John Lewis, Brexit… and Goldilocks!

The ‘row’ (such as it is) about John Lewis’ decision to remove the ‘girls’ and ‘boys’ labels from clothes has been in some ways quite revealing. There’s a lot of anger, a lot of downright rage being shown – at levels that have certainly surprised me. The strange thing is that it has come from many of those people who are equally vehemently fighting to ‘ban the burkha’.

On the one hand, they hate the idea of removing the distinction between genders, on the other hand they hate the idea of excessive distinctions between genders. It’s a bit of Goldilocks thinking: the burkha porridge is too cold, the ‘ungendered’ clothing too hot. Only having the precise level of control that they approve of is just right. Girls need to be put in their place, but not too much in their place.

It has echoes of the way that many Brexiters are also vehemently against Scottish independence. The EU is too big. Scotland is too small. Only the United Kingdom is just right. And again, it seems to be a lot of the same people who make this argument. They want to control everything, because only they know what is right. Everyone else is either too big or too small, too weak or too strong, too liberal or too ‘fundamentalist’.

For me, it’s strange to be so certain – and even stranger to want to impose that certainty on everyone else. Mind you, I always thought Goldilocks was the real villain in the story. I was rooting for the bears.

A disturbing plan for control…

The Conservative Manifesto, unlike the Labour Manifesto, has some quite detailed proposals for digital policy – and in particular for the internet. Sadly, however, though there are a few bright spots, the major proposals are deeply disturbing and will send shivers down the spine of anyone interested in internet freedom.

Their idea of a ‘digital charter’ is safe, bland, motherhood and apple-pie stuff about safely and security online, with all the appropriate buzzwords of prosperity and growth. It seems a surprise, indeed, that they haven’t talked about having a ‘strong and stable internet’. They want Britain to be the best place to start and run a digital business, and to make Britain the safest place in the world to be online. Don’t we all?

When the detail comes in, some of it sounds very familiar to people who know what the law already says – and in particular what EU law already says – the eIDAS, the E-Commerce Directive, the Directive on Consumer Rights already say much of what the Tory Manifesto says. Then, moving onto data protection, it gets even more familiar:

“We will give people new rights to ensure they are in control of their own data, including the ability to require major social media platforms to delete information held about them at the age of 18, the ability to access and export personal data, and an expectation that personal data held should be stored in a secure way.”

This is all from the General Data Protection Regulation (GDPR), passed in 2016, and due to come into force in 2018. Effectively, the Tories are trying to take credit for a piece of EU law – or they’re committing (as they’ve almost done before) to keeping compliant with that law after we’ve left the EU. That will be problematic, given that our surveillance law may make compliance impossible, but that’s for another time…

“…we will institute an expert Data Use and Ethics Commission to advise regulators and parliament on the nature of data use and how best to prevent its abuse.”

This is quite interesting – though notable that the word ‘privacy’ is conspicuous by its absence. It is, perhaps, the only genuinely positive thing in the Tory manifesto as it relates to the internet.

“We will make sure that our public services, businesses, charities and individual users are protected from cyber risks.”

Of course you will. The Investigatory Powers Act, however, does the opposite, as does the continued rhetoric against encryption. The NHS cyber attack, it must be remembered, was performed using a tool developed by GCHQ’s partners in the NSA. If the Tories really want to protect public services, businesses, charities and individuals, they need to change tack on this completely, and start promoting and supporting good practice and good, secure technology. Instead, they again double-down in the fight against encryption (and thus against security):

“….we do not believe that there should be a safe space for terrorists to communicate online and will work to prevent them from having this capability.”

…but as anyone with any understanding of technology knows, if you stop terrorists communicating safely, you stop all of us from communicating safely.

Next:

“…we also need to take steps to protect the reliability and objectivity of information that is essential to our democracy and a free and independent press.”

This presumably means some kind of measures against ‘fake news’. Most proposed measures elsewhere in the world are likely to amount to censorship – and given what else is in the manifesto (see below) I think that is the only reasonable conclusion here.

“We will ensure content creators are appropriately rewarded for the content they make available online.”

This looks as though it almost certainly means harsher and more intense copyright enforcement. That, again, is only to be expected.

Then, on internet safety, they say:

“…we must take steps to protect the vulnerable… …online rules should reflect those that govern our lives offline…”

Yes, We already do.

“We will put a responsibility on industry not to direct users – even unintentionally – to hate speech, pornography, or other sources of harm”

Note that this says ‘pornography’, not ‘illegal pornography’, and the ‘unintentionally’ part begins the more disturbing part of the manifesto. Intermediaries seem likely to be stripped of much of their ‘mere conduit’ protection – and be required to monitor much more closely what happens through their systems. This, in general, has two effects: to encourage surveillance, and to encourage caution about content (effectively to chill speech). This needs to be watched very carefully indeed.

