Category: data sharing

Illegal UK blacklists now being shared with the USA?

I’ve written here in the past about British blacklisting organisations that compile lists of ‘troublemakers’ (mainly union activists) and sell them to building firms and share them with police. This has led to people being unable to get jobs and all kinds of hassle. In theory, the notorious Economic League which started this activity back in the 1920s is now disbanded but their mantle was taken up by a number of other private bodies, including the Consulting Association, which was the subject of an unusual raid by the Information Commissioner’s Office (ICO) back in 2009.

Now it seems that in the era of transnational information sharing for ‘security’, such lists have found their way to the US Homeland Security complex. According to a report in the London Evening Standard, his certainly seems to be the case for major British mainstream environmental campaigner, John Stewart, formerly of the anti-road building lobby, Alarm UK and now of the Heathrow Association for the Control of Aircraft Noise (HACAN).

If such private politically motivated lists are now circulating internationally and being treated as reasonable grounds for refusing entry to other countries, it makes a mockery of the fact that they have already been found to be in breach of British and European laws, and it is likely that such data will continue to circulate entirely decontextualized from the circumstances and motivation of their collection. So an illegal anti-democratic trawling operation to stop legitimate political activity becomes the basis for security decisions to err… safeguard democracy. It would be funny if it wasn’t already so common and will continue to be so as security relies increasingly on risk assessments derived from the indiscriminate mashing together of information into ‘big data’.

Facebook learns nothing

Having been strongly criticised over its ‘Places’ feature for its lack of understanding of the concept of ‘consent’ in data protection, and why ‘opt-in’ is better for users than ‘opt-out’ when it comes to new ‘services’ (i.e: ways they can share your data with other organisations), Facebook is doing it again.

Between today and tomorrow, the new Facebook feature called “Instant Personalization” goes into effect. The new setting shares your data with non-Facebook sites and it is automatically set to “Enabled”.

To turn it off: Go to Account>Privacy Settings>Apps & Websites>Instant Personalization>edit settings & uncheck “Enable”.

(Or of course, you can just ‘Turn Off All Platform Apps” too!)

The really important thing is that if your Facebook Friends don’t do this, they will be sharing info about you as well. So, copy this and repost to yours…

(Thanks to Lorna Muir for this alert)

Spain vs. Google or Freedom of Expression vs. the Right to Be Forgotten

Several outlets are reporting today, the interesting clash between Spanish courts and Google. The argument is over whether Google should carry articles that have been challenged by Spanish citizens as breaching their privacy. An injunction was won in the courts by the Spanish data protection commissioner over publication of material that is being challenged under privacy legislation.

Clearly there are two main issues here. One is the specific issue of whether Google, as a search engine, can be considered as a publisher, or as it claims, simply an intermediary which publishes nothing, only linking to items published by others. This is important for Google as a business and for those who use it.

But the other is a more interesting issue which is the deeper question of what is going on here which is the struggle between two kinds of rights. The right to freedom of expression, to be able to say what one likes, is a longstanding one in democracies, however it is almost nowhere absolute. The problem in a search-engine enabled information age, is that these exceptions, which relate to both the (un)truth of published allegations (questions of libel and false accusation) and of privacy and to several other values, are increasingly challenged by the ability of people in one jurisdiction to access the same (libellous, untrue or privacy-destructive) information from outside that jurisdiction via the Internet.

In Spain, the question has apparently increasingly been framed in terms of a new ‘right to be forgotten’ or ‘right to delete’. This is not entirely new – certainly police records in many countries have elements that are time-limited, but these kinds of official individually beneficial forgettings are increasingly hard to maintain when information is ‘out there’ proliferating, being copied, reposted and so on.

This makes an interesting contrast with the Wikileaks affair. Here, where it comes to the State and corporations, questions of privacy and individual rights should not be used even analogically. The state may assert ‘secrecy’ but the state has no ‘right of privacy’. Secrecy is an instrumental concept relating to questions of risk. Corporations may assert ‘confidentiality’ but this is a question of law and custom relating to the regulation of the economy, not to ‘rights’.

Privacy is a right that can only be attached to (usually) human beings in their unofficial thoughts, activities and existence. And the question of forgetting is really a spatio-temporal extension of the concept of privacy necessary in an information society. Because the nature of information and communication has changed, privacy has to be considered over space and through time in a way that was not really necessary (or at least not for so many people so much of the time) previously.

This is where Google’s position comes back into play. Its insistence on neutrality is premised on a libertarian notion of information (described by Erik Davis some time ago as a kind of gnostic American macho libertarianism that pervades US thinking on the Internet). But if this is ‘freedom of information’ as usually understood in democratic societies, it does have limits and an extreme political interpretation of such freedom cannot apply. Should Google therefore abandon the pretence of neutrality and play a role in helping ‘us’ forget things that are untrue, hurtful and private to individuals?

