CREATe and the copyright lobby…

From the moment Coaliton MP Jo Swinson (she’s a Lib Dem, apparently, though from her talk she was indistinguishable from a Tory) gave the opening speech at the CREATe launch event, the tensions were apparent. CREATe (whose website is here) is a huge new project, which in its own words ‘is a pioneering academic initiative designed to help the UK cultural and creative industries thrive and become innovation leaders within the global digital economy.’ Four years, funding of more than £5 million, primarily from the Arts and Humanities Research Council (effectively government money) seven universities (including my own, the University of East Anglia) and academics from a wide range of disciplines make it something very, very ambitious – and also very important. And yet, right from the start, it’s under enormous pressure – not least from the copyright lobbyists.

Swinson’s speech emphasised money, money and more money – and particularly all the wonderful things the coalition was doing to support the digital economy. By that, from the perspective of many of the people I spoke to in the audience, what she really meant was to support the existing ‘creative’ industry… and by that she really seemed to mean to do what the copyright lobbyists have told her to do. And those lobbyists were all too obvious by their presence at the launch event. They were relatively easy to identify even if you didn’t read their name tags or know who they were: they were the ones who made a point of mentioning how evil all those pirating content were, and how we need to clamp down on those pirates before we do anything else. Sometimes they could manage a couple of relatively neutral or even positive statements before mentioning the need to clamp down on pirates, but I don’t think any of them managed to get through a comment without bringing it into play. I’d like to make it clear that by lobbyists I’m not referring to the musicians themselves, or even any of the many excellent people involved in music production that I met over the launch event. Many – most – of them understood the issues very directly, and in a way that an academic like me could not hope to. They, however, weren’t the key to the problem – the lobbyists were a different kettle of fish.

The audience was very varied. There were lots of academics from all of the universities involved, and a fair number from other universities too. There were lawyers in the field of intellectual property, there were representative of the IPO, there were people from civil society, there were people from consumer groups (including the excellent Saskia Walzel from Consumer Focus UK) and there were even some of the real ‘creative’ people, musicians, artists and writers – SF writer Charlie Stross’s excellent account of the history of the eBook was one of the highlights of the event. Another was when the keynote speaker, social entrepreneur Dr Frances Pinter made a special mention of the sadly missed Aaron Swartz.

What was particularly good was that most of the people from all these different backgrounds and interests seemed to be open minded and excited by the prospect of CREATe. Most of them – all of those that I spoke to – saw this as an amazing opportunity to do something really important, and to address a real challenge. We almost all seemed to recognise that this is a very, very difficult issue, and that we need to be open-minded and creative in looking for new ways to deal with a very thorny problem. We almost all seemed to realise that the current system doesn’t work – and that something different needs to be tried.

All of us, that is, except the lobbyists, who still seem to believe they have the solution – which is to hit the pirates harder and harder and harder. Some were open to other solutions too – but only after we’ve clamped down on the pirates. It didn’t matter what everyone else said, whether it was those wondered about the ultimate result of alienating or criminalising a generation of young people, or those like Saskia Walzel who suggested that a first point might be to provide a good, cheap, reliable, timely and user-friendly legal source of all the material, or even those who asked for any evidence that the clampdown was working….

…indeed, that last point was the real sticker, and cuts to one of the crucial points about CREATe. A key idea is that some of the CREATe projects will be gathering evidence – and attempting to determine what’s really true about what’s going on. Indeed, the first publication from CREATe is a piece about what will actually constitute evidence from the many, varied perspectives of the different groups involved – you can find it here. CREATe represents an invaluable opportunity for this gathering of evidence – to have the money, the expertise and the time for the kind of research that can really look into this is something very, very special. And yet even before the launch event had finished, not even a day into the four year project it appeared that the lobbyists were already trying to suggest that the project was likely to be unfair and biased. The question that immediately springs to mind is what are they afraid of? Don’t they want real evidence? Are they worried that the evidence will suggest that their current models both of business and of enforcement are flawed and ineffective? Are they afraid that CREATe will help put together new business models – and that the new environment will have no place for the ‘old’ content industries?

Any or all of that could be true – but only time will tell. Time and a great deal of academic research. The trouble is, from the very start CREATe is going to be put under huge, huge pressure to produce the results that the lobbyists want. That pressure is already being applied….

Will the government ‘get’ digital policy?

I had an interesting time at the ‘Seventh Annual Parliament and Internet Conference’ yesterday – and came away slightly less depressed than I expected to be. It seemed to me that there were chinks of light emerging amidst the usually stygian darkness that is UK government digital policy and practice – and signs that at least some of the parliamentarians are starting to ‘get it’. There were also some excellent people there from other areas – from industry, from civil society, from academia – and I learned as much from private conversations as I did in the main sessions.

