GCHQ: I’m not charmed yet….

A little over a week ago, GCHQ gave us a show. A giant poppy, part of the 2014 Armistice Day appeal. It was spectacular – and, for me at least, more than a little creepy.

GCHQ poppy

The poppy display seems to have been part of something bigger: the term that immediately sprang to mind was ‘charm offensive’. GCHQ has, over the last year or so, been trying to charm us into seeing them as purely positive, despite the revelations of Edward Snowden. They’re trying to appear less secretive, more something to be admired and supported than something to be concerned about and made accountable. The poppy was an open symbol of that. Look at us, GCHQ seemed to be saying, we’re patriotic, positive, part of what makes this country great. Support us, don’t be worried about it. Love us.

I assume that the speech by Robert Hannigan, the new Director of GCHQ, was intended to be part of that charm offensive. For me, however, it had precisely the opposite effect. The full speech was published in the FT here – but I wanted to pick out a few points.

Privacy an absolute right?

The first, which made the headlines in the Guardian and elsewhere, is Hannigan’s statement that ‘privacy is not an absolute right’. He’s right – but we all know that, even the staunchest of privacy advocates. Privacy is a right held in balance with other rights and needs – with freedom of expression, for example, when looking at press intrusions, with the duty of governments to provide security and so forth. That’s explicitly recognised in all the relevant human rights documents – in Article 8 of the European Convention of Human Rights, for example, it says of the right to a private life that:

“There shall be no interference by a public authority with the exercise of this right except such as is in accordance with the law and is necessary in a democratic society in the interests of national security, public safety or the economic well-being of the country, for the prevention of disorder or crime, for the protection of health or morals, or for the protection of the rights and freedoms of others”

So we already know that privacy is not an absolute right – so why is Hannigan making the point? It’s hard to see this as anything but disingenuous – almost as though he wants to imply that foolish privacy advocates want to help terrorists by demanding absolute privacy. We don’t. Absolutely we don’t. What we want is to have an appropriate balance, for the interference in our privacy to be lawful, proportionate and accountable. At the moment, it’s not at all clear that any of that is true – there are legal challenges to the surveillance, deep doubts as to its proportionality and little evidence that those undertaking the surveillance are properly accountable. On the accountability front, it’s interesting that he should make such a speech at a time when the Intelligence and Security Committee of Parliament, are undertaking a consultation – it made me wonder whether he’s trying to steer the committee in a particular direction.

Facebook – a tool for terrorists?

The other headline from the speech is the way Hannigan seems to be attacking Facebook and others for being too helpful to terrorists – which is an interesting reverse from the more commonly held view that they’re too helpful to the authorities. The argument seems to go that the ‘old’ forms of terrorists, exemplified by Al Qaeda, use the ‘dark web’, while the ‘new’ forms of terrorists, exemplified by IS, are using the social media – Facebook, Twitter and so forth. It’s an interesting point – and I’m sure there’s something in it. There’s no doubt that ‘bad guys’ do use what’s loosely called the dark web – and the social media activities of ‘bad guys’ all around the world are out there for all to see. Indeed, that’s the point – their visibility is the point. However, on the face of it, neither of those ‘facts’ support the need for the authorities to have better, more direct access to Facebook and so forth. Neither, on the face of it, is any justification for the kinds of mass data gathering and surveillance that seem to be going on – and that GCHQ and others seem to be asking us to approve.

By its very nature, the ‘dark web’ is not susceptible to mass surveillance and data gathering – so requires a more intelligent, targeted approach, something which privacy advocates would and do have no objection to. Social media – and Facebook in particular – don’t need mass surveillance either. To a great extent Facebook is mass surveillance. All that information is out there – that’s the point. It’s available for analysis, for aggregation, for pretty much whatever the authorities want it. And if Hannigan imagines that the secret activities of IS and others are undertaken on Facebook he’s more naive than I could imagine anyone in the intelligence services could be – they can’t have chosen to use Facebook and Twitter instead of using the dark web, but in addition to it. The secret stuff is still secret. The stuff on Facebook and Twitter is out there for all to see.

