Dave Eggers’ The Circle: a book for our times…

I was introduced to Dave Eggers’ novel, The Circle, by Professor Andrew Murray – one of the pre-eminent scholars in IT Law in the UK, and also on of my PhD supervisors. I know I’m very late to this game – the book came out in 2013, and all the cool people will already have read it or reviewed it, but in this case I think it’s worth it. And the fact that someone like Andrew Murray would recommend it should give pause for thought: this isn’t just an entertaining piece of science fiction, it’s a book that really makes you think. It’s not just a dystopian vision of the future, it’s one that is far, far closer to reality than almost any I’ve read – and dystopian novels and films are pretty much my favourite genre.

It’s a book that reminded me why, unlike most of my schoolmates, I always preferred Brave New World to 1984 – and why, of the various privacy stories of the last few months I suspect, ultimately, the Facebook Experiment and the ruling over the Right to be Forgotten will matter more than the passing of the deeply depressing DRIP. In the end, as The Circle demonstrates graphically, we have more to fear from corporate domination of the Internet than we do from all the spooks and law enforcement agencies.

The Circle from which the novel gets its name is a technology company that combines a great deal of Google and Facebook with a little dash of Apple and a touch of Twitter. It dominates search and social media, but also makes cool and functional hardware. Egger’s triumph in the Circle is that he really gets not just the tech but the culture that surrounds it – little details like sending frowns to paramilitaries in Guatemala echo campaigns like #BringBackOurGirls in their futility, superficiality and ultimate inanity. The lives portrayed in the Circle should send shivers down the spines of any of us who spend much time on Twitter or Facebook: that I read the book whilst on a holiday without much Internet access made the point to me most graphically.

Privacy is theft

Eggers echoes both 1984 and Brave New World in using slogans to encapsulate concepts – exaggerating to make the point. For the Circle, these are:

Secrets are lies
Sharing is caring
Privacy is theft

All three are linked together – and connected to the idea that there’s something almost mystical about data. We don’t just have no right to privacy, we have a duty to disclose, a duty to be transparent. A failure to disclose means we’re depriving others of the benefits of our information: by claiming privacy, we’re stealing opportunities and advantages that others have the right to. If we care about others, we should share with them. This is Facebook, this is Google Flu Trends – and it’s the philosophy that implies that those of us who oppose the care.data scheme through which all our health data will be shared with researchers, pharmaceutical companies and many others, are selfish Luddites likely to be responsible for the deaths of thousands.

It is also the philosophy behind a lot of the opposition to the right to be forgotten. That opposition is based on the myth – one that Eggers exposes excellently – that the records on the Internet represent ‘the truth’ and that tampering with them, let alone deleting anything from them, is tantamount to criminality. Without spoiling the plot too much, one of the characters is psychologically and almost physically destroyed by the consequences of that. Eggers neatly leaves it unclear whether the key ‘facts’ that do the damage are actually real – he knows that this, ultimately, isn’t the point. Even if it all were true, the idea that maintaining it and exposing it would be a general good, something to be encouraged and fought for, is misguided at best.

It’s about power – and how it’s wielded

In the novel, The Circle has the power – and it wields it in many ways. Emotional manipulation, keeping people happy and at the same time keeping them within the Circle, is the key point – and the echoes of the Facebook Experiment, about which much has been written, but much has missed the deeper points, are chilling here. One of the real functions of the experiment was for Facebook to find ways to keep people using Facebook…

Another of the key ways that the Circle wields power is through its influence over lawmakers – and the same is sadly evident of Google and Facebook, in the UK as much as in the US. In the UK in particular the influence over things like opposition to data protection reform – and the right to be forgotten – are all too clear. It would be great if this could change, but as in the novel, the powers and common interests are far too strong for much chance. More’s the pity.

As a novel, The Circle is not without fault. I guessed the main plot twist less than half-way through the book. There’s a good deal of hyperbole – but this is dystopian fiction, after all – and the tech itself is not exactly described convincingly. What’s more, the prose is far from beautiful, the characters are mostly rather two-dimensional, and often they’re used primarily to allow Eggers to make his points, often through what amount to set speeches – but Huxley was guilty of that from time to time too. Those speeches, however, are often worth reading. Here, one of the dissidents explains his objections:

“It’s the usual utopian vision. This time they were saying it’ll reduce waste. If stores know what their customers want, then they don’t overproduce, don’t overship, don’t have to throw stuff away when it’s not bought. I mean, like everything else you guys are pushing, it sounds perfect, sounds progressive, but it carries with it more control, more central tracking of everything we do.”

“Mercer, the Circle is a group of people like me. Are you saying that somehow we’re all in a room somewhere, watching you, planning world domination?”

“No. First of all, I know it’s all people like you. Individually you don’t know what you’re doing collectively. But secondly, don’t presume the benevolence of your leaders.”

In that brief exchange Eggers shows how well he gets the point. A little later he nails why we should care much more about this but don’t, focussing instead on the spooks of the NSA and GCHQ.

“Here, though, there are no oppressors. No one’s forcing you to do this. You willingly tie yourself to these leashes.”

That’s the problem. We don’t seem to see the risk – indeed, just as in the novel, we willingly seem to embrace the very things that damage us. Lawmakers, too, seem not to see the problem – and as noted all too often allow themselves to be lobbied into compliance. The success of Google’s lobbyists over the right to be forgotten is testimony to this. Even now, people who really should know better are being persuaded to support the Circle sorry, I mean Google’s business model rather than address a real, important privacy issue.

Coming to a society near you…

We’re taking more and more steps in the direction of the Circle. Not just the Facebook experiment and the reaction to the ‘right to be forgotten’ ruling – but even in the last week or two a House of Lords committee has recommended an end to online anonymity, effectively asking service providers to require real names before receiving services. This is one of the central planks of the way the Circle takes control over people’s lives, and one which our lawmakers seem to be very happy to give them. There are also stories going around about government plans to integrate various databases from health and the DVLA to criminal records… another key tenet of the Circle‘s plans… The ‘detailed’ reasons for doing so sound and seem compelling – but the ultimate consequences could be disastrous…

Anyway, that’s enough from me. Read the book. I’ll be recommending it to
my Internet Law and Privacy students, but I hope it’s read much more widely than that. It deserves to be.

20140804-222408-80648421.jpg

Facebook, Google and the little people….

This last week has emphasised the sheer power and influence of the internet giants – Facebook and Google in particular.

The Facebook Experiment

First we had the furore over the so-called ‘Facebook Experiment’ – the revelation that Facebook had undertaken an exercise in ‘emotional contagion’, effectively trying to manipulate the emotions of nearly 700,000 of its users without their consent, knowledge or understanding. There were many issues surrounding it (some of which I’ve written about here) starting with the ethics of the study itself, but the most important thing to understand is that the experiment succeeded, albeit not very dramatically. That is, by manipulating people’s news feeds, Facebook found that they were able to manipulate peoples emotions. However you look at the ethics of this, that’s a significant amount of power.

Google and the Right to be Forgotten

Then we’ve had the excitement over Google’s ‘clumsy’ implementation of the ECJ ruling in the Google Spain case. I’ve speculated before about Google’s motivations in implementing the ruling so messily, but regardless of their motivations the story should have reminded us of the immense power that Google have over how we use the internet. This power is demonstrated in a number of ways. Firstly, in the importance we place in whether a story can be found through Google – those who talk about the Google Spain ruling being tantamount to censorship are implicitly recognising the critical role that Google plays and hence the immense power that they wield. Secondly, it has demonstrated Google’s power in that, ultimately, how Google decides to interpret and implement the ruling of the court is what decides whether we can or cannot find a story. Thirdly, the way that Google seems to be able to drive the media agenda has been apparent: it sometimes seems as though people in the media are dancing to Google’s tune.