The highlight of the conference, without a doubt, was Andy Smith, the PSTSA Security Manager at the Cabinet Office, recommending to everyone that they should use fake names on the internet everywhere except when dealing with the government – the faces of the delegation from Facebook, whose ‘real names’ policy I’ve blogged about before were a sight to behold. Andy Smith’s suggestion was noted and reported on by Brian Wheeler of the BBC within minutes, and made Slashdot shortly after.

It was a moment of high comedy – Facebook’s Simon Milner, on a panel in the afternoon, said he had had a ‘chat’ with Andy Smith afterwards, a chat which I think a lot of us would have liked to listen in on. The comedic side, though, reveals exactly why this is such a thorny issue. Smith, to a great extent, is right that we should be deeply concerned by the extent to which our real information is being gathered, held and used by commercial providers for their own purposes – but he’s quite wrong that we should be able and willing to trust the government to hold our data any more securely or use it any more responsibly. The data disasters when HMRC lost the Child Benefit details of 25 million families or the numerous times the MoD has lost unencrypted laptops with all the details of both serving and retired members of the armed forces – and potential recruits – are not exceptions but symptoms of a much deeper problem. Trusting the government to look after our data is almost as dangerous as trusting the likes of Facebook and Google.

The worst aspect of the conference for me was that there seemed to still be a large number of people who believed that ‘complete’ security was not just possible but practical and just a few tweaks away. It’s a dangerous delusion – and means that bad decisions are being made, and likely to continue. A few other key points of the conference:

  • Chloe Smith, giving the morning keynote, demonstrated that she’d learned a little from her Newsnight mauling – she was better at evading questions, even if she was no better at actually answering them.
  • In Chi Onwurah, Labour have a real star – I hope she gets a key position in a future Labour government (should one come to pass)
  • We’ve got a long way to go with the Defamation Bill – without seeing the regulations that will accompany the bill, which apparently haven’t even been drafted yet, it’s all but impossible to know whether it will have any real effect (at least insofar as the internet is concerned)
  • In a private conversation, someone who really would know told me that one of the problems with sorting out the Defamation Bill has been an apparent obsession that Westminster insiders have with the ‘threat’ from anonymous bloggers – I suspect Guido Fawkes would be delighted by the amount of fear and loathing he seems to have generated in MPs, and how much it seems to have distracted them from doing what they should on defamation and libel reform.
  • After a few conversations, I’m quietly optimistic that we’ll be able to defeat the Communications Data Bill – it wasn’t on the agenda at the conference, but it was on many people’s minds and the whispers were generally more positive than I had feared they might be. Time will tell, of course.
  • Ed Vaizey is funny and interesting – but potentially deeply dangerous. His enthusiasm for the ‘iron fist’ side of copyright enforcement built into the Digital Economy Act was palpable and depressing. The way he spoke, it seemed as though the copyright lobby have him in the palm of their hand – and that neither they nor he have learned anything about the failure of the whole approach.
  • Vaizey’s words on porn-blocking – he seemed to suggest that we’ll go for an ‘opt-out’ blocking systems, where child-free households would effectively have to ‘register’ for access to porn, something which has HUGE risks (see my blog here) – were worrying, but again, another insider assured me that this wasn’t what he meant to say, nor the proposal currently on the table. This will need very careful watching!!
  • The savaging of Vaizey by a questioner from the floor revealing how much better and cheaper broadband internet access was in Bucharest than in Westminster was enjoyed by most – but not Vaizey, nor the industry representatives who remained conspicuously quiet.
  • Julian Huppert – my MP, amongst other things – was again impressive, and seems to have understood the importance of privacy in all areas: the fact that Nick Pickles of Big Brother Watch was invited to the panel on the internet of things that Huppert chaired made that point.
  • On that subject – mentions of either privacy or free speech were conspicuous by their absence in the early sessions on cybersecurity, but they grew both in presence and importance during the day. I asked a couple of questions, and they were both taken seriously and answered reasonably well. There’s a huge way to go, of course, but I did feel that the issue is taken a touch more seriously than it used to be. Mind you, none of the government representatives mentioned either in their speeches at all – it was all ‘economy’ and ‘security’, without much space for human rights….
  • The revelation from the excellent Tom Scott that though the rest of us are blocked from accessing the Pirate Bay, it IS accessible from Parliament was particularly good – and when my neighbour accessed the site and saw the picture of Richard O’Dwyer on the front page, it was poignant…

I came away from the conference with distinctly mixed feelings – there are some very good signs and some very bad ones. The biggest problem is that the really good people are still not in the positions of power, or seemingly being listened to – and those at the top don’t seem to be changing as fast as the rest. If we could replace Ed Vaizey with Julian Huppert and Chloe Smith with Chi Onwurah, government digital policy would be vastly improved….

