminding ourselves that privacy is not an enemy – the opposite….

Lobbyists: who pays the piper…

A few weeks ago I experienced first hand the role of lobbyists, when I saw them do their best to start steering the CREATe project in their own direction (see my blog here). In the time since then, two more issues have come up that have highlighted their significance – and why we need to be concerned. We should be looking much more carefully at their activities.

Copyright lobbyists

To recap, at CREATe it was the lobbyists for the ‘content’ industry – what might loosely be called ‘copyright’ lobbyists – who were trying to ensure that the project, which is amongst other things looking at copyright reform, did not dare to challenge their assumption that ‘piracy’ needs to be stomped on above all things. The copyright lobby is a very powerful one indeed, and has had huge influence on the policies of governments worldwide – in the UK, they still seem to have a firm grip on all the major parties, and were the key behind the controversial Digital Economy Act. They are, however, only one of the lobby groups that we should be watching.

Advertising industry lobbyists

The second emerging issue concerns another key lobby – the online advertising industry. For privacy advocates like me, the advertising industry as often been a bit of a bête noire – behavioural advertising in particular generally works through significant invasions of privacy – but their recent activities in relation to the ‘Do Not Track’ initiative have been concerning. They’ve been fighting tooth and nail to block Microsoft’s idea that DNT should be ‘on’ by default on Internet Explorer – and according to Alexander Hanff they’ve also managed to co-opt privacy advocates to help undermine the DNT specification itself, allowing for ‘de-identified’ tracking without any kind of consent.

There’s a long way to go on this one, but I’m far from alone in thinking that they’ll manage to pretty much entirely neuter DNT. As security expert Nadim Kobeissi put it in a blog post yesterday, DNT is becoming ‘Dangerous and Ineffective’. We can largely thank advertising industry lobbyists for that.

‘Internet Industry’ Lobbyists

The third and potentially most worrying of all the recent lobbyists activities to emerge is the story of US ‘internet industry’ lobbyists working to undermine the draft Data Protection Regulations. As the Telegraph reported:

“Tory MEPs ‘copy and paste Amazon and Google lobbyist text’”

As I also experienced first hand at the Computers, Privacy and Data Protection conference in Brussels earlier this month, industry lobbyists particularly from the US are very concerned by the proposed Data Protection Regulation, partly because as drafted it would allow them to have the power to actually fine industry groups a meaningful amount of money – 2% of their global turnover – the kind of fine that would actually make a difference, and could actually make them change their activities.

Making changes….

That’s the key – indeed, the key for all three of the lobbying stories above. A resistance to change. The copyright lobbyists don’t want to have to change either their business model or their approach to enforcement. The advertising industry don’t want to have to change their privacy-invasive way of tracking people. The ‘internet industry’ companies don’t want to have to change their way of gathering and using people’s personal data. And in all three cases, they don’t seem to really care what people want or care about. In the copyright lobbyists example, as I noted in my blog at the time, they seem to be resisting even the gathering of evidence. In the other two cases, I suspect the same is true – because the more evidence that comes out, the clearer it is that people do care about privacy and don’t want to be tracked.

It’s not US vs EU

One of the most common arguments made in these cases is that it’s some kind of a Transatlantic conflict – a ‘cultural difference’ between the US and the EU. We in Europe are trying to ‘impose’ our values onto the US. Is it true? Well, the most recent evidence suggests otherwise – indeed, it suggests that people in the US care every bit as much as people in Europe do about privacy. According to a recent survey, 77% of Americans would select ‘do not track’  if it were available – putting them above many European countries, below only France. As David Meyer put it: ‘Think Europeans are more into data privacy than Americans? Think again.”

I suspect he’s right – and the divide isn’t a Transatlantic one. It’s a divide between individuals everywhere and the industry lobbyists. Lobbyists, by their nature, look out for those they’re lobbying on behalf of. Of course they do – that’s their job. We need to understand that – and act appropriately. What the lobbyists do should worry us – because they don’t serve our interests. Who pays the piper calls the tune – and it’s not us!