What’s more, there are already legal ways to access those bits of Facebook and Twitter than are not public – which is why the authorities already request that data on a massive scale.

Charming – or disarming?

Hannigan must know all of this - so why is he saying it? Does he think that the charm offensive has already worked, and that the giant GCHQ poppy has convinced us all that they’re wonderful, patriotic and entirely trustworthy? They may well be – I’m no conspiracy theorist, and suspect that they’re acting in good faith. That, however, is not the point. Trust isn’t enough here. We need accountability, we need transparency, we need honesty. Checks and balances. Not just charm.

In praise of pseudonyms…

A remarkably inappropriately titled article appeared in the Telegraph this morning.

“Facebook will soon let you post using someone else’s name”

The article itself, however, said something quite different: that ‘Facebook is reportedly working on a mobile app that will let its users interact without using their real name’. If true, this could be important – and a very positive move. Facebook have long been the champions of ‘real names’ policies: for them to recognise that there are important benefits that arise from the use of pseudonymity and sometimes anonymity is a big development – because there are benefits, and pseudonymity is one of the keys to real freedom of speech and autonomy, both online and in the ‘real’ world.

Firstly, to dispose of the Telegraph’s appalling headline, a pseudonym is very rarely ‘someone else’s name’. There are cases where people try to impersonate others, but these are a tiny fraction of the times that people use pseudonyms. Pseudonyms have been used for a very long time, and for very good reasons. Many people are better known for their pseudonyms than for their ‘real’ names – and they certainly didn’t ‘steal’ them. Did Eric Blair steal the name George Orwell? Did Mary Ann Evans steal the name ‘George Eliot’? Did Gideon Osborne steal the name George? And looking at the first two of those names, did Orwell and Eliot, ‘belong’ to someone else? Of course they don’t. Another George even springs to mind: George Osborne. Should we inset on calling him Gideon, because that was the name his parents gave him? I’m politically opposed to him in every way – but I’d defend his right to call himself George, and defend it to the hilt. Pseudonyms often belong to the people using them every bit as much as their ‘real’ names. In some ways they’re even more representative of the people: when choosing a pseudonym, people often put a lot of thought into the process, choosing something that represents them in some way, or represents some aspect of them.

Sometimes it’s about presentation – and sometimes it’s to protect your ‘real’ identity in an entirely reasonable way. It’s not that you have something to hide – but that your autonomy is better served by the ability to separate your life in some ways. Without that ability, your freedom of expression is chilled. As I’ve written before, there are many kinds of people for whom pseudonymity is crucial: whistle-blowers, people whose positions of responsibility make open speech difficult, people with problematic pasts, people with enemies, people in vulnerable positions, people living under oppressive regimes, young people, people with names that identify their ethnicity or religion, women (at times), victims of spousal abuse and others. It’s also something that helps people to let of steam, to explore different aspects of their lives – or simply to enjoy themselves.

I use my real name most of the time online – amongst other things because my ‘online presence’ is part of my job, an because I make professional links and connections here – but I’m in a privileged position, without any of the obvious vulnerabilities. I’m a white, middle-class, middle-aged, educated, employed, able-bodied, heterosexual, married man. It’s easier for me to function online with my real name – but even I don’t always do so. Over the last decade or so I’ve used a number of pseudonyms, and still use one now. For many years my main online presence was as ‘SpiritualWolf’, prowling the football message boards: I’m a Wolves fan. I didn’t particularly want to connect what I was doing on the football boards with my work life or even my home life – and wanted my football postings to be judged for their content, not on the basis of who I might be. Online life works like that. I created ‘SpiritualWolf’ – but I also was SpiritualWolf. It wasn’t someone else’s name – it was my name.