A progressive digital policy?

Yesterday I read a call for submissions to Labour Left’s ‘Red Book II’, by Dr Éoin Clarke – to develop a way forward for the Labour Party. It started me thinking about what would really constitute a progressive digital policy – because for me, any progressive party should be looking at how to deal with the digital world. It is becoming increasingly important – and policies of governments seem to be wholly unable to deal with or even understand the digital world.

It must be said from the outset that I am not a Labour Party member, but that I was for many years. I left in 1999, partly because I was leaving the country and partly because I was already becoming disillusioned as to the direction that Labour was taking – a stance that the invasion of Iraq only confirmed. I have not rejoined the party since, though I have been tempted at times. One of the reasons I have not been able to bring myself to join has been the incoherence and oppressiveness of Labour’s digital policies, which are not those of a progressive, positive and modern party, of one that represents the ordinary people, and in particular the young people, of Britain today.

That seems to me to be very wrong. Labour should be a progressive party. It should be one that both represents and learns from young people. It should be one that looks forward rather than back – and one that is brave enough to be radical. Right now it isn’t: and the last government presided over some appalling, oppressive and regressive digital policies.

I’ve written in the past about why governments always get digital policy wrong – but it’s much easier to snipe from the sidelines than it is to try to build real policy. Here, therefore, is my first attempt at putting together a coherent, progressive policy for digital government. It is of course very much a skeleton – just the barest of bones – and very much a first attempt. There is probably a lot missing, and it needs a lot more thought. It would take a lot of work to put flesh on the bones – but for me, the debate needs to be had.

The starting point for such a policy would be a series of nine commitments.

