A ‘mature debate’ on surveillance? Yes please!

Andrew Parker, the head of MI5, has said in a speech that he is hoping for a ‘mature debate’ on what he calls ‘intercepting communications data’ rather than surveillance: I’m sure that most people working in the area would very much welcome such a call. I know that I do. Mature debate is exactly what is needed. The question that immediately springs to mind is whether what Andrew Parker means by ‘mature debate’ is the same as what I would understand by the words. The record of the intelligence and security services and the government in relation to such a debate is not a very convincing one: it has been those who challenge surveillance powers who have shown more desire and willingness to debate than the services and their masters in government.

To suggest otherwise – indeed to hint that those challenging them have behaved like petulant, hyperbolic children – flies in the face of the experience of the last few years. There has been hype on both sides, of course – I can see why Parker and others dislike the term ‘Snoopers’ Charter’, for example – but on the other side the claims have been equally lurid and offensive: the suggestions by Theresa May and others that privacy advocates have ‘blood on their hands’ for opposing new powers have been regular and repellent. The record of seeking debate, however, has been distinctly one-sided. Back in 2012, when the coalition government first put forward the Communications Data Bill – dubbed by its ‘hyperbolic’ opponents the Snoopers’ Charter – the intention was to push it through without any real debate at all. Indeed, the hints were that it would be passed in a matter of weeks before the London Olympics. It took a lot of pressure to force the bill into proper scrutiny, and a special Joint Parliamentary Committee was eventually formed to examine it. Debate was very much sought by those interested in interception and surveillance powers: over 600 pages of written evidence was submitted to the committee from more than 100 witnesses (including myself). So yes, we want mature debate, whenever we get the chance.

That first batch of ‘mature debate’ did not get the results that the proponents of the Communications Data Bill wanted: the report of the Joint Parliamentary Committee was highly critical, and after the intervention of the then Deputy Prime Minister, Nick Clegg, the bill was dropped, with a promise of further debate and a new Bill to scrutinise. That new Bill, however, never materialised (though I understand that it was drafted) and neither did the promised further debate. Again, it was not those who challenged surveillance and interception that were avoiding the debate. Very much the opposite: we wanted more information and more debate, and our questions were largely fobbed off.

That debate, however, began to happen even without the participation of the intelligence and security services, when in June 2013 Edward Snowden dropped his bombshell on the whole business. The debate that followed might not have been mature at all times, but it was a debate – despite the efforts of the intelligence and security services, not because of those efforts. Indeed, most of the efforts seemed to be to shut down the debate, to shut Edward Snowden up, along with those in the media who worked with him, arresting them at airports, smashing their hard drives and so forth. Keith Vaz questioning whether Guardian Editor Alan Rusbridger ‘loved his country’ was a particularly mature part of this debate. All this was accompanied by yet more mature suggestions about opponents of surveillance having blood on their hands. The maturity level was immense.

Then, when the mature debate actually began – the three big inquiries, from the Intelligence and Security Committee, the Independent Reviewer of Terrorism Legislation and the Royal United Services Institute – along came the next attempt to shut down that debate: DRIP. The shabby process through which the Data Retention and Investigatory Powers Act was rushed through parliament in a matter of days without any opportunity for public debate and only a few brief hours of parliamentary debate – in a mostly empty chamber with MPs preoccupied with preparations for the forthcoming election – was about as far from opening up to mature debate as could be imagined. Barely a debate at all, let alone a mature one.

Even after that, there was a further attempt to force through legislation without debate – four members of the House of Lords, all associated in the past with the security side of government, tacked on pretty much the entire, rejected Communications Data Bill to the back of another bill, very late in the parliamentary process, to try to sneak in those powers once more without debate.

So, Andrew Parker, let’s have this mature debate. Please. As soon and as deeply as we can. But don’t pretend that you’ve been seeking it all along, or that those who are challenging you have wanted anything else.  What is more, let’s make sure it is a mature debate, and not the sort of ‘debate’ that happens when one side has all the power and has predetermined the result, like a parent telling a three-year-old what the rules are for their behaviour. A mature debate must leave a chance for different results. In this case in particular, mature debate does not mean a Brian Clough style discussion where you tell us your opinion, we tell you your opinion, and we agree that you are right. There has to be a possibility – and you have to be open to this possibility – that the powers of the intelligence and security services are in practice (as well as in law) curtailed. If there is no possibility of change, the debate – mature or immature – is meaningless.

