Supporting the creative economy?

Today sees the publication of the Third Report of Session 2013-14 of the House of Commons Culture, Media and Sport Committee, titled “Supporting the creative economy”. Having read the main part of the report, with a heavy heart at times, it seems to me that a better title for it would be “supporting the copyright lobby”.

The report can be found online here. I must stress that I have only read through the main report, not through the many pages of detailed evidence that accompanies it, and these are just a few initial thoughts, not a detailed academic analysis. I would also like to stress that I am commenting only on the sections on Intellectual Property – not the parts on Olympic and Paralympic legacy, Funding and finance and so forth.

Google as the enemy….

There are a few themes that shine through – and a two particular targets that the report takes significant pot-shots at. The first of these is Google – the report pulls few punches.

“We strongly condemn the failure of Google, notable among technology companies, to provide an adequate response to creative industry requests to prevent its search engine directing consumers to copyright-infringing websites. We are unimpressed by their evident reluctance to block infringing websites on the flimsy grounds that some operate under the cover of hosting some legal content.”


“We are deeply concerned that there is an underlying agenda driven at least partly by technology companies (Google foremost among them) which, if pursued uncritically, could cause irreversible damage to the creative sector on which the United Kingdom’s future prosperity will significantly depend.”

Now I’m not often a great fan of Google, but in this case I fall very much on their side of the debate. Regarding the first issue, to suggest that these grounds are ‘flimsy’ is deeply problematic: blocking any site from Google should be regarded as a big step. Access to information is a human right (part of Article 10 of the European Convention), so blocking legal information should never be undertaken lightly. Google knows this – and quite rightly resists the idea that it should block access to websites without due process. The use of the emotive term ‘flimsy’ in a report like this is unfortunate, to say the least.

As far as the second point is concerned, I am even more concerned. Many of those of us who oppose the current model of copyright enforcement don’t do so as a result of any ‘underlying agenda,’ let alone one driven by the likes of Google. We oppose the model because we believe that it isn’t working, that it suggests to many people – and particularly young people – that they are ‘bad’ or even ‘criminal’ without any real understanding of what they do and why. Much more than that, we oppose it precisely because we support the creative economy – we love music, movies and games, and want to find good, appropriate and effective ways to enjoy them. We want a new model – one that balances rights, and actually supports both the creators and consumers of content.

Dismissing Hargreaves

The other depressing theme in the report is the repeated undermining of the Hargreaves report – and indeed Professor Hargreaves himself. It feels almost as though Hargreaves is being dismissed because he produced the ‘wrong’ results – results that didn’t support the copyright lobby’s vision of how the world should work. One point, in paragraph 73, is particularly telling:

“We are not convinced by Hargreaves’ implication that a facility for private copying is factored into the purchase either of music or devices that store, play or copy it.”

Can I suggest that the committee spend a bit more time talking to young people about how they listen to music, play games or watch TV and movies? Perhaps even ask their own children, rather than just listen to the industry? That, indeed, is a depressing feature throughout the report – a seeming failure to understand how people actually consume content.

Is copyright working?

At one point (paragraph 68) the report says:

“We…  …believe that generally the existing law works well.”

Really? And works well for whom? When I ask young people if they ever download music illegally, it’s a rare young person who doesn’t admit to it. When I ask them whether they think downloading music illegally is ‘wrong’, it’s a rare young person who, ultimately, believes that it IS wrong. It’s also very rare indeed for them to have been ‘caught’ for illegal downloading. Can you really say that a law that is regularly broken, is very widely considered appropriate and is rarely effectively enforced is ‘working’?

Supporting the creative economy?

Very often it seems to me that much of the creative economy is thriving despite copyright law, not because of copyright law. By pursuing this path, by almost obsessively believing in a legal system that is deeply flawed, the committee is itself in danger of causing damage to the creative economy.

Perhaps it is the whole way that they are approaching the issue that’s the problem. There is an inappropriate obsession with piracy – missing the increasing evidence that those who download illegally are also downloading legally. The report says:

“…millions of pounds are being lost by the creative industries..”