Further, though the early figures for takedown requests under the right to be forgotten sound large – 240,000 since the Google Spain ruling – the number of requests they deal with based on copyright is far higher: 42,324,954 since the decision. Right to be forgotten requests are only 0.5% of those under copyright. Google deals with these requests without the fanfare of the right to be forgotten – and apart from a few internet freedom advocates, very few people seem to even notice. Google has that much control, and their decisions have a huge impact upon us.

Giants vs. Little People

Though the two issues seem to have very little in common, they both reflect the huge power that the internet giants have over ordinary people. It is very hard for ordinary people to fight for their rights – for little people to be able to face up to giants. Little people, therefore, have to do two things: use every tool they can in the fight for their rights, and support each other when that support is needed. When the little people work together, they can punch above their weight. One of the best ways for this to happen, is through civil society organisations. All around the world, civil society organisations make a real difference – from the Open Rights Group and Privacy International in the UK to EDRi in Europe and the EFF in the US. One of the very best of these groups – and one that punches the most above its weight, has been Digital Rights Ireland. They played a critical role in one of the most important legal ‘wins’ for privacy in recent years: the effective defeat of the Data Retention Directive, one of the legal justifications for mass surveillance. They’re a small organisation, but one with expertise and a willingness to take on the giants. Given that so many of those giants – including Facebook – are officially based in Ireland, Digital Rights Ireland are especially important.

Europe vs. Facebook

There is one particular conflict between the little people and the giants that is currently in flux: the ongoing legal fight between campaigner Max Schrems and Facebook. Schrems, who is behind the ‘Europe vs. Facebook’ campaign,  has done brilliantly so far, but his case appears to be at risk. After what looked like an excellent result – the referral by the Irish High Court to the ECJ of his case against Facebook (which relates to the vulnerability of Facebook data to US surveillance via the PRISM program) – Schrems is reported as considering abandoning his case, as the possible costs might bankrupt him if things go badly.

This would be a real disaster – and not just for Schrems. This case really matters in a lot of ways. The internet giants need to know that we little people can take them on: if costs can put us off, the giants will be able to use their huge financial muscle to win every time. It’s a pivotal case – for all of us. For Europeans, it matters in protecting our data from US surveillance. For non Europeans it matters, because it challenges the US giants at a critical point – we all need them to fight against US surveillance, and they’ll only really do that wholeheartedly if it matters to their bottom line. This case could seriously hit Facebook’s bottom line – so if they lost, they’d have to do something to protect their data from US surveillance. They wouldn’t just do that for European Facebook users, they’d do it for all.

Referral to the ECJ is critical, not just because it might give a chance to win, but because (as I’ve blogged before) recently the ECJ has shown more engagement with technological issues and more willingness to rule in favour of privacy – as in the aforementioned invalidation of the Data Retention Directive and in the contentious ruling in Google Spain. We little people need to take advantage of those times when the momentum is on our side – and right now, at least in some ways, the momentum seems to be with us in the eyes of the ECJ.

So what can be done to help Schrems? Well, the first thing I would suggest to Max is to involve Digital Rights Ireland. They could really help him – and I understand that they’ve been seeking an amicus brief in the case. They’re good at this kind of thing, and they and other organizations in Europe have experience in raising the funds for this type of case. Max has done brilliant work, but where ‘little people’ have to face up to giants, they’re much better off not fighting alone.

A week not to be forgotten….

…for those of us interested in the right to be forgotten. I’ve found myself writing and talking to people about it unlike any time before. Privacy is becoming bigger and bigger news – and I have a strong feeling that the Snowden revelations influenced the thinking of the ECJ in last week’s ruling, subconsciously if nothing else. That should not be viewed as a bad thing – quite the opposite. What we have learned through Edward Snowden’s information should have been a wake-up call for everyone. Privacy matters – and the links between the commercial gathering and holding of data and the kind of surveillance done by the authorities are complex and manifold. If we care about privacy in relation to anyone – the authorities, businesses, other individuals, advertisers, employers, criminals etc – then we need to build a more privacy-friendly infrastructure that protects us from all of these. That means thinking more deeply, and considering more radical options – and yes, that even means the right to be forgotten, for all its flaws, risks and complications. More thought is needed, and more action – and we must understand the sources of information here, the nature of those contributing to the debate and so forth.

Anyway, this isn’t a ‘real’ blog post about the subject – I’ve done enough of them in the last week. What I want to do here is provide links to what I’ve written and said in the last week, as well as to my academic contributions to the subject, both past and present, and then to link to Julia Powles’ excellent curation of the academic blogs and articles written by many people in the aftermath of the judgment.

Here’s what I’ve written:

For CNN, a summary of the judgment and its implications, written the same day as the judgment.

For the Justice Gap, a day later, looking at the judgment in context and asking whether it was a ‘good’ or a ‘bad’ thing for internet freedom.

My interview for CBC (Canada)’s Day 6 programme – talking about the implications, and examining the right for a non-European audience.

For my own blog, looking at Google’s options for the future and suggesting that the judgment isn’t the end of the world

Also for my own blog, a day later, trying to put the judgment into context – it’s not about paedophiles and politicians, and it won’t be either a triumph or a disaster.

This last piece may in some ways be the most important – because already there’s a huge about of hype being built up, and scare stories are being leaked to the media at a suspiciously fast rate. There are huge lobbies at play here, particularly from the ‘big players’ on the internet like Google, who will face significant disruption and significant costs as a result of the ruling, and seem to want to make sure that people view the conflict as one of principle, rather than one of business. People will rally behind a call to defend freedom of expression much more easily than they will behind a call to defend Google’s right to make money, particularly given Google’s taxation policies.

Then here are my academic pieces on the subject.

‘A right to delete?’ from 2011, for the European Journal of Law and Technology. This is an open access piece, suggesting a different approach.

‘The EU, the US and the Right to be Forgotten’, published in early 2014, a chapter in a Springer Book on data protection reform, arising from the CPDP conference in Brussels 2013. This, unfortunately, is not open access, but a chapter in an expensive book. This does, however, deal directly with some of the lobbying issues.

The right to be forgotten – and my particular take on it, the right to delete, is also discussed at length in my recently released book, Internet Privacy Rights. There’s a whole chapter on the subject, and it’s part of the general theme.

Finally, here’s a link to Julia Powles’ curation of the topic. This is really helpful – a list of what’s been written by academics over the last week or so, with a brief summary of each piece and a link to it. Some of the academics contributing are from the very top of the field,  including Viktor Mayer-Schönberger, Daniel Solove and Jonathan Zittrain. All the pieces are worth a read.

This subject is far from clear cut, and the debate will continue on, in a pretty heated form I suspect, for quite some time. Probably the best thing that could come out of it, in my opinion, is some more impetus for the completion of the data protection reform in the EU. This reform has been struggling on for some years, stymied amongst other things by intense lobbying  by Google and others. That lobbying will have to change tack pretty quickly: it’s no longer in Google’s interests for the reform to be delayed. If they want to have a more ‘practical’ version of the right to be forgotten in action, the best way is to be helpful rather than obstructive in the reform of the data protection regime. A new regime, with a well balanced version of the right incorporated, would be in almost everyone’s best interests.

The Right to be Forgotten: Neither Triumph Nor Disaster?

“If you can meet with triumph and disaster
And treat those two imposters just the same”

Kipling_ndThose are my two favourite lines from Kipling’s unforgettable poem, ‘If’. They have innumerable applications – and I think another one right now. The Right to be Forgotten, about which I’ve written a number of times recently, is being viewed by some as a total disaster, others as a triumph. I don’t think either are right: it’s a bit of a mess, it may well end up costing Google a lot of time, money and effort, and it may be a huge inconvenience to Data Protection Authorities all over Europe, but in the terms that people have mostly been talking about it, privacy and freedom of expression, it seems to me that it’s unlikely to have nearly as big an impact as some have suggested.