“…we will establish a regulatory framework in law to underpin our digital charter and to ensure that digital companies, social media platforms and content providers abide by these principles. We will introduce a sanctions regime to ensure compliance, giving regulators the ability to fine or prosecute those companies that fail in their legal duties, and to order the removal of content where it clearly breaches UK law.”

This is the most worrying part of the whole piece. Essentially it looks like a clampdown on the social media – and, to all intents and purposes, the establishment of a full-scale internet censorship system (see the ‘fake news’ point above). Where the Tories are refusing to implement statutory regulation for the press (the abandonment of part 2 of Leveson is mentioned specifically in the manifesto, along with the repeal of Section 40 of the Crime and Courts Act 2013, which was one of the few bits of Leveson part 1 that was implemented) they look very much as though they want to impose it upon the online media. The Daily Mail will have more freedom than blogging platforms, Facebook and Twitter – and you can draw your own conclusions from that.

When this is all combined with the Investigatory Powers Act, it looks very much like a solid clampdown on internet freedom. Surveillance has been enabled – this will strengthen the second part of the authoritarian pincer movement, the censorship side. Privacy has been wounded, now it’s the turn of freedom of expression to be attacked. I can see how this will be attractive to some – and will go down very well indeed with both the proprietors and the readers of the Daily Mail – but anyone interested in internet freedom should be very much disturbed.

 

Blinded… a short poem for World Poetry Day

We let ourselves be blinded

By ignorance and hate

That keeps us narrow-minded

And leaves others to their fate

We let the hatred-mongers

Weave fairy tales of fear

“There are those amongst us

Who just don’t belong here”

They mix half-truth with anger

And take real people’s pain

And twist it with their stories

For their own hateful gain

And by the time we see it

It’s sadly far too late

They’ve taken back control

And we’re left to our fate.

 

 

Brexit and consequences…

Yesterday morning I tweeted about Brexit (as I’ve done a fair number of times), and it went just a little bit viral. Here’s the tweet:

screen-shot-2016-10-08-at-09-48-14

It was an off-the-cuff Tweet, and I had no idea that people would RT it so much, nor that it would provoke quite as many reactions as it has. I’ve replied to a few, but, frankly, it’s not possible to reply to all. The responses, however, have been quite revealing in many ways. As usual, people read Tweets in different ways, and of course this particular Tweet is far from unambiguous. I was asked many times what is the ‘this’ that I’m saying is the fault of the ‘Brexit people’. And who I meant by ‘Brexit people’. I was told I was wrong to lump all Brexit people together. And that we should be looking for unity, not stoking the fires of division.

Some thought I was specifically talking about the dramatic fall of the pound. I wasn’t, but I might have been. Others thought I was blaming Brexit voters for ‘anything and everything’. I wasn’t. Actually, what I was doing was getting angry with those people who voted for Brexit but are now saying ‘we didn’t vote for this’ when they see Theresa May’s increasing nasty and xenophobic government do things like threaten to use EU citizens in the UK as ‘bargaining chips’, sending foreign doctors home as soon as we’ve trained enough ‘home grown’ doctors, and ‘naming and shaming’ companies that employ foreigners.

The thing is, if you voted Brexit you may not have wanted that to happen, but that’s the effect of your vote. And you were warned, many times, that by voting for Brexit you were helping the far right. By voting for Brexit you were ‘sending a message’ that immigrants weren’t welcome. By voting for Brexit you were likely to give more power to the worst kind of Tory. This is what I said on my blog in February, when the campaign was just beginning:

“What’s far more likely with Brexit is that an even more right-wing Tory government will come in, and with even fewer restrictions on their actions will destroy even more of what is left of our welfare state, our NHS, all those things about Britain that those on the left like. It shouldn’t be a surprise that Iain Duncan Smith and Chris Grayling are amongst the most enthusiastic Brexiters. Win the vote and you’re giving them what they want.”

That’s what happened – and I was far from alone in predicting it, and warning people that if they voted for Brexit they’d get more nastiness and a more right-wing government. Now we’ve got it, and if you voted for Brexit, that’s the result.

I’m not, as I’ve also been accused, ‘lumping all Brexit voters together’, suggesting that they’re all racists and xenophobes. Of course they’re not. They have all, however, helped the racists and xenophobes. That’s what the vote did. That’s cause and effect. Some people I know and respect have strong and detailed analytical economic reasons behind their vote – and some expounded them in response to my tweet – but, frankly, that’s by-the-by. Even if their economic arguments  are sound (and I remain unconvinced), they still unleashed the xenophobia.