Why focus on the revenue that they think is lost, rather than the revenue that is being generated? It is a primary negative approach – instead of looking to punish ‘offenders’, shouldn’t the focus be on how to make more money? Find more, better and different revenue streams, rather than clinging onto old, outdated and ineffective ones?

The report is worried about an ‘underlying agenda driven at least partly by technology companies’ but seems to have completely ignored the much greater underlying agenda driven by the copyright lobby. If they really want to support the creative economy, they could do with starting with a good look in the mirror.

They’re taking over the internet!

bond_vill05There’s a big story going around at the moment: the UN’s trying to take over the internet, or some variant of that. It’s all based on the current ITU proposals at the World Conference on International Telecommunications (WCIT) currently taking place in Dubai… Lots of people – and I mean LOTS of people – are spreading this story of terror and danger. What’s at stake? Freedom of expression, anonymity, privacy, the whole openness of the internet etc etc…

…and yet I find it very difficult to get enthusiastically behind the fight, though I’m a fierce advocate of all of those things, and care deeply and passionately about the future of the internet as an open and free place. So why do I find it hard? Not because I agree with the ITU’s proposals – I don’t, I think they’re generally very bad and very unhelpful. There are, however, a few reasons:

  1. The prime characteristic of the ITU, as for so many UN bodies, is not an ability to actually do anything – let alone control or ‘take over’ anything. UN peacekeepers aren’t exactly brilliant at keeping peace, UN resolutions tend to be ignored by almost anyone who might be affected (ask anyone who pays attention to what goes on in Israel and Palestine), UN charters are aspirational at best. Whatever they do is unlikely to have any real effect – unless others want it to have an effect. The UN has some great strengths – and some of the UN bodies do excellent work – but for those strengths to come into play, they need the states involved to want them to work. The various Human Rights declarations, for example, help to set standards that were then applicable (and applied) worldwide…
  2. The ITU itself is far from the most competent of ‘secret’ organisations – for all their supposed secrecy, they just ‘gave’ the information on their DPI proposals to the excellent @Asher_Wolf when she asked them for it….
  3. What’s more, opposition to the ITU’s proposals is already huge – and if anyone imagines that the US or the EU will quickly acquiesce to whatever the ITU suggests, they really don’t understand international politics or international law
  4. To suggest that these ITU proposals offer the biggest threat to any of the issues concerned at the current moment. In every areas there are far greater threats, far closer to home.
  5. You want a threat to privacy? Look more closely at our own governments – what the UK government is proposing with the Communications Data Bill, that’s a REAL threat to privacy. What’s being revealed by the NSA whistleblower William Binney about surveillance in the US is a vastly, vastly worse than anything imagined by the ITU. Our governments don’t need the ITU in order to invade our privacy….
  6. You want a threat to anonymity on the internet? Look much more close to home – look at Facebook’s ‘real names’ policy, and the same for Google! Google are one of the strongest supporters of the fight against the ITU – and yet they still have what amounts to a real names policy for Google plus!
  7. You want a threat to freedom of expression? Look very hard at the ‘entertainment industry’, whose copyright trolls do more to block people’s expression than almost anyone else. They use notice and take down, they want ‘piracy’ sites blocked, they want to be able to block users from accessing the internet at all if there’s suspicion of piracy.

…and yet it’s the UN, and in particular the ITU that’s the target of the attacks. I don’t particularly like the ITU, and I don’t like these proposals one bit, but they won’t destroy the openness of the internet – because they won’t be able to make it happen. The others, on the other hand – our own governments, our ‘own’ industries, from Facebook and Google to the ‘entertainment’ industries, they’re already doing a lot to restrict all those freedoms that they claim to care so passionately about. Why? Because there’s money in it for them…. just as that’s the main real reason for their concerns about the ITU proposals – one part is to effectively levy a kind of tax on companies like Google. When money matters, it’s easy for industry to play the ‘good guys’. When money works the other way…..

No reason to be complacent – keep fighting!