Paedophiles and politicians – and erasure of the past

Within a day or two of the ruling, already the stories were coming out about paedophiles and politicians wanting to use the right to be forgotten to erase their past – precisely the sort of rewriting of history that the term ‘right to be forgotten’ evokes, but that this ruling does not provide for. We do need to be clear about a few things that the right will NOT do. Where there’s a public interest, and where an individual is involved in public life, the right does not apply. The stories going around right now are exactly the kind of of thing that Google can and should refuse to erase links to. If Google don’t, then they’re just being bloody minded – and can give up any claims to be in favour of freedom of speech.

Similarly, we need to be clear that this ruling only applies to individuals – not to companies, government bodies, political parties, religious bodies or anything else of that kind. We’re talking human rights here – and that means humans. And, because of the exception noted above, that only means humans not involved in public life. It also only means ‘old’, ‘irrelevant’ information – though what defines ‘old’ and ‘irrelevant’ remains to be seen and argued about. There are possible slippery slope arguments here, but it doesn’t, at least on the face of it, seem to be a particularly slippery kind of slippery slope – and there’s also not that much time for it to get more slippery, or for us to slip down it, because as soon as the new data protection regime is in place, we’ll almost certainly have to start again.

We still can’t hide

Conversely, this ruling won’t really allow even us ‘little people’ to be forgotten very successfully. The ruling only allows for the erasure of links on searches (through Google or another search engine) that are based on our names. The information itself is not erased, and other forms of search can still find the same stories – that is, ‘searches’ using something other than a search engine, and even uses of search engines with different terms. You might not be able to find stories about me by searching for ‘Paul Bernal’ but still be able to find them by searching under other terms – and creative use of terms could even be automated.

There already are many ways to find things other than through search engines – whether it be crowdsourcing via Twitter or another form of search engine, employing people to look for you, or even creating your own piece of software to trawl the web. This latter idea has probably occurred to some hackers, programmers or entrepreneurs already – if the information is out there, and it still will be, there will be a way to find it. Stalkers will still be able to stalk. Employers will still be able to investigate potential employees. Credit rating agencies will still be able to find out about your ancient insolvency.

…but ‘they’ will still be able to hide

Some people seem to think that this right to be forgotten is the first attempt to manipulate search results or to rewrite history – but it really isn’t. There’s already a thriving ‘reputation management’ industry out there, who for a fee will tidy up your ‘digital footprint’, seeking out and destroying (or at least relegating to the obscurity of the later pages on your search results) disreputable stories, and building up those that show you in a good light. The old industry of SEO – search engine optimisation – did and does exactly that, from a slightly different perspective. That isn’t going to go away – if anything it’s likely to increase. People with the power and knowledge to be able to manage their reputations will still be able to.

On a slightly different tack, criminals and scammers have always been able to cover their tracks – and will still be able to. The old cat-and-mouse game between people wanting to hide their identity and people wanting to uncover those hiding them will still go on. The ‘right to be forgotten’ won’t do anything to change that.

But it’s still a mess?

It is, but not, I suspect, in the terms that people are thinking about. It will be a big mess for Google to comply, though stories are already going round that they’re building systems to allow people to apply online for links to be removed, so they might well already have had contingency plans in place. It will be a mess for data protection agencies (DPAs), as it seems that if Google refuse to comply with your request to erase a link, you can ask the DPAs to adjudicate. DPAs are already vastly overstretched and underfunded – and lacking in people and expertise. This could make their situation even messier. It might, however, also be a way for them to demand more funding from their governments – something that would surely be welcome.

It’s also a huge mess for lawyers and academics, as they struggle to get their heads around the implications and the details – but that’s all grist to the mill, when it comes down to it. It’s certainly meant that I’ve had a lot to write about and think about this week….

 

When is a ‘libertarian’ not a libertarian?

…when it’s a Kipper?

A couple of days ago, blogger Michael Abberton  got a visit from the police. As reported in the Guardian:

“He was told he had not committed any crimes and no action was taken against him, but he was asked to delete some of his tweets, particularly a tongue-in-cheek one on 10 reasons to vote for Ukip, such as scrapping paid maternity leave and raising income tax for the poorest 88% of Britons.”

This is the poster Michael tweeted:

Screen Shot 2014-05-12 at 14.39.13

Michael described his experience in his own blog here. As he put it:

“…they said this was in relation to a complaint that had been made by a certain political party in relation to tweets I had published about them and one tweet in particular which talked about ten reasons to vote for them. The PC wanted to know if I had made that poster.”

The police were polite and concluded that there was no charge to answer and that it was not a police matter – but they still asked him to delete the relevant tweets, and suggested that he not tweet about their visit. I, for one, am glad that he did. There are a number of questions for the police – why they couldn’t work out what was going on just by reading the tweets and blogs, for example, and why they couldn’t see that a visit from the police would look very bad. Do the police not realise that people don’t like having a knock on their door from them? And if they do realise it, why not find another way to deal with something like this – a phone call, for example? If the police were a bit more ‘savvy’ they could have worked out what was going on pretty quickly and simply – and come to the conclusion that they finally did, that this was not a police matter at all. Michael is a scrupulous and intelligent blogger – what he was actually doing was fact-checking a parody UKIP poster that had been doing the rounds for a while.

The police have a lot to learn about this – but I think they are beginning to learn. What is more interesting to me is the role of UKIP. As confirmed by the police, it was a UKIP councillor that made the original complaint. Some UKIP supporters have suggested that the poster was a breach of the somewhat notorious S.127(1) of the Communications Act 2003, the section under which Paul Chambers was prosecuted in the farcical ‘Twitter Joke Trial”. Here’s Marty Caine, for example:

Screen Shot 2014-05-12 at 14.44.54

Now S.127(1) of the Communications Act 2003 is notoriously broad, but even if it could be stretched to cover Michael Abberton’s tweet (which the police concluded it couldn’t), why would UKIP, a party that fairly often puts itself forward as ‘libertarian’, try to use it? One of the basic tenets of libertarianism is a strong belief in freedom of speech. To a ‘real’ libertarian, the law should be used as little as possible. Freedom matters – and freedom of speech in particular. When someone says something bad about you, you should argue with them. Win the battle of wits. Compete in the marketplace of ideas – not try to find a way to silence your opponents, using the law – and the police – to try to stop them arguing against you.

Personally I detest UKIP – as my various blog posts on the subject over the last few months should make pretty clear – but I wouldn’t use the law to try to shut them up. I argue against them, tease them, parody them, try to persuade them – and yes, sometimes even shout at them – but I don’t try to silence them. Am I more of a libertarian than UKIP? It seems so – but then again, no party with pretentions of libertarianism would have as their central policy the control of immigration.

These kinds of tactics should be taken seriously. Visits from the police are disturbing to anyone – and interference in the political debate, particularly this close to an election, should be taken very seriously indeed. Michael Abberton’s blog was very much part of the debate, looking precisely at the policies of UKIP. As Michael put it in his blog:

“Why would a political party, so close to an election, seek to stop people finding out what their policies are or their past voting record? And is it not a matter for concern that a political party would seek to silence dissent and debate in such a manner?”

Yes, it absolutely is.

 

UPDATE:

It turns out that the UKIP councillor that reported Michael’s tweet was Peter Reeve – and that the reason for the complaint seems to have been that as Michael was a Green Party supporter, his tweet should have been labelled as official Green Party electoral material. To say that this is unconvincing is putting it mildly – and Michael’s Twitter avi has a Green Party twibbon, just to make it clear even on a tweet. What’s more, this doesn’t in any way alter the overall freedom of speech argument – trying to silence political opponents by bringing in the police should be anathema….

Communications Surveillance – a miscast debate

GCHQI have just made a submission to the Intelligence and Security Committee’s call for evidence on their Privacy and Security Inquiry. The substance of the submission is set out below – the key point is that I believe that the debate, and indeed the questions asked by the Intelligence and Security Committee, miscast the debate in such a way as to significantly understate the impact of internet surveillance and hence make the case for that surveillance stronger than it really is. I am sure there will be many other excellent submission to the inquiry – this is my small contribution.

