Tag Archives: privacy

Trust, privacy and digital security


The pace with which the UK government is forcing through legislation to permit its security agencies legally to gather information about the use of digital technologies by people living in the UK raises ethical issues of the utmost importance. In the past, I have very much emphasised the significant concerns that citizens should have about the use of their ‘digital lives’ by both global corporations and governments. In so doing, I have sought to emphasise the interesting conjuncture of ideas surrounding the three concepts of trust, privacy and the law that lie at the heart of such discussions (for some early thoughts, see my 2010 paper on ICTs, citizens and states).

One of the most remarkable things about digital technologies, and particularly the extremely rapid expansion of social media, has been the ways that people have been willing to make so much information available for public view that was previously considered to be ‘private’. Why, for example, if people are providing so much of their information on-line for free should they have any concerns about whether or not governments make use of this? Social media companies have benefited hugely from the willingness of people to give for free without thinking too much about the consequences, and so too have those providing search engines and location based digital services.  So why should governments not likewise use this information?

In trying to unravel some of the complexities of these issues, it is useful to contrast two very different perspectives on what privacy actual is:

  • The dominant view would seem to follow Etzioni (2005) in accepting that privacy is in effect a good that can be weighed up against other goods. From this perspective, people are willing to give up some of their ‘privacy’ in return for various perceived benefits. Hence, people seem to be willing to let companies use information about their e-mail or search engine usage, in return for having a ‘free’ e-mail account or the ability to search the Internet for ‘free’ for some information that they want to find. Similarly, it can readily be argued that governments can, and indeed should, be permitted to pry into the lives of individuals in order to protect all citizens, especially if a justification, such as preventing potential ‘terrorist’ action can be provided.
  • An alternative type of definition of privacy, though, is offered by Friedman (2005) who instead sees privacy as a means through which we have power over our own lives. He emphasises the asymmetric power relationships between states and citizen. Few citizens, for example, possess their own tanks or fighter aircraft, and few have the digital analysis technologies that large corporations and governments possess. As he suggests, in referring to the state, ‘limiting its ability to protect us from bad things done to us by ourselves or by other people, may not be such a bad deal’.

In the past, I have very much supported Friedman’s arguments, and on balance still do. However, this is where notions of ‘trust’ become so important. From conversations in many different countries, I have come to the clear view that where people do not trust their governments, then they are much more willing for their digital lives to be known by companies, but where they do trust their governments then the reverse is the case. Governments have the power to do very bad things to their people, and digital technologies have the potential to offer them very large amounts of knowledge indeed in support of such actions.

The interesting observation to be made here is that it is actually the companies, be they ‘phone operators or social media corporations, that actually already collect this information on a regular basis, and indeed use it to generate their profits. Whilst there is much angst against governments for wanting to access some of this information, I am surprised at how little concern there actually is about the uses that companies already make of such information. Again, in part, this comes down to trust, but I think this is only in part. Companies seem to me to be much more circumspect in telling people actually what data they collect and how they use it. They leave the governments to take the flack in wanting to access such information!

The arguments currently being debated as the Data Retention and Investigatory Powers Bill moves through the UK Parliament are ultimately derived from social contract theory. In essence, building on the ideas of Hobbes and Locke in the 17th century, the idea that citizens are willing to give up some of their rights to governments in return for protection of their remaining rights has become central to much of the way in which our governance systems work. Following Etzioni’s line of thought, citizens might therefore consider giving up some of their privacy in return for greater protection from other citizens (or ‘terrorists’) who for whatever reason wish to do them harm. It becomes incumbent for governments therefore to show that there is indeed a very considerable increase in the potential threat to citizens from ‘terrorism’, or indeed any other harmful effects, if they want to pry further into citizens’ privacy.

This is, in effect, what the UK government is seeking to do, without perhaps illustrating the full extent of the threat. As I learn more about these matters, and speaking with many people who I have come to trust over the last couple of years, I am becoming increasingly aware of just what the level of threat is, and I am much more persuaded by the arguments that some greater surveillance might indeed be necessary. However, the challenge for a government is that it is difficult for it to indicate just what these threats are because of the obvious security implications, and so citizens have to place a lot of emphasis on trusting their governments.