Even now I used a pseudonym – KipperNick – when I play at being the BBC’s Nick Robinson, in his role as cheerleader for UKIP, a role which, sadly, he often plays better than me. It’s a very different kind of identity – a clearly marked parody account – but it allows me a certain kind of freedom, and lets me have some fun. I don’t use it maliciously – at least I don’t try to….

…and that, in the end, is the rub. It’s not the pseudonymity that’s the problem when we’re looking at malicious communications, for example: it’s the malice. By attacking the pseudonyms we’re not just missing the target we’re potentially shutting off a great deal of freedom, chilling speech and controlling people when that control is really unnecessary. I’m delighted that Facebook has begun to realise this – though I’ll believe it when I see it.

 

Thanks to the many people who replied to my initial tweet about this earlier today – I’ve shamelessly used your examples in the blog post!

The Ballad of Google Spain

For National Poetry Day, with apologies to anyone with any sense of poetry….

 

There was a case, called ‘Google Spain’

That caused us all no end of pain

Do we have a right to be forgotten?

Are Google’s profits a touch ill-gotten?

 

From over the pond came shouts of ‘Free Speech!’

So loud and so shrill they were almost a screech

From the ECJ came a bit of a gloat

‘We’ve got that Google by the throat!’

 

Said Google “If it’s games you play”

“We’ll do that too, all night and day”

So they blocked and blocked, and told the press

“It’s that evil court, we’re so distressed”

 

“Such censorship,” they cried and cried

Though ’twas themselves who did the deeds

They didn’t need to block the links

They were just engaging in hijinks

 

And many stood beside them proudly

Shouting ‘freedom’, oh so loudly

‘Google is our free-speech hero!’

‘We’ll fight with them, let’s be clear-oh!’

 

Others watched and raised their eyebrows

Listening wryly to these vows

And thought ‘is Google really pure?’

‘From what we’ve seen, we’re far less sure.’

 

For Google blocks all kinds of sites

‘Specially for those with copyright

And, you know, this isn’t funny,

When blocking things will make them money

 

This isn’t just about free speech

No matter how much Google preach

What matters here is really power

Is this truly Google’s hour?

 

Does Google have complete control

Or do the law courts have a role?

Time will tell – but on the way

Our privacy will have to pay…

 

 

 

 

 

 

Censorship and surveillance…

Today’s ‘Internet Injunctions’ case in the high court (Cartier vs BSkyB) highlights one of the inherent problems with the kind of ‘porn-blocking’ censorship system that the current government has effectively forced ISPs to comply with: when you build a censorship system for one purpose, you can be pretty certain that it will be used for other purposes. As David Allen Green, who tweets as @JackofKent described it today:

Screen Shot 2014-09-25 at 15.06.55

 

 

Screen Shot 2014-09-25 at 15.07.13

 

 

 

Screen Shot 2014-09-25 at 15.07.20

 

 

Screen Shot 2014-09-25 at 15.07.34

 

 

 

I’ve argued this before – it’s question five in my ‘10 Questions about Cameron’s ‘new’ porn-blocking‘, but here it is in action, being argued in court. It was inevitable that it was going to be argued. Though people tend to deny it, ‘function creep’ or ‘mission creep’ is a reality, not a dream of the paranoid tin-foil hat brigade.

It’s not an argument restricted to censorship systems – the same applies to surveillance, and should remind us of the links between the two, and the need to oppose both. Just as advocates of censorship start with child-abuse imagery and then move on through ‘ordinary’ porn to other kinds of ‘offensive’ material, and then to copyright infringement, advocates of surveillance start with catching terrorists and paedophiles, through catching more ‘ordinary’ criminals, to finding people who are ‘offensive’ in some other way, through to those suspected (and it is generally based on suspicion, not proof) of infringing copyright. And from there, who knows where?