——————————

Submission to the Intelligence and Security Committee by Dr Paul Bernal

I am making this submission in response to the Privacy and Security Call for Evidence made by the Intelligence and Security Committee on 11th December 2013, in my capacity as Lecturer in Information Technology, Intellectual Property and Media Law at the UEA Law School. I research in internet law and specialise in internet privacy from both a theoretical and a practical perspective. My PhD thesis, completed at the LSE, looked into the impact that deficiencies in data privacy can have on our individual autonomy. I have a book dealing with the subject, Internet Privacy Rights, which will be published by Cambridge University Press, in March 2014. The subject of internet privacy, therefore, lies precisely within my academic field. I would be happy to provide more detailed evidence, either written or oral, if that would be of assistance to the committee.

Executive summary

There are a great many issues that are brought up by the subject of communications surveillance. This submission does not intend to deal with all of them. It focuses primarily on three key issues:

  1. The debate – and indeed the initial question asked by the ISC – which talks of a balance between ‘individual privacy’ and ‘collective security’ is a miscast one. Communications surveillance impacts upon much more than privacy. It has an impact on all the classical ‘civil liberties’: freedom of expression, freedom of assembly and association and so forth. Privacy is not a merely ‘individual’ issue. It, and the connected rights, are community rights, collective rights, and to undermine them does more than undermine individuals: it hits at the very nature of a free, democratic society.
  2. The invasion of privacy, the impact on the other rights mentioned above, occurs at the point when data is gathered, not when data is accessed. The mass surveillance approach that appears to have been adopted – a ‘gather all, put controls on at the access stage’ is misconceived. The very gathering of the data has an impact on privacy, and leaves data open for misuse, vulnerable to hacking, loss or misappropriation, and has a direct chilling effect.
  3. In terms of mass surveillance, meta-data can in practice be more useful – and have more of an impact on individual rights and freedoms – than content data. It can reveal an enormous amount of information about the individuals involved, and because of its nature it is more easily and automatically analysed and manipulated.

The implications of these three issues are significant: the current debate, as presented to the public and to politicians, is misleading and incomplete. That in turn means that experts remain sceptical about the motivations of those involved in the debate in favour of surveillance – and that it is very hard for there to be real trust between the intelligence services and the public.

It also means that the bar should be placed much higher in terms of evidence that this kind of surveillance is successful in achieving the aims of the intelligence services. Those aims need to be made clear, and the successfulness of the surveillance demonstrated, if the surveillance is to be appropriate in a democratic society. Given the impact in terms of a wide spectrum of human rights – not just individual rights to privacy – the onus is on the security services to demonstrate that success, or move away from mass surveillance as a tactic.

1      A new kind of surveillance

The kind of surveillance currently undertaken – and envisaged in legislation such as the Communications Data Bill in 2012 – is qualitatively different from that hitherto imagined. It is not like ‘old-fashioned’ wiretapping or even email interception. What also makes it new is the way that we use the internet – and in particular the way that the internet is, for most people in what might loosely be described as developed societies, used for almost every aspect of our lives. By observing our internet activities, therefore, the level of scrutiny in our private lives is vastly higher than any form of surveillance could have been in the past.

In particular, the growth of social networking sites and the development of profiling and behavioural tracking systems and their equivalents change the scope of the information available. In parallel with this, technological developments have changed the nature of the data that can be obtained by surveillance – most directly the increased use of mobile phones and in particular smartphones, provides new dimensions of data such as geo-location data, and allow further levels of aggregation and analysis. Other technologies such as facial recognition, in combination with the vast growth of use of digital, online photography – ‘selfie’ was the Oxford Dictionaries Word of the Year for 2013 – take this to a higher level.

This combination of factors means that the ‘new’ surveillance is both qualitatively and quantitatively different from what might be labelled ‘traditional’ surveillance or interception of communications. This means that the old debates, the old balances, need to be recast. Where traditional ‘communications’ was in some ways a subset of traditional privacy rights – as reflected in its part, for example, within Article 8 of the ECHR, the new form of communications has a much broader relevance, a wider scope, and brings into play a much broader array of human rights.

2      Individual right to privacy vs. collective right to security?

2.1      Privacy is not just an individual right

Privacy is often misconstrued as a purely individual right – indeed, it is sometimes characterised as an ‘anti-community’ right, a right to hide yourself away from society. Society, in this view, would be better if none of us had any privacy – a ‘transparent society’. In practice, nothing could be further from the truth: privacy is something that has collective benefit, supporting coherent societies. Privacy isn’t so much about ‘hiding’ things as being able to have some sort of control over your life. The more control people have, the more freely and positively they are likely to behave. Most of us realise this when we consider our own lives. We talk more freely with our friends and relations knowing (or assuming) that what we talk about won’t be plastered all over noticeboards, told to all our colleagues, to the police and so forth. Privacy has a crucial social function – it’s not about individuals vs. society. The opposite: societies cannot function without citizens having a reasonable expectation of privacy.

2.2      Surveillance doesn’t just impact upon privacy

The idea that surveillance impacts only upon privacy is equally misconceived. Surveillance impacts upon many different aspects of our lives – and how we function in this ‘democratic’ society. In human rights terms, it impacts upon a wide range of those rights that we consider crucial: in particular, it impacts upon freedom of expression, freedom of association and freedom of assembly, and others.

2.2.1      Freedom of expression

The issue of freedom of expression is particularly pertinent. Privacy is often misconstrued as somehow an ‘enemy’ of freedom of expression – blogger Paul Staines (a.k.a. Guido Fawkes) for example, suggested that ‘privacy is a euphemism for censorship’. He had a point in one particularly narrow context – the way that privacy law has been used by certain celebrities and politicians to attempt to prevent certain stories from being published – but it misses the much wider meaning and importance of privacy.

Without privacy, speech can be chilled. The Nightjack saga, of which the committee may be aware, is one case in point. The Nightjack blogger was a police insider, providing an excellent insight into the real lives of police officers. His blog won the 2009 Orwell Award – but as a result of email hacking by a journalist working for the Times, he was unable to keep his name private, and ultimately he was forced to close his blog. His freedom of expression was stifled – because his privacy was not protected. In Mexico, at least four bloggers writing about the drugs cartels have not just been prevented from blogging – they’ve been sought out, located, and brutally murdered. There are many others for whom privacy is crucial – from dissenters in oppressive regimes to whistle-blowers to victims of spousal abuse. The internet has given them hitherto unparalleled opportunities to have their voices heard – internet surveillance can take that away. Even the possibility of being located or identified can be enough to silence them.

Internet surveillance not only impacts upon the ability to speak, it impacts upon the ability to receive information – the crucial second part to freedom of speech, as set out in both the European Convention on Human Rights and the Universal Declaration of Human Rights. If people know that which websites they visit will be tracked and observed, they’re much more likely to avoid seeking out information that the authorities or others might deem ‘inappropriate’ or ‘untrustworthy’. That, potentially, is a huge chilling effect. The UN Special Rapporteur on the promotion and protection of the right to freedom of opinion and expression, Frank La Rue, in his report of 2013, made it clear that the link between privacy and freedom of expression is direct and crucial.

“States cannot ensure that individuals are able to freely seek and receive information or express themselves without respecting, protecting and promoting their right to privacy. Privacy and freedom of expression are interlinked and mutually dependent; and infringement upon one can be both the cause and consequence of an infringement upon the other.”