All this ranting isn’t meant to stop people fighting the ITU proposals – we should! They should be opposed with vigour, because they’re not good at all. There are some distinctly worrying things about these proposals, and some particular risks attached. There’s the risk that they can be used to spread the idea that surveillance, that the removal of any effective form of anonymity, become the norm – and that they are allowed to spread as a result of this kind of thing. The UN is an ‘aspirational’ organisation, so ideas spread by it can be seen as somehow acceptable, and supportable – and used in some ways to ‘justify’ bad things that are happening.

This risk – of the ‘normalisation’ of this kind of thing – is something that we need to oppose, and oppose strongly. It is, however, something quite different from the suggestion that the UN is actually trying to take over the internet. That idea shouldn’t be overblown, or hyped up to the degree that it is. There’s an element in crying wolf about this too – if we keep going on about something being likely to ‘destroy the internet’ we’ll miss the real threats. I don’t want that to happen – and to an extent is is already happening, with ideas like Facebook and Google’s ‘real names’ policies not being subject to nearly sufficient scrutiny, and the copyright lobby still wielding enormously disproportionate power. Let’s get things a bit more in proportion….

Will the government ‘get’ digital policy?

I had an interesting time at the ‘Seventh Annual Parliament and Internet Conference’ yesterday – and came away slightly less depressed than I expected to be. It seemed to me that there were chinks of light emerging amidst the usually stygian darkness that is UK government digital policy and practice – and signs that at least some of the parliamentarians are starting to ‘get it’. There were also some excellent people there from other areas – from industry, from civil society, from academia – and I learned as much from private conversations as I did in the main sessions.

The highlight of the conference, without a doubt, was Andy Smith, the PSTSA Security Manager at the Cabinet Office, recommending to everyone that they should use fake names on the internet everywhere except when dealing with the government – the faces of the delegation from Facebook, whose ‘real names’ policy I’ve blogged about before were a sight to behold. Andy Smith’s suggestion was noted and reported on by Brian Wheeler of the BBC within minutes, and made Slashdot shortly after.

It was a moment of high comedy – Facebook’s Simon Milner, on a panel in the afternoon, said he had had a ‘chat’ with Andy Smith afterwards, a chat which I think a lot of us would have liked to listen in on. The comedic side, though, reveals exactly why this is such a thorny issue. Smith, to a great extent, is right that we should be deeply concerned by the extent to which our real information is being gathered, held and used by commercial providers for their own purposes – but he’s quite wrong that we should be able and willing to trust the government to hold our data any more securely or use it any more responsibly. The data disasters when HMRC lost the Child Benefit details of 25 million families or the numerous times the MoD has lost unencrypted laptops with all the details of both serving and retired members of the armed forces – and potential recruits – are not exceptions but symptoms of a much deeper problem. Trusting the government to look after our data is almost as dangerous as trusting the likes of Facebook and Google.

The worst aspect of the conference for me was that there seemed to still be a large number of people who believed that ‘complete’ security was not just possible but practical and just a few tweaks away. It’s a dangerous delusion – and means that bad decisions are being made, and likely to continue. A few other key points of the conference:

  • Chloe Smith, giving the morning keynote, demonstrated that she’d learned a little from her Newsnight mauling – she was better at evading questions, even if she was no better at actually answering them.
  • In Chi Onwurah, Labour have a real star – I hope she gets a key position in a future Labour government (should one come to pass)
  • We’ve got a long way to go with the Defamation Bill – without seeing the regulations that will accompany the bill, which apparently haven’t even been drafted yet, it’s all but impossible to know whether it will have any real effect (at least insofar as the internet is concerned)
  • In a private conversation, someone who really would know told me that one of the problems with sorting out the Defamation Bill has been an apparent obsession that Westminster insiders have with the ‘threat’ from anonymous bloggers – I suspect Guido Fawkes would be delighted by the amount of fear and loathing he seems to have generated in MPs, and how much it seems to have distracted them from doing what they should on defamation and libel reform.
  • After a few conversations, I’m quietly optimistic that we’ll be able to defeat the Communications Data Bill – it wasn’t on the agenda at the conference, but it was on many people’s minds and the whispers were generally more positive than I had feared they might be. Time will tell, of course.
  • Ed Vaizey is funny and interesting – but potentially deeply dangerous. His enthusiasm for the ‘iron fist’ side of copyright enforcement built into the Digital Economy Act was palpable and depressing. The way he spoke, it seemed as though the copyright lobby have him in the palm of their hand – and that neither they nor he have learned anything about the failure of the whole approach.
  • Vaizey’s words on porn-blocking – he seemed to suggest that we’ll go for an ‘opt-out’ blocking systems, where child-free households would effectively have to ‘register’ for access to porn, something which has HUGE risks (see my blog here) – were worrying, but again, another insider assured me that this wasn’t what he meant to say, nor the proposal currently on the table. This will need very careful watching!!
  • The savaging of Vaizey by a questioner from the floor revealing how much better and cheaper broadband internet access was in Bucharest than in Westminster was enjoyed by most – but not Vaizey, nor the industry representatives who remained conspicuously quiet.
  • Julian Huppert – my MP, amongst other things – was again impressive, and seems to have understood the importance of privacy in all areas: the fact that Nick Pickles of Big Brother Watch was invited to the panel on the internet of things that Huppert chaired made that point.
  • On that subject – mentions of either privacy or free speech were conspicuous by their absence in the early sessions on cybersecurity, but they grew both in presence and importance during the day. I asked a couple of questions, and they were both taken seriously and answered reasonably well. There’s a huge way to go, of course, but I did feel that the issue is taken a touch more seriously than it used to be. Mind you, none of the government representatives mentioned either in their speeches at all – it was all ‘economy’ and ‘security’, without much space for human rights….
  • The revelation from the excellent Tom Scott that though the rest of us are blocked from accessing the Pirate Bay, it IS accessible from Parliament was particularly good – and when my neighbour accessed the site and saw the picture of Richard O’Dwyer on the front page, it was poignant…

I came away from the conference with distinctly mixed feelings – there are some very good signs and some very bad ones. The biggest problem is that the really good people are still not in the positions of power, or seemingly being listened to – and those at the top don’t seem to be changing as fast as the rest. If we could replace Ed Vaizey with Julian Huppert and Chloe Smith with Chi Onwurah, government digital policy would be vastly improved….

Why does the government always get it wrong?

Why is digital policy so bad?

The most recent pronouncement from the UK government – reinstating in an updated and worsened way the idea of near-universal surveillance of emails, texts, phone calls and web-browsing – is horrific in many ways (which I will blog about separately) but it shouldn’t come as that much of a surprise. This government, and the last government, and the one before that, have an abysmal record in their dealings with the digital world. They get it wrong in almost every way, almost every time.

They get it wrong at a policy level – this new surveillance plan is just one example. They messed up equally badly with my erstwhile favourite bugbears Phorm was another – not only did the Home Office mess up there, but BERR too – in thinking a nice business plan and some heavy lobbying was more important than people’s privacy.

They get it wrong in their law-making: the Digital Economy Act is up there with the Dangerous Dogs Act as the worst piece of law in recent history.

They even get it wrong on a detailed, practical level: make no mistake, the ill-conceived and inhumane O’Dwyer and McKinnon extraditions are political as well as judicial issues, and have the same origins as the problems at the policy and law-making levels. The problems are deep – but no so deep, I hope, as to be insurmountable.

1     Governments don’t understand the internet

The first and most important problem is that governments, and the politicians that run them, simply don’t understand the internet. They just don’t get it. For their own purposes, they largely think of it either as some kind of global PR network – which is why twitter hashtags like #tweetlikeanmp are so sadly apt and accurate.

For other purposes, they think of it either as a distribution network for digital products (which should therefore be governed largely by the entertainment industry) or a secret network for subversives and terrorists (which should therefore be under constant and universal surveillance).

Governments all over the world seem to think largely in those terms – hence Obama’s new ‘bill of rights for the internet’ refers to people only as ‘consumers’, not as citizens. They simply don’t get that the net has a social aspect, a communicative aspect, a creative aspect, an interactive aspect, a community aspect – and that many (most?) of the people who spend time on the internet are contributing in all those different ways.

They know the words – even in the Westminster Bubble they’ve heard of ‘social networking’ – but they don’t understand it in any real way. They don’t understand how things develop on the net, how the community is the lifeblood of the net, not the big companies who lobby them so effectively.

