Category: Rights

Harper’s nominee for Privacy Commissioner must be challenged

The current Canadian government has been in a lot of trouble recently over nominations to various federal offices. It’s been accused of cronyism, overly partisan, inappropriate  and even illegal nominations to senior positions. Many have been rejected. It comes as no surprise then to find that Prime Minister, Stephen Harper, has nominated someone who seems almost entirely inappropriate to be the next federal Privacy Commissioner.

The nominee, Daniel Therrien, has spent almost all his career as a government insider. If Therrien was a privacy expert, this wouldn’t necessary be an obstacle even to someone taking a job which is supposedly an arm’s length position, as much a watchdog on government as a government office.

If he was a privacy expert.

But he’s not.

Therrien’s experience comes mainly in corrections (prisons and parole offices) and latterly with immigration and border issues. He’s currently the Assistant Deputy Attorney General, Public Safety, Defence and Immigration Portfolio, at the Department of Justice. It is in this position that he has had some involvement with privacy issues, and in some ways, this involvement makes his nomination even more troubling.

Therrien was one of the leaders of the Canadian negotiating team that dealt with the privacy principles of the Beyond the Border Accord, the agreement that essentially allows the USA to extend its ‘perimeter’ around Canada (the original proposed version of the agreement was refered to as the North American Perimeter agreement).

So what do the principles say? Essentially they are a vague set of reaffirmations of well-understood data protection principles combined with the recognition of domestic laws. They don’t do anything specific or new. They certainly will not guarantee that sensitive personal information is not shared across borders or provide for genuine protection when they are. And it seems clear that while necessity and proportionality and data quality are all referenced, necessity seems to trump everything else. As the final principle on ‘Retention’ states:

“The United States and Canada are to retain personal information only so long as necessary for the specific purpose for which the information was provided or further used.”

But as we know from almost everything that has happened since 9/11, necessity is the mother of expansion.

In addition, most of the principles also use the phrase “in accordance with their respective domestic laws”, or similar. A paragraph on ‘Effective Oversight’ states

“A system of effective data protection supervision is to exist in the form of a public supervisory authority or authorities with effective powers of intervention and enforcement. These powers may be carried out by a specialized public information protection authority or by more than one supervisory public authority to meet the particular circumstances of different legal systems.”

Translated, this means “business as usual.” Canada can carry on having its system of Commissioners and the USA can carry on having its in-house Privacy Officers. This does nothing to resolve the issue of what happens when privacy laws and systems of oversight are in conflict or incompatible – as they frequently are.

The Prime Minister is quoted in the press release as saying: “­­­­­­­­­­I am pleased that Daniel Therrien has agreed to be nominated for the position of Privacy Commissioner. He is a well-qualified candidate who would bring significant experience in law and privacy issues to the position.”

I guess it all depends what one considers to be ‘significant experience’. He has some experience. But he is neither a privacy lawyer not a privacy expert by training nor has be become such by virtue of his career. And his limited experience is almost entirely in the context of the furthering of neoliberal trade and security agreements with the USA, it is not in domestic privacy protection.

Daniel Therrien may well have had an impeccable professional record. He may well be an excellent Assistant Deputy Attorney General. He may well be a good person. But none of those things are the issue here: Therrien is not “a well qualified candidate” to be the federal Privacy Commissioner. He could, like the current interim Commissioner, Chantal Bernier, legitimately be appointed as Deputy Commissioner in order to build up his qualification in the area. But as the Commissioner? No.

Luckily, this nomination is not a foregone conclusion. It must be approved by both the Senate and House of Commons, and Liberals, NDP and Greens have all voiced concerns already. I am adding my own voice to this in saying that this nomination must be challenged in the most robust terms. Personally, I also think it’s a great shame that the capable and directly experienced Bernier was not given the opportunity to retain the seat that she has only been keeping warm for the next Commissioner…

The Right to Watch?

I’ve always defended the right to photograph in public places. However, a number of cases in the last few weeks are highlighting an important new development in this area, a new front in the increasingly confusing information wars. Gary Marx always like to say that surveillance is neither good nor bad but that intent, circumstances, and effects make it so, but a growing number of people and organizations seem to be treating surveillance – or at least watching, and certainly not all watching is surveillance – as a right which supersedes rights to privacy. We’ve seen this in the case of Google Glass – even before it was launched commercially – and more recently with the arguments over the ‘right to be forgotten’ in Europe, with personal privacy being counterposed to freedom of information and actions to protect privacy being compared to censorship. It’s all somewhat reminiscent of Dave Eggers’ novel, The Circle, in which a Facebook-Google-Apple-a-like company completely turns around social values until, as one of the corporate slogans has it, “PRIVACY IS THEFT!”