2.2.2      Freedom of association and of assembly

Freedom of association and assembly is equally at risk from surveillance. The internet offers unparalleled opportunities for groups to gather and work together – not just working online, but organising and coordinating assembly and association offline. The role the net played in the Arab Spring has probably been exaggerated – but it did play a part, and it continues to be crucial for many activists, protestors and so forth. The authorities realise this, and also that through surveillance they can counter it. A headline from a few months ago in the UK, “Whitehall chiefs scan Twitter to head off badger protests” should have rung the alarm bells – is ‘heading off’ a protest an appropriate use of surveillance? It is certainly a practical one – and with the addition of things like geo-location data the opportunities for surveillance to block association and assembly both offline and online is one that needs serious consideration. The authorities in the Ukraine recently demonstrated this through the use of surveillance of mobile phone geolocation data in order to identify people who might be protesting – and then sending threatening text messages warning those in the location that they were now on a list: a clear attempt to chill their protests. Once more, this is very much not about individual privacy – it is about collective and community rights.

3      Controls are required at the gathering stage

The essential approach in the current form of internet surveillance, as currently practiced and as set out in the Communications Data Bill in 2012, is to gather all data, then to put ‘controls’ over access to that data. That approach is fundamentally flawed – and appears to be based upon false assumptions.

3.1      Data vulnerability

Most importantly, it is a fallacy to assume that data can ever be truly securely held. There are many ways in which data can be vulnerable, both from a theoretical perspective and in practice. Technological weaknesses – vulnerability to ‘hackers’ etc – may be the most ‘newsworthy’ in a time when hacker groups like ‘anonymous’ have been gathering publicity, but they are far from the most significant. Human error, human malice, collusion and corruption, and commercial pressures (both to reduce costs and to ‘monetise’ data) may be more significant – and the ways that all these vulnerabilities can combine makes the risk even more significant.

In practice, those groups, companies and individuals that might be most expected to be able to look after personal data have been subject to significant data losses. The HMRC loss of child benefit data discs, the MOD losses of armed forces personnel and pension data in laptops, and the numerous and seemingly regular data losses in the NHS highlight problems within those parts of the public sector which hold the most sensitive personal data. Swiss banks’ losses of account data to hacks and data theft demonstrate that even those with the highest reputation and need for secrecy – as well as the greatest financial resources – are vulnerable. The high profile hacks of Apple, Facebook, Twitter, Sony and others show that even those that have access to the highest level of technological expertise can have their security breached. These are just a few examples, and whilst in each case different issues lay behind the breach the underlying issue is the same: where data exists, it is vulnerable.

3.2      Function Creep

Perhaps even more important than the vulnerabilities discussed above is the risk of ‘function creep’ – that when a system is built for one purpose, that purpose will shift and grow, beyond the original intention of the designers and commissioners of the system. It is a familiar pattern, particularly in relation to legislation and technology intended to deal with serious crime, terrorism and so forth. CCTV cameras that are built to prevent crime are then used to deal with dog fouling or to check whether children live in the catchment area for a particular school. Legislation designed to counter terrorism has been used to deal with people such as anti-arms trade protestors – and even to stop train-spotters photographing trains.

In relation to internet surveillance this is a very significant risk: the ways that it could be inappropriately used are vast and multi-faceted. What is built to deal with terrorism, child pornography and organised crime can creep towards less serious crimes, then anti-social behaviour, then the organisation of protests and so forth – there is evidence that this is already taken place. Further to that, there are many commercial lobbies that might push for access to this surveillance data – those attempting to combat breaches of copyright, for example, would like to monitor for suspected examples of ‘piracy’. In each individual case, the use might seem reasonable – but the function of the original surveillance, the justification for its initial imposition, and the balance between benefits and risks, can be lost. An invasion of privacy deemed proportionate for the prevention of terrorism might well be wholly disproportionate for the prevention of copyright infringement, for example.

There can be creep in terms of the types of data gathered. The split between ‘meta data’ and ‘content’ is already one that is contentious, and as time and usage develops is likely to become more so, making the restrictions as to what is ‘content’ likely to shrink. There can be creep in terms of the uses to which the data can be put: from the prevention of terrorism downwards. There can be creep in terms of the authorities able to access and use the data: from those engaged in the prevention of the most serious crime to local authorities and others. All these different dimensions represent important risks: all have happened in the recent past to legislation (e.g. RIPA) and systems (e.g. the London Congestion charge CCTV system).

Prevention of function creep is inherently difficult. As with data vulnerability, the only way to guard against it is not to gather the data in the first place. That means that controls need to be placed at the data gathering stage, not at the data access stage.

4      The role of metadata

Rather than being less important, or less intrusive, than ‘content’, the gathering of meta data in the new kinds of surveillance of the internet may well be more intrusive and more significant. Meta data is the primary form of data used in profiling of people as performed by commercial operators for functions such as behavioural advertising. It is easier to analyse and aggregate, easier for patterns to be determined, and much richer in its implications than content. It is also harder to ‘fake’: content can be concealed by the use of code words and so forth – meta data by its nature is more likely to be ‘true’.

In relation to trust, it is important that those who are engaged in surveillance acknowledge this: and those that scrutinise the intelligence services understand this. It was notable in the open session of the Intelligence and Security Committee at the end of 2013 that none of those questioning the heads of MI5, MI6 and GCHQ made the point, or questioned the use of statements to the effect that they were not reading our emails or listening to our phone calls. Those statements may be true, but they are beside the point: it is the gathering of metadata that matters more. It can reveal automatically – without the need of expert human intervention – great details. As Professor Ed Felten put it in his testimony to the Senate Judiciary Committee hearing on the Continued Oversight of the Foreign Intelligence Surveillance Act:

“Metadata can expose an extraordinary amount about our habits and activities. Calling patterns can reveal when we are awake and asleep; our religion, if a person regularly makes no calls on the Sabbath, or makes a large number of calls on Christmas Day; our work habits and our social attitudes; the number of friends we have; and even our civil and political affiliations.”

Professor Felten was talking about telephony metadata – metadata from internet browsing, emails, social network activity and so forth can be even more revealing.

5      Conclusion

The subject of internet surveillance is of critical importance. Debate is crucial if public support for the programmes of the intelligence service is to be found – and that debate must be informed, appropriate and on the right terms.

It isn’t a question of individual privacy, a kind of luxury in today’s dangerous world, being balanced against the deadly serious issue of security. If expressed in those misleading terms it is easy to see which direction the balance will go. Privacy matters far more than that – and it matters not just to individuals but to society as a whole. It underpins many of our most fundamental and hard-won freedoms – the civil rights that have been something we, as members of liberal and democratic societies, have been most proud.

Similarly, the question of where the controls are built needs to be opened up for debate – at present the assumption seems to be made that gathering is acceptable even without controls. As noted above, that opens up a wide range of risks, risks that should be acknowledged and assessed in relation to the appropriateness of surveillance.

Finally, those involved in the debate should be more open and honest about the role of meta-data: the bland reassurances that ‘we are not reading your emails or listening to your phone calls’ should always be qualified with the acknowledgment that this does not really offer much protection to privacy at all.

Dr Paul Bernal
Lecturer in Information Technology, Intellectual Property and Media Law
UEA Law School
University of East Anglia Norwich
NR4 7TJ
Email: paul.bernal@uea.ac.uk

It’s not just the porn that will be over-blocked….

Newsnight last night included a feature on how the recently introduced internet ‘porn-filters’ were actually blocking more than just porn. Specifically, they noted that sex-education websites, sexual health websites and so forth were being blocked by the filters. This comes as no surprise to anyone working in the area – indeed, my own blog post asking questions about porn-filters was itself blocked – but it is still good to see that the mainstream media is now taking it on board, albeit very late in the day.