Others try to suggest that what’s happened is all for the good. We should be making lists of foreigners, we should be replacing foreign doctors with Brits and so forth. That’s also all well and good – but in that case, why be angry with my Tweet? You should be proud of the consequences, if you like them.

I am, of course, one of the out-of-touch metropolitan elite, and I know it. I don’t expect to be listened to. I don’t expect to have any result – but I still have the right to be angry. And I am. I only wish I’d been angrier earlier.

Warning signs – and surveillance…

There are many things being said at the Conservative Party Conference that should be worrying people – from the idea that we should be sending foreign doctors home and ‘naming and shaming’ companies that have the temerity and lack of patriotism to dare to employ foreigners onwards. Military in schools just sends one extra shiver down the spine – these things, when looked at together, do not paint a pretty picture at all. The direction our government is headed is one that is ringing alarm bells for many. Even if you don’t believe the current government is ‘extreme’, the idea that it could become extreme should be taken very seriously indeed.

That, in turn, should raise even louder alarm bells at the current plans for surveillance. The powers that are being granted to the authorities under the Investigatory Powers Bill that is currently making its final steps through parliament are extremely potent and worrying even in the hands of a trustworthy, ‘moderate’ government – but in the hands of an extreme government they become something far, far worse. Tools such as Internet Connection Records, though very poorly suited to the purpose for which they are being put forward, are very good at the kind of profile-based politically-motivated population control that totalitarian regimes thrive upon. The same for many of the ‘bulk powers’ built into the Investigatory Powers Bill. It is bad enough – dangerous enough – to give these kinds of powers to a government that can be trusted, but by putting them into law and building the ‘necessary’ systems to implement them, we are giving them to subsequent governments, governments that may be far less trustworthy, and far more worrying. Governments like those that we have seen more than glimpses of at the Conservative Party conference over the last few days.

When the recent revelation that Yahoo! secretly scanned all of its customers incoming emails on behalf of the US intelligence agencies is added to the equation – with the added twist that Yahoo! had been subject to a massive hack – the picture gets still worse. As I point out in my new academic piece on surveillance, it is a mistake to think of commercial and governmental surveillance as separate and entirely different: they are intimately connected and inextricably linked. If we accept, unthinking, corporate surveillance as harmless, innovative and just about a bit more annoying advertising, we miss the bigger picture. By accepting that, we accept government use of the same techniques, government ‘forcing’ corporations to work with and for them and so on – and not just our current, relatively benign (!) governments but future, more extreme, more alarming, more dangerous governments. If Amber Rudd wants to know whether a company is employing too many foreigners, why not scan all that company’s emails, monitor all the web-browsing from that company’s computers and use profiling to work out which of the employees are probably ‘foreign’, then target them accordingly. Naming and shaming. Labelling. Deporting.

As Bruce Schneier put it:

“It’s bad civic hygiene to build an infrastructure that can be used to facilitate a police state.”

The combination of the level of corporate surveillance, the interaction between corporates and governments, and the disturbing political developments all over the world – from the Conservative Party conference to Donald Trump (and Hillary Clinton is no saint in surveillance terms!) to extremism in Hungary and Poland and more – is making his warning too important to ignore.

It is not too late to change direction – at least we had better hope it is – and we should do everything we can to do so. In the UK, all the opposition parties should fight much harder to limit and amend the Investigatory Powers Bill, for example – as should those within the Conservative Party who have any sense of the traditions of liberty that they purport to hold as important. Whether they will is another matter. This Conservative Party conference should be a warning sign for all.

A better debate on surveillance?

screen-shot-2016-09-21-at-18-57-00Back in 2015, Andrew Parker, the head of MI5, called for a ‘mature debate’ on surveillance – in advance of the Investigatory Powers Bill, the surveillance law which has now almost finished making its way through parliament, and will almost certainly become law in a few months time. Though there has been, at least in some ways, a better debate over this bill than over previous attempts to update the UK’s surveillance law, it still seems as though the debate in both politics and the media remains distinctly superficial and indeed often deeply misleading.

It is in this context that I have a new academic paper out: “Data gathering, surveillance and human rights: recasting the debate”, in a new journal, the Journal of Cyber Policy. It is an academic piece, and access, sadly, is relatively restricted, so I wanted to say a little about the piece here, in a blog which is freely accessible to all – at least in places where censorship of the internet has not yet taken full hold.

The essence of the argument in the paper is relatively straightforward. The debate over surveillance is simplified and miscast in a number of ways, and those ways in general tend to make surveillance seem more positive and effective that it is, and with less broad and significant an impact on ordinary people than it might have. The rights that it impinges are underplayed, and the side-effects of the surveillance are barely mentioned, making surveillance seem much more attractive than should be – and hence decisions are made that might not have been made if the debate had been better informed. If the debate is improved, then the decisions will be improved – and we might have both better law and better surveillance practices.

