The Saga Of the Privacy Shield…

Screen Shot 2016-02-09 at 06.23.54

(With apologies to all poets everywhere)

 

Listen to the tale I tell

Of Princes bold and monsters fell

A tale of dangers well conceal’d

And of a bright and magic shield

 

There was a land, across the bay

A fair land called the USA

A land of freedom: true and just

A land that all the world might trust

 

Or so, at least, its people cheered

Though others thought this far from clear

From Europe all the Old Folk scowled

And in the darkness something howled

 

For a monster grew across the bay

A beast they called the NSA,

It lived for one thing: information

And for this it scoured that nation

 

It watched where people went and came

It listened and looked with naught of shame

The beast, howe’er, was very sly

And hid itself from prying eyes

 

It watched while folk from all around

Grew wealthy, strong and seeming’ sound

And Merchant Princes soon emerged

Their wealth it grew surge after surge

 

They gathered data, all they could

And used it well, for their own good

They gave the people things they sought

While keeping more than p’rhaps they ought

 

And then they looked across the bay

Saw Old Folk there, across the way

And knew that they could farm those nations

And take from them their information

 

But those Old Folk were not the same

They did not play the Princes’ game

They cared about their hope and glory

Their laws protected all their stories

 

‘You cannot have our information

Unless we have negotiations

Unless our data’s safe and sound

We’ll not let you plough our ground’

 

The Princes thought, and then procured

A harbour safe and quite secure

Or so they thought, and so they said

And those Old Folk gave them their trade

 

And so that trade just grew and grew

The Old Folks loved these ideas new

They trusted in that harbour’s role

They thought it would achieve its goal

 

But while the Princes’ realms just grew

The beast was learning all they knew

Its tentacles reached every nook

Its talons gripped each face, each book

 

It sucked up each and ev’ry drop:

None knew enough to make it stop

Indeed, they knew not what it did

‘Til one brave man, he raised his head

 

And told us all, around the world

‘There is a beast, you must be told’

He told us of this ‘NSA’

And how it watched us day by day

 

He told us of each blood-drenched claw

He named each tentacle – and more

And with each word, he made us fear

That this beast’s evil held us near

 

In Europe one man stood up tall

“Your harbour is not safe at all!

You can’t protect us from that beast

That’s not enough, not in the least!”

 

He went unto Bourg of Luxem

The judges listened care’fly to him

‘A beast ‘cross the bay sees ev’rywhere

Don’t send our secrets over there!

 

The judges liked not what they saw

‘That’s no safe habour,’ they all swore

“No more stories over there!

Sort it out! We do all care!”

 

The Princes knew not what to do

They could not see a good way through

The beast still lurked in shadows dark

The Princes’ choices seemed quite stark

 

Their friends and fellows ‘cross the bay

Tried to help them find a way

They whispered, plotted, thought and plann’d

And then the Princes raised their hands

 

“Don’t worry now, the beast is beaten

It’s promised us you won’t be eaten

It’s changed its ways; it’s kindly now

And on this change you have our vow

 

Behold, here is our mighty shield

And in its face, the mighty yield

It’s magic, and its trusty steel

Is strong enough for all to feel

 

Be brave, be bold, you know you should

You know we only want what’s good”

But those old folk, they still were wary

That beast, they knew, was mighty scary

 

“That beast of yours, is it well chained?

Its appetites, are they contained?

Does it still sniff at every door?

Its tentacles, on every floor?

 

The Princes stood up tall and proud

“We need no chains”, they cried aloud

“Our beast obeys us, and our laws

You need not fear it’s blunted claws.”

 

“Besides,” they said, “you are contrary

You have your own beasts, just as scary”

The Old Folk looked a mite ashamed

‘Twas true their own beasts were not tamed

 

“‘Tis true our beasts remain a blight

But two wrongs never make a right

It’s your beast now that we all fear

Tell us now, and make it clear!”