It wasn’t a bad feature, but it only began to scratch the surface of the issue. It left a lot of questions unanswered and a lot of crucial issues untouched. The first of these was the suggestion, insufficiently challenged, that this over-blocking was just some sort of ‘teething trouble’. Once the systems get properly up and running, the problems will be ironed out, and everything will work perfectly. As anyone who understands the systems would tell you, this is far from being the case: over-blocking is an inherent problem, one that will never go away. The nature of these filters, the fact that they essentially work algorithmically, means that they will always (and automatically) pick out sites that deal with the same subject matter as the ones that you are trying to block. If you want to block sites that deal with sex, you will block sites that deal with sex education, with sexuality and so forth. It will also be almost certain to block sites connected with LGBT issues, leaving a lot of young and vulnerable people without access to key information. Here, as in so many cases, ignorance is not bliss. Far from it. Now you can clean things up bit by bit in some cases, as site owners complain – but this is a slow and painstaking process, and anyway will only work when site owners discover that they have been blocked – something far from certain to occur. Very often, filtering/censorship will happen without anyone even noticing.

The second key absence from the Newsnight feature was the fact that these filters are not planned just to filter out pornography. They are planned to deal with a whole lot of other websites, from ‘extremism’ and ‘esoterica’, gambling, violence and so forth. Quite apart from the immense difficulty in defining things such as extremism and esoterica – let alone whether it is appropriate to block such sites in the first place – it needs to be remembered that the over blocking issue with porn sites will apply equally to these other sites. Blocking ‘extremist’ sites will end up blocking sites that discuss extremism, for example – and sites that might help people to find their way out of extremist groups and so forth. This won’t just fail to stop the growth in extremism – it will hinder attempts to prevent that growth. It won’t just fail to be effective – it will be actively counterproductive.

This is not an accident. Censorship in general does not work – and students of its history should be aware of this. Though freedom of speech should not be viewed as an absolute, it should be viewed as an ideal, and curtailing it without sufficient reason should only be done with great care and with great understanding. The blunt instrument of internet filtering has neither the care nor the understanding. It will do far more harm than good.

Surveillance and Consent

I was fortunate enough to speak at the Internet and Human Rights Conference at the Human Rights Law Centre at the University of Nottingham on Wednesday. My talk was on the topic of internet surveillance – as performed both by governments and by commercial entities. This is approximately what I said – I very rarely have fully written texts when I talk or lecture, and this was no exception. As you can see, I had one ‘official’ title, but the talk had a number of alternative titles…

Surveillance and Consent

Or

Big Brother is watching you – and so are his commercial partners

Or

What Edward Snowden can teach us about the commercial Internet

Or

To what do we consent, when we enter the Internet?

In particular, do we consent to surveillance? If we do, by whom? When? And on what terms? There are three parts to this talk:

1) Government surveillance and consent

2) Commercial surveillance and consent

3) Forging a (more) privacy friendly future?

1: Government surveillance and consent.

Big Brother is Watching You. He really is. Some of us have always thought so – even if we’ve sometimes been called conspiracy theorists when we’ve articulated those thoughts. Since the revelations of Edward Snowden this summer, we’ve been taken a bit more seriously – and quite rightly so.

The first and perhaps most important question to ask is why the authorities perform surveillance? Counter-terrorism? That’s the one most commonly mentioned. Detection and enforcement of criminal law? Crime prevention? Prevention of disorder? Dealing with child abuse images and tracking down paedophiles? Monitoring of social trends? There are different degrees to all these areas – and potentially some very slippery slopes. Some of the surveillance is clearly beneficial – but some is highly debatable. When looking in the area of crime and disorder this is particularly true when one considers police tactics in the past, from dealing with the anti-nuclear movements in the sixties, seventies and eighties to the shocking revelation about the infiltration of environmental activists more recently. Even this summer, the government admitted that it monitored people’s social media activities in order to ‘head off’ the badger cull protests. Was that right? Are other forms of ‘social control’ through surveillance acceptable? They should at least raise questions.

When looking at government surveillance, we need to ask what is acceptable? Where do we draw the line? Who draws that line? How much of this do we consent to? There are a number of different ways to look at this.

Societal consent?

Do we, as a societies, consent to this kind of surveillance? It is not at all clear that we do, even in the UK, if the furore that lead to the defeat of the Snoopers Charter is anything to go by, or the reaction to Edward Snowden’s revelations in most of the world (though not so much in the UK) is any guide. Do we, as societies, understand the level of surveillance that our governments are performing? It doesn’t seem likely given the surprise shown as more and more of the reality of the situation is revealed. Can we, as societies, understand all of this? Perhaps not fully, but certainly a lot more than we currently do.

Parliamentary consent?

Do we effectively consent by delegating our decisions to our political representatives? By electing them, are we consenting to their decision-making, both in general and in the particular area of internet surveillance? This is a big political question in any situation – but anyone who has observed MPs, even supposedly expert MPs, knows that the level of knowledge and understanding of either the internet or surveillance is appalling. Labour’s Helen Goodman, the Tories’ Clare Perry, the Lib Dems’ Tom Brake, all of whom have been (and still are) in positions of power and responsibility within their own parties in relation to the internet have a level of understanding that would be disappointing in a secondary school pupil.

The Intelligence and Security Committee, who made their first public appearance in November, demonstrated that they were pretty much entirely incapable of providing the scrutiny necessary to represent us – and to hold Big Brother to account on our behalf. Most of the Home Affairs Committee – and the chair, Keith Vaz, in particular, demonstrated this even more dramatically this Tuesday, when questioning Guardian Editor Alan Rusbridger. Keith Vaz’s McCarthy-esque question to Rusbridger ‘do you love your country’ was sadly indicative of the general tone and level of much of the questioning.

There are some MPs who could understand this, but they are few and far between – Lib Dem Julian Huppert, Labour’s Tom Watson, the Tories’ David Davis are the best and perhaps only real examples, but they are mavericks. None are on the front benches, and none seem to have that much influence on their political bosses. Parliament, therefore, seems to offer little help. Whether it could ever offer that help – whether we could ever have politicians with enough understanding of the issues to act on our behalf in a meaningful way, is another question. I hope so – but I may well be pipe dreaming.

Automatic or assumed consent?

Perhaps none of this matters. Could it this kind of government surveillance something we automatically consent to when we use the Internet? Simply by using the net, do we automatically consent to being observed? Is this the price that we have to pay – and that we can be assumed to be willing to pay – in order to use the internet? Scott McNealy’s infamous quote – you have zero privacy anyway, get over it – may be old enough to represent common knowledge. Can we assume that everyone knows they have no privacy? Would that be reasonable, even if it were true? It isn’t true of the public telephone system – wholesale wiretapping isn’t acceptable or accepted, not even of the metadata.

I don’t think any of these – societal, parliamentary or ‘assumed’ really work, or would be sufficient even if they did – because amongst other things because we simply haven’t known what was going on. Our consent, such as it existed, could not have been informed consent, in either of the two ways that can be understood. We did not have the information. We were deliberately kept in the dark. And experience suggests that when we do know more, we tend to object more – as events like the defeat of the Snoopers’ Charter demonstrate.

Do we know what we are consenting to?

Do we understand what the implications of this surveillance actually are? This isn’t just about privacy, no matter how much people like Malcolm Rifkind tries to frame it that way. It isn’t just about individual either – sometimes through this kind of framing it can seem as though asking for privacy is an act of selfishness, and that we should be ashamed of ourselves, and sacrifice our privacy for the greater good – for security.

This is quite wrong – and in many ways framing it in this way is deliberately deceptive. There is a significant impact on many kinds of human rights, not just on privacy. Freedom of expression is chilled – both by overt surveillance through the panopticon effect and through covert surveillance through the imbalance of power that allows control to be exerted. Freedom of association and assembly are deeply affected – both online through the disruption and chilling of online communities, and offline through the disruption of the organisation of ‘real world’ protest and so forth. There’s more too – profiling can allow for discrimination. Indeed, as we shall see, discrimination of a different form is fundamental to commercial surveillance – so can be easily enabled in other ways. Ultimately, too, it can even impact upon freedom of thought – as profiling develops, it could allow the profiler to know what you want even before you do.