  1. A commitment to the right to access to the net – and to supporting human rights online as well as in the real world. This is the easiest part of the policy, and one where Labour, at least theoretically, has not been bad. Gordon Brown spoke of such a right. However, supporting such a right has implications, implications which the Labour Party seems to have neither understood nor follows. The most important such implication is that it should not be possible to arbitrarily prevent people accessing the net – and that the barrier for removal of that right should be very high. Any policy which relies on the idea of blocking access should be vigorously resisted – the Digital Economy Act is the most obvious example. Cutting people’s access on what is essentially suspicion is wholly inconsistent with a commitment to the right to access the internet.
  2. A commitment against internet surveillance - internet surveillance is very much in the news right now, with the Coalition pushing the Communications Data Bill, accurately labelled the ‘snoopers’ charter’, about which I have written a number of times.Labour should very much oppose this kind of surveillance, but doesn’t. Indeed, rather the opposite – the current bill is in many ways a successor to Labour’s ‘Interception Modernisation Programme’. Surveillance of this kind goes very much against what should be Labour values: it can be and has been used to monitor those organising protests and similar, going directly against the kinds of civil rights that should be central to the programme of any progressive, left wing party: the rights to assembly and association. Labour should not only say, right now, that it opposes the Snoopers Charter, but that it would not seek to bring in other similar regulation. Indeed, it should go further, and suggest that it would work within the European Union to repeal the Data Retention Directive (which was pushed through by Tony Blair) and to reform RIPA – restricting the powers that it grants rather than increasing them.
  3. A commitment to privacy and data protection – rather than just paying lip service to them. I have written many times before about the problems with the Information Commissioner’s Office. First of all it needs focus: it (or any replacement body) should be primarily in charge of protecting privacy. Secondly, it needs more real teeth – but also more willingness to use them and against more appropriate targets. There has been far too little enforcement on corporate bodies, and too much on public authorities. If companies are to treat individuals’ private information better, they need the incentive to do so – at the moment even if they are detected, the enforcement tends to be feeble: a slap on the wrist at best. The current law punishes each group inappropriately: public authorities with big fines, which ultimately punish the public, corporates barely at all. Financial penalties would provide an incentive for businesses, while more direct personal punishments for those in charge of public authorities would work better as an incentive for them, as well as not punishing the public!
  4. A commitment to oppose the excessive enforcement of copyright – and instead to encourage the content industry to work for more positive ways forward. This would include the repeal of the Digital Economy Act, one of the worst pieces of legislation in the digital field, and one about which the Labour Party should be thoroughly ashamed. Labour needs to think more radically and positively – and understand that the old ways don’t work, and merely manage to alienate (and even criminalise) a generation of young people. Labour has a real opportunity to do something very important here – and to understand the tide that is sweeping across the world, at least in the minds of the people. In the US, SOPA and PIPA have been roundly beaten. ACTA suffered a humiliating defeat in the European Parliament and is probably effectively dead. In France, the new government is looking to abolish HADOPI – the body that enforces their equivalent of the Digital Economy Act. A truly progressive, radical party would not resist this movement – it would seek to lead it. Let the creative minds of the creative industries be put to finding a creative, constructive and positive way forward. Carrots rather than just big sticks.
  5. A commitment to free speech on the internet. This has a number of strands. First of all, to develop positive and modern rules governing defamation on the internet. Reform of defamation is a big programme – and I am not convinced that the current reform package does what it really should, focussing too much on reforming what happens in the ‘old media’ (where I suspect there is less wrong than some might suggest) without dealing properly with the ‘new media’ (which has been dealt with fairly crudely in the current reforms). There needs to be clarity about protection for intermediaries, for example.
  6. A commitment against censorship – this is the second part of the free speech strand. In the current climate, there are regular calls to deal with such things as pornography and ‘trolling’ on the internet – but most of what is actually suggested amounts to little more than censorship. We need to be very careful about this indeed – the risks of censorship are highly significant. Rather than strengthening our powers to censor and control,via web-blocking and so forth, we need to make them more transparent and accountable. A key starting point would be the reform of the Internet Watch Foundation, which plays a key role in dealing with child abuse images and related websites, but falls down badly in terms of transparency and accountability. It needs much more transparency about how it works – a proper appeals procedure, better governance structures and so forth. The Labour Party must not be seduced by the populism of anti-pornography campaigners into believing in web-blocking as a simple, positive tool. There are huge downsides to that kind of approach, downsides that often greatly outweigh the benefits.
  7. A radical new approach to social media – the third strand of the free speech agenda. We need to rethink the laws and their enforcement that have led to tragic absurdities like the Twitter Joke Trial, and the imprisonment of people for Facebook posts about rioting. The use of social media is now a fundamental part of many people’s lives – pretty much all young people’s lives – and at present it often looks as though politicians and the courts have barely a clue how it works. Labour should be taking the lead on this – and it isn’t. The touch needs to be lighter, more intelligent and more sensitive – and led by people who understand and use social media. There are plenty of them about – why aren’t they listened to?
  8. A commitment to transparency – including a full commitment to eGovernment, continuing the good aspects of what the current government is doing in relation to Open Data. Transparency, however, should mean much more – starting with full and unequivocal support for Freedom of Information. There has been too much said over recent months to denigrate the idea of freedom of information, and to suggest that it has ‘gone too far’. The opposite is much more likely to be the case: and a new approach needs to be formulated. If it takes too much time, money and effort to comply with FOI requests, that indicates that the information hasn’t been properly organised or classified, not that the requests should be curbed. The positive, progressive approach would be to start to build systems that make it easier to provide the information, not complain about the requests.
  9. A commitment to talk to the experts – and a willingness to really engage with and listen to them. We have some of the best – from people like Tim Berner-Lee to Professor Ross Anderson at the Cambridge University Computer Lab, Andrew Murray at the LSE, the Oxford Internet Institute and various other university departments, civil society groups and so forth – and yet the government consistently fails to listen to what they say, and prefers instead to listen to industry lobby groups and Whitehall insiders. That is foolish, short-sighted and inappropriate – as well as being supremely ineffective. It is one of the reasons that policies formulated are not just misguided in their aims but also generally fail to achieve those aims. There is real expertise out there – it should be used!

Much more is needed of course – this just sets out a direction. I’ve probably missed out some crucial aspects. Some of this may seem more about reversing and cancelling existing policies rather than formulating new ones – but that is both natural and appropriate, as the internet, much more than most fields, it generally needs a light touch. The internet is not ‘ungovernable’, but most attempts to govern it have been clumsy and counter-productive.

A forward-looking, radical and positive digital policy would mark the Labour Party out as no longer being in the hands of the lobbyists, but instead being willing to fight for the rights of real, ordinary people. It would mark out the Labour Party as being a party that understands young people better – and supports them rather than demonises and criminalises them. Of course I do not expect the Labour Party to take this kind of agenda on. It would take a level of political courage that has not been demonstrated often by any political party, let alone the current Labour Party, to admit that they have got things so wrong in the past. Admission of past faults is something that seems close to political blasphemy these days – for me, that is one of the biggest problems in politics.

As I said at the start, this is very much a first stab at an approach for the future – I would welcome comments, thoughts and even criticism(!). We need debate on this – and not just for the Labour Party. Currently, though my history has been with the Labour Party, I find myself without anyone that I think can represent me. If any party were to take on an agenda for the digital world that would make more sense, I would be ready to listen.