Are you ready for this kind of debate? I hope so. Let’s have it as soon as we can.

A shout out for the Open Rights Group!

Screen Shot 2015-03-17 at 10.04.26Today is #DigitalRightsMatter day – and yes, I know there are days for many things (including, despite the complaints from some, an International Men’s Day (November 19th)). I’m usually fairly cynical about these days – but they do serve a purpose – to focus minds on significant issues, and hopefully to find ways to actually do something about them. In this case, the issue is digital rights – one close to my heart – and the thing to do is to support the Open Rights Group (ORG).

I should say, right from the start, that I’m on the Advisory Council of ORG so I have something of a vested interest – but I’m only on the Advisory Council because I think what ORG does is of critical importance, particularly right now. Never has there been a time when digital rights have been more important, and never has there been a time when they are more under threat. We use the internet for more and more things – from our work to our personal life, from our political activism to our entertainment, from finding jobs to finding romance. Indeed, there are pretty much no parts of our lives that are untouched by the internet – so what happens online, what happens to our digital freedoms and rights, is of ever increasing importance.

Now is when we need them

The threats that we face to our freedoms are growing at a seemingly exponential rate. Surveillance is almost everywhere, and the political pressure to increase it is frightening. Censorship, the other side of that authoritarian coin, is growing almost as fast – from more and more uses for ‘web-blocking’ to ‘porn’ filters that hide vastly more than porn, from critically important sex education websites to sites that discuss alcohol, anorexia and hate speech. David Cameron talks about banning encryption without seemingly having any idea of what he’s talking about – or the implications of his suggestions.

This last point highlights one of the reasons ORG is critically important right now. Politicians from all the mainstream parties seem to have very little grasp of how the internet works – and they reach for ‘easy’ solutions which get the right headlines in the Tabloid press but are not only almost always counterproductive and authoritarian but actually encourage the perpetuation of damaging myths that will make things continue to get worse. The media, left to their own devices, also have a tendency to look for easy headlines and worse.

That’s one of the places that ORG comes in. It campaigns on these issues – current campaigns include ‘Don’t Spy On Us’ dealing with surveillance, Blocked! which looks at filtering, and 451 Unavailable which tries to bring transparency to the blocking of websites by court orders. It produces information that cuts through the confusion and makes sense of these issues – and tries to help politicians and the media to understand them more. And it works – ORG representatives are now quoted regularly in the media and when they make submissions to government inquiries they’re the ones who are given hearings and referred to in reports.

They do much more than this. They help with court cases working with other excellent advocacy groups like Privacy International – the current challenge to the Data Retention and Investigatory Powers Act (DRIPA) is just one of many they’ve been involved in, and these cases really matter. They don’t always win – indeed, sadly they don’t win often – but they often force the disclosure of critical information, they sometimes bring about changes in the law, and they raise the profile of critical issues. ORG are also part of the critical European organisation EDRi who bring together digital rights groups from all over Europe to even more effect.

Now is when they need us

ORG, like other advocacy groups, regularly punches above its weight. It doesn’t have the massive resources of the government agencies and international corporations whose activities they often have to campaign against. There are no deep pockets in ORG, and no massive numbers of staff – they rely on donations, and on volunteers. That’s where #DigitalRightsMatter day comes in – ORG is trying to find new members, get more donations and find access to more expertise. Can you help?

ORG’s joining page is here

Their blog about #DigitalRightsMatter day is here

I would encourage anyone to consider joining – because Digital Rights really do matter, and not just on #DigitalRightsMatter day.

Rifkind of the ISC…

Sir Malcolm Leslie Rifkind, KCMG, QC, MP, former Defence Secretary, former Foreign Secretary, distinguished member of Margaret Thatcher’s cabinet, long standing member of parliament, has become ensnared in a ‘cash for access’ scandal. This has many implications – and many different angles to examine, from his claim that it would be ‘unrealistic’ to expect an MP to live on £67k per annum onward – but the one that may be the most important is his role as Chair of the Intelligence and Security Committee, the ISC. The ISC is the only parliamentary body that oversees the activities of the intelligence services – MI5, MI6 and GCHQ. It is a body that is made up only of people personally nominated by the Prime Minister, and given the nod by the leader of the opposition – and until last year, it operated effectively in private. It has had one public session (about which I have written before) in November last year, and it wasn’t exactly impressive – it felt rehearsed, and scripted, the heads of MI5, MI6 and GCHQ having been given details of the questions beforehand.