The latest case is that of the use of drones / micro-UAVs / MAVs in the USA. The Federal Aviation Authority (FAA), the government body that controls US airspace, is trying to regulate the use of drones and has attempted to fine commercial drone operators who fly surveillance drones without their permission. The case revolves around one Robert Pirker, who used an unlicensed drone to film a promotional video back in 2011. At the moment the FAA is appealing against the National Transportation Safety Board (NTSB), who rule that it could not fine Pirker as it did have jurisdiction over small drones. Now the media has weighted in on Pirker’s side, arguing that the FAA’s stance infringes the first amendment and creates a ‘chilling effect’ on journalism.

I’m really not sure about either argument. On the FAA side, this is partly about a bureaucracy trying to keep control of its regulatory territory as much it is about the object of the regulation – the FAA does not want to be seen to be losing control just as the number of small drones is increasing massively.

On the other side, is this really about the rights of journalists? Pirker was making a commercial film not covering a story, and the effect of the FAA’s ruling being overturned is more likely to open the door to a corporate free-for-all, an absurd PKDickian world of drones as far as the eye can see, with all the attendant crashes and legal battles, could result. Think not? Well, back in the 1900s, people thought there would never be that many cars on the roads either… so it is certainly it is partly about their mandate, i.e. air safety.

The big question here, as with Google Glass and with Search, is whether technological change makes a difference. Is a flying camera just the same as a hand-held camera? Does the greater potential for intrusion, or on the other hand the inability to know that one is being filmed, matter? Does that possibility that ‘the truth’ will be revealed justify any technological method used to obtain it? If not, which ones are acceptable, whereis the line drawn, and who decides and how? In the UK, the ‘public interest’ would be a good basis for deciding, as has been frequently alluded to in the Leveson Inquiry into telephone tapping conducted by Murdoch-owned newspapers, however ‘public interest’ is a much vaguer term in the USA… what is certain is that conflicts around the ‘right to watch’ versus the ‘right to privacy’ and other human rights and social priorities are only going to intensify.

On the ‘Right to Be Forgotten’

While Viktor Mayer-Schönberger is arguing today both that there’s really not a lot new to the European Court of Justice decision to order Google to adjust its search results to accommodate the right to privacy for one individual and that it really won’t be a problem because Google already handles loads of copyright removal requests very quickly, the decision has also sparked some really rather silly comments all over the media, usually from the neoliberal and libertarian right, that this is a kind of censorship or that it will open the door to states being able to control search results.

I think it’s vital to remember that there’s really an obvious difference between personal privacy, corporate copyright and state secrecy. I really don’t think it’s helpful in discussion to conflate all these as somehow all giving potential precedent to the other (and I should be clear that Mayer-Schönberger is not doing this, he’s merely pointing out the ease with which Google already accommodates copyright takedown notices to show that it’s not hard or expensive for them to comply with this ruling). State attempts to remove things that it finds inconvenient are not the same as the protection of personal privacy, and neither are the same as copyright. This decision is not a precedent for censorship by governments or control by corporations and we should very strongly guard against any attempts to use it in this way.

Google algorithms already do a whole range of work that we don’t see and to suggest that they are (or were) open, free and neutral and will now be ‘biased’ or ‘censored’ after this decision is only testament to how much we rely on Google to a large extent, unthinkingly. This is where I start to part company with Mayer-Schönberger is in his dismissal of the importance of this case as just being the same as a records deletion request in any other media. It isn’t; it’s much more significant.

You are sill perfectly free to make the effort to consult public records about the successful complainant in the case (or anyone else) in the ways you always have. The case was not brought against those holding or even making the information public. What the case sought to argue, and what the court’s verdict does, is to imply that there are good social reasons to limit the kind of comprehensive and effortless search that Google and other search engines provide, when it comes to the personal history of private individuals – not to allow that one thing that is over and one to continue to define the public perception of a person anywhere in the world and potentially for the rest of their life (and beyond). Something being public is not the same as something being easily and instantaneously available to everyone forever. In essence it provides for a kind of analog of the right of privacy in public places for personal data. And it also recognizes that the existence and potentials of any information technology should not be what defines society, rather social priorities should set limits on how information technologies are used.