Why does the government always get it wrong?

Why is digital policy so bad?

The most recent pronouncement from the UK government – reinstating in an updated and worsened way the idea of near-universal surveillance of emails, texts, phone calls and web-browsing – is horrific in many ways (which I will blog about separately) but it shouldn’t come as that much of a surprise. This government, and the last government, and the one before that, have an abysmal record in their dealings with the digital world. They get it wrong in almost every way, almost every time.

They get it wrong at a policy level – this new surveillance plan is just one example. They messed up equally badly with my erstwhile favourite bugbears Phorm was another – not only did the Home Office mess up there, but BERR too – in thinking a nice business plan and some heavy lobbying was more important than people’s privacy.

They get it wrong in their law-making: the Digital Economy Act is up there with the Dangerous Dogs Act as the worst piece of law in recent history.

They even get it wrong on a detailed, practical level: make no mistake, the ill-conceived and inhumane O’Dwyer and McKinnon extraditions are political as well as judicial issues, and have the same origins as the problems at the policy and law-making levels. The problems are deep – but no so deep, I hope, as to be insurmountable.

1     Governments don’t understand the internet

The first and most important problem is that governments, and the politicians that run them, simply don’t understand the internet. They just don’t get it. For their own purposes, they largely think of it either as some kind of global PR network – which is why twitter hashtags like #tweetlikeanmp are so sadly apt and accurate.

For other purposes, they think of it either as a distribution network for digital products (which should therefore be governed largely by the entertainment industry) or a secret network for subversives and terrorists (which should therefore be under constant and universal surveillance).

Governments all over the world seem to think largely in those terms – hence Obama’s new ‘bill of rights for the internet’ refers to people only as ‘consumers’, not as citizens. They simply don’t get that the net has a social aspect, a communicative aspect, a creative aspect, an interactive aspect, a community aspect – and that many (most?) of the people who spend time on the internet are contributing in all those different ways.

They know the words – even in the Westminster Bubble they’ve heard of ‘social networking’ – but they don’t understand it in any real way. They don’t understand how things develop on the net, how the community is the lifeblood of the net, not the big companies who lobby them so effectively.

2      Governments don’t understand the entertainment industry

Then again, that’s not very surprising, because there’s very little evidence that those involved in the entertainment industry really understand how their own industry works. This is the industry, remember, that has opposed pretty much every technological development over the last half-century or more, believing that it was going to ‘kill’ the industry. They opposed the use of home cassette recorders, CDs, the VCRs etc well before fighting the ‘evil’ of piracy – rather than embracing and supporting the new technologies and finding a way to harness the great advantages that the technology begins.

They also say things that everyone knows are not true – copyright infringement isn’t theft, and people know that. Theft means not only taking something but depriving someone else of that thing. Copying a bit of music doesn’t do that – and people who copy music in this way know this all too well. Trying to tell them it is theft won’t convince them – just annoy them, and remind them never to listen to you again.

It shouldn’t be seen as surprising that it took a company from outside the entertainment industry, Apple, to actually find a way to use the net that worked, and worked well. It shouldn’t be so surprising that governments, lobbied heavily by an industry that itself doesn’t ‘get it’, end up doing such mindlessly stupid things as the Digital Economy Act. Again, this is a worldwide phenomenon – SOPA and PIPA in the US were every bit as ill-conceived as our Digital Economy Act… and ACTA shows signs of being just as bad.

3      Governments don’t understand law…

This may be, perhaps an overblown claim – but an important one, given governments’ role as lawmakers. What I mean is that they often seem to misunderstand how law really works.

I was at the BILETA conference last week, and Professor Chris Reed gave a compelling keynote about how even legal theorists often end up getting laws badly wrong as they still conceive of it under a kind of ‘command and control’ model: a law commands, then people obey. It doesn’t really work like that – even more so, perhaps, on the internet than in the ‘real’ world.

Ultimately, laws without ‘consent’ don’t really work – just as government without ‘consent’ only works with ultimate force, and even then it’s hard to sustain. It doesn’t matter how many times and in how many ways governments bring in ‘anti-piracy’ laws – if people don’t believe that piracy is ‘wrong’, they won’t want to obey. Law without consent just doesn’t do the job.

4      Governments don’t understand privacy….

Most directly, they don’t understand that people want privacy on the internet – because, as I said at the start, they don’t understand the internet. If they don’t ‘get’ the fact that people use the net in so many interesting and interactive ways, for personal, intimate, social and community purposes, then they’ll never understand why people do care about things like privacy, and do care about being under constant surveillance. After all, if the net is just an online shopping mall, and shopping malls have CCTV, then why would people on the net mind being under surveillance?