The alternative is challenging: the idea that not acting is a morally ‘neutral’ position is clearly incorrect because it presages a new global norm of information flow presaged on not forgetting, and on the collapse of different jurisdictional norms of privacy. In this world, whilst privacy may not be dead, the law can no longer be relied on to enforce it and other methods from simple personal data management, to more ‘outlaw’ technological means of enforcement will increasingly be the standard for those who wish to maintain privacy. This suggests that money and/or technical expertise will be the things that will allow one to be forgotten, and those without either will be unable to have meaningful privacy except insofar as one is uninteresting or unnoticed.

The Internet Must Be Defended!

As I am just putting the finishing touches on a new issue of Surveillance & Society, on surveillance and empowerment, the furore over the Wikileaks website and it’s publication of secret cables from US diplomatic sources has been growing. Over the last few days, Julian Assange, the public face of the website and one of its founders has been arrested in London on supposedly unrelated charges as US right-wing critics call for his head, the site’s domain name has been withdrawn, Amazon has kicked the organization off its US cloud computing service, one of Assange’s bank accounts has been seized, and major companies involved in money transfer, Paypal, Visa and Mastercard, have all stopped serving Wikileaks claiming that Wikileaks had breached their terms of service.

At the same time, hundreds of mirror sites for Wikileaks have been set up around the world, and the leaks show no sign of slowing down. The revelations themselves are frequently mundane or confirm what informed analysts knew already, but it is not the content of these particular leaks that is important, it is the point at which they come in the struggle over information rights and the long-term future of the Internet.

The journal which I manage is presaged on open-access to knowledge. I support institutional transparency and accountability at the same time as I defend personal privacy. It is vital not to get the two mixed up. In the case of Wikileaks, the revelation of secret information is not a breach of anyone’s personal privacy, rather it is a massively important development in our ability to hold states to account in the information age. It is about equalization, democratization and the potential creation of a global polity to hold the already globalized economy and political elites accountable.

John Naughton, writing on The Guardian website, argues that western states who claim openness is part of freedom and democracy cannot have it both ways. We should, he says, ‘live with the Wikileakable world’. It is this view we accept, not the ambivalence of people like digital critic, Clay Shirky, who, despite being a long-term advocate of openness seemingly so long as the openness of the Internet remained safely confined to areas like economic innovation, cannot bring himself to defend this openness when its genuinely political potential is beginning to be realised.

The alternative to openness is closure, as Naughton argues. The Internet, created by the US military but long freed from their control, is now under thread of being recaptured, renationalized, sterilized and controlled. With multiple attacks on the net from everything from capitalist states’ redefinition of intellectual property and copyrights, through increasingly comprehensive surveillance of Internet traffic by almost all states, to totalitarian states’ censorship of sites, and now the two becoming increasingly indistinguishable over the case of Wikileaks, now is the time for all who support an open and liberatory Internet to stand up.

Over 30 years ago, between 1975 and 1976 at the Collège de France, Michel Foucault gave a powerful series of lectures entitled Society Must Be Defended. With so much that is social vested in these electronic chains of connection and communication, we must now argue clearly and forcefully that, nation-states and what they want be damned, “The Internet Must Be Defended!”

“To destroy invisible government”

There was a really interesting piece posted this week on the blog, zunguzungu, which analyzes an early essay written by Wikileaks frontman, Julian Assange. The essay which is available on Cryptome (pdf) – itself a precursor of Wikileaks – is a very well-crafted and argued piece which reveals Assange as a radical idealist for a new transparent society, whose aim is ultimately to destroy the need for Wikileaks itself by making secretive government impossible. Very worth reading.

Latest round of Wikileaks shows nothing new, but changes everything

The ongoing Wikileaks revelations have been fascinating, but the latest round, those of US diplomatic cables, are perhaps the least revealing thus far. Basically, there’s a lot of the usual personal opinion and gossip that one would expect and the unsurprising revelations that the US gathers information on its allies as well as its enemies. The only really challenging insight is that Saudi Arabia want Iran dealt with far more urgently, it seems, than Israel. But then, even that is hardly unexpected given the religious and political gulf between those two states.