How can this be achieved? The most important thing in building trust on such matters is to have as full, open and transparent a debate as possible amongst relevant stakeholders. Rushing legislation through Parliament is therefore unwise, unless the level of threat is very severe indeed. I cannot judge this, but unfortunately recent failures of trust over such things as the UK’s support for the USA in the invasion of Iraq over ‘weapons of mass destruction’, make it very difficult for people to believe a UK government of any political colour on such matters.

MPs would therefore be wise if they are to pass this Bill to insist that immediately in its aftermath a wide-ranging and fully transparent consultation should take place, so that the issues are debated openly and constructively. This will take a considerable amount of time, but will ultimately be worth it, not only in rebuilding trust, but also in reaching a wise decision on how to balance privacy and security.

This does not, though,  resolve the concerns raised by Friedman, with whom my own allegiance really lies. The balance of power between states and their citizens is indeed unequal, and there must be mechanisms whereby governments and their servants can be held to account for their actions and misdemeanours. It is here where I believe the law is so important, and it seems to me that judges have a particularly crucial role to play in determining the appropriate balance. The separation of the judiciary from the executive is another important heritage of the British political system, and one that is shared to a greater or lesser extent in many Commonwealth countries. Whatever outcomes are agreed on in the consultation that I encourage, they must be enshrined in a very carefully constructed legal framework that can indeed insist on the severest of penalties for misuse of the powers that are being discussed in Parliament as I write.

 

Advertisements

Leave a comment

Filed under Commonwealth, Development, Ethics, ICT4D, Politics, UK

Google admits it is in breach of UK data privacy


The BBC has reported that “Google has admitted that it had not deleted users’ personal data gathered during surveys for its Street View service. The data should have been wiped almost 18 months ago as part of a deal signed by the firm in November 2010. Google has been told to give the data to the UK’s Information Commissioner (ICO) for forensic analysis”.

When it was originally reported that Google had obtained private data from unsecured wireless networks whilst it was gaining images and spatial data for Street View, the company said it was a mistake and agreed to delete the data by the end of 2010.  However, Google has now contacted the UK’s Information Commissioner to say that not all of these data have been destroyed, asking what it should do with it.

As the BBC continued to report “Possessing data that should have been deleted ‘appears to breach’ the undertaking Google signed in November 2010, said the ICO in a statement. ‘The ICO is clear that this information should never have been collected in the first place and the company’s failure to secure its deletion as promised is cause for concern,’ it added”.

Leave a comment

Filed under Ethics, UK

Google and Facebook: privacy and security


I have long been critical of Google, but two thing have recently begun to make me begin to think again.  First, they have developed an amazing App – Google Translate!  Whilst the translations are by no means perfect, the idea behind the App is brilliant.  At its best, you can speak the phrase that you want translated, and the App will then give you a translation in more than 60 different languages, all as text and some as a sound file.  Using such software, someone can speak a phrase in Indonesian and then the App will translate it so that someone else can hear the phrase in Portuguese or Russian or Czech.  This is really beginning to use the potential of mobile technologies to help people from many different backgrounds communicate with each other.

However, this is not the main purpose of this note.  Anyone who uses Google software cannot but be aware of the changes to Google’s privacy policy that are due to come into force on 1st March.  This is the important thing – Google, for a change, appears to be trying to be much more open than ever before in explaining the reasons why it is adopting new privacy policies.  As they say, “We’re getting rid of over 60 different privacy policies across Google and replacing them with one that’s a lot shorter and easier to read. Our new policy covers multiple products and features, reflecting our desire to create one beautifully simple and intuitive experience across Google”. In clarifying the reasons for this, Google claims that it will make it easier to work across Google, it will be tailored for users, it will be easier to share and collaborate, that its fundamental principle of protecting user privacy has not changed, and that it helps users understand how Google uses their data.

Google has five core privacy principles:

  1. “Use information to provide our users with valuable products and services.
  2. Develop products that reflect strong privacy standards and practices.
  3. Make the collection of personal information transparent.
  4. Give users meaningful choices to protect their privacy.
  5. Be a responsible steward of the information that we hold”.

However, are these principles really as sound as they at first sight appear?  Google’s profits have been built around the fundamental notion that it encourages consumers to give information to the company that is of considerable value to Google  in exchange for ‘free’ services, such as the world’s best search engine, e-mails and document sharing.