The links between surveillance and censorship are strong and multifaceted – though the motivation, in the end, is the same: control over people and restriction of freedom. Surveillance can be used to support censorship – watch everyone to see where they’re going, what they’re watching and reading, who they’re meeting, so that you can shut down their websites, close their meetings, track down the people they’re listening to, and so forth. Censorship can be used to support surveillance – particularly with things like the current ‘opt-out’ internet filters, where if you opt-out of censorship, that automatically makes you suspicious, and a target for surveillance. Anyone using a pseudonym, or trying to be anonymous, is already marked down as suspicious – anyone using TOR or an equivalent, for example.

This is one of the many reasons we should reject both censorship and surveillance. We should understand that the two are linked – and that there are slippery slopes associated with both. And they really are slippery, as today’s case in the High Court should help us to see.

For more details of the case, see David Allen Green’s piece for the Open Rights Group here, and the Open Rights Group press release here.

The right be forgotten roadshow – and the power of Google.

Screen Shot 2014-09-16 at 20.39.49I read with interest Professor Luciano Floridi’s report from the first two legs of what the Guardian described as ‘Google’s privacy ethics tour of Europe’. Floridi is Professor of Philosophy and Ethics of Information at the Oxford Internet Institute, and one of the experts appointed by Google to its ‘Advisory Council’ on the right to be forgotten.

As would be expected from such an expert, it is a well crafted report and explains very well some of the key ethical questions being addressed through this public consultation. As Floridi puts it:

“The two words most frequently used by all participants in the meetings were “complex” and “balance”, and they describe the situation well. The debate is complex because there are many elements interacting with each other.

The actual ruling, with its pro and contra, including its inconsistency with the advocate-general’s opinion; the role of search engines as intermediaries or data controllers; the difference between availability and accessibility of information online; the so-called rights (to be forgotten, to information), the real rights behind them (privacy and freedom of expression), and the ways in which they are interpreted on the two sides of the Atlantic; the concepts of relevance and of public interest, both very slippery; the procedural uncertainty about who should decide which links are rightfully removed and who should be informed about it.”

There is one element, however, conspicuous by its absence from Floridi’s analysis: a consideration of the power of Google. That power is considerable, and wielded in many different ways. Indeed, it could be said that the power of Google is at the heart of the whole debate over the right to be forgotten, and without taking it properly into account it will be impossible to come to sensible, practical and effective conclusions over how to deal with the right to be forgotten.

Power over what is found – and not found

The reason behind the Google Spain ruling, to start with, was connected with the power that Google wields: ‘Googling’ someone is probably the most important way to find out information about a person. The Spanish man about whom the ruling was concerned felt that when he was Googled the information was misleading and unfair. Google is at the heart of things: how they set their algorithms, how they index the web, what they include and exclude, what they rate highly – and what they rate as insignificant – matters in ways that are often hugely underestimated. And yet, if you read a lot of commentary – even the expert commentary of Professor Floridi – it seems as though Google are a mere conduit, their algorithm organic and their results generated purely in the interests of freedom of expression. If it’s interesting and relevant, those algorithms will find it for you. Google, in this view, are a purely neutral organisation, providing a service to the planet.

That’s a deeply naive assumption. Google is a business – and like all businesses, its bottom line is the bottom line. Google will do what is best for Google as a business. That may often turn out to be what serves freedom of expression best – if we can’t find what we need to find by using Google, we’ll find another way – but sometimes it won’t be. Google takes down masses of links on the basis of copyright claims – because its interests are best served by complying with the law of copyright and by keeping cordial relations with the rights-holders. That’s an infringement of freedom of expression – but in the eyes of the law and the eyes of Google, an acceptable one. Google doesn’t link to child abuse images – and quite rightly so – but that’s also an infringement of freedom of expression. Google complies with local laws and other considerations as and when Google finds it appropriate to do so – and there’s absolutely nothing wrong with that approach. Indeed, it’s an entirely appropriate approach – but it means that casting Google as the great champion of freedom of expression is only telling part of the story.