The problem is, the net isn’t like a shopping mall. It’s something quite different, qualitatively different, and is used in very, very different ways. We all know (I hope!) that when we browse or shop at Amazon we’re being recorded by Amazon – just as when we go to a shopping mall we’re being recorded. We don’t, however, want CCTV in our own homes. We don’t expect our communications to be monitored, we don’t expect our every move to be recorded wherever we go – and, ultimately, I hope we won’t accept it either.

So what should the government and politicians do?

  1. First of all, they need to admit they have a problem – everyone knows that’s the first stage in solving a problem. Governments need to take a long, hard look at themselves.
  2. Secondly, they need to start talking to the right people – and at the right time. Who really does understand the internet? Civil society, hackers, maybe even some academics – understand it much, much more than politicians, and than industry lobby groups. Talk to the people who know first, not last, and don’t just treat them as add-ons at the end. Frankly, the average punter on the net understands it better than some industry representatives…
  3. When the real experts talk, listen! If Ross Anderson tells you that ‘anonymisation’ doesn’t work, believe him!
  4. Put the lobby groups back in their place. The entertainment industry in particular, as noted above – but the advertising industry can be just as bad, just as misleading, just as out of touch. These industry groups need to be listening to others themselves!
  5. Be willing to admit you were wrong. The Labour Party in particular should grasp that nettle – the DEA was a nightmarishly awful piece of legislation and they should be brave enough to admit it and abandon it. It’s hard, because politicians seem to be under the impression that changing your mind is completely unacceptable. It shouldn’t be – if you find out you’re wrong about something, admit it!
  6. Let those within your party who DO understand it take a bigger role. There are good people in most parties – who do a sterling job as back-benchers and on key committees – who should be listened to at the very least. Labour should put Tom Watson in charge instead of Harriet Harman – and the Coalition should replace the desperate Ed Vaizey with Julian Huppert.
  7. Be brave enough to face up to the security pressure groups, both internal and external. At the moment, just the barest whisper of the word ‘terrorism’ seems to make politicians of almost all parties quiver at the knees and sacrifice their own principles and OUR rights.
  8. Start to trust real people a bit more… and then real people might begin to trust you a bit more.

N.B. MPs, please, please, please take what your civil servants tell you with a huge pinch of salt: they’re even more likely than you not to understand the internet, and even more likely than you to be swayed inappropriately by the copyright and security lobbies!

12 wishes for online privacy….

It’s that time of year for lists, predictions and so forth. I don’t want to make predictions myself – I know all too well how hard it is to predict anything in this world, and even more so in the online world. I do, however, have wishes. Many of these are pipe dreams, I’m afraid, but some of them do have some small hope of coming true. So here they are, my twelve wishes for online privacy…

  1. That I don’t hear the ‘if you’ve got nothing to hide…’ argument against privacy ever again…
  2. That governments worldwide begin to listen more to individuals and to advocacy groups and less to the industry lobby groups, particularly those of the copyright and security industries
  3. That privacy problems continue to grab the headlines – so that privacy starts to be something of a selling point, and companies compete to become the most ‘privacy-friendly’ rather than just paying lip service to privacy
  4. That the small signs I’ve been seeing that Google might be ‘getting’ privacy do not turn out to be illusions. Go on, Google, go on!
  5. That my ‘gut feeling’ that 2012 could be the peak year for Facebook turns out to be true. Not because I particularly dislike Facebook – I can see the benefits and strengths of its system – but because the kind of domination and centralisation it represents can’t be good for privacy in the end, and I don’t believe that the man who said that privacy was no longer a ‘social norm’ has really changed his spots
  6. That the ICO grows some cojones, and starts understanding that it’s supposed to represent us, not just find ways for businesses to get around data protection regulations…
  7. That the media (and yes, I’m talking to YOU, BBC), whenever they get told about a new technical innovation, don’t just talk about how wonderful and exciting it is, but think a little more critically, and particularly about privacy
  8. That the revision to the Data Protection Directive (or perhaps Regulation) turns into something that is both helpful and workable – and not by compromising privacy to the wishes of business interests.
  9. That neither SOPA nor PIPA get passed in the US…
  10. That the right to be forgotten, something I’ve written about a number of times before, is discussed for what it is, not what people assume it must be based solely on the misleading name. It’s not about censorship or rewriting history. It really isn’t! It’s about people having rights over their own data! Whose data? Our data!
  11. That the Labour Party begins to put together a progressive digital policy, and says sorry for ever having listened to the copyright lobby in introducing the Digital Economy Act! 
  12. That we start thinking more about the ordinary privacy of ordinary people, not just that of celebrities and politicians… 
These are of course just a sample of the things I could say – but if even a few of them start to become true, it would be a really good start. Here’s wishing….