In practice, therefore, there is an enormous amount of responsibility on the ISC, and on its chair in particular. What they do is largely behind closed doors – so we have to trust that they do a good job. The latest events for Sir Malcolm Rifkind make that seem very doubtful. I have met Rifkind – I sat next to him at the ‘Round Table’ events as part of the ISC’s inquiry into surveillance – and I have to admit I liked him. He was charming, affable, a good listener, clearly intelligent, and in some ways what appears to be a consummate politician. His experience is enormous, his ability to ‘manage’ meetings very impressive – but does that make him suitable for the key role overseeing the UK’s intelligence services?

He does not have the technical knowledge or understanding of the technology – he made that entirely clear from the start of the Round Table discussion, asking for the most basic information and demonstrating some critical levels of technical ignorance. He does not have the legal understanding either – he admitted to me directly that he didn’t understand RIPA – the Regulation of Investigatory Powers Act that is central to the governance of surveillance in the UK. So what is left? His ‘gravitas’, his position as a ‘safe pair of hands’. And that, importantly, is what is now compromised. He is supposed to represent us – and from what we have seen about his ‘cash for access’ scandal, it seems pretty clear that his main representation is of himself. He was duped by a fake Chinese company, set up by journalists, for the chance of making money. What he said may (it has yet to be confirmed) be within the parliamentary guidelines, but in this context that cannot be nearly enough. Being Chair of the ISC is a huge responsibility – and it has huge sensitivity.

It isn’t just personal issues that are at stake, but national security to: just imagine the possibilities if the fake Chinese company had been a cover for Chinese Intelligence rather than journalists from Channel 4 and the Telegraph. It is almost a classic trap – the sort of thing that has been played out in many thrillers. Some thrillers, these days, would have had Rifkind compromised by people within the intelligence services, so that they can bend him to their will – but I don’t believe that is the real risk here. Rather, it shows inappropriate priorities – when priorities are particularly critical.

There is another side to this that should be deeply concerning. This kind of thing matters because companies – specifically companies involved in the development and supply of surveillance technology – are part of the problem with surveillance. They want to promote surveillance so they can be paid to develop and implement technology here that can then be exported elsewhere – there is a ready market for surveillance systems all over the world, particularly to the more oppressive and autocratic of governments. These companies can lobby, can manipulate, can bamboozle people without the technological knowledge or understanding to appreciate the risks. And Rifkind fits the bill.

I don’t believe it is just Rifkind that is the issue here – though the idea that he could remain as Chair of the ISC after this is frankly deeply disturbing – but our whole system of oversight of intelligence. Depending on individuals, particularly individuals appointed through a system which is rife with patronage and inside connections, just doesn’t work. It creates vulnerability – and destroys the possibility of accountability. It needs root and branch reform – the involvement of technical experts, civil society and the judiciary, not just politicians and civil servants. Will it happen? It seems unlikely. Eventually Rifkind will probably fall on his sword, but nothing more will change. If only it would.

UPDATE: 10:15 February 24th: Rifkind has stepped down as Chair of the ISC, though he remains a member of the committee.

10:30 February 24th: Rifkind will also be stepping down as an MP in May

Fear and loathing of social media…

There seems to have been a lot of negativity about social media in the last few weeks and months. It has a number of different facets and works in a number of different directions.

Command central for terrorists

One is the portrayal of the social media as evil and dangerous, full of paedophiles, terrorists and worse. We should be afraid of social media. The new head of GCHQ has called Google and Facebook ‘Command Central’ for terrorists such as the so-called Islamic State, something echoed in detail by the Parliament Intelligence and Security Committee’s apparent conclusion that Facebook were the only ones who could have (and didn’t) stop the murder of Lee Rigby. According to this mantra, we need to take control of the social media if the social media companies don’t take control themselves, and accept their ‘social responsibility’

The playground of irrelevant keyboard warriors

The second is the seemingly contradictory portrayal of the social media as pointless, puerile and distracting, reflective of nothing of substance and a great deal of stupidity and foolishness. Social media is something to be loathed. The reaction to the #CameronMustGo hashtag is perhaps the best example – and in particular complaints about the idea that this fact that the hashtag has now trended for upwards of a week (which for people unfamiliar with Twitter trends is something quite remarkable – in Twitter terms) deserves coverage in the mainstream media – and has received it. ‘Why,’ the argument goes, ‘should the real media pay any attention at all to the online witterings of a few dodgy lefty keyboard warriors? That’s not real news.’

