Category: information sharing

Illegal UK blacklists now being shared with the USA?

I’ve written here in the past about British blacklisting organisations that compile lists of ‘troublemakers’ (mainly union activists) and sell them to building firms and share them with police. This has led to people being unable to get jobs and all kinds of hassle. In theory, the notorious Economic League which started this activity back in the 1920s is now disbanded but their mantle was taken up by a number of other private bodies, including the Consulting Association, which was the subject of an unusual raid by the Information Commissioner’s Office (ICO) back in 2009.

Now it seems that in the era of transnational information sharing for ‘security’, such lists have found their way to the US Homeland Security complex. According to a report in the London Evening Standard, his certainly seems to be the case for major British mainstream environmental campaigner, John Stewart, formerly of the anti-road building lobby, Alarm UK and now of the Heathrow Association for the Control of Aircraft Noise (HACAN).

If such private politically motivated lists are now circulating internationally and being treated as reasonable grounds for refusing entry to other countries, it makes a mockery of the fact that they have already been found to be in breach of British and European laws, and it is likely that such data will continue to circulate entirely decontextualized from the circumstances and motivation of their collection. So an illegal anti-democratic trawling operation to stop legitimate political activity becomes the basis for security decisions to err… safeguard democracy. It would be funny if it wasn’t already so common and will continue to be so as security relies increasingly on risk assessments derived from the indiscriminate mashing together of information into ‘big data’.

Occupy the Internet!

I’ve been writing for several years now about the creeping attempts by nominally democratic governments to control or even close the Internet (see here for example). This week the biggest such step for some time occurs as the world’s most powerful democracy, the USA, begins a new process of introducing such controls. There are two bills before the House of Representatives (the Stop Online Piracy Bill, SOPA) and the Senate (the Protect IP act), which essentially do the same thing (although the House bill goes further): assert a wide-ranging heavy-handed jurisdiction on the Internet even beyond US borders.

Of course, the US bills do not do this as China does, in the name of political and social order, but in the name of commerce. The bills are supposedly about protecting American intellectual property, however their effect is likely to be severely chilling to free expression and the dissemination of ideas and to innovation, social and economic. The bills, amongst many other provisions, will allow corporation to sue website owners and ISPs for even unknowingly hosting or communicating copyrighted materials illicitly.

As Michael Geist has shown, SOPA in particular also asserts US jurisdiction over vast swathes of the Internet on the grounds that any site whose name is registered with a US registrar is considered a ‘US site’ regardless of the location of its server and given that name-registration of top-level (.com, .org, .net etc)  names is entirely controlled from within the USA, the provisions mean that every top-level domain is considered to be ‘US’. Further it claims that IP addresses (the numerical address of site) within the whole North American region (ARIN) which includes Canada, Mexico and the Caribbean, are also ‘domestic’ for the purposes of this law. Basically, the USA is asserting a kind of Munro-doctrine for the Internet.

I wrote, half-jokingly, some time ago that the US state invented the Internet, but they don’t like how it’s being used and now they want it back: this is the demand in writing. The big problem in opposing this is of course the fact that US citizens have already been thoroughly bombarded with propaganda that has told them that they are ‘under threat’ from pirates and hackers and even cyberwar – and that openness makes them insecure. They’ve been told that the Wikileaks model of accountability through openness and transparency is an attack on the USA. In an age of economic insecurity, no doubt the protection of American jobs will also be wheeled out as an excuse.

But this is quite simply another manifestation of immoral corporate greed. Intellectual Property is in itself a kind of information-age enclosure, a concept that, while it may have some use in limited forms, has become so far-reaching that it is ludicrous, and through which financial and legal strength can simply steamroller traditional or alternative visions of fairness, sharing and openness – even though these things have been shown to be vital in real innovation. If this is an infowar, I know which side I am on, and which side you should be on, and it is not the side of Protect IP and SOPA and the negative politics of closure, it is with Anonymous and the Pirate Party, with open flows, open source and open access. We have to tell them that they can’t have the Internet back, it’s ours now. We have to occupy the Internet, to build around these attempts to stifle innovation and sharing and we have to do it now.

In the meantime, you can express your displeasure here: http://americancensorship.org/

See also: The Internet Must Be Defended! Part 1, Part 2, Part 3, Part 4.

London Riots and Video Surveillance, Pt.2

My last post was about the lack of any apparent deterrence of rioting from CCTV. However that’s not to say that video surveillance is proving of no use to the authorities. However the way it is being used says a lot about both the limits of CCTV and the general problem of analysis of video images.