The more important thing for the longer-term is the process going on here, the fact that nation-states, even powerful ones, no longer seem to be able to have complete control over the information that they generate. Potentially, this is not about international relations at all or about any one particular nation-state, but potentially challenges the asymmetrical relationship between all nation-states the their peoples. Of course, there are already right-wing US politicians scrambling to label Wikileaks as a terrorist organisation, which just shows how corrupted the use of the idea of ‘terrorism’ has become, but below this, it demonstrates the very real fear of losing control amongst the political elite. The problem is that, with the current wave of nationalism sweeping the USA, such desperate sentiments play well to the gallery…

Facebook Places: opt-out now or everyone knows where you are?

Facebook Places… what to say? Most of the criticism writes itself because we have been here before with just about every new ‘feature’ that Facebook introduces, and they seem to have learned absolutely nothing from any of the previous criticisms of the way in which they introduce their new apps and the control users have over them. Basically, Facebook Places is just like Google Latitude, but:

1. instead of having to opt-in to it, you are automatically included unless you opt out; and (here’s the really creepy part),
2. instead of just you being able to tell your ‘friends’ where you are, unless you do turn it off, anyone who is your friend can tell anyone else (regardless of their relationship to you) where you are, automatically.

Luckily we know how to turn it off, thanks to Bill Cammack (via Boingboing).

When, if ever, will Facebook realise than ‘opt-out’ is an entirely unethical way of dealing with users? It lacks the key element of active consent. You cannot be assumed to want to give up your privacy because you fail to turn off whatever new app that Facebook has suddenly decided to introduce without your prior knowledge. Facebook is basically a giant scam for collecting as much networked personal data as it can, which eventually it will, whatever it says now, work out how to ‘add value’ to (i.e.: exploit or sell), whether its users like it or not. And surely this is now the ideal time for an open source, genuinely consensual social networking system that isn’t beholden to some group of immature, ethically-challenged rich kids like Zuckerberg et al.?

Surveillance, Coercion, Privacy and the Census

There’s been a huge furore here in Canada about the current government’s decision to abolish the long-form census. I’ve been following the debate more interested in what the proponents and opponents have been saying about privacy and surveillance rather than intervening. But it’s about time I got off the fence, so here’s my two cents’ worth. It may come out as an op-ed piece in one of the papers soon, I don’t know…

Sense about the Census:

Why the Long-form Census debate really matters.

The debate about the scrapping of the long-form census is in danger of being unhelpfully polarized. The result can only benefit the current government to the long-term detriment of the Canadian people. On the one hand, some of those campaigning for the reinstatement of the survey have dismissed issues of surveillance and privacy. On the other hand, supporters of its abolition have referred to ‘privacy’ and ‘coercion’ as if these words in themselves were reason enough to cut the survey. But the whole way in which privacy has been discussed is a red herring. We need to reaffirm a commitment to privacy alongside other collective social values not in opposition to them. We need privacy and we need the census.

First, coercion. The long-form census is undoubtedly a form of coercive state surveillance. One only has to glance at the recent history of state data collection and its role in discrimination and mass-murder to see that that one can be far too blasé about the possibility of states misusing statistics. Examples abound from the Holocaust to the genocide in Rwanda, and there is no reason to suppose that this could never happen again. In fact technology makes discrimination easier and more comprehensive: with sophisticated data-mining techniques, inferences can be made about individuals and groups from disparate and seemingly harmless personal data.

However, just because censuses have the potential for abuse, this does not make them wrong. Surveillance forms the basis of modern societies, good and bad, and coercion is all around us from the time we are children told by our parents not to play on the stairs. Coercion can be caring, protect us and improves our lives. The long-form census would have to be shown to be unfairly coercive, or not have enough beneficial policy outcomes to justify any coercion. This, the government has failed to do, whereas the campaign for the restoration of the survey has highlighted numerous examples of improvements in communities across Canada resulting from long-form census data.

Now to privacy. The campaign to restore the long-form census has seen frequent instances of the argument, ‘nothing to hide, nothing to fear’. This is one of the most glib arguments about privacy and surveillance, not only because of the potential abuse of state data collection but also because it assumes so much about what people should want to keep private. Another common argument is that privacy is irrelevant because ‘everyone gives away their personal information on Facebook anyway’. But the fact that some people chose to share parts of their lives with selected others does not imply that any infringement of privacy is acceptable. Privacy depends on context. Social networking or marketing trends do not mean that ‘anything goes’ with personal data.

In making these arguments, campaigners end up unwittingly bolstering a government strategy that relies not only on the evocation of ‘coercion’ but on pitting individual privacy against collective social goals. Yet, the government’s position is misleading. Privacy is not simply an individual right but also a collective social value. And further, just because the data is collected from individuals by the state, does not mean that the state infringes on privacy. It depends on whether the data is stored without consent in a way that identifies individuals or is used in a way negatively impacts upon them.