So which is it? Is the social media a den of evil, command central for terrorists and something we should all be desperately afraid of – and need to police, to control, to censor? Or is it just the playground of geeks and nerds, lefty political wonks and the liberal media elite, to which we should pay no attention at all? Both? Neither?

A little more complicated….

Reality, as usual, is a little more complicated than that. Social media is in some ways new, in some ways old, in some ways crucially important, in others entirely irrelevant. It needs thought in order to understand, not just a few clichéd words and a bit of pigeon-holing. It’s reflective of ‘real’ life in some ways – and a place and space of its own in others. That, for many of those of us who spend a lot of time using social media, is actually what makes it worthwhile. There are things on here that matter – and there are things that don’t at all. There are ways in which the social media can challenge the ‘mainstream media’, and do jobs that the mainstream media either can’t or won’t do – the coverage of the Israeli incursions into Gaza earlier this year was one of those, opening eyes and then leading at least some of the mainstream media into a very different form of coverage of Palestine and the Palestinians than they had ever shown before. The same for the coverage of the reaction to the killing of Michael Brown in Ferguson – social media’s immediacy, the way that ordinary people could get their own experiences ‘out there’, provided something different, and seemed, at least in some ways, to change the way that the mainstream media (or at least some of it) covered the events. That matters.

At the same time, a lot of the other stuff on social media really is pretty pointless. Stories abound that have no basis in reality – or, worse, distort reality and distract from real coverage of real events. Some of the photos of the full and empty chambers of the Houses of Parliament currently circulating on Twitter fit into this category, as Isabel Hardman has revealed in the Spectator. At times, though, even these pictures do matter – or at least I think so – such as the ones I tweeted myself of the empty chamber during the DRIP debate. They mattered then because the chamber really was empty, and that was the only time that Parliament had to discuss that critical debate – there was no other chance to debate it, no committee stages, no public (or even private) hearings, just that debate. That was it.

At other times, Twitter is just stupid and irrelevant – or silly and fun, depending on your perspective. I use Twitter for important, work-related stuff, for political debate – but also for silly hashtag games. My tweet ‘The Hunt For Red Leicester’ in the #CheeseFilms hashtag games remains one of my favourites.


Where, then, does #CameronMustGo fit in to this – and why do some people seem to absolutely loath it? Some have positively seethed when they tweet about how pointless and irrelevant it is, how ridiculous it is that other people are angry that the BBC isn’t giving it more coverage, how much of a distraction it is from ‘real’ news, how it doesn’t have any ‘real’ basis behind it and so on. Are they right?

For me, there’s a lot of truth in what the critics say in detail – but they miss the ‘bigger’ social media picture. Yes, there’s no ‘real’ basis for it – it wasn’t a particular event that triggered the tweets, just an idea to try to get it trending. It’s not one particular action of our Prime Minister that made people think it was time for him to go. It’s also not true that #CameronMustGo has any chance whatsoever of actually succeeding in making Cameron go anywhere – let alone forcing him out of office.

…but very, very few of those contributing to the hashtag would ever believe that it does. The ones that I know, at least, have very few illusions about what a hashtag can actually contribute, or what the point of it is. #CameronMustGo is something that allows people to vent their frustration at a government that they detest – and at a media that seems to ignore them. It was born out of anger with the mainstream media’s apparent obsession with Ed Miliband’s oddness and awkwardness – and their unwillingness to subject Cameron to similar levels of scrutiny. It was an opportunity to have fun too – and the hashtag is full of humorous as well as serious tweets.

That doesn’t mean that the hashtag needs or deserves attention by the mainstream media in terms other than its own: as a hashtag. As a hashtag, however, it does deserve attention. That is, if you’re studying or covering what’s happening on Twitter, it deserves attention – because Twitter trends rarely last long, and for #CameronMustGo to trend this long. The level of dissent, of attention, of focus necessary to keep this trending is impressive – in Twitter terms.

That’s not to be sneezed at – but neither is it earthshattering. It’s a bit of a Twitter phenomenon – but I doubt Cameron will be losing much sleep over it either. The main way that Twitter matters to politicians is that their own injudicious (or at least arguably injudicious) tweets can be deeply damaging to their careers, as Emily Thornberry found out. Twitter matters most to those on Twitter. It’s not really something to be either feared or loathed – particularly by those who don’t really understand it.