So even if we have given consent before, that consent is not really valid. The internet is not like old-fashioned communications. We do more online than we ever did through other forms of communication The nature of the surveillance itself has changed – and the impact of it. Any old consent that did exist should be revoked. If Big Brother wants to keep watching us, He needs to ask again.

2: Commercial surveillance and consent

This is an issue much closer to the common legal understanding of consent – and one that has been much debated. It’s one of the key subjects of the current discussions over the reform of the data protection regime. Edward Snowden, however, has thrown a bit of a spanner into that debate, and those discussions.

To understand what this means, we need to understand commercial surveillance better. Who does ‘commercial’ surveillance? What do I mean by commercial surveillance? Surveillance where money is the motivation – or, to be more precise, where commercial benefit is the motivation. This means things like behavioural tracking – for various purposes – but it also means profiling, it means analysis, all of which are done extensively by all the big players on the Internet, with little or no real idea of consent.

Does commercial surveillance matter?

Commercial surveillance does not often seem to be something people (other than a few privacy geeks like me) care about that much. It’s just about advertising, isn’t it? Doesn’t do anyone any harm? Opt-out’s OK, those paranoid privacy geeks can avoid it if they want, for the rest of us it’s what pays for the net, right? For people like me, there are big concerns – and in some ways it might matter more for most people than surveillance by the NSA and GCHQ. The idea – the one that’s being sold to us – is that it’s about ‘tailoring’ or ‘personalisation’ of your web experience. We can get more relevant content and and more appropriate advertising…

…but that also means that it can have a real impact on real people, from price and service discrimination to an influence on such things credit ratings, insurance premiums and job prospects. Real things that matter to almost all of us. There’s even the possibility of political manipulation – from personalised political advertising to detailed targeting of key ‘swing’ voters, putting even more political influence into the hands of those with the deepest pockets – for it is the deepest pockets that allow access to the ‘biggest’ data, and the most sophisticated profiling and targeting systems.

What Edward Snowden could teach us…

Some parts of the revelations from Edward Snowden should make us think again. PRISM, in particular, should change people’s attitudes to commercial surveillance. This is what Edward Snowden has to teach us. Look at the purported nature of the PRISM program. ‘Direct access’ to the servers of the big Internet companies – including Google and Facebook. Who does commercial surveillance more than Google and Facebook? What’s more, the interaction between governments and businesses is much closer than it might immediately seem. They share technology – and businesses have even let governments subvert their technology, building backdoors, undermining encryption systems and so forth. They share techniques – and even share data, whether willingly or otherwise.

Shared techniques…

Behavioural profiling is just what governments want to do. Behavioural analysis is just what governments want to do. Behavioural targeting is just what governments want to do Is identifying potential customers any different from identifying potential suspects? Is identifying potential markets any different from identifying potential protest groups (such as those involved in the aforementioned badger cull protest)? Or potential dissidents? Is predicting political trends and political risks any different from predicting market trends? Is ‘nudging’ a market that different from manipulating politics? The Internet companies have built engines to do all the authorities’ work for them (well, OK, most of the authorities’ work for them). They just need to tap into those engines. Tailor them a bit. It’s perfect surveillance, and we’ve helped build it. We’ve ‘consented’ to it.

Who is undermining privacy?

So who is undermining privacy? The spooks with their secret surveillance… ….or the business leaders telling us to share everything and that, as Mark Zuckerberg put it, ‘privacy is no longer a social norm’? This ‘de-normalisation’ of privacy – apologies for the word, which I suspect doesn’t really exist – amounts to an attempt to normalise surveillance. The extent to which this desired and pushed-for ‘de-normalisation’ has contributed to the increasing levels of surveillance is essentially a matter for conjecture, but it’s hard not to see a connection.

Paranoid privacy geeks like me have been warning about for a while – but just because we’re paranoid, it doesn’t mean we’re wrong. In this case, it’s looking increasingly as though we were right all along – and that the situation is even worse than we thought.

Is this what we consented to when we signed up for Facebook? Is this what we consent to each time we do a Google search? Is this what we expect when we watch a YouTube video or play a game of Words with Friends? I don’t think so. With new information there should come new understanding – and a reassessment of the situation. We need to decide.

3: A (more) privacy-friendly future?

A three-way consensus is needed. People, businesses and governments need to come to an agreement about what the parameters are, about what it acceptable. About what we consent to. All three groups have power – but at the moment only the authorities seem to be really wielding theirs.

Imagine what would happen if Facebook’s Mark Zuckerberg, Google’s Sergey Brin, Apple’s Tim Cook and their fellows from Microsoft, eBay, Twitter etc all came together and said to the US government ‘No’! Would they be locked up? Would their companies be viciously punished? It seems unlikely – they are much more powerful than they realise. We often talk about the power of the corporate lobbyists – this power could be wielded in a positive way, not just a negative way…

…but it only will if there’s a profit in it for the companies concerned. And that’s where we come in.

We have a key part to play. We need to keep making noises. We need to keep informing people, keep lobbying. Make sure that the companies know that we care about privacy – and not just in relation to governments. Then the companies might start to make a move that helps us.

There are some signs that this might be the case – from the noises from Zuckerberg and so on about how upset they are about the NSA to the current crop of ‘Outlook.com’ advertisements that proclaim loudly how they don’t scan your emails the way that Google do – though it is difficult to tell whether this is just lip service. They talk a lot about transparency, not so much about a reduction in actual surveillance by government – let alone by themselves. If they can wield this power in our favour it could help a lot – but it will only be wielded in this positive way if we make them. So we must be clear that we do not consent to the current situation. We do not consent to surveillance.

Free speech under attack

The idea of freedom of speech, or freedom of expression, is bandied about a great deal these days. It’s sometimes easy to say it without understanding what it really means, and why it is important. Indeed, sometimes those who pose as the greatest champions of freedom of speech seem also to be amongst the biggest threats to it, and at every scale, from the Daily Mail, Telegraph and others attacking the Guardian as threatening national security to Richard Littlejohn, again in the Daily Mail, attacking Jack Monroe for having the temerity to blog. To some, it seems, freedom of expression should only apply to the kind of expression they like. That doesn’t seem much like freedom to me – and it also goes very much against the whole point of that freedom.

Freedom of expression and power…

Freedom of expression is enshrined in pretty much every important human rights document. That should make us ask a number of questions. First of all, what do we mean by it. Secondly, why does it matter so much. Thirdly, what are the threats to it. Finally, what do we need to do to protect it. These questions are not really separate – they’re all linked together, because, from one perspective at least, they all have an underlying theme: freedom of speech is about power. It’s about finding a way to redress the imbalances in power that exist in our world. It’s about holding the powerful to account – and doing what can be done to prevent the powerful from using that power to their own ends, and to the detriment of the less powerful. The primary threats to freedom of speech come from those trying to hold onto their power – and to prevent those who are less powerful from finding ways to be more powerful.

Freedom of expression and the press…

One of the main reasons that, historically in particular, the press has been so important, is that it has been a way to hold the powerful to account. Investigative journalism at its best does this – as the Watergate story bore out so dramatically. That’s where the Guardian’s publishing of the information leaked by Edward Snowden comes in. It’s pretty much the epitome of ‘old style’ freedom of expression. It’s what the press do at their very best – find out where governments have been overstepping their authority, misleading the public, becoming more controlling and authoritarian – and then making that information known. They’ve done a fantastic job – and one that has had repercussions around the world. They have shaken the most powerful institution on the planet – the US government – and opened up a huge debate (less so, sadly, in the UK than almost anywhere else) that needed to be opened up.

Freedom of expression and the UK government…

The way that the UK government – and David Cameron in particular – has threatened the Guardian over these stories should be taken very seriously. Grant Shapps’ attacks on the BBC are part of the same agenda – trying to stifle expression and to use their power to control the agenda.. Anyone – and yes, that includes the Daily Mail, the Sun and so forth – who supports the idea of freedom of speech, or who understand that idea in anything more than a perfunctory and selfish way, should be defending and supporting the Guardian in particular to the hilt. The lack of that support seems to me to be indicative of a failure in the UK to really grasp the point of freedom of expression – and its importance. That failure is echoed in many ways – and seemingly by almost all parties.