2      Governments don’t understand the entertainment industry

Then again, that’s not very surprising, because there’s very little evidence that those involved in the entertainment industry really understand how their own industry works. This is the industry, remember, that has opposed pretty much every technological development over the last half-century or more, believing that it was going to ‘kill’ the industry. They opposed the use of home cassette recorders, CDs, the VCRs etc well before fighting the ‘evil’ of piracy – rather than embracing and supporting the new technologies and finding a way to harness the great advantages that the technology begins.

They also say things that everyone knows are not true – copyright infringement isn’t theft, and people know that. Theft means not only taking something but depriving someone else of that thing. Copying a bit of music doesn’t do that – and people who copy music in this way know this all too well. Trying to tell them it is theft won’t convince them – just annoy them, and remind them never to listen to you again.

It shouldn’t be seen as surprising that it took a company from outside the entertainment industry, Apple, to actually find a way to use the net that worked, and worked well. It shouldn’t be so surprising that governments, lobbied heavily by an industry that itself doesn’t ‘get it’, end up doing such mindlessly stupid things as the Digital Economy Act. Again, this is a worldwide phenomenon – SOPA and PIPA in the US were every bit as ill-conceived as our Digital Economy Act… and ACTA shows signs of being just as bad.

3      Governments don’t understand law…

This may be, perhaps an overblown claim – but an important one, given governments’ role as lawmakers. What I mean is that they often seem to misunderstand how law really works.

I was at the BILETA conference last week, and Professor Chris Reed gave a compelling keynote about how even legal theorists often end up getting laws badly wrong as they still conceive of it under a kind of ‘command and control’ model: a law commands, then people obey. It doesn’t really work like that – even more so, perhaps, on the internet than in the ‘real’ world.

Ultimately, laws without ‘consent’ don’t really work – just as government without ‘consent’ only works with ultimate force, and even then it’s hard to sustain. It doesn’t matter how many times and in how many ways governments bring in ‘anti-piracy’ laws – if people don’t believe that piracy is ‘wrong’, they won’t want to obey. Law without consent just doesn’t do the job.

4      Governments don’t understand privacy….

Most directly, they don’t understand that people want privacy on the internet – because, as I said at the start, they don’t understand the internet. If they don’t ‘get’ the fact that people use the net in so many interesting and interactive ways, for personal, intimate, social and community purposes, then they’ll never understand why people do care about things like privacy, and do care about being under constant surveillance. After all, if the net is just an online shopping mall, and shopping malls have CCTV, then why would people on the net mind being under surveillance?

The problem is, the net isn’t like a shopping mall. It’s something quite different, qualitatively different, and is used in very, very different ways. We all know (I hope!) that when we browse or shop at Amazon we’re being recorded by Amazon – just as when we go to a shopping mall we’re being recorded. We don’t, however, want CCTV in our own homes. We don’t expect our communications to be monitored, we don’t expect our every move to be recorded wherever we go – and, ultimately, I hope we won’t accept it either.

So what should the government and politicians do?

  1. First of all, they need to admit they have a problem – everyone knows that’s the first stage in solving a problem. Governments need to take a long, hard look at themselves.
  2. Secondly, they need to start talking to the right people – and at the right time. Who really does understand the internet? Civil society, hackers, maybe even some academics – understand it much, much more than politicians, and than industry lobby groups. Talk to the people who know first, not last, and don’t just treat them as add-ons at the end. Frankly, the average punter on the net understands it better than some industry representatives…
  3. When the real experts talk, listen! If Ross Anderson tells you that ‘anonymisation’ doesn’t work, believe him!
  4. Put the lobby groups back in their place. The entertainment industry in particular, as noted above – but the advertising industry can be just as bad, just as misleading, just as out of touch. These industry groups need to be listening to others themselves!
  5. Be willing to admit you were wrong. The Labour Party in particular should grasp that nettle – the DEA was a nightmarishly awful piece of legislation and they should be brave enough to admit it and abandon it. It’s hard, because politicians seem to be under the impression that changing your mind is completely unacceptable. It shouldn’t be – if you find out you’re wrong about something, admit it!
  6. Let those within your party who DO understand it take a bigger role. There are good people in most parties – who do a sterling job as back-benchers and on key committees – who should be listened to at the very least. Labour should put Tom Watson in charge instead of Harriet Harman – and the Coalition should replace the desperate Ed Vaizey with Julian Huppert.
  7. Be brave enough to face up to the security pressure groups, both internal and external. At the moment, just the barest whisper of the word ‘terrorism’ seems to make politicians of almost all parties quiver at the knees and sacrifice their own principles and OUR rights.
  8. Start to trust real people a bit more… and then real people might begin to trust you a bit more.