It is, however, those who don’t really understand social media who seem to display the most of that fear and loathing. They might do better to listen a little more to those who spend more time on the social media…..


UPDATE: 2 December 2014

As I write, two days after the initial post, #CameronMustGo is still trending – and the loathing of it seems to have reached new heights. One Tory MP has suggested witheringly that those behind it don’t understand economics, others that it’s no substitute for ‘real’ politics – while journalists continue to treat it largely with disdain. I can see why both politicians and journalists don’t like it – but at times there seems to be something close to fear in their reactions. It’s natural to be afraid of the unknown to some degree – and the problem seems to be that this really is unknown territory.

Journalists have embraced Twitter to a great degree – but there is still a tendency to look down on it because it’s not ‘real’ journalism. That’s true. It isn’t ‘real’ journalism – but that doesn’t mean that it’s somehow a ‘lesser’ thing. It’s just different. It performs different functions – mobilisation of groups who are otherwise unheard is just one of them. Anyone who followed the ‘IamSpartacus’ movement should see that – and journalists should be able to look beyond their own bubbles and see that too.

Most politicians haven’t embraced Twitter to the same extent – except to #TweetLikeAnMP – and they generally treat Twitter with either fear (as it may end their careers, Emily Thornberry-style) or as a PR tool (as they treat a great many things). That, too, is missing the point. Twitter is something quite different…

…and those behind the #CameronMustGo hashtag have realised that. They’re in unknown territory too, as no-one imagined the hashtag would trend this long. As I noted above, this still isn’t earth shattering, and it definitely won’t unseat Cameron – but neither is it intended to. It does what it does, and on its own terms – and it does it spectacularly well, in comparison to other similar attempts.

The Resurrection of Privacy?

The video below is the slideshow of my presentation this morning at the Society of Legal Scholars conference in Nottingham – and what follows it are some brief notes to support it. Some of this is speculative and some of it is contentious – particularly in relation to the relative importance of corporate and governmental surveillance – and this is an early stage of this research, though it builds on the work in my book, Internet Privacy Rights. I should also note that this is a development of the paper I gave at BILETA earlier this year: ‘who killed privacy?’


The Resurrection of Privacy?

In 1999, Scott McNealy, then CEO of Sun Microsystems, famously said:

“You have zero privacy anyway. Get over it.”

Events and developments since 1999 have hardly improved the prospects for privacy: the growth of social networking, technological developments like smartphones, geo-location, business ideas such as behavioural tracking and, most recently, the revelations from Edward Snowden about the near universal surveillance systems of the NSA, GCHQ and others. If privacy was in trouble in 1999, the argument that it is at least close to death in 2014 is much stronger.

That brings two questions:

  • If privacy is dead, who killed it? Did we kill it ourselves? Is it the activities of government agencies like the NSA and GCHQ, or of businesses like Google and Facebook?
  • If if privacy is in fact dead, is there a possible route towards its resurrection?

Suspect 1: us!

On the face of it, it might appear as though we ourselves have simply given up on privacy. We’ve killed it ourselves by embracing all the privacy-invasive technology that’s offered to us, by failing even to read privacy policies, by allowing the intelligence services to do whatever they want, with barely a murmur of protest. More than a billion of us have joined Facebook, for example, a service based at least in some ways on giving up on privacy, sharing our most intimate information.

That, however, is not the whole story. In many ways it appears that what we have done has been through a lack of awareness rather than by deliberate decisions. The extent to which people understand how systems like Facebook work is hard to gauge – but the surprise that people show when bad things happen suggests that there isn’t a great deal of awareness. It also appears that people are becoming more aware – and as they become more aware, they’re making more privacy-based decisions, taking control of their privacy settings and so forth.

Further, when we’re given the chance to see how intelligence agencies work, we don’t seem to be happy about it – though less, it has to be acknowledged, in the UK than in many other countries. Even so, when the Communications Data Bill was put under full scrutiny, it was rejected – in part because of the public reaction. Further, studies show that people don’t like behavioural advertising – and dislike it more when they learn more about how it works.

All this suggests that we aren’t really the key to the death of privacy: we’re more like unwitting accomplices.