 

“Look here” the Princes cried aloud

“Of this fair shield we all are proud,

Its face is strong, its colours bright

There’s no more need for any fright.”

Shield

The Old Folk took that shield in hand

‘Twas shiny, coloured, bright and grand

But as they held it came a worry

Why were things in such a hurry?

 

Was this shield just made of paper?

Were their words just naught but vapour?

Would that beast still suck them dry?

And their privacy fade and die?

 

Did they trust the shield was magic?

The consequences could be tragic

The monster lurked and sucked its claws

It knew its might meant more than laws

 

Whatever happened, it would win

Despite the tales the Princes spin

It knew that well, and so did they

In that fair land across the bay.

 

 

 

 

Time to change Twitter, or #RIPTwitter?

One the main topics on Twitter the last day or so has been, well, Twitter itself. When the rumour came out that Twitter was – apparently within the next week or so – going to move to using an ‘algorithmic’ rather than chronological ‘timeline’, the reaction was pretty strong and direct. The hashtag #RIPTwitter trended worldwide.

Not for the first time, it looked as though Twitter had demonstrated that, to put it bluntly, it didn’t understand its own product, or its own customers. This has happened a number of times over the last year or two – particularly since the IPO – most recently with the change from ‘favourites’ to ‘likes’. This time, however, there is a difference. Twitter aren’t just changing labels – the favourites to likes change was essentially symbolic, hearts replacing stars, and though the symbolism was particularly poor, as it suggested a move to be more like Facebook, something anathema to many Twitter users, symbolism was all it was. This time the suggested move was much more than symbolic, it was messing with the very essence of Twitter.

What’s ‘good’ about Twitter for many people is its simplicity and directness – and the degree to which the users themselves control their experience of it. The timeline is part of that. You choose who you follow, and you get their tweets as they tweet them. Things aren’t chosen for you – either by humans or by algorithms – so Tweeters feel they have control. Moreover, there are a wide range of current uses for Twitter that depend directly on that chronological approach – these are just a few:

  1. The ‘live tweeting’ of current events as they happen – whether this be of conferences  or press events, or political or ‘news’ events. What happened in Ferguson could be followed better on Twitter than through any form of mainstream media – and it was the immediacy and timely nature of Twitter that made this so. A curated timeline, however good the algorithm, could not hope to capture that.
  2. Streams of tweets by an individual on the same subject are often in a key order – whether they’re marked as such (using the 1/n, 2/n etc approach) or not. If you read them out of order, the meaning changes often radically, particularly as Twitter is ideal for the use of humour, irony, sarcasm and similar forms of pithy wit. Any regular user of Twitter will have experienced their own tweets being taken out of context, or having to redirect people to previous tweets. That’s hard enough with a chronological timeline – with an algorithmically curated timeline it would be far worse, again, however good the algorithm.
  3. Conversations happen on twitter that also depend very much on the order of the tweets – and again, it’s hard enough to follow the often complex threads of long conversations without the interference of algorithmic curation. Some key parts of the conversation can be out of order, others omitted entirely because the algorithm doesn’t understand their significance in context. A good algorithm could reduce the level of this kind of problem – but it would have to be incredibly good and having no algorithm at all would still be better!
  4. Finding the originator of an idea depends a great deal on time – and algorithmic curation could exacerbate the already thorny problem of attribution. More ‘popular’ people are already credited with ideas of ‘lesser’ people – this would just make this even worse.

The idea of using algorithms is very attractive, but it’s underpinned by an illusion that algorithms are somehow ‘neutral’ or ‘fair’. This is what brings about the idea that Google is a neutral indexer of the internet and a guardian of free speech, but it really is an illusion. Algorithms are human creations and embed ideas and biases that those who create them may well not even be aware of. They can make existing power imbalances worse, as the assumptions that underpin those imbalances are built into the very thought processes that create the algorithms. Yes, people can compensate, but even that act of compensation can bring about further biases. Where the essence of the idea behind an algorithm is to make Twitter more money, then that bias itself will interfere with the process, consciously, subconsciously or otherwise.