N.B. MPs, please, please, please take what your civil servants tell you with a huge pinch of salt: they’re even more likely than you not to understand the internet, and even more likely than you to be swayed inappropriately by the copyright and security lobbies!

Business and Privacy: Evidence and Assumptions?

I came across a couple of stories yesterday that at first glance appeared unconnected, dealing with difference aspects of the current privacy debates concerning the internet. One comes from one side of the Atlantic, the other from the other. One deals with the ‘fight’ against piracy, the other with the current favourite of the online advertising industry, behavioural targeting. Very different issues – but they do have something in common: an inherent assumption that business success should take precedence over individual rights and freedoms.

The first issue was the revelation, through a Freedom of Information Request by the admirable Open Rights Group, that the Department of Culture, Media and Sport had no evidence to support their strategies to reduce the infringement of copyright by websites – you can see their report on the issue here.

The second came from my following of the House Energy and Commerce Committee hearing in Washington, about consumer privacy and online behavioural advertising – a hearing at least on the surface intended to consider consumer concerns, but which by the sound of it had a lot more to do with industry putting their case to avoid regulation. I followed on twitter, and remember one particular call from a regular and respected tweeter from the US who demanded evidence before regulation is considered. Specifically, he wanted evidence as to how much of the advertising economy depended on behavioural targeting – the underlying suggestion being, presumably, that we shouldn’t regulate if it would have too significant an impact on revenue streams.

There are two different ways to look at the two stories. You can look at them as a reflection of the different attitudes to regulation on the two sides of the Atlantic – in England we’re rushing to regulate, while in the US regulation is to be avoided unless absolutely necessary.  Alternatively, however, you can look at them as a reflection of the way that business needs are set above individual rights and freedoms.

Copyright and piracy….

The Open Rights Group’s request was in relation to the proposals in the Digital Economy Act, but that Act is just one of many measures introduced over the years to combat ‘piracy’, although the evidence in support of any of them has generally been conspicuous by its absence. That applies both to evidence to suggest that the problem is as bad as the industry suggests and to the efficacy of the measures being proposed to combat it. Does piracy cause a massive loss of revenue to rights holders? Perhaps, but the suggestions over the years that every illegally downloaded song is a lost sale is far from convincing, and the idea that listening to something illegally might even lead to further legal sales seems to have merit too. The massive success of iTunes suggests that carrots rather than sticks might be more effective – indeed, recent reports from Sweden showing that piracy had reduced as Spotify had been introduced adds weight to this idea.

The Open Rights Group’s FOI request was about the effectiveness of the proposals – and the DCMS effectively acknowledged that they have no evidence about it. So we have proposals for measures about which there is no evidence, to address an issue about which evidence is scanty to say the least… and yet on that basis we’re willing to put restrictions on individuals’ freedoms, potentially apply censorship, and even cut off people’s internet access as a result. That same internet access that is increasingly regarded as a human right.

The Digital Economy Act is one thing, but there’s something else looming on the horizon of even more concern: the Anti-Counterfeiting Trade Agreement (ACTA), whose measures are potentially even more draconian than those in the DEA, and whose scope is even more all-encompassing. The US has already signed it – somewhat against the suggestion that the US prefers not to regulate where possible – and the EU may well sign it soon, though it still needs to pass through the European Parliament, and lobbying of MEPs is underway on both sides.