An alternative perspective is offered by those who see this as a deliberate move to combine information about individuals from across the platforms that it now owns, and use this to generate even greater profits.  As the BBC has commented, “Critics have hit out at Google’s decision to merge personal data from YouTube, Gmail, search, social network Google+ and dozens of other services”.  As the BBC report goes on to note, “Data is a hugely valuable commodity as firms seek ways of making money from users’ web habits with ever more targeted adverts”.

It is not only Google, though, that is combining aspects of its various services, and the information it gleans from them.  As the competition between Google and Facebook hots up, Facebook is also combining the different data it holds about people.  Again, as the BBC comments “Facebook is also moving to merge people’s data, with tweaks to how user information is displayed. Its new feature, Timeline, shares users’ past history on the site in a more readable way. While it does not expose any more information that was previously available on its traditional profile page it does makes it easier to view older posts. Currently the system is voluntary, but Facebook is making it compulsory”.

The forthcoming IPO (initial public offering) of Facebook provides an interesting opportunity to reflect on the balance of power between the top valued companies that have built their businesses on the technologies of the Internet, and an apparently endless desire by people to find out about each other and share information about themselves.  A recent report by Keith Woolcock in Time Business captures this well: “The upcoming IPO of Facebook, the flak surrounding Twitter’s decision to censor some tweets, and Google’s weaker-than-expected 4th-quarter earnings all point to one of the big events of our times: The crazy, chaotic, idealistic days of the Internet are ending. Once, the Prairies were open and shared by everyone. Then the farmers arrived and fenced them in. The same is happening to the Internet: Apple, Amazon and Facebook are putting up fences — and Google is increasingly being left outside. The old Internet on which Google has thrived is still there, of course, but like the wilderness it is shrinking. Often these days, we sign up for Facebook or Amazon’s private version of the Internet. At other times, we use a smartphone and download an App instead of using Google search. Investors are already placing their bets on who the winners of the new Internet will be: Over the past five years Amazon’s shares, despite their recent fall, have risen 370%. Apple’s are up 438%. Google’s, meanwhile, have merely risen by 17% in all that time.  It is still the early days of this long-term trend, but my hunch is that this gap in performance will widen over the coming year — and that Google’s long slow decline has already begun”.

Perhaps I should start feeling sorry for Google after all.  At least I began this blog by encouraging people to start using their great translation App!  Ultimately, though, we should all reflect a bit deeper on what it is we are giving away for free when we sign up for a service that is free for us to use.  We should all also be much more careful about just how much information about ourselves we make available publicly – just in case one day we regret the profit that others have made out of it!

Leave a comment

Filed under ICT4D

Google and privacy


I am often criticised for my concerns over Google’s ethical claims. Most people seem to like the apparently ‘free’ services that the company offers, and are not greatly concerned about the implications of sharing private information with a corporate giant that claims to do no evil.  I was therefore very pleased to see a report yesterday on the the BBC’s news site that Google is to be audited over privacy concerns relating to its social network Buzz.  Highlights of the article noted that:

  • “Google will be subjected to independent privacy audits for the next 20 years over charges that it “violated its own privacy promises”.  The US Federal Trade Commission (FTC) said that the search giant wrongly used information from Google Mail users last year to create its social network Buzz”
  • “When companies make privacy pledges, they need to honour them,” said Jon Leibowitz, chairman of the FTC. “This is a tough settlement that ensures that Google will honour its commitments to consumers and build strong privacy protections into all of its operations.”
  • “Buzz’s launch in February 2010 came under heavy criticism from users. According to Google, the system was designed to bring together members’ personal and private lives. One widespread complaint was over a feature that allowed it to publicly list other Gmail contacts a user was most frequently in touch with. While this feature could be turned off, the default setting was to leave it on – potentially revealing a user’s contact with an ex-spouse, employer or similar.”
  • “The FTC said “deceptive tactics” were used to populate the network with personal data gained from use of Gmail, and that when users were given the change to opt-out of Buzz, they were still enrolled in some of its features”
  • “The FTC said Google violated its privacy policy which stated: “When you sign up for a particular service that requires registration, we ask you to provide personal information.”
  • “Reflecting on the latest settlement, Alma Whitten, Google’s director of privacy, product and engineering, said: “We’d like to apologize again for the mistakes we made with Buzz. “While today’s announcement thankfully put this incident behind us, we are 100 percent focused on ensuring that our new privacy procedures effectively protect the interests of all our users going forward.”