I sympathise very much with Twitter here. They’re under huge pressure to make more money – and though I would like that pressure not to exist, it does. Twitter is a corporation, not a public utility. It has to find ways to make profits – and that does mean contemplating change. We, as Twitter users – in my case someone who really loves Twitter – need to be very careful not to resist change from a sense of nostalgia or a determination to hang on to what we are comfortable with – but in this case it really does matter.

Part of this may be resolved if, as has been hinted, the algorithmic timelines are ‘opt-in’ and the default timelines remain, well, time-lines. Twitter could even bite the bullet and realise that their other recent ‘change’, the introduction of ‘Moments’, was a mistake, and simply replace ‘Moments’ with an algorithmically curated timeline that people could choose to use, whilst keeping the default as the chronological timeline. I, however, am not holding my breath on that one. Though Twitter have been saying they’ll consider anything, they don’t seem to include admitting recent ideas have been mistaken among those things they consider.

There are other options they could contemplate – other ways to make money. They could, for example, create a paid for ‘Twitter Classic’ app that, for a small fee, gives you a ‘clean’ Twitter with a pure, chronological timeline, no promoted Tweets, no ‘moments’ and so on. Whilst the ‘paid for’ model for the net itself has largely been rejected, the idea that we can pay for apps on our phones and computers has been accepted. Indeed, paying for ‘ad-free’ versions of various services is both common and seemingly successful. If Twitter wants to go that way, I for one would pay for the app. I may be rare, however.  People can rarely be convinced to pay for something they used to get for nothing.  That’s Twitter’s challenge. I hope they find a way to meet it without destroying their own essence. If they go the way of algorithmic curation as default, it really could be #RIPTwitter.

Does the UK engage in ‘mass surveillance’?

Screen Shot 2016-01-15 at 07.42.03

When giving evidence to the Parliamentary Committee on the Draft Investigatory Powers Bill Home Secretary Theresa May stated categorically that the UK does not engage in mass surveillance. The reaction from privacy advocates and many in the media was something to see – words like ‘delusional’ have been mentioned – but it isn’t actually as clear cut as it might seem.

Both the words ‘mass’ and ‘surveillance’ are at issue here. The Investigatory Powers Bill uses the word ‘bulk’ rather than ‘mass’ – and Theresa May and her officials still refuse to give examples or evidence to identify how ‘bulky’ these ‘bulk’ powers really are. While they refuse, the question of whether ‘bulk’ powers count as ‘mass’ surveillance is very hard to determine. As a consequence, Theresa May will claim that they don’t, while skeptics will understandably assume that they do. Without more information, neither side can ‘prove’ they’re right.

The bigger difference, though, is with the word ‘surveillance’. Precisely what constitutes surveillance is far from agreed. In the context of the internet (and other digital data surveillance) there are, very broadly speaking, three stages: the gathering or collecting of data, the automated analysis of the data (including algorithmic filtering), and then the ‘human’ examination of the results of that analysis of filtering. This is where the difference lies: privacy advocates and others might argue that the ‘surveillance’ happens at the first stage – when the data is gathered or collected – while Theresa May, David Omand and those who work for them would be more likely to argue that it happens at the third stage – when human beings are involved.

If the surveillance occurs when the data is gathered, there is little doubt that the powers envisaged by the Investigatory Powers Bill would constitute mass surveillance – the Internet Connection Records, which appear to apply to pretty much everyone (so clearly ‘mass’) would certainly count, as would the data gathered through ‘bulk’ powers,  whether it be by interception, through ICRs, through the mysterious ‘bulk personal datasets’ about which we are still being told very little.

If, however, the surveillance only occurs when human beings are involved in the process, then Theresa May can argue her point: the amount of information looked at by humans may well not be ‘massive’, regardless of how much data is gathered. That, I suspect, is her point here. The UK doesn’t engage in ‘mass surveillance’ on her terms.