Business and Privacy: Evidence and Assumptions?

I came across a couple of stories yesterday that at first glance appeared unconnected, dealing with difference aspects of the current privacy debates concerning the internet. One comes from one side of the Atlantic, the other from the other. One deals with the ‘fight’ against piracy, the other with the current favourite of the online advertising industry, behavioural targeting. Very different issues – but they do have something in common: an inherent assumption that business success should take precedence over individual rights and freedoms.

The first issue was the revelation, through a Freedom of Information Request by the admirable Open Rights Group, that the Department of Culture, Media and Sport had no evidence to support their strategies to reduce the infringement of copyright by websites – you can see their report on the issue here.

The second came from my following of the House Energy and Commerce Committee hearing in Washington, about consumer privacy and online behavioural advertising – a hearing at least on the surface intended to consider consumer concerns, but which by the sound of it had a lot more to do with industry putting their case to avoid regulation. I followed on twitter, and remember one particular call from a regular and respected tweeter from the US who demanded evidence before regulation is considered. Specifically, he wanted evidence as to how much of the advertising economy depended on behavioural targeting – the underlying suggestion being, presumably, that we shouldn’t regulate if it would have too significant an impact on revenue streams.

There are two different ways to look at the two stories. You can look at them as a reflection of the different attitudes to regulation on the two sides of the Atlantic – in England we’re rushing to regulate, while in the US regulation is to be avoided unless absolutely necessary.  Alternatively, however, you can look at them as a reflection of the way that business needs are set above individual rights and freedoms.

Copyright and piracy….

The Open Rights Group’s request was in relation to the proposals in the Digital Economy Act, but that Act is just one of many measures introduced over the years to combat ‘piracy’, although the evidence in support of any of them has generally been conspicuous by its absence. That applies both to evidence to suggest that the problem is as bad as the industry suggests and to the efficacy of the measures being proposed to combat it. Does piracy cause a massive loss of revenue to rights holders? Perhaps, but the suggestions over the years that every illegally downloaded song is a lost sale is far from convincing, and the idea that listening to something illegally might even lead to further legal sales seems to have merit too. The massive success of iTunes suggests that carrots rather than sticks might be more effective – indeed, recent reports from Sweden showing that piracy had reduced as Spotify had been introduced adds weight to this idea.

The Open Rights Group’s FOI request was about the effectiveness of the proposals – and the DCMS effectively acknowledged that they have no evidence about it. So we have proposals for measures about which there is no evidence, to address an issue about which evidence is scanty to say the least… and yet on that basis we’re willing to put restrictions on individuals’ freedoms, potentially apply censorship, and even cut off people’s internet access as a result. That same internet access that is increasingly regarded as a human right.

The Digital Economy Act is one thing, but there’s something else looming on the horizon of even more concern: the Anti-Counterfeiting Trade Agreement (ACTA), whose measures are potentially even more draconian than those in the DEA, and whose scope is even more all-encompassing. The US has already signed it – somewhat against the suggestion that the US prefers not to regulate where possible – and the EU may well sign it soon, though it still needs to pass through the European Parliament, and lobbying of MEPs is underway on both sides.

Behavioural advertising…

Legislation on behavioural advertising has already taken place in Europe, with the notorious ‘Cookies Directive’, about which I’ve written before – but the implementation, enforcement and acceptance of that directive has proved troublesome from the outset, and whether it ends up being at all meaningful has yet to be seen. Legislation in the US is what is currently under discussion, and what is being keenly resisted by the advertising industry and others. ‘Show us the evidence’ is the call – and until that evidence is shown, advertisers should be able to do whatever they want.

Evidence in relation to privacy is a contentious issue in lots of ways. Demonstrating ‘harm’ from an invasion of privacy is difficult, partly because each individual invasion isn’t likely to be significant – particularly in respect of mundane tracking of websites browsed and so forth – and partly because the ‘harm’ is generally intangible, and far from easily turned into something easily quantifiable. Some people suggest that we should treat our personal information like a commodity, akin in some ways to intellectual property, but for me that fails to capture the real essence of privacy. I don’t want to put a ‘value’ on my personal data, any more than I want to put a value on each of my fingers, or on my relationships with my friends and family. It’s something different, and needs protecting as something different. I shouldn’t need to prove the ‘harm’ done by that data being at risk – the loss of it, or loss of control over it, is a harm in itself.