Suspect 2: the NSA and GCHQ

The revelations of Edward Snowden about the surveillance activities sent shockwaves through the internet. Many people had already believed that the NSA, GCHQ and other agencies performed surveillance on the internet – Snowden’s revelations seemed to prove it, and to suggest that the level of surveillance was greater even than that feared by the more extreme of conspiracy theorists. Not just had they been gathering telephony and internet data and building (in the US) massive data centres, but they’d been accessing the servers of the big commercial internet providers, tapping into undersea cables, intercepting traffic between server sites and undermining encryption systems – and much more. The level of privacy invasion is extreme.

However, until Edward Snowden revealed all of this, the agencies were working largely in secret – and while this still constitutes a major invasion of privacy, the impact on people’s behaviour is much smaller. If we don’t know we’re being watched, our actions aren’t chilled – and our beliefs about privacy are not changed. Moreover, the kind of harms done to people by surveillance by the NSA and GCHQ are indirect, at least for most people. Finally, and most importantly, if it were not for the commercial operators’ surveillance, the NSA and GCHQ would have far less to ‘feed’ on.

All this is not to dismiss the role of the intelligence services or indeed the impact of their surveillance activities – they should be resisted with the utmost vigour – but in terms of the death of privacy, they can be seen more as opportunist accomplices, rather than instigators.

Suspect 3: businesses like Facebook and Google

The role of the commercial operators on the internet, on the other hand, is both deeper and more significant either than is often believed or than the role of governments and government agencies on their own. The commercial entities have contributed to the decline of privacy in three kinds of ways:

  • Systematic – commercial entities have undermined privacy both in technological and business model senses, developing technologies to invade privacy and business models that depend on systematic and essentially covert gathering of personal data. Businesses have also lobbied strongly to reduce the effectiveness of legal privacy protection. In Europe they have done their best to undermine and weaken data protection – including the on-going reform process. They continue to do so, for example in relation to the right to be forgotten. In the US, they have contributed to the effective scuppering of the Do Not Track initiative.
  • Cooperative – businesses have been working with governments, sometimes willingly, sometimes unwillingly, sometimes knowingly and sometimes unknowingly. The extent of this cooperation and the extent to which is has been willing is unclear – though recent statements from the NSA have suggested that they did know about it and did cooperate willingly. Further, they kept this cooperation secret – until it was revealed by the Snowden leaks.
  • Normative – businesses have been attempting to undermine the idea that privacy is something to value and something of importance. Mark Zuckerberg’s suggestion that ‘privacy is no longer a social norm’ is reflected not just words but actions, encouraging people to ‘share’ information of all kinds rather than consider the privacy impact. Further, they continue to develop technologies that invade privacy inherently – from geo-technology to wearable health monitoring and things like Google Glass.

All this combines to make the role of the businesses look most significant – if anyone is guilty of killing privacy, it is Facebook and Google rather than the NSA and GCHQ. Moreover, the harms to most people possible from corporate surveillance are both tangible and more likely than harms from the NSA and GCHQ: impact on things like insurance, credit ratings, employability, relationships and so forth are not just theoretical.

As Bruce Schneier put it:

“The NSA didn’t wake up and say, ‘Let’s just spy on everybody.’ They looked up and said, ‘Wow, corporations are spying on everybody. Let’s get ourselves a copy.’”

And as Timothy Garton Ash said when considering the Stasi:

“…the Minister for State Security observed that the results achieved by his ministry ‘would be unthinkable without the energetic help and support of the citizens of our country’. ‘For once,’ I comment, ‘what the Minister says is true.’”

Where the Stasi needs the citizen informers, the new surveillance programmes need the ISPs and the internet giants – the Googles, Facebooks, Microsofts, Yahoo!s, Apples and so forth. That is what makes their role in the reverse so important.

The resurrection of privacy

In the post-Snowden environment, at least on the surface, businesses have started to take a more ‘pro-privacy’ stance. Whether that meaningful, or they are just paying lip service to it, has yet to be seen. Their role, however, is crucial.

Reversing the three roles noted above – systematic, cooperative and normative – could produce a positive impact for privacy, effectively being a part of the ‘resurrection’ of privacy:

  • Systematic – businesses could play a part by building more robust technology and developing more privacy-friendly business models
  • Cooperative – and Resistant. Businesses could cooperate more with civil society and academia in working towards privacy – and could do more to resist being co-opted by governments, not just being more transparent in their dealings with governments but acting as a barrier and protection for their users in their dealings with governments.
  • Normative – businesses could play a part in changing the message so that it becomes clearer that privacy is a social norm.