Who is right? Analogies are always dangerous in this area, but it would be like installing a camera in every room of every house in the UK, turning that camera on, having the footage recorded and stored for a year – but having police officers only look at limited amounts of the footage and only when they feel they really need to.

Does the surveillance happen when the cameras are installed? When they’re turned on? When the footage is stored? When it’s filtered? Or when the police officers actually look at it.  That is the issue here. Theresa May can say, and be right, that the UK does not engage in mass surveillance, if and only if it is accepted that surveillance only occurs at the later stages of the process.

In the end, however, it is largely a semantic point. Privacy invasion occurs when the camera is installed and the capability of looking at the footage is enabled. That’s been consistently shown by recent rulings at both the Court of Justice of the European Union and of the European Court of Human Rights. Whether it is called ‘surveillance’ or something else, it invades privacy – which is a fundamental right. That doesn’t mean that it is automatically wrong – but that the balancing act between the rights of privacy (and freedom of expression, of assembly and association etc that are protected by that privacy) and the need for ‘security’ needs to be considered at the gathering stage, and not just at the stage when people look at the data.

In practice, too, the middle of the three stages – the automated analysis, filtering or equivalent – may be more important than the last one. Decisions are already made at that stage, and this is likely to increase. Surveillance by algorithm is likely to be (and may already be) more important than surveillance by human eyes, ears and minds. That means that we need to change our mindset about which part of the surveillance process matters. Whether we call it ‘mass surveillance’ or something else is rather beside the point.

Global letter on Encryption – why it matters.

I am one of the signatories on an open letter to the governments of the world that has been released today. The letter has been organised by Access Now and there are 195 signatories – companies, organisations and individuals from around the world.

The letter itself can be found here. The key demands are the following

Screen Shot 2016-01-11 at 06.10.45

It’s an important letter, and one that Should be shared as widely as possible. Encryption matters, and not just for technical reasons and not just for ‘technical’ people. Even more than that, the arguments over encryption are a manifestation of a bigger argument – and, I would argue, a massive misunderstanding that needs to be addressed: the idea that privacy and security are somehow ‘alternatives’ or at the very least that privacy is something that needs to be ‘sacrificed’ for security. The opposite is the case: privacy and security are not alternatives, they’re critical partners. Privacy needs security and security needs privacy.

The famous (and much misused) saying often attributed (probably erroneously) to Benjamin Franklin, “Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety” is not, in this context at least, strong enough. In relation to the internet, those who would give up essential privacy to purchase a little temporary security will get neither. It isn’t a question of what they ‘deserve’ – we all deserve both security and privacy – but that by weakening privacy on the internet we weaken security.

The conflict over encryption exemplifies this. Build in backdoors, weaken encryption, prevent or limit the ways in which people can use it, and you both reduce their privacy and their security. The backdoors, the weaknesses, the vulnerabilities that are provided for the ‘good guys’ can and will be used by the ‘bad guys’. Ordinary people will be more vulnerable to criminals and scammers, oppressive regimes will be able to use them against dissidents, overreaching authorities against whistleblowers, abusive spouses against their targets and so forth. People may think they have ‘nothing to hide’ from the police and intelligence agencies – but that is to fundamentally miss the point. Apart from everything else, it is never just the police and the intelligence agencies that our information needs protection from.

What is just as important is that there is no reason (nor evidence) to suggest that building backdoors or undermining encryption helps even in the terms suggested by those advocating it. None examples have been provided – and whenever they are suggested (as in the aftermath of the Paris terrorist attacks) they quickly dissolve when examined. From a practical perspective it makes sense. ‘Tech-savvy’ terrorists will find their own way around these approaches – DIY encryption, at their own ends, for example – while non-tech savvy terrorists (the Paris attackers seem to have used unencrypted SMSs) can be caught in different ways, if we use different ways and a more intelligent approach. Undermining or ‘back-dooring’ encryption puts us all at risk without even helping. The superficial attractiveness of the idea is just that: superficial.