Behavioural advertising…

Legislation on behavioural advertising has already taken place in Europe, with the notorious ‘Cookies Directive’, about which I’ve written before – but the implementation, enforcement and acceptance of that directive has proved troublesome from the outset, and whether it ends up being at all meaningful has yet to be seen. Legislation in the US is what is currently under discussion, and what is being keenly resisted by the advertising industry and others. ‘Show us the evidence’ is the call – and until that evidence is shown, advertisers should be able to do whatever they want.

Evidence in relation to privacy is a contentious issue in lots of ways. Demonstrating ‘harm’ from an invasion of privacy is difficult, partly because each individual invasion isn’t likely to be significant – particularly in respect of mundane tracking of websites browsed and so forth – and partly because the ‘harm’ is generally intangible, and far from easily turned into something easily quantifiable. Some people suggest that we should treat our personal information like a commodity, akin in some ways to intellectual property, but for me that fails to capture the real essence of privacy. I don’t want to put a ‘value’ on my personal data, any more than I want to put a value on each of my fingers, or on my relationships with my friends and family. It’s something different, and needs protecting as something different. I shouldn’t need to prove the ‘harm’ done by that data being at risk – the loss of it, or loss of control over it, is a harm in itself.

That isn’t all – not only does there appear to be an expectation that we should prove harm, but that even if there IS harm, we’ve got to prove that we wouldn’t be damaging the advertisers’ businesses too much. If their businesses would be harmed too much, we shouldn’t put regulations in place….

Two different situations – but the same assumptions

In the copyright scenario, we’re having our freedom restricted and our privacy invaded without real evidence to support what’s happening. In the behavioural advertising scenario, we’re having our privacy invaded and we’re being asked to prove that there’s a problem before any restrictions are placed – and, what’s more, we’re being asked to prove that we wouldn’t damage business too much.

In both cases, it’s the individuals who lose out. Business takes priority, and individuals rights, particularly in respect of privacy, are overridden. Where businesses perceive there are problems (as in the copyright scenario), they’re not asked for proof – but where individuals perceive there are problems, they’re asked for proof in ways that are inappropriate and unattainable. Shouldn’t the situation be exactly the other way around? Shouldn’t individuals’ rights be considered above the business models of corporations? Shouldn’t the burden of proof work in favour of individuals against businesses, rather than the other way around? Of course that’s a difficult argument to make in economically troubled times – but it’s an argument that in my opinion needs to be made, and made strongly.

A tale of three conferences…

IT Law certainly seems to be flavour of the month. Even more particularly, it seems to be flavour of the next couple of days. Today and tomorrow there are three conferences on different aspects of the subject, all of which I’d like to be at… if only I could be three places at once.

Starting in Yorkshire…

The place I’ll actually be is Leeds, for the Human Rights in the Digital Era Conference: Professors Andrew Murray and Viktor Mayer-Schönberger will be providing the keynote speeches, while I’ll be presenting on a topic which I hope to be making a central part of my work in the next year or so, the idea of a right to an online identity (you can find my prezi here). Other excellent speakers include Jim Killock of the Open Rights Group, whose work is of increasing importance – particularly with the current government seemingly following the recent trend of seemingly being in thrall to the copyright lobby, if Jeremy Hunt’s suggestions are anything to go by – and my colleague Emily Laidlaw. It should be a fascinating day – and a subject of great current interest.

…and at the same time in London…

…the Society for Computers and Law is having its annual policy forum – with the focus on the ‘New Shape of European Internet Regulation’. Chaired by Lilian Edwards, and with contributions from such as Caspar Bowden (newly liberated from Microsoft) and my colleague Daithí Mac Síthigh, it’s another event of immense current interest, and one which I’m sad to have to miss. I’ll be following it on twitter (probably on #scl) and I’m looking forward to hearing more about it after the event. Daithí’s presentation on the App Store should be particularly good!

Meanwhile, in Poland…

…Warsaw is hosting the latest Creative Commons global meeting. At a time when attitudes and approaches to copyrights seem to be getting if anything even more regressive, with the EU Council voting this week to extend copyright on sound recordings from 50 to 70 years, and as noted above, Jeremy Hunt setting out an aggressive and punitive strategy for dealing with online piracy, finding imaginative and effective ways forward for dealing with intellectual property issues is of ever growing significance. Lots of interesting people will be in Warsaw, putting together lots of excellent ideas – and again, I’m looking forward to reading and hearing all about it.