Freedom of expression – and its role – is under attack in a great many ways. Though I am distinctly ambivalent about the Royal Charter for press regulation, and see that many of those fighting against it are doing so for purely selfish reasons, without any feeling for or real belief in freedom of expression (witness the supine role of so much of Fleet Street over the attacks on the Guardian) it is entirely right to be deeply concerned about any direct governmental role in regulating the press. What is set up for one reason can very easily be used for another. Some slopes really are slippery…

Freedom of expression and surveillance…

…as the role of surveillance in practice demonstrates all too graphically. What is the real purpose of surveillance? Is it, as its advocates pronounce, to protect national security, to fight the terrorists and track down the paedophiles? That might be the aim in some circumstances, but in practice, as the many abuses of RIPA in the past has shown, it ends up being used for much more pragmatic purposes – and indeed more sinister ones. Internet surveillance has two direct impacts on freedom of expression. Where covert, it allows those with opinions (or those seeking out opinions) that are deemed ‘unacceptable’ to be tracked down and silenced. Where overt, it chills speech, and scares people into submission. Headlines like that in the BBC earlier this year ‘Whitehall chiefs scan Twitter to head off badger protests’ make the point: ‘don’t even think about tweeting about your protests, we’ll find you and stop you’.

That is another reason, of course, that the Guardian’s leaking of the Snowden stories are particularly significant if you’re an advocate of freedom of expression. Internet surveillance may be the biggest threat to freedom of expression of all – because the internet is where the biggest opportunities for freedom of expression now exist.

Freedom of expression and the internet…

Over the past decade or so, the internet has provided more and greater opportunities for freedom of expression than anyone could have imagined. The ability to blog and tweet gives a voice to millions who would otherwise not have had any opportunity to speak. It allows people to find information that they would otherwise have had no chance to find. It allows a sharing of views, a level of criticism and analysis that is wonderful for many, many people – but is deeply threatening to others. That’s why governments are often terrified of the internet – and one of the reasons why people like Richard Littlejohn, a ‘power’ of the ‘old’ press find people like Jack Monroe so frightening. Their power is under threat – so they want to do something about it.

That’s one of the reasons there are sometimes harsher laws for doing things on the internet than there are for doing the same things in ‘real’ life. That’s why there are so many moves to try to control and corral the internet – and why those moves should be resisted very carefully. The ongoing suggestions to build ‘default-on’ porn-filters is part of this – not only will the filters actually filter out far more than porn (indeed, one of my own blogs discussing porn filters was actually porn blocked!) but they establish the idea that filtering and censorship is not just acceptable but actually something good and worth promoting. The powerful want to control the internet. They want to retain their power – and that, in practice, means restricting freedom of speech.

Taking care of freedom of speech

Freedom of speech matters – it really does – and whenever we see it under attack, we need to think very carefully about it. Not just the specific attack, or the specific opinion being attacked, but the implications and the part that it plays in the bigger picture. We should be in a golden age of free speech – the technology should bring that – but we’re not. We should be feeling empowered and emboldened to take on the powerful and make the world a better, more liberated, more enlightened place. We’re in danger of making it exactly the opposite.

Supporting the creative economy?

Today sees the publication of the Third Report of Session 2013-14 of the House of Commons Culture, Media and Sport Committee, titled “Supporting the creative economy”. Having read the main part of the report, with a heavy heart at times, it seems to me that a better title for it would be “supporting the copyright lobby”.

The report can be found online here. I must stress that I have only read through the main report, not through the many pages of detailed evidence that accompanies it, and these are just a few initial thoughts, not a detailed academic analysis. I would also like to stress that I am commenting only on the sections on Intellectual Property – not the parts on Olympic and Paralympic legacy, Funding and finance and so forth.

Google as the enemy….

There are a few themes that shine through – and a two particular targets that the report takes significant pot-shots at. The first of these is Google – the report pulls few punches.

“We strongly condemn the failure of Google, notable among technology companies, to provide an adequate response to creative industry requests to prevent its search engine directing consumers to copyright-infringing websites. We are unimpressed by their evident reluctance to block infringing websites on the flimsy grounds that some operate under the cover of hosting some legal content.”

And

“We are deeply concerned that there is an underlying agenda driven at least partly by technology companies (Google foremost among them) which, if pursued uncritically, could cause irreversible damage to the creative sector on which the United Kingdom’s future prosperity will significantly depend.”

Now I’m not often a great fan of Google, but in this case I fall very much on their side of the debate. Regarding the first issue, to suggest that these grounds are ‘flimsy’ is deeply problematic: blocking any site from Google should be regarded as a big step. Access to information is a human right (part of Article 10 of the European Convention), so blocking legal information should never be undertaken lightly. Google knows this – and quite rightly resists the idea that it should block access to websites without due process. The use of the emotive term ‘flimsy’ in a report like this is unfortunate, to say the least.

As far as the second point is concerned, I am even more concerned. Many of those of us who oppose the current model of copyright enforcement don’t do so as a result of any ‘underlying agenda,’ let alone one driven by the likes of Google. We oppose the model because we believe that it isn’t working, that it suggests to many people – and particularly young people – that they are ‘bad’ or even ‘criminal’ without any real understanding of what they do and why. Much more than that, we oppose it precisely because we support the creative economy – we love music, movies and games, and want to find good, appropriate and effective ways to enjoy them. We want a new model – one that balances rights, and actually supports both the creators and consumers of content.

Dismissing Hargreaves

The other depressing theme in the report is the repeated undermining of the Hargreaves report – and indeed Professor Hargreaves himself. It feels almost as though Hargreaves is being dismissed because he produced the ‘wrong’ results – results that didn’t support the copyright lobby’s vision of how the world should work. One point, in paragraph 73, is particularly telling:

“We are not convinced by Hargreaves’ implication that a facility for private copying is factored into the purchase either of music or devices that store, play or copy it.”

Can I suggest that the committee spend a bit more time talking to young people about how they listen to music, play games or watch TV and movies? Perhaps even ask their own children, rather than just listen to the industry? That, indeed, is a depressing feature throughout the report – a seeming failure to understand how people actually consume content.

Is copyright working?

At one point (paragraph 68) the report says:

“We…  …believe that generally the existing law works well.”

Really? And works well for whom? When I ask young people if they ever download music illegally, it’s a rare young person who doesn’t admit to it. When I ask them whether they think downloading music illegally is ‘wrong’, it’s a rare young person who, ultimately, believes that it IS wrong. It’s also very rare indeed for them to have been ‘caught’ for illegal downloading. Can you really say that a law that is regularly broken, is very widely considered appropriate and is rarely effectively enforced is ‘working’?

Supporting the creative economy?

Very often it seems to me that much of the creative economy is thriving despite copyright law, not because of copyright law. By pursuing this path, by almost obsessively believing in a legal system that is deeply flawed, the committee is itself in danger of causing damage to the creative economy.

Perhaps it is the whole way that they are approaching the issue that’s the problem. There is an inappropriate obsession with piracy – missing the increasing evidence that those who download illegally are also downloading legally. The report says:

“…millions of pounds are being lost by the creative industries..”

Why focus on the revenue that they think is lost, rather than the revenue that is being generated? It is a primary negative approach – instead of looking to punish ‘offenders’, shouldn’t the focus be on how to make more money? Find more, better and different revenue streams, rather than clinging onto old, outdated and ineffective ones?

The report is worried about an ‘underlying agenda driven at least partly by technology companies’ but seems to have completely ignored the much greater underlying agenda driven by the copyright lobby. If they really want to support the creative economy, they could do with starting with a good look in the mirror.