Personally, I believe that this is a good thing. However, as the politics of information play out over the next few years, I also have no doubt that it’s something that will be come up again and again in courts across the world…

PS: I first wrote about this back in 2011 here – I think I can still stand behind what I though then!

Transparent Lives: Surveillance in Canada

The New Transparency project is coming to an end, and we are launching our major final report, Transparent Lives: Surveillance in Canada / Vivre à nu: La surveillance au Canada, in Ottawa on Thursday 8th May (which is also my birthday!). The report is being published as a book by Athabasca University Press, so it is available in all formats including a free-t0-download PDF. We want as many people in Canada (and elsewhere) to read it as possible.

The launch will be covered by the Canadian press and was already blogged in the Ottawa Citizen a few days ago.

A website with resources and summaries will be here very soon, and there is also a promotional video / trailer here in Youtube.

 

Hot Air on the Surveillance Industry from the UK

Privacy International has produced a much-needed survey of the state of the surveillance industry, following its other excellent report on the use of development aid to push surveillance technologies on developing countries. The British government’s response, voiced by the Chair of the Parliamentary Committee on Arms Export Controls, Sir John Stanley,  has been a typically limp one, largely concerned with the possibility of such systems being sold to ‘authoritarian regimes’ yet blustered and talked of ‘grey areas’ when it came to Britain’s responsibility for this trade.

But this is all way too little too late. I warned of the danger of the increased technological capabilities and decreasing costs of ‘surveillance-in-a-box’ systems as far back as 2008 (see my post here which refers to that). Instead of taking horizon-scanning and pre-emptive action to limit this, Britain, the USA and many other states have encouraged this trade with state aid – as they have with military and security industries more broadly – and, not least, encouraged the use of surveillance on a global scale themselves. Their own extensive breaches of human rights through programs like PRISM and TEMPEST give them no real moral high ground to talk about what authoritarian regimes might do, when they are already pursuing the same actions.

Drones Over America

EPIC has obtained evidence under the Freedom of Information Act from the US Department of Homeland Security that is has fitted Predator drones with domestic espionage capabilities. The document, Performance Specification for the US Customs and Border Protection Unmanned Aerial System (UAS) Version 2.4, dated March 10 2010,  includes the following technical requirements: infra-red sensors and communications, plus either synthetic aperture radar (SAR), Ground Moving Target Indicator mode (GMTI – tracking) or signals interception receivers (page 7). The UAV should:

be “capable of tracking an adult human-sized, single moving object” with sufficient accuracy “to allow target designation at the specific ranges.”(page 28)

“be able to maintain constant surveillance and track on a designation geographic point.” (page 28)

The section ‘target marking’ is redacted in EPIC’s version however the CNET website managed to get hold of a non-redacted version, which say that the system “shall be capable of identifying a standing human being at night as likely armed or not,”  and specify “signals interception” technology for mobile phone frequencies as well as “direction finding” which will enable the UAS locate them.

And in case people are wondering whether this is just for border patrol, the documents specifically states that it is for collection of ‘Intelligence Surveillance and Reconnaissance (ISR) data in support of Department of Homeland Security (DHS) and CBP missions” (page 1). I hope all you US people know exactly how you can challenge drones flying at 20,000 feet up that might be breaching your 4th Amendment Rights…

Implants vs. Wearable devices

Printed Electronic Tattoo (Wired)

I’ve been thinking a lot recently about why it is that implanted tracking devices have never really taken off in humans. Just a few years ago, there were all kinds of people laying out rather teleological versions of technological trajectories that led inevitably to mass human implanantation – and not just the US Christian right, who saw RFID as the fulfilment of biblical prophecy.

I think there are many reasons, including negative public reaction (implants really are a step too far, even for the ‘nothing to hide, nothing to fear’ crowd) and the fact that a lot of the promotion of human RFID implants was actually the PR work of one very loud company (Verichip) and did not actually have a lot of basis in either social reality or market research. But the other major reason is to do with other technological developments, particularly in wearable computing and sensor networks. In most cases, implants solve a problem that doesn’t exist (the idea that people want to remove a tracking device that might be there for very good – although I am not saying, indisputably good – reasons, usually medical ones). And where there are no good reasons, there’s probably no case for tracking at all.

So devices like this – temporary, printed or stick-on and removable – are far more what is likely to become the solution to any actual problem of tracking or monitoring for medical reasons. And the relative ease with which it can be removed by the wearer does at least mean that there is some room for negotiation and consent at more than just one point in the process. Of course, such removable, wearable tracking are still not somehow free of ethical and political considerations – and some may argue that the very appearance of consent actually hints at the generation of a greater conformity and self-surveillance, but the issues are of a slightly different nature to those raised by implanted devices.