In another recent report from the BBC, it is also interesting to note that the US Department of Justice has approved a New York court ruling that blocked an agreement between Google and publishers over the publication of books online.  As the report noted, “An agreement between Google and publishers over the web firm’s publication of books online has been blocked by a US court. The web giant has scanned millions of books and made them available online via its eBooks platform. Google had negotiated the deal to settle a six-year-old class action suit claiming infringement of copyright. But the New York court said the deal would “simply go too far”, giving Google an unfair competitive advantage”.

Leave a comment

Filed under Ethics, ICT4D

UK government cancels identity cards


I have long emphasised the ethical issues associated with the introduction of identity cards, and so it is good to see that one of the first steps that the new UK government has taken is to cancel their introduction.  The Home Office’s Identity and Passport website now carries the following stark statement:

“The Government has stated in the Coalition Agreement that it will cancel Identity Cards and the National Identity Register. We will announce in due course how this will be achieved. Applications can continue to be made for ID cards but we would advise anyone thinking of applying to wait for further announcements.

Until Parliament agrees otherwise, identity cards remain valid and as such can still be used as an identity document and for travel within Europe. We will update you with further information as soon as we have it”.

2 Comments

Filed under Ethics, Politics, Uncategorized

Digital Britain


The UK’s Department for Culture, Media and Sport (I still think this is a crazy mixture, but…)  published its final report on Digital Britain on 16th June 2009.  It claims that “The Digital Britain Report is the Government’s strategic vision for ensuring that the UK is at the leading edge of the global digital economy. It is an example of industrial activism in a crucial growth sector. The report contains actions and recommendations to ensure first rate digital and communications infrastructure to promote and protect talent and innovation in our creative industries, to modernize TV and radio frameworks, and support local news, and it introduces policies to maximize the social and economic benefits from digital technologies”.

The key measures it recommends are:

  • A three-year National Plan to improve Digital Participation
  • Universal Access to today’s broadband services by 2012
  • Next Generation fund for investment in tomorrow’s broadband services
  • Digital radio upgrade by the end of 2015
  • mobile spectrum liberalisation, enhancing 3G coverage and accelerating Next Generation mobile services
  • robust legal and regulatory framework to combat Digital Piracy
  • support for public service content partnerships
  • a revised digital remit for Channel 4
  • consultation on funding options for national, regional and local news

One of the most interesting statements in the executive summary is that “For individuals a quiet revolution has delivered seamless connectivity almost everywhere. That revolution ranges from personal pocket libraries of music, audiovisual content and increasingly electronic literature on a scale inconceivable ten years ago; inexpensive broadband which allows efficient and family-friendly working patterns in the knowledge sector of the economy – and broadband at increasing speeds – the next generation of which, already available to nearly half Britain’s homes, allows us to send or receive 200 mp3 music files in five minutes, an entire Star Wars DVD in 3 minutes and the total digitised works of Charles Dickens in less than 10 minutes. It has given us access to a wide range of social networks, allowing us to share experiences and swap and create content. The digital revolution has also led to a huge expansion in the creation and availability of professional content. Today, the typical British consumer spends nearly half of their waking hours engaged in one form or another with the products and services of the communications sector”.  The report goes on to assert that “The UK is already a digitally enabled and to a significant degree digitally dependent economy and society. The Digital Britain Report aims to be a guide-path for how Britain can sustain its position as a leading digital economy and society”.

To my mind, the report is overly up-beat.  It fails satisfactorily to address the real challenges associated with a digital Britain, and especially:

  • it focuses primarily on the technological and economic dimensions – and not enough on the social, cultural and political issues raised by these
  • there is nothing overtly on the ethical and moral issues raised by this particular vision of a ‘digital Britain’ (‘ethics’ and ‘moral’ are words that are not even mentioned in the report)
  • although trying to grapple with some of the issues surrounding unequal access, its solutions are unlikely to have a significant impact on the lives of Britain’s poorest people and communities – the concept of a ‘digital divide’ is only mentioned three times, and there is no mention of words such as ‘inequalities’ or ‘inequality’; ‘equity’ is only mentioned twice.  The market cannot provide effective solutions for the most marginalised – and it should be the role of government to intervene to ensure that as many people as possible can benefit from the potential that such technologies can offer
  • insufficient attention is paid to the negative effects of the digital economy – in terms of the ways in which it reinforces power relationships, and enables ever greater ‘control’ and manipulation of the majority by the few.  The anarchic potential of the Internet is also insufficiently explored – and is treated negatively in the only place where it is addressed (“Most consumers, except the minority of the anarchic or those who believe in ‘freedom to’ without its counterbalancing ‘freedom from’, who believe in unsupported rights without countervailing duties, would prefer to behave lawfully if they can do so practically and with a sense of equity” p.110).  “Web 2.0” is likewise only mentioned once!
  • as I have argued elsewhere, one of the implications of Britain sustaining “its position as a leading digital economy and society” is that this will necessarily mean that it will relatively disadvantage those in poorer countries of the world.  Given my own interest in trying to ensure that poor people and marginalised communities can also truly benefit from digital communities, I am concerned by the complete lack of attention that this report pays to issues of ‘development’ – Africa is not mentioned at all, and ‘developing countries’ are only mentioned once to exemplify the impact of mobile ‘phones therein!  I wonder what colleagues in the UK’s Department for International Development have to say about this – another excellent example of lack of joined up government!

The UK government needs to understand that ICTs are about much more than simply the technology and the economy – if we are truly to use them to make the world a better place, we must emphasise the social, political and cultural aspects of their use much more than does this report on Digital Britain.

For other commentary in the UK press see:

  • James Ashton in the Times: A blurred vision for Digital Britain
  • Matthew Horsman in the Daily Telegraph: Only a sketchy road map of Digital Britain
  • BBC News: Digital Britain countdown begins

Leave a comment

Filed under ICT4D

UK Government announces that it has no plans to create a central database for storing communications data


The UK’s Home Office has recently announced that it no longer has any plans to create a centralised database to store all communciations data.  In its consultation paper presented to Parliament in April 2009, and entitled “Protecting the Public in a Changing Communications Environment“, the Home Secretary Jacqui Smith commented that “this consultation explicitly rules out the option of setting up a single store of information for use in relation to communications data”.  This is excellent news for all those concerned that the government was indeed considering establishing such a centralised database of all digital communication (see my comments in February about this). The consultation paper is a very important document, and lays out clearly the various options facing a government eager to get the balance right between privacy and security.

The consultation paper asserts that “The Government has no plans for a centralised database for storing all communications data.  An approach of this kind would require communications service providers to collect all the data required by the public authorities, and not only the data required for their business needs.  All of this communications data would then be passed to, retained in, and retrieved from, a single data store.  This could be the most effective technical solution to the challenges we face and would go furthest towards maintaining the current capability; but the Government recognises the privacy implications of a single store of communications data and does not, therefore, intend to pursue this approach”.

With reference to third party data, two approaches are identified as possible ways forward:

  • “The responsibility for collecting and retaining this additional third party data would fall on those communications providers such as the fixed line, mobile and WiFi operators, who own the network infrastructure”
  • “A further step would be for the communications service providers to process the third party communications data and match it with their own business data where it has elements in common; this would make easier the interpretation of that data if and when it were to be accessed by the public authorities”.

In the light of this, the government intends to legislate “to ensure that all data that public authorities might need, including third party data, is collected and retained by communication service providers; and that the retained data is further processed by communications service providers enabling specific requests by public authorities to be processed quickly and comprehensively”.

The government is particularly eager to receive responses on four main questions:

  • Q1  On the basis of this evidence and subject to current safeguards and oversight arrangements, do you agree that communications data is vital for law enforcement, security and intelligence agencies and emergency services in tackling serious crime, preventing terrorism and protecting the public? Found on page 22
  • Q2  Is it right for Government to maintain this capability by responding to the new communications environment? Found on page 22
  • Q3  Do you support the Government’s approach to maintaining our capabilities?  Which of the solutions should it adopt? Found on page 30
  • Q4   Do you believe that the safeguards outlined are sufficient for communications data in the future? Found on page 30

As the consultation paper concludes, “The challenge is to find a model which strikes the right balance between maximising public protection and the ability of the law enforcement and other authorities to do their jobs  to prevent and detect crime and protect the public, and minimising the intrusion into our private lives”.

Leave a comment

Filed under Communication, Ethics, Uncategorized