Power to set the agenda

The second aspect of power that needs to be taken into account is Google’s power to control the process and indeed to set the agenda. This whole roadshow was set up by Google – the advisory council was set up by Google, where they visit and when, who is called to give evidence, what the agenda of their meetings are and so forth is all, directly or indirectly controlled by Google. Again, there’s nothing wrong with this, and in some ways it’s entirely appropriate, but it does mean that it should be viewed in that context. This isn’t some neutral, independent body making an academic analysis of the ethics of the right to be forgotten – it’s a Google appointed body, somewhat akin to a board of trustees, taking soundings on Google’s terms. They wouldn’t have been appointed if they weren’t either predisposed to be on Google’s side, or at least seen to be malleable. It also reflects an apparent tactic that Google has employed in the internet governance and regulation space more generally. By giving individuals with high personal reputation positions of importance, flying them on private jets, and generally treating them like royalty, Google creates powerful external allies. Google’s eight experts are already acting in some ways as though they were more expert than the DPAs and other European organs: it gives Google a chance to blend its choices between the best of a set of alternatives. The DPAs do, at least, appear to have noticed this.

Google seems to have been setting the agenda over the reporting of the right to be forgotten since the day it came out – many (including myself) have wondered whether Google has been deliberately overreacting to the ruling, deleting links to stories when they really didn’t have to, to try to make the ruling look ridiculous. Those stories began very shortly after the ruling, but they continue to this day – the most recent being the story that links to a positive story about an artist being removed seemingly at the artist’s desire. It’s a deeply unconvincing story, and generally couched in terms that misunderstand the ruling. Suggestions that Google was ‘forced’ to remove the link are quite wrong: a request is made, and then Google can decide to delete or not to delete – deletions being if the information is old or irrelevant – and if they choose not to, the requester can either take legal action or ask the data protection authority to adjudicated. Even in the Guardian, which really should know better, it was suggested that “Google was required to enact the court’s decision”. No. Google was not required to do so. They could, and on the face of it they should, have refused to do so. If they were really the guardians of freedom of expression, they would have – but there are wheels within wheels here, and making the ruling look ridiculous seems, again, at least on the face of it, to matter more to them.

Power in other ways

Google’s immense resources mean that it can wield its power in many more ways. Lobbying, both open and hidden, is a big deal – the amount of effort put into shaping the reform of the data protection regime so it suits Google better has been colossal. Current and ex-Googlers are now in the House of Lords (Joanna Shields, appointed by David Cameron in August, used to run Google’s Europe division) and in the White House (Megan Smith, Google VP for Development is Obama’s new Chief Technology Officer and senior technology advisor, appointed earlier this month). Google provides funding to think tanks, and to academic organisations – indeed, they’re one of the biggest funders in these areas. Though this funding is given without strings attached, it is hard not to feel that there is at least some influence on the subjects that are researched, and the terms on which they are researched. No-one bites the hand that feeds them without at least thinking about it. Google has a critical role to play in how technology functions, how businesses function – and in how the media functions. The media in particular sometimes seems far less critical of Google than it might be – except in terms of its taxation policies.

None of this should detract from the way that Google does provide great products – and that things like its search engine do provide a huge amount of help for freedom of expression and so forth. That, however, should not prevent us from seeing the impact of the power that it wields – and taking that power into account when looking at things like privacy and freedom of expression. When trying, as Professor Floridi says, to find the right balance, with all those complex factors to deal with, that power must be taken into account. If it isn’t, that balance will never be found.

 

 

 

The Resurrection of Privacy?

The video below is the slideshow of my presentation this morning at the Society of Legal Scholars conference in Nottingham – and what follows it are some brief notes to support it. Some of this is speculative and some of it is contentious – particularly in relation to the relative importance of corporate and governmental surveillance – and this is an early stage of this research, though it builds on the work in my book, Internet Privacy Rights. I should also note that this is a development of the paper I gave at BILETA earlier this year: ‘who killed privacy?’

 

The Resurrection of Privacy?

In 1999, Scott McNealy, then CEO of Sun Microsystems, famously said:

“You have zero privacy anyway. Get over it.”