That isn’t all – not only does there appear to be an expectation that we should prove harm, but that even if there IS harm, we’ve got to prove that we wouldn’t be damaging the advertisers’ businesses too much. If their businesses would be harmed too much, we shouldn’t put regulations in place….

Two different situations – but the same assumptions

In the copyright scenario, we’re having our freedom restricted and our privacy invaded without real evidence to support what’s happening. In the behavioural advertising scenario, we’re having our privacy invaded and we’re being asked to prove that there’s a problem before any restrictions are placed – and, what’s more, we’re being asked to prove that we wouldn’t damage business too much.

In both cases, it’s the individuals who lose out. Business takes priority, and individuals rights, particularly in respect of privacy, are overridden. Where businesses perceive there are problems (as in the copyright scenario), they’re not asked for proof – but where individuals perceive there are problems, they’re asked for proof in ways that are inappropriate and unattainable. Shouldn’t the situation be exactly the other way around? Shouldn’t individuals’ rights be considered above the business models of corporations? Shouldn’t the burden of proof work in favour of individuals against businesses, rather than the other way around? Of course that’s a difficult argument to make in economically troubled times – but it’s an argument that in my opinion needs to be made, and made strongly.

The real challenge for IT Lawyers: the law!

Sometimes it’s tempting for an IT lawyer – or rather an academic IT lawyer – to feel that things are moving essentially in the right direction, that the subject is getting more mainstream, more understandable – and more importantly, more understood. In some ways, of course, that’s true – but in others, we need to remember that things are far from positive, and that in many ways the ‘establishment’ – the legal system, the politicians, even the public – still don’t really ‘get it’ at all. Perhaps the most important of these is the legal system. To a significant extent it seems as though the legal system – and the law – is just completely out of kilter with the reality of the IT world, and in particular the internet.

A couple of things in recent weeks have driven that home to me. Neither was surprising, but both were disappointing, particularly to those of us interested in privacy and autonomy. First of all, there was the announcement that there won’t be any prosecutions arising from the Phorm secret trials, something which has been greeted with dismay by privacy advocates. Secondly, and most recently, was the failure of the judicial review to overturn the Digital Economy Act.

In both cases, it’s easy to see how the results came about – and indeed to argue that from a precise legal standpoint the results might have been technically correct. In both – and in the case of the Digital Economy Act in particular – it shows that the legal system really doesn’t understand what’s going on in the internet, and how our online world functions. The Digital Economy Act – in its provisions concerning the policing of illegal downloading – is so clearly inappropriate that it’s hard to find an academic lawyer in the field who believes it’s appropriate or proportionate, or even who believes that it stands any real chance of being effective. Precisely the opposite. It won’t work. It misses the point. It will victimise the innocent. It shows a fundamental misunderstanding of both the nature of the internet and the habits of most of those who use it. It’s such a bad law it just makes many of us shake our heads in disbelief.

The Phorm story is a little less dramatic, but demonstrates some similar features. The CPS have decided not to prosecute – and they may be right that there might not be much chance of a result. That, however, just reveals that our legal system doesn’t have the teeth or the capability to deal with the reality of the internet – for what Phorm and BT did was something that the law should have been able to deal with. It was a serious invasion of privacy on a very serious scale – secretly tracking the entire internet activities of 30,000 people without their knowledge or consent – and yet the law seems to be incapable of dealing with it, incapable of providing people with the kind of protection that people need. The kind of protection that people have a right to expect. The law should do this – and in its current form it doesn’t.

In the grand scheme of things, neither of these two incidents are likely to matter in the end. Despite the failures of the law, Phorm still failed, brought down by a combination of the privacy advocacy of such excellent groups as the Open Rights Group and the Foundation for Information Policy Research, interventions by the European Commission, and the belated intelligence of businesses like BT who withdrew their support as they began to understand how things really work. Similarly, the Digital Economy Act is likely to end up an irrelevance, as the people who it is intended to catch find ways to sidestep it, as further legal challenges arise, and as embarrassing prosecutions fail – and something that gets closer to understanding the reality of the situation is brought in to replace it.

It feels, though, as if the legal system needs to be dragged kicking and screaming into the modern world. That’s the challenge for IT lawyers. People are thinking and writing interesting, informative and insightful things about the nature of the internet – but right now, it isn’t being sufficiently read or understood, and certainly isn’t finding its way into the mindsets of those creating or enforcing the law. It needs to be – for though other forces will (and have, in the case of Phorm) stop many of the worst things from happening, without the law being ‘fit for purpose’ everything is a struggle, and many people suffer along the way.