As part of ‘Operation Withern’, the investigation into the rioting, the Metropolitan Police have set up a special section of their website, London Disorder Images, as well as on Flickr, which is essentially crowdsourcing the identification of suspects. Despite being the most well-resourced police force in the UK, the Met lacks the resources, time and expertise to analyse and identify everyone it wishes to identify itself, and with widespread popular anger about the riots, they are banking on opening up the process of surveillance and identification as being more efficient and effective – and they may well be right.

Of course, with the problems of lighting, angle, distances, and image quality, the images vary in identifiability – and bear in mind that the few posted so far are probably amongst the best ones – and no doubt there will be many misidentifications. And, in addition, hundreds of people are already being processed through magistrates courts without much need to video evidence. But it is a tactic we are seeing more and more in many places (e.g. Toronto, following the G20 disturbances).

Facebook learns nothing

Having been strongly criticised over its ‘Places’ feature for its lack of understanding of the concept of ‘consent’ in data protection, and why ‘opt-in’ is better for users than ‘opt-out’ when it comes to new ‘services’ (i.e: ways they can share your data with other organisations), Facebook is doing it again.

Between today and tomorrow, the new Facebook feature called “Instant Personalization” goes into effect. The new setting shares your data with non-Facebook sites and it is automatically set to “Enabled”.

To turn it off: Go to Account>Privacy Settings>Apps & Websites>Instant Personalization>edit settings & uncheck “Enable”.

(Or of course, you can just ‘Turn Off All Platform Apps” too!)

The really important thing is that if your Facebook Friends don’t do this, they will be sharing info about you as well. So, copy this and repost to yours…

(Thanks to Lorna Muir for this alert)

Spain vs. Google or Freedom of Expression vs. the Right to Be Forgotten

Several outlets are reporting today, the interesting clash between Spanish courts and Google. The argument is over whether Google should carry articles that have been challenged by Spanish citizens as breaching their privacy. An injunction was won in the courts by the Spanish data protection commissioner over publication of material that is being challenged under privacy legislation.

Clearly there are two main issues here. One is the specific issue of whether Google, as a search engine, can be considered as a publisher, or as it claims, simply an intermediary which publishes nothing, only linking to items published by others. This is important for Google as a business and for those who use it.

But the other is a more interesting issue which is the deeper question of what is going on here which is the struggle between two kinds of rights. The right to freedom of expression, to be able to say what one likes, is a longstanding one in democracies, however it is almost nowhere absolute. The problem in a search-engine enabled information age, is that these exceptions, which relate to both the (un)truth of published allegations (questions of libel and false accusation) and of privacy and to several other values, are increasingly challenged by the ability of people in one jurisdiction to access the same (libellous, untrue or privacy-destructive) information from outside that jurisdiction via the Internet.

In Spain, the question has apparently increasingly been framed in terms of a new ‘right to be forgotten’ or ‘right to delete’. This is not entirely new – certainly police records in many countries have elements that are time-limited, but these kinds of official individually beneficial forgettings are increasingly hard to maintain when information is ‘out there’ proliferating, being copied, reposted and so on.

This makes an interesting contrast with the Wikileaks affair. Here, where it comes to the State and corporations, questions of privacy and individual rights should not be used even analogically. The state may assert ‘secrecy’ but the state has no ‘right of privacy’. Secrecy is an instrumental concept relating to questions of risk. Corporations may assert ‘confidentiality’ but this is a question of law and custom relating to the regulation of the economy, not to ‘rights’.

Privacy is a right that can only be attached to (usually) human beings in their unofficial thoughts, activities and existence. And the question of forgetting is really a spatio-temporal extension of the concept of privacy necessary in an information society. Because the nature of information and communication has changed, privacy has to be considered over space and through time in a way that was not really necessary (or at least not for so many people so much of the time) previously.

This is where Google’s position comes back into play. Its insistence on neutrality is premised on a libertarian notion of information (described by Erik Davis some time ago as a kind of gnostic American macho libertarianism that pervades US thinking on the Internet). But if this is ‘freedom of information’ as usually understood in democratic societies, it does have limits and an extreme political interpretation of such freedom cannot apply. Should Google therefore abandon the pretence of neutrality and play a role in helping ‘us’ forget things that are untrue, hurtful and private to individuals?

The alternative is challenging: the idea that not acting is a morally ‘neutral’ position is clearly incorrect because it presages a new global norm of information flow presaged on not forgetting, and on the collapse of different jurisdictional norms of privacy. In this world, whilst privacy may not be dead, the law can no longer be relied on to enforce it and other methods from simple personal data management, to more ‘outlaw’ technological means of enforcement will increasingly be the standard for those who wish to maintain privacy. This suggests that money and/or technical expertise will be the things that will allow one to be forgotten, and those without either will be unable to have meaningful privacy except insofar as one is uninteresting or unnoticed.