However, Statistics Canada have demonstrated a commitment to privacy within the census process. The long-form census data is not used to identify or target individuals. It is aggregated and used for wider community purposes. As Statistics Canada say quite on their website: “No data that could identify an individual, business or organization, are published without the knowledge or consent of the individual, business or organization.” The census returns are confidential and Statistics Canada employees are the only people who will ever have access to the raw returns, and they are bound by The Statistics Act. All this was confirmed by the Office of the Privacy Commissioner of Canada, who found the 2006 census fully compliant with privacy law.

So both privacy and coercion are red herrings. The conduct of the long-form census has demonstrated a commitment to privacy alongside other collective social values in support of individuals and the wider community. This moderate, sensible and profoundly Canadian position is now under threat. That is why this debate matters.

Further details on the new UK government’s Civil Liberties agenda

The UK full coalition agreement between the Conservatives and Liberal Democrat parties has just been published. It includes a section on civil liberties which is much more than we could have hoped for and which makes no mention of rolling back the Human Rights Act or the more ludicrous fringe Conservative demands… In full it is as follows:

“The parties agree to implement a full programme of measures to reverse the substantial erosion of civil liberties under the Labour government and roll back state intrusion.

This will include:

• A freedom or great repeal bill;

• The scrapping of the ID card scheme, the national identity register, the next generation of biometric passports and the Contact Point database;

• Outlawing the fingerprinting of children at school without parental permission;

• The extension of the scope of the Freedom of Information Act to provide greater transparency;

• Adopting the protections of the Scottish model for the DNA database;

• The protection of historic freedoms through the defence of trial by jury;

• The restoration of rights to non-violent protest;

• The review of libel laws to protect freedom of speech;

• Safeguards against the misuse of anti-terrorism legislation;

• Further regulation of CCTV;

• Ending of storage of internet and email records without good reason;

• A new mechanism to prevent the proliferation of unnecessary new criminal offences.”

All of these points are excellent. They lack detail of course, and the devil is always in the detail, and I would have liked to have seen a little more on what would be included in the ‘great repeal’ given that later it only talks about ‘safeguards’ against the abuse of anti-terrorism laws, but really this is as good as anyone could have hoped for, even, though they may not admit it, many of the more socially-liberal Labour Party supporters. The reform of libel laws and commitment to transparency is equally as welcome as the rolling back or regulation of surveillance, and this seems to extend into other parts of the agreement for the reform of government and elections. I hope the eventual full programme will also include some rationalisation of the crazy landscape of multiple ‘commissions’ to regulate different aspects of state-citizen information relations, in favour of an expanded and more powerful Information Commissioner’s Office, but we will see. However, this is a great start (and I never, ever, thought I would be saying that about a Conservative government…).

UK ID Card Program scrapped after election (and more)

As both the Conservative Party and the Liberal Democrats in the UK had the scrapping of the National Identity Card card scheme as part of their manifesto, the unpopular program has been suspended immediately by the new coalition government, pending further announcements.

The full statement reads as follows:

“Both Parties that now form the new Government stated in their manifestos that they will cancel Identity Cards and the National Identity Register. We will announce in due course how this will be achieved. Applications can continue to be made for ID cards but we would advise anyone thinking of applying to wait for further announcements.

Until Parliament agrees otherwise, identity cards remain valid and as such can still be used as an identity document and for travel within Europe. We will update you with further information as soon as we have it.”

But although the cards will almost certainly go, despite the statement it is unclear yet what will be the fate of the National Identity Register (NIR), the new central database at the heart of the scheme. Neither party, and the Tories especially, said anything specific in their manifestos about scrapping the database, so we will see what happens here – although the statement issued seems categorical about this too. Although the end of the card scheme reduces opportunities for the ‘papers, please’ style abuse of minorities, it is the database that is of biggest concern to those interested in surveillance and social sorting. I have long favoured a secure central government Information Clearinghouse, which whilst transferring necessary information as needed and consented to between different parts of government, would not in itself hold any data. I suspect however, that some fudge will emerge!

In the meantime, the price of the coalition also was reported to include new legislation regulating video surveillance (CCTV) cameras (only about 20 years too late, but that’s the speed of British politics for you), and the review of many of the new powers in the (Anti-)Terrorism and Civil Contingencies Acts (and perhaps the Regulation of Investigatory Powers Act too – though it hasn’t yet been mentioned specifically). It is very rare that legislation is repealed or rolled back but we may yet see an increase in civil liberties under the new coalition. The one big worry in this are though is the Conservative opposition to the Human Rights Act – however with their Liberal Democrat partners being committed to the HRA, I can’t see any moves to repeal the act in this Parliament.

I am cautiously optimistic…