That’s not to say that they don’t have legitimate interests – they do! What the industries they represent do is crucial for all of us, for the future of the internet. However, it does need to be balanced, and right now it looks very much out of balance.

Big Brother is watching you…. and so are his corporate partners

big-brother-is-watching-you_thumbnaPrivacy advocates are spoilt for choice these days about what to complain about – privacy invasions by business, or privacy invasions by the authorities? Over the last year or so, I’ve written regularly about both – whether it be my seemingly endless posts in recent weeks about Facebook, or the many times I wrote last year about the wonderful Snoopers’ Charter – our Communications Data Bill (which is due to re-emerge after its humiliation fairly shortly).

It’s a hard one to answer – and I tend to oscillate between the two in terms of which I think is more worrying, more of a threat. And then a new story comes along to remind me that it isn’t either on its own that we should be really worried about – it’s when the two work together. Another such story has just come to light, this time in The Guardian

“Raytheon’s Riot program mines social network data like a ‘Google for spies’, drawing ire from civil rights groups”

The essence of the story is simple. Raytheon is reported to have developed software “capable of tracking people’s movements and predicting future behaviour by mining data from social networking websites”. Whether the details of the story are correct, and whether Raytheon’s software is particularly good at doing what it is supposed to do isn’t really the main point: the emergence of software like this was always pretty close to inevitable. And it will get more effective – profiling will get sharper, targeting more precise, predictions more accurate.

Inevitable and automatic

What’s more, this isn’t just some ‘friendly’ policemen or intelligence operatives looking over our Facebook posts or trawling through our tweets – this is software, software that will operate automatically and invisibly, and can look at everything. What’s more, it’s commercially produced software. Raytheon says that ‘it has not sold the software – named Riot, or Rapid Information Overlay Technology – to any clients’ but it will. It’s commercially motivated – and investigations by groups such as Privacy International have shown that surveillance technology is sold to authoritarian regimes and others around the world in an alarming way.

If you build it, they will come

The real implication is that when software like this is developed, the uses will follow. Perhaps it will be used at first for genuinely helpful purposes – tracking real terrorists, finding paedophiles etc (and you can bet that the fights against terrorism and child abuse will be amongst the first reasons wheeled out for allowing this kind of thing) – but those uses will multiply. Fighting terrorist will become fighting crime, which will become fighting disorder, which will become fighting potential disorder, which will become locating those who might have ‘unhelpful’ views. Planning a protest against the latest iniquitous taxation or benefits change? Trying to stop your local hospital being shut or your local school being privatised? Supporting the ‘wrong’ football team?

Just a quick change in the search parameters and this kind of software, labelled by the Guardian a ‘google for spies’, will track you down and predict your next moves. Big Brother would absolutely love it.

A perfect storm for surveillance

This is why, in the end, we should worry about both corporate and government surveillance. The more that private businesses gather data, the better they get at profiling, even for the most innocuous of purposes, or for that all too common one, making money, the more that this kind of data, these kinds of techniques, can be used by others.

We should worry about all of this – and fight it on all fronts. We should encourage people to be less blasé about what they post on Facebook. I may be a bit extreme in regularly recommending that people leave Facebook (see my 10 reasons to leave Facebook post) because I know many people rely on it at the moment, but we should seriously advise people to rely on it less, to use it more carefully – and to avoid things like geo-location etc (see my what to do if you can’t leave Facebook post). We should oppose any and all government universal internet surveillance programmes – like the Snoopers’ Charter – and we should support campaigns like that of Privacy International against the international trade in surveillance technology.

Facebook and others create a platform. We put in all our data. Technology firms like Raytheon write the software. It all comes together like a perfect storm for surveillance.