The best protection for us all is a strong, secure, robust and ‘privacy-friendly’ infrastructure, and those who see the bigger picture understand this. This is why companies such as Apple, Google, Microsoft, Yahoo, Facebook and Twitter have all submitted evidence to the UK Parliament’s Committee investigating the draft Investigatory Powers Bill – which includes provisions concerning encryption that are ambiguous at best. It is not because they’re allies of terrorists or because they make money from paedophiles, nor because they’re putty in the hands of the ‘privacy lobby’. Very much the opposite. It is because they know how critical encryption is to the way that the internet works.

That matters to all of us. The internet is fundamental to the way that we live our lives these days. Almost every element of our lives has an online aspect. We need the internet for our work, for our finances, for our personal and social lives, for our dealings with governments, corporations and more. It isn’t a luxury any more – and neither is our privacy. Privacy isn’t an indulgence – and neither is security. Encryption supports both. We should support it, and tell our governments so.

Read the letter here – and please pass it on.

The Twelve Days of Corbyn

On the first day of Corbyn

The media gave to me

Some preening by Polly Toynbee

————————-

On the second day of Corbyn

The media gave to me

Two caustic Cohens

And some preening by Polly Toynbee

————————-

On the third day of Corbyn

The media gave to me

Three John Manns

Two caustic Cohens

And some preening by Polly Toynbee

————————-

On the fourth day of Corbyn

The media gave to me

Four Hilary Benns

Three John Manns

Two caustic Cohens

And some preening by Polly Toynbee

————————-

On the fifth day of Corbyn

The media gave to me

Five – Tony – Blairs

Five Blairs 2

Four Hilary Benns

Three John Manns

Two caustic Cohens

And some preening by Polly Toynbee

————————-

On the sixth day of Corbyn

The media gave to me

Six Rentouls ranting

Five – Tony – Blairs

Four Hilary Benns

Three John Manns

Two caustic Cohens

And some preening by Polly Toynbee

————————-

On the seventh day of Corbyn

The media gave to me

Seven Hodges’ hating

Six Rentouls ranting

Five – Tony – Blairs

Four Hilary Benns

Three John Manns

Two caustic Cohens

And some preening by Polly Toynbee

————————-

On the eighth day of Corbyn

The media gave to me

Eight Behrs-a-baiting

Seven Hodges’ hating

Six Rentouls ranting

Five – Tony – Blairs

Four Hilary Benns

Three John Manns

Two caustic Cohens

And some preening by Polly Toynbee

————————-

On the ninth day of Corbyn

The media gave to me

Nine Hymans snivelling

Eight Behrs-a-baiting

Seven Hodges’ hating

Six Rentouls ranting

Five – Tony – Blairs

Four Hilary Benns

Three John Manns

Two caustic Cohens

And some preening by Polly Toynbee

————————-

On the tenth day of Corbyn

The media gave to me

Ten Danczuks drivelling

Nine Hymans snivelling

Eight Behrs-a-baiting

Seven Hodges’ hating

Six Rentouls ranting

Five – Tony – Blairs

Four Hilary Benns

Three John Manns

Two caustic Cohens

And some preening by Polly Toynbee

————————-

On the eleventh day of Corbyn

The media gave to me

Eleven John McTernans

Ten Danczuks drivelling

Nine Hymans snivelling

Eight Behrs-a-baiting

Seven Hodges’ hating

Six Rentouls ranting

Five – Tony – Blairs

Four Hilary Benns

Three John Manns

Two caustic Cohens

And some preening by Polly Toynbee

————————-

On the twelfth day of Corbyn

The media gave to me

Twelve Byrnes-a-burning

Eleven John McTernans

Ten Danczuks drivelling

Nine Hymans snivelling

Eight Behrs-a-baiting

Seven Hodges’ hating

Six Rentouls ranting

Five – Tony – Blairs

Four Hilary Benns

Three John Manns

Two caustic Cohens

And some preening by Polly Toynbee

————————-