The Internet Must Be Defended!

As I am just putting the finishing touches on a new issue of Surveillance & Society, on surveillance and empowerment, the furore over the Wikileaks website and it’s publication of secret cables from US diplomatic sources has been growing. Over the last few days, Julian Assange, the public face of the website and one of its founders has been arrested in London on supposedly unrelated charges as US right-wing critics call for his head, the site’s domain name has been withdrawn, Amazon has kicked the organization off its US cloud computing service, one of Assange’s bank accounts has been seized, and major companies involved in money transfer, Paypal, Visa and Mastercard, have all stopped serving Wikileaks claiming that Wikileaks had breached their terms of service.

At the same time, hundreds of mirror sites for Wikileaks have been set up around the world, and the leaks show no sign of slowing down. The revelations themselves are frequently mundane or confirm what informed analysts knew already, but it is not the content of these particular leaks that is important, it is the point at which they come in the struggle over information rights and the long-term future of the Internet.

The journal which I manage is presaged on open-access to knowledge. I support institutional transparency and accountability at the same time as I defend personal privacy. It is vital not to get the two mixed up. In the case of Wikileaks, the revelation of secret information is not a breach of anyone’s personal privacy, rather it is a massively important development in our ability to hold states to account in the information age. It is about equalization, democratization and the potential creation of a global polity to hold the already globalized economy and political elites accountable.

John Naughton, writing on The Guardian website, argues that western states who claim openness is part of freedom and democracy cannot have it both ways. We should, he says, ‘live with the Wikileakable world’. It is this view we accept, not the ambivalence of people like digital critic, Clay Shirky, who, despite being a long-term advocate of openness seemingly so long as the openness of the Internet remained safely confined to areas like economic innovation, cannot bring himself to defend this openness when its genuinely political potential is beginning to be realised.

The alternative to openness is closure, as Naughton argues. The Internet, created by the US military but long freed from their control, is now under thread of being recaptured, renationalized, sterilized and controlled. With multiple attacks on the net from everything from capitalist states’ redefinition of intellectual property and copyrights, through increasingly comprehensive surveillance of Internet traffic by almost all states, to totalitarian states’ censorship of sites, and now the two becoming increasingly indistinguishable over the case of Wikileaks, now is the time for all who support an open and liberatory Internet to stand up.

Over 30 years ago, between 1975 and 1976 at the Collège de France, Michel Foucault gave a powerful series of lectures entitled Society Must Be Defended. With so much that is social vested in these electronic chains of connection and communication, we must now argue clearly and forcefully that, nation-states and what they want be damned, “The Internet Must Be Defended!”

“To destroy invisible government”

There was a really interesting piece posted this week on the blog, zunguzungu, which analyzes an early essay written by Wikileaks frontman, Julian Assange. The essay which is available on Cryptome (pdf) – itself a precursor of Wikileaks – is a very well-crafted and argued piece which reveals Assange as a radical idealist for a new transparent society, whose aim is ultimately to destroy the need for Wikileaks itself by making secretive government impossible. Very worth reading.

Latest round of Wikileaks shows nothing new, but changes everything

The ongoing Wikileaks revelations have been fascinating, but the latest round, those of US diplomatic cables, are perhaps the least revealing thus far. Basically, there’s a lot of the usual personal opinion and gossip that one would expect and the unsurprising revelations that the US gathers information on its allies as well as its enemies. The only really challenging insight is that Saudi Arabia want Iran dealt with far more urgently, it seems, than Israel. But then, even that is hardly unexpected given the religious and political gulf between those two states.

The more important thing for the longer-term is the process going on here, the fact that nation-states, even powerful ones, no longer seem to be able to have complete control over the information that they generate. Potentially, this is not about international relations at all or about any one particular nation-state, but potentially challenges the asymmetrical relationship between all nation-states the their peoples. Of course, there are already right-wing US politicians scrambling to label Wikileaks as a terrorist organisation, which just shows how corrupted the use of the idea of ‘terrorism’ has become, but below this, it demonstrates the very real fear of losing control amongst the political elite. The problem is that, with the current wave of nationalism sweeping the USA, such desperate sentiments play well to the gallery…

Facebook Places: opt-out now or everyone knows where you are?

Facebook Places… what to say? Most of the criticism writes itself because we have been here before with just about every new ‘feature’ that Facebook introduces, and they seem to have learned absolutely nothing from any of the previous criticisms of the way in which they introduce their new apps and the control users have over them. Basically, Facebook Places is just like Google Latitude, but:

1. instead of having to opt-in to it, you are automatically included unless you opt out; and (here’s the really creepy part),
2. instead of just you being able to tell your ‘friends’ where you are, unless you do turn it off, anyone who is your friend can tell anyone else (regardless of their relationship to you) where you are, automatically.