Events and developments since 1999 have hardly improved the prospects for privacy: the growth of social networking, technological developments like smartphones, geo-location, business ideas such as behavioural tracking and, most recently, the revelations from Edward Snowden about the near universal surveillance systems of the NSA, GCHQ and others. If privacy was in trouble in 1999, the argument that it is at least close to death in 2014 is much stronger.

That brings two questions:

  • If privacy is dead, who killed it? Did we kill it ourselves? Is it the activities of government agencies like the NSA and GCHQ, or of businesses like Google and Facebook?
  • If if privacy is in fact dead, is there a possible route towards its resurrection?

Suspect 1: us!

On the face of it, it might appear as though we ourselves have simply given up on privacy. We’ve killed it ourselves by embracing all the privacy-invasive technology that’s offered to us, by failing even to read privacy policies, by allowing the intelligence services to do whatever they want, with barely a murmur of protest. More than a billion of us have joined Facebook, for example, a service based at least in some ways on giving up on privacy, sharing our most intimate information.

That, however, is not the whole story. In many ways it appears that what we have done has been through a lack of awareness rather than by deliberate decisions. The extent to which people understand how systems like Facebook work is hard to gauge – but the surprise that people show when bad things happen suggests that there isn’t a great deal of awareness. It also appears that people are becoming more aware – and as they become more aware, they’re making more privacy-based decisions, taking control of their privacy settings and so forth.

Further, when we’re given the chance to see how intelligence agencies work, we don’t seem to be happy about it – though less, it has to be acknowledged, in the UK than in many other countries. Even so, when the Communications Data Bill was put under full scrutiny, it was rejected – in part because of the public reaction. Further, studies show that people don’t like behavioural advertising – and dislike it more when they learn more about how it works.

All this suggests that we aren’t really the key to the death of privacy: we’re more like unwitting accomplices.

Suspect 2: the NSA and GCHQ

The revelations of Edward Snowden about the surveillance activities sent shockwaves through the internet. Many people had already believed that the NSA, GCHQ and other agencies performed surveillance on the internet – Snowden’s revelations seemed to prove it, and to suggest that the level of surveillance was greater even than that feared by the more extreme of conspiracy theorists. Not just had they been gathering telephony and internet data and building (in the US) massive data centres, but they’d been accessing the servers of the big commercial internet providers, tapping into undersea cables, intercepting traffic between server sites and undermining encryption systems – and much more. The level of privacy invasion is extreme.

However, until Edward Snowden revealed all of this, the agencies were working largely in secret – and while this still constitutes a major invasion of privacy, the impact on people’s behaviour is much smaller. If we don’t know we’re being watched, our actions aren’t chilled – and our beliefs about privacy are not changed. Moreover, the kind of harms done to people by surveillance by the NSA and GCHQ are indirect, at least for most people. Finally, and most importantly, if it were not for the commercial operators’ surveillance, the NSA and GCHQ would have far less to ‘feed’ on.

All this is not to dismiss the role of the intelligence services or indeed the impact of their surveillance activities – they should be resisted with the utmost vigour – but in terms of the death of privacy, they can be seen more as opportunist accomplices, rather than instigators.

Suspect 3: businesses like Facebook and Google

The role of the commercial operators on the internet, on the other hand, is both deeper and more significant either than is often believed or than the role of governments and government agencies on their own. The commercial entities have contributed to the decline of privacy in three kinds of ways:

  • Systematic – commercial entities have undermined privacy both in technological and business model senses, developing technologies to invade privacy and business models that depend on systematic and essentially covert gathering of personal data. Businesses have also lobbied strongly to reduce the effectiveness of legal privacy protection. In Europe they have done their best to undermine and weaken data protection – including the on-going reform process. They continue to do so, for example in relation to the right to be forgotten. In the US, they have contributed to the effective scuppering of the Do Not Track initiative.
  • Cooperative – businesses have been working with governments, sometimes willingly, sometimes unwillingly, sometimes knowingly and sometimes unknowingly. The extent of this cooperation and the extent to which is has been willing is unclear – though recent statements from the NSA have suggested that they did know about it and did cooperate willingly. Further, they kept this cooperation secret – until it was revealed by the Snowden leaks.
  • Normative – businesses have been attempting to undermine the idea that privacy is something to value and something of importance. Mark Zuckerberg’s suggestion that ‘privacy is no longer a social norm’ is reflected not just words but actions, encouraging people to ‘share’ information of all kinds rather than consider the privacy impact. Further, they continue to develop technologies that invade privacy inherently – from geo-technology to wearable health monitoring and things like Google Glass.

All this combines to make the role of the businesses look most significant – if anyone is guilty of killing privacy, it is Facebook and Google rather than the NSA and GCHQ. Moreover, the harms to most people possible from corporate surveillance are both tangible and more likely than harms from the NSA and GCHQ: impact on things like insurance, credit ratings, employability, relationships and so forth are not just theoretical.

As Bruce Schneier put it:

“The NSA didn’t wake up and say, ‘Let’s just spy on everybody.’ They looked up and said, ‘Wow, corporations are spying on everybody. Let’s get ourselves a copy.’”

And as Timothy Garton Ash said when considering the Stasi:

“…the Minister for State Security observed that the results achieved by his ministry ‘would be unthinkable without the energetic help and support of the citizens of our country’. ‘For once,’ I comment, ‘what the Minister says is true.’”

Where the Stasi needs the citizen informers, the new surveillance programmes need the ISPs and the internet giants – the Googles, Facebooks, Microsofts, Yahoo!s, Apples and so forth. That is what makes their role in the reverse so important.

The resurrection of privacy

In the post-Snowden environment, at least on the surface, businesses have started to take a more ‘pro-privacy’ stance. Whether that meaningful, or they are just paying lip service to it, has yet to be seen. Their role, however, is crucial.

Reversing the three roles noted above – systematic, cooperative and normative – could produce a positive impact for privacy, effectively being a part of the ‘resurrection’ of privacy:

  • Systematic – businesses could play a part by building more robust technology and developing more privacy-friendly business models
  • Cooperative – and Resistant. Businesses could cooperate more with civil society and academia in working towards privacy – and could do more to resist being co-opted by governments, not just being more transparent in their dealings with governments but acting as a barrier and protection for their users in their dealings with governments.
  • Normative – businesses could play a part in changing the message so that it becomes clearer that privacy is a social norm.

At the moment it seems unlikely that businesses will do very much of this – but there are a few signs that are positive. Real names policies have been relaxed on Google +, and even Facebook has shown some moves in that direction. All the big companies are doing more to secure their systems – encryption is more common, both in the infrastructure and in user systems. Google does at least seem to be making some attempt to cooperate with the right to be forgotten – though whether these attempts are being done in good faith has yet to be seen.

It will probably take a miracle – resurrections generally do – but miracles do sometimes happen.

Who needs privacy? All of us….

A couple of privacy stories have been making big news over the last few days. The first is the ‘celebrity photo’ saga – naked photos of Jennifer Lawrence and others have been ‘leaked’ onto the net. The second is the revelation that the Metropolitan Police obtained the telephone records of Tom Newton Dunn, the political editor of the Sun, in connection with the ‘Plebgate’ saga. Between them, the two stories highlight some of the ways in which privacy matters – and at the same time some of the misunderstandings, some of the hypocrisy, and some of the complexity of privacy.

Celebrities and privacy

The relationship between celebrities and privacy is a complex one. At one level – the level usually argued by the press (including the Sun) – celebrities have less of a right to privacy than the rest of us. After all, they put themselves in the public eye. They open their doors to the likes of Hello magazine – and they make millions from us, from our attention, so doesn’t that mean they have to sacrifice a bit of their privacy to us? The put themselves in the public eye – doesn’t that mean their lives are ‘public’, and drawing attention to them is in the ‘public interest’? This brings into play the classic question of what the difference is between what ‘interests the public’ and what is ‘in the public interest’. They’re certainly not identical – but there is a degree of fuzziness at times.