CREATe and the copyright lobby…

From the moment Coaliton MP Jo Swinson (she’s a Lib Dem, apparently, though from her talk she was indistinguishable from a Tory) gave the opening speech at the CREATe launch event, the tensions were apparent. CREATe (whose website is here) is a huge new project, which in its own words ‘is a pioneering academic initiative designed to help the UK cultural and creative industries thrive and become innovation leaders within the global digital economy.’ Four years, funding of more than £5 million, primarily from the Arts and Humanities Research Council (effectively government money) seven universities (including my own, the University of East Anglia) and academics from a wide range of disciplines make it something very, very ambitious – and also very important. And yet, right from the start, it’s under enormous pressure – not least from the copyright lobbyists.

Swinson’s speech emphasised money, money and more money – and particularly all the wonderful things the coalition was doing to support the digital economy. By that, from the perspective of many of the people I spoke to in the audience, what she really meant was to support the existing ‘creative’ industry… and by that she really seemed to mean to do what the copyright lobbyists have told her to do. And those lobbyists were all too obvious by their presence at the launch event. They were relatively easy to identify even if you didn’t read their name tags or know who they were: they were the ones who made a point of mentioning how evil all those pirating content were, and how we need to clamp down on those pirates before we do anything else. Sometimes they could manage a couple of relatively neutral or even positive statements before mentioning the need to clamp down on pirates, but I don’t think any of them managed to get through a comment without bringing it into play. I’d like to make it clear that by lobbyists I’m not referring to the musicians themselves, or even any of the many excellent people involved in music production that I met over the launch event. Many – most – of them understood the issues very directly, and in a way that an academic like me could not hope to. They, however, weren’t the key to the problem – the lobbyists were a different kettle of fish.

The audience was very varied. There were lots of academics from all of the universities involved, and a fair number from other universities too. There were lawyers in the field of intellectual property, there were representative of the IPO, there were people from civil society, there were people from consumer groups (including the excellent Saskia Walzel from Consumer Focus UK) and there were even some of the real ‘creative’ people, musicians, artists and writers – SF writer Charlie Stross’s excellent account of the history of the eBook was one of the highlights of the event. Another was when the keynote speaker, social entrepreneur Dr Frances Pinter made a special mention of the sadly missed Aaron Swartz.

What was particularly good was that most of the people from all these different backgrounds and interests seemed to be open minded and excited by the prospect of CREATe. Most of them – all of those that I spoke to – saw this as an amazing opportunity to do something really important, and to address a real challenge. We almost all seemed to recognise that this is a very, very difficult issue, and that we need to be open-minded and creative in looking for new ways to deal with a very thorny problem. We almost all seemed to realise that the current system doesn’t work – and that something different needs to be tried.

All of us, that is, except the lobbyists, who still seem to believe they have the solution – which is to hit the pirates harder and harder and harder. Some were open to other solutions too – but only after we’ve clamped down on the pirates. It didn’t matter what everyone else said, whether it was those wondered about the ultimate result of alienating or criminalising a generation of young people, or those like Saskia Walzel who suggested that a first point might be to provide a good, cheap, reliable, timely and user-friendly legal source of all the material, or even those who asked for any evidence that the clampdown was working….

…indeed, that last point was the real sticker, and cuts to one of the crucial points about CREATe. A key idea is that some of the CREATe projects will be gathering evidence – and attempting to determine what’s really true about what’s going on. Indeed, the first publication from CREATe is a piece about what will actually constitute evidence from the many, varied perspectives of the different groups involved – you can find it here. CREATe represents an invaluable opportunity for this gathering of evidence – to have the money, the expertise and the time for the kind of research that can really look into this is something very, very special. And yet even before the launch event had finished, not even a day into the four year project it appeared that the lobbyists were already trying to suggest that the project was likely to be unfair and biased. The question that immediately springs to mind is what are they afraid of? Don’t they want real evidence? Are they worried that the evidence will suggest that their current models both of business and of enforcement are flawed and ineffective? Are they afraid that CREATe will help put together new business models – and that the new environment will have no place for the ‘old’ content industries?

Any or all of that could be true – but only time will tell. Time and a great deal of academic research. The trouble is, from the very start CREATe is going to be put under huge, huge pressure to produce the results that the lobbyists want. That pressure is already being applied….