Perhaps the most important way in which the debate needs to be improved is to understand that surveillance does not just impact upon what is portrayed as a kind of selfish, individual privacy – privacy that it is implied does not matter for those who ‘have nothing to hide’ – but upon a wide range of what are generally described as ‘civil liberties’. It has a big impact on freedom of speech – an impact that been empirically evidenced in the last year – and upon freedom of association and assembly, both online and in the ‘real’ world. One of the main reasons for this – a reason largely missed by those who advocate for more surveillance – is that we use the internet for so many more things than we ever used telephones and letters, or even email. We work, play, romance and research our health. We organise our social lives, find entertainment, shop, discuss politics, do our finances and much, much more. There is pretty much no element of our lives that does not have a very significant online element – and that means that surveillance touches all aspects of our lives, and any chilling effect doesn’t just chill speech or invade selfish privacy, but almost everything.

This, and much more, is discussed in my paper – which I hope will contribute to the debate, and indeed stimulate debate. Some of it is contentious – the role of commercial surveillance the interaction between it and state surveillance – but that too is intentional. Contentious issues need to be discussed.

There is one particular point that often gets missed – the question of when surveillance occurs. Is it when data is gathered, when it is algorithmically analysed, or when human eyes finally look at it. In the end, this may be a semantic point – what technically counts as ‘surveillance’ is less important than what actually has an impact on people, which begins at the data gathering stage. In my conclusion, I bring out that point by quoting our new Prime Minister, from her time as Home Secretary and chief instigator of our current manifestation of surveillance law. This is how I put it in the paper:

“Statements such as Theresa May’s that ‘the UK does not engage in mass surveillance’ though semantically arguable, are in effect deeply unhelpful. A more accurate statement would be that:

‘the UK engages in bulk data gathering that interferes not only with privacy but with freedom of expression, association and assembly, the right to a free trial and the prohibition of discrimination, and which puts people at a wide variety of unacknowledged and unquantified risks.’”

It is only when we can have clearer debate, acknowledging the real risks, that we can come to appropriate conclusions. We are probably too late for that to happen in relation to the Investigatory Powers Bill, but given that the bill includes measures such as the contentious Internet Connection Records that seem likely to fail, in expensive and probably farcical ways, the debate will be returned to again and again. Next time, perhaps it might be a better debate.

More on Corbyn’s Digital Manifesto…

Yesterday a piece I wrote about Corbyn’s Digital Manifesto was published on The Conversation – you can find it here:

https://theconversation.com/corbyns-digital-meh-nifesto-is-too-rooted-in-the-past-to-offer-much-for-the-future-65003

The natural constraints of a short piece, and the requirements of The Conversation meant that I didn’t cover all the areas, and my own tendency to, well, be a bit strident in my opinions at times means that it may not have been quite as clear as it could have been. I would like to add a few things to what I said, clarify a few more, and open up the opportunity for anyone to comment on it.

The first thing to make absolutely clear is that though I was distinctly underwhelmed by the Digital Democracy Manifesto, it is far better than anything produced by Labour to date, and vastly better than anything I have seen by the Tories. My criticism of it was not in any way supporting what the Tories are currently doing, nor what they are likely to do. I used the word ‘meh’ in my piece because I wanted (and still want) Labour to be bolder, clearer, and more forward-looking precisely so that they can provide a better opposition to the Tories – and to the generally lamentable status quo on internet policy. As I tried (but perhaps failed) to make clear, I am delighted that Corbyn has taken this initiative, and hope it sparks more discussion. There are many of us who would be delighted to contribute to the discussion and indeed to the development of policy.

The second thing to make clear is that my piece was not an exhaustive analysis of the manifesto – indeed, it largely missed some really good parts. The support of Open Source, for example – which was criticised aggressively in the Sun – is to be thoroughly applauded. You can, as usual, trust The Sun to get things completely wrong.

I would of course like to say much more about privacy – sadly the manifesto (in some ways subconsciously) repeats the all-too-common idea that privacy is a purely personal, individual right, when it actually underpins the functioning of communities. I’ve written about this many times before – one piece is here, for example – but that is for another time. Labour, for me, should change its tack on privacy completely – but I know that I am somewhat unusual in that belief. I’ll continue to plug away on that particular issue, but not here and not now.

What I would hope is that the manifesto starts an open discussion – and starts to move us to a better understanding of these issues. If we don’t understand them better, we’ll continue to be driven down very unhelpful paths. Whether you’re one of Corbyn’s supporters or his bitterest opponents, that’s something to be avoided.