At another level – the level argued by the celebrities themselves – celebrities need more protection, and if not a stronger right of privacy then a stronger way to enforce that right than the rest of us. After all, celebrities are more likely to have their private lives intruded upon by the press. Paparazzi will point their long lenses into celebrity houses, pursue celebrities down the street, rifle through celebrities’ dustbins, much more than they will for the rest of us. A naked picture of Jennifer Lawrence will get a lot more clicks on the net than a naked picture of a ‘non-celebrity’. The phone hacking saga (of which more later) is just one example – and it’s no coincidence that many of those at the forefront of the campaign to implement the Leveson report are celebrities such as Hugh Grant and Steve Coogan.

There’s strength in both perspectives – and as both are regularly argued by people who are both articulate and very ‘media-savvy’ it is often hard to navigate between them. The courts try – but all too often, whatever they decide is damned by one side or the other.

The Press and Privacy

The Sun are justifiably angry about the revelation that their political editor’s phone records have been accessed by the Metropolitan Police – not least because the story being investigated actually concerned the activities of the police. There are conflicts of interest all over the place here – but also a much bigger point.

For the press to function well, it needs to have privacy. That is, it needs to be possible for the press to keep its sources secret, to protect those people who reveal the key information. If they can’t protect their sources, there’s a very direct chilling effect – people who might come forward with information will be afraid to do so, so that information will never be uncovered, and all kinds of stories that are very much in the public interest will never see the light of day. Members of the press need to have confidentiality – so that they are able to do their job, a critical job in holding the powerful to account. That means the police and the politicians for a start.

Hypocrisy and Privacy

And yet, the stench of hypocrisy is almost overwhelming here. This is the Sun, getting outraged about a breach in privacy. The same Sun who were part of the phone hacking saga, who regularly invade the privacy of all and sundry – celebrities are just one example – often claiming it is in the public interest, but still invading privacy.  The same Sun who were part of an often vicious onslaught on the Guardian in connection with the Snowden revelations. The Sun who often seem to operate as though no-one has any right to privacy – except their own journalists.

This kind of hypocrisy is matched by that of some of the hackers and champions of internet freedom who feel it’s OK to obtain and then release, gleefully, naked pictures of Jennifer Lawrence. Some seem to want their own anonymity and privacy, and think the NSA and GCHQ are nightmarish oppressors – but think that Jennifer Lawrence only has herself to blame for even having those photographs in the first place.

It’s a sadly common set of double standards – privacy doesn’t seem very important, indeed it often seems like something bad (‘privacy is for paedos’, in the words of Paul McMullan, former News of the World journalist) until it has an impact on you. The Sun’s outrage is particularly hypocritical, but at times almost all of us are guilty of it.

We all need privacy

The truth, at least as I see it, is that we all need privacy. We all need our privacy protected – and invasions of privacy should never be done lightly, without a thought for the consequences. Jennifer Lawrence – and all of us – should be able to take whatever photos we want of ourselves, however intimate. Members of the press should be able to communicate safely and securely with their sources. And we, ordinary people, should be able to go on with our ordinary lives without fear of their being exposed. Our lives aren’t any less important than those of celebrities or the press – and though the impact of privacy invasions on our ordinary lives may not be as earth shattering or newsworthy as those of celebrities, politicians and so forth, to us they matter. The revelation that NSA operatives thought looking at nude and sexual photos found by surveillance was fun, and sharing them with colleagues was just a perk of the job should repel us.

There are many other ways that invasions of our privacy have an impact upon us – things like affecting our job prospects, our insurance premiums, our credit ratings, our relationships – but there’s a bigger point here. These are our lives. This is part of our human dignity. Privacy is part of that, and it matters.  We should try to remember that for other people – and celebrities are people too.