Three conferences – but common themes

Three very different conferences, three very different cities, three seemingly quite different agendas – but they all tie together, and they’re all attempting to address issues of crucial current interests. The Leeds conference focusses on human rights, the London conference on regulation, the Warsaw conference on creativity – but the issues all interact with each other, and all impact upon each other. If, as the likes of Jeremy Hunt suggests, we use the twin heavy hands of law and finance to try to ‘protect’ our ‘creative’ arts (though the idea that Cliff Richard, one of the figureheads sent out this week to support the extension of copyright, represents ‘creativity’ is a somewhat difficult to swallow), then it is likely to be human rights that suffer.  Those of us interested in human rights need to be doing everything we can to prevent the focus of regulation – indeed, the new shape of regulation – to be protecting copyright at the expense of those human rights, which, ultimately, is what the copyright lobby is intending to bring about. Human rights, regulation and creativity are all very closely connected – as these timely conferences should do their very best to make clear.

Every which way to lose your data…

The ACS ‘data leak’ story that’s been emerging fairly dramatically over the last couple of days has got pretty much everything you could hope for in this kind of story: a bit of porn, a bit of piracy, some hacking, threats of huge fines, legal action and so on. It’s already been widely reported on – Andrew Murray’s blog on the subject gives an excellent description of what ACS do, and how this whole thing has to a great extent blown up in ACS’s face. As he explains, it’s a prime example of how symbiotic regulation works – and why the law is not the only thing that matters when regulating the internet.

There is, however, something else that is very graphically demonstrated by the whole saga – how many different ways your personal data can be at risk. This small story alone demonstrates at least five different ways that personal data can be vulnerable:

  1. To monitoring and tracking – the initial data about the supposed copyright infringers was obtained by monitoring traffic on the internet.
  2. To ‘legal’ attack – ACS initially got a court order to demand that the ISPs involved (we know about BT, Sky and PlusNet in this case) disclose the personal details of the account holders suspected of copyright infringement, based upon this monitoring.
  3. To human error – BT have admitted that they sent this personal data on an unencrypted Excel file attached to an ordinary email, in breach of their official policies and practices.
  4. To hacking – at least this is part of what ACS have claimed – that their systems were hacked into in order for the data to be obtained in order to be leaked.
  5. To deliberate leaking – precisely who did the leaking is far from clear, and who wished for the data to be leaked, but there is certainly a possibility that someone wanted the names to be out in the public domain.
Of course the data itself is far from reliable. It is just the details of the account holders that are suspected of being used to share illegal content, without there being any direct evidence that the people themselves did the sharing – which brings even more dimensions of vulnerability into play: confusion, mistaken identity, even things like defamation by implication could come into play. If your name is on the list, you’re not only being labelled a lawbreaker but a consumer of porn – and it might very easily not have been you doing it at all. Other people might be using your account, perhaps without your knowledge, perhaps without your permission, perhaps without your understanding.
Simon Davies, of Privacy International, quoted in the BBC, said that ‘You rarely find an aspect where almost every aspect of the Data Protection Act (DPA) has been breached, but this is one of them’. It’s also true that almost every aspect of data vulnerability has been demonstrated in one fell swoop.

Perhaps an even more important point, however, is the way that personal data – and individuals’ privacy – is viewed almost as ‘collateral damage’ in the ongoing battle between the entertainment industry (and their hired guns like ACS:Law) and the ‘pirates’. From the outside it looks as though as far as the 4chan hackers and ACS:Law are concerned, it’s that battle that matters. ACS:Law wants to ‘get’ the pirates, while the 4chan hackers want to ‘get’ ACS:Law and to ‘win’ the war with the entertainment industry for the ’cause’ of free and unfettered file-sharing. The fact that some 13,000 individuals have had their personal data released into the public domain and face all kinds of possible consequences from embarrassment (or humiliation) to legal action onwards seems somehow less important. Sadly it often seems to be that way. Privacy is squeezed by politics, law, business and a whole lot more. Every which way, privacy loses.