Luckily we know how to turn it off, thanks to Bill Cammack (via Boingboing).

When, if ever, will Facebook realise than ‘opt-out’ is an entirely unethical way of dealing with users? It lacks the key element of active consent. You cannot be assumed to want to give up your privacy because you fail to turn off whatever new app that Facebook has suddenly decided to introduce without your prior knowledge. Facebook is basically a giant scam for collecting as much networked personal data as it can, which eventually it will, whatever it says now, work out how to ‘add value’ to (i.e.: exploit or sell), whether its users like it or not. And surely this is now the ideal time for an open source, genuinely consensual social networking system that isn’t beholden to some group of immature, ethically-challenged rich kids like Zuckerberg et al.?

Surveillance, Coercion, Privacy and the Census

There’s been a huge furore here in Canada about the current government’s decision to abolish the long-form census. I’ve been following the debate more interested in what the proponents and opponents have been saying about privacy and surveillance rather than intervening. But it’s about time I got off the fence, so here’s my two cents’ worth. It may come out as an op-ed piece in one of the papers soon, I don’t know…

Sense about the Census:

Why the Long-form Census debate really matters.

The debate about the scrapping of the long-form census is in danger of being unhelpfully polarized. The result can only benefit the current government to the long-term detriment of the Canadian people. On the one hand, some of those campaigning for the reinstatement of the survey have dismissed issues of surveillance and privacy. On the other hand, supporters of its abolition have referred to ‘privacy’ and ‘coercion’ as if these words in themselves were reason enough to cut the survey. But the whole way in which privacy has been discussed is a red herring. We need to reaffirm a commitment to privacy alongside other collective social values not in opposition to them. We need privacy and we need the census.

First, coercion. The long-form census is undoubtedly a form of coercive state surveillance. One only has to glance at the recent history of state data collection and its role in discrimination and mass-murder to see that that one can be far too blasé about the possibility of states misusing statistics. Examples abound from the Holocaust to the genocide in Rwanda, and there is no reason to suppose that this could never happen again. In fact technology makes discrimination easier and more comprehensive: with sophisticated data-mining techniques, inferences can be made about individuals and groups from disparate and seemingly harmless personal data.

However, just because censuses have the potential for abuse, this does not make them wrong. Surveillance forms the basis of modern societies, good and bad, and coercion is all around us from the time we are children told by our parents not to play on the stairs. Coercion can be caring, protect us and improves our lives. The long-form census would have to be shown to be unfairly coercive, or not have enough beneficial policy outcomes to justify any coercion. This, the government has failed to do, whereas the campaign for the restoration of the survey has highlighted numerous examples of improvements in communities across Canada resulting from long-form census data.

Now to privacy. The campaign to restore the long-form census has seen frequent instances of the argument, ‘nothing to hide, nothing to fear’. This is one of the most glib arguments about privacy and surveillance, not only because of the potential abuse of state data collection but also because it assumes so much about what people should want to keep private. Another common argument is that privacy is irrelevant because ‘everyone gives away their personal information on Facebook anyway’. But the fact that some people chose to share parts of their lives with selected others does not imply that any infringement of privacy is acceptable. Privacy depends on context. Social networking or marketing trends do not mean that ‘anything goes’ with personal data.

In making these arguments, campaigners end up unwittingly bolstering a government strategy that relies not only on the evocation of ‘coercion’ but on pitting individual privacy against collective social goals. Yet, the government’s position is misleading. Privacy is not simply an individual right but also a collective social value. And further, just because the data is collected from individuals by the state, does not mean that the state infringes on privacy. It depends on whether the data is stored without consent in a way that identifies individuals or is used in a way negatively impacts upon them.

However, Statistics Canada have demonstrated a commitment to privacy within the census process. The long-form census data is not used to identify or target individuals. It is aggregated and used for wider community purposes. As Statistics Canada say quite on their website: “No data that could identify an individual, business or organization, are published without the knowledge or consent of the individual, business or organization.” The census returns are confidential and Statistics Canada employees are the only people who will ever have access to the raw returns, and they are bound by The Statistics Act. All this was confirmed by the Office of the Privacy Commissioner of Canada, who found the 2006 census fully compliant with privacy law.

So both privacy and coercion are red herrings. The conduct of the long-form census has demonstrated a commitment to privacy alongside other collective social values in support of individuals and the wider community. This moderate, sensible and profoundly Canadian position is now under threat. That is why this debate matters.