At the moment it seems unlikely that businesses will do very much of this – but there are a few signs that are positive. Real names policies have been relaxed on Google +, and even Facebook has shown some moves in that direction. All the big companies are doing more to secure their systems – encryption is more common, both in the infrastructure and in user systems. Google does at least seem to be making some attempt to cooperate with the right to be forgotten – though whether these attempts are being done in good faith has yet to be seen.

It will probably take a miracle – resurrections generally do – but miracles do sometimes happen.

Who needs privacy? All of us….

A couple of privacy stories have been making big news over the last few days. The first is the ‘celebrity photo’ saga – naked photos of Jennifer Lawrence and others have been ‘leaked’ onto the net. The second is the revelation that the Metropolitan Police obtained the telephone records of Tom Newton Dunn, the political editor of the Sun, in connection with the ‘Plebgate’ saga. Between them, the two stories highlight some of the ways in which privacy matters – and at the same time some of the misunderstandings, some of the hypocrisy, and some of the complexity of privacy.

Celebrities and privacy

The relationship between celebrities and privacy is a complex one. At one level – the level usually argued by the press (including the Sun) – celebrities have less of a right to privacy than the rest of us. After all, they put themselves in the public eye. They open their doors to the likes of Hello magazine – and they make millions from us, from our attention, so doesn’t that mean they have to sacrifice a bit of their privacy to us? The put themselves in the public eye – doesn’t that mean their lives are ‘public’, and drawing attention to them is in the ‘public interest’? This brings into play the classic question of what the difference is between what ‘interests the public’ and what is ‘in the public interest’. They’re certainly not identical – but there is a degree of fuzziness at times.

At another level – the level argued by the celebrities themselves – celebrities need more protection, and if not a stronger right of privacy then a stronger way to enforce that right than the rest of us. After all, celebrities are more likely to have their private lives intruded upon by the press. Paparazzi will point their long lenses into celebrity houses, pursue celebrities down the street, rifle through celebrities’ dustbins, much more than they will for the rest of us. A naked picture of Jennifer Lawrence will get a lot more clicks on the net than a naked picture of a ‘non-celebrity’. The phone hacking saga (of which more later) is just one example – and it’s no coincidence that many of those at the forefront of the campaign to implement the Leveson report are celebrities such as Hugh Grant and Steve Coogan.

There’s strength in both perspectives – and as both are regularly argued by people who are both articulate and very ‘media-savvy’ it is often hard to navigate between them. The courts try – but all too often, whatever they decide is damned by one side or the other.

The Press and Privacy

The Sun are justifiably angry about the revelation that their political editor’s phone records have been accessed by the Metropolitan Police – not least because the story being investigated actually concerned the activities of the police. There are conflicts of interest all over the place here – but also a much bigger point.

For the press to function well, it needs to have privacy. That is, it needs to be possible for the press to keep its sources secret, to protect those people who reveal the key information. If they can’t protect their sources, there’s a very direct chilling effect – people who might come forward with information will be afraid to do so, so that information will never be uncovered, and all kinds of stories that are very much in the public interest will never see the light of day. Members of the press need to have confidentiality – so that they are able to do their job, a critical job in holding the powerful to account. That means the police and the politicians for a start.

Hypocrisy and Privacy

And yet, the stench of hypocrisy is almost overwhelming here. This is the Sun, getting outraged about a breach in privacy. The same Sun who were part of the phone hacking saga, who regularly invade the privacy of all and sundry – celebrities are just one example – often claiming it is in the public interest, but still invading privacy.  The same Sun who were part of an often vicious onslaught on the Guardian in connection with the Snowden revelations. The Sun who often seem to operate as though no-one has any right to privacy – except their own journalists.

This kind of hypocrisy is matched by that of some of the hackers and champions of internet freedom who feel it’s OK to obtain and then release, gleefully, naked pictures of Jennifer Lawrence. Some seem to want their own anonymity and privacy, and think the NSA and GCHQ are nightmarish oppressors – but think that Jennifer Lawrence only has herself to blame for even having those photographs in the first place.

It’s a sadly common set of double standards – privacy doesn’t seem very important, indeed it often seems like something bad (‘privacy is for paedos’, in the words of Paul McMullan, former News of the World journalist) until it has an impact on you. The Sun’s outrage is particularly hypocritical, but at times almost all of us are guilty of it.