Illegal UK blacklists now being shared with the USA?

I’ve written here in the past about British blacklisting organisations that compile lists of ‘troublemakers’ (mainly union activists) and sell them to building firms and share them with police. This has led to people being unable to get jobs and all kinds of hassle. In theory, the notorious Economic League which started this activity back in the 1920s is now disbanded but their mantle was taken up by a number of other private bodies, including the Consulting Association, which was the subject of an unusual raid by the Information Commissioner’s Office (ICO) back in 2009.

Now it seems that in the era of transnational information sharing for ‘security’, such lists have found their way to the US Homeland Security complex. According to a report in the London Evening Standard, his certainly seems to be the case for major British mainstream environmental campaigner, John Stewart, formerly of the anti-road building lobby, Alarm UK and now of the Heathrow Association for the Control of Aircraft Noise (HACAN).

If such private politically motivated lists are now circulating internationally and being treated as reasonable grounds for refusing entry to other countries, it makes a mockery of the fact that they have already been found to be in breach of British and European laws, and it is likely that such data will continue to circulate entirely decontextualized from the circumstances and motivation of their collection. So an illegal anti-democratic trawling operation to stop legitimate political activity becomes the basis for security decisions to err… safeguard democracy. It would be funny if it wasn’t already so common and will continue to be so as security relies increasingly on risk assessments derived from the indiscriminate mashing together of information into ‘big data’.

Mozilla stops ad-network cookies

Mozilla, the developer of the Firefox web-browser, has decided that voluntary compliance by advertisers with its ‘Do Not Track’ settings is not working. Advertisers have basically been ignoring what is essentially a request by users, so instead of giving up, Mozilla has taken the right step and will simply not allow ad networks to install cookies on user’s computers or phones. This will of course cut ad revenue to some sites that rely on it, but it will also be a major step to slowing the proliferation of online tracking.

Of course, it can also be seen as a new negotiating position in a long conflict, as the Centre for Democracy and Technology points out, it could be a negotiating position that is all about trying to force companies to implement Do Not Track requests as a compromise from wholesale cookie-blocking. But I’m fully on board with Mozilla here either way. I very much doubt that Microsoft will take a similarly ethical stance on user control – because that’s what this is really about, not privacy as such but who has the right to control information about themselves.

A Culture of Pornography and the Surveillance Society

The student newspaper here at Queen’s carried a disturbing story this week – a hidden camera disguised in a towel hook was found in a women’s washroom*. Apparently a search was carried out and nothing else was found. I would be very surprised if this was something unique and isolated. Voyeuristic footage is a staple of both private perversion and Internet pornography, and I suspect that this is much more common than we realise. I remember at my old university in the UK a private landlord being prosecuted for having virtually his whole house, which he rented out to female students, wired up like this. Cameras are now so small (and getting smaller), and readily available disguised from shops that deal in equipment (largely intended for industrial espionage and spying on nannies, spouses etc.) and can of course now be wirelessly connected, so could be almost anywhere and everywhere.

We’re also immersed in a culture of pornography: it is what spurred the immense growth of the Internet in the 90s (a subject that remains to be given a proper historical analysis), and it is changing the nature of sexuality, especially in teen boys, in ways we’re only just beginning to understand. I’d hesitate to make any sweeping generalizations, but it would seem that if one puts together the kind of normalization of pornographic understandings of bodies, desire and sex with the rape culture alleged to pertain at Queen’s (as the same paper detailed the week before) and a surveillance society, you end up with not the hopes of an empowering exhibitionism put forward by more utopian feminist thinkers on surveillance like Hille Koskela, but something infinitely more seedy and alienated.

Perhaps if Nineteen Eighty-Four was written today, then O’Brien’s answer to Winston Smith on what the future would look like would not be “a boot stamping on a human head, forever” but “a man masturbating over a mobile phone, forever”. I’m not sure which is worse…

*As a note, the newspaper described it as a ‘co-ed’ washroom, a term so archaic, it made me wonder how much of the culture that engenders such behaviour is down to the continued underlying patriarchal belief that women being in education on an equal footing with men is still unusual, provocative and somehow so exciting to men that they cannot control themselves. And of course ‘co-eds’ is exactly how online porn sites that publish this kind of voyeuristic footage would describe the unwitting participants.

(Thanks to Aliya Kassam for the story)