We all need privacy

The truth, at least as I see it, is that we all need privacy. We all need our privacy protected – and invasions of privacy should never be done lightly, without a thought for the consequences. Jennifer Lawrence – and all of us – should be able to take whatever photos we want of ourselves, however intimate. Members of the press should be able to communicate safely and securely with their sources. And we, ordinary people, should be able to go on with our ordinary lives without fear of their being exposed. Our lives aren’t any less important than those of celebrities or the press – and though the impact of privacy invasions on our ordinary lives may not be as earth shattering or newsworthy as those of celebrities, politicians and so forth, to us they matter. The revelation that NSA operatives thought looking at nude and sexual photos found by surveillance was fun, and sharing them with colleagues was just a perk of the job should repel us.

There are many other ways that invasions of our privacy have an impact upon us – things like affecting our job prospects, our insurance premiums, our credit ratings, our relationships – but there’s a bigger point here. These are our lives. This is part of our human dignity. Privacy is part of that, and it matters.  We should try to remember that for other people – and celebrities are people too.

Data and politics…

CarswellOne of the less obvious side shows to the defection of Douglas Carswell MP from the Tories to UKIP has been the report that he may be taking his data with him – detailed data about his constituents, it appears, and according to the Daily Mail people at UKIP are ‘purring’ at the prospect of getting hold of the data.

This raises many, many issues – not least data protection issues. The excellent Jon Baines (@bainesy1969 on twitter) has been blogging about political data issues for some time, not least how it appears that political parties ride roughshod over data protection law and yet somehow the Information Commissioner’s Office does not want to get involved. He’s written something today in relation to Douglas Carswell – you can read it here.  As Jon Baines explains, there are many legal issues to deal with, including a possible criminal offence.

Even setting the law to one side, there are some very disturbing aspects to this.

The first is a moral or ethical one – when people gave their data to Carswell, or to the local Conservative Party, they presumably intended (if they thought about it at all) to help the Conservative Party – Carswell was, at the time at least, a representative of the Conservative Party, and made many statements of loyalty. Would they be happy for that data then to be used by UKIP, a rival party? Some might have UKIP sympathies, and might well follow Carswell in his defection – but many others might not, and their data is being taken along with those who might defect, and without the chance to object or consent. Data protection law should require this – but in practice it might well fail to produce the results it should. Can we expect a moral or ethical approach from Douglas Carswell on the matter, recognising these issues? I doubt it very much. Morality and ethics are in very short supply in politics even at the best of times. These are very far from the best of times.

The second is a deeper one – it seems to me that we don’t consider nearly enough the impact of data on politics. The most obvious aspect of the Carswell business is the gathering of the data, but the use of that data is perhaps even more important and could have even more impact. I’ve written about this before – most notably in my book, Internet Privacy Rights – but it bears repeating. The use of data for political purposes is something of increasing importance. Obama knew that, and one of his key strategies for re-election was better use of data. This piece ‘How President Obama’s campaign used big data to rally individual voters‘, gives at least a flavour of what Obama did – and the beginning of a sense of what might be possible in the future. Data such as that gathered by Carswell could be aggregated with other data, much of it commercially gathered, and used for profiling in increasingly sophisticated ways. Here’s a brief extract from my book (chapter 10) that hints at what kind of thing can – and almost certainly will – happen in the future. Indeed, some of it is already happening now.

“Imagine, for example, tailored advertisements created for individual ‘swing voters’ (selected automatically through profiling), pointing out a party’s positive steps in the policy areas that are most likely to interest them (also selected automatically), omitting those areas where party policy doesn’t fit, and couching it in a language appropriate to the individual’s ethnic, educational, cultural and linguistic background, illustrated with a few appropriate news TV clips, and playing background music exactly to the individual’s taste and voiced over by an actor that profiling reveals that individual likes? The reverse, of course, about the political party’s opponents – negative campaigning and personal attacks taken to an extreme level. This could be extended from tailored advertisements to whole ‘news’ pages where the ‘news’ provider has a particular political agenda, and also (and more simply) to individual automated emails.”

Now I don’t imagine for a moment that UKIP’s operation is anywhere near as sophisticated as that – right now, most UK political parties seem to be lagging far behind the US in this field – but the ideas and the possibilities ought to be giving us pause for thought. Recent events like the Facebook Experiment, which I’ve blogged about before, show how the internet can be used to manipulate people. Political manipulation is just one of the possibilities. We need to be very careful here – and pay more attention to how our data can be used to manipulate us.