The last conversation I had before leaving ORGCon for the day was with Alec Muffet, Adriana Lukas, Glynn Wintle and others about whether ORG was a Liberal Democrat party conspiracy, or was in some way permanently leftist. This is a concern shared with me privately and one which is important enough to gather opinion on. The consensus was that it wasn’t a liberal democrat conspiracy and had significant involvment from right-wingers (by which I mean pro-market and social liberals), including vouched for members of that persuasion.
Tim Wu’s view on what we ought to do
The assurances received are reassuring but there is a case to answer. Ex-Green figure head Jim Killock did, after all, agree to open the conference and – in his words – “set the scene” with a talk by Tim Wu. I have frankly never heard of this chap before his talk today, but was persuaded that freedom is not be found on the road he is travelling.
He’s a knowlegable man with a firm grasp of technical history, and his talk was educational. He is rightly concerned for free-speech and privacy on the internet but his solutions are not going to work. He wants to bring corporations under the control of the state through anti-trust and monopolies legislation and net-neutrality regulations, as if the state was a perfectly incoruptable God capable of stewarding the internet better than the people who own it now (which is a very large number of companies). Bizarrely he suggested a US network operator (AT&T if I recall correctly) was pressured into accepting PRISM through fear of what might happen to a pair of mergers that were before the US anti-trsut authorities, but did not acknowledge the obvious corrolaries of that story and again endorsed the use of anti-trust law in the Q&A.
Snooper’s charter is still not dead
The session on the Snooper’s Charter was basically an info dump, delivered in under an hour. The dump included the state of the legislation now and the “problems” facing legislators, that is, the types of data they can’t yet legally get. An investigative journalist told his story and established the ages of various measures (which are not new) Discussion then continued, somewhat inaudibly, to talk about some of the various problems with stopping the passage of the bill. I concluded a better way to get up-to-date on this area was to read through the report, which was helpfully available in the exhibition area.
Data protection revolution
The session on the Data Protection Bill was better paced and structured. The lady from Privacy International claimed that the EU regulation would be a tame evolution of current law, which may be true to some extent, but the level of protection proscribed in law seemed to be very high. She listed:
- The regulation sought to ensure a strong right to privacy that was enforced (against businesses).
- A right to data-portability, which means businesses would be mandated to provide (securely, we assume) a data-export function where all the information they hold on you can be downloaded in a form that would allow it to be uploaded to a competitor.
- A ban on automated profiling, whcih means a ban on making decisions about people using software algorithms that might cause them to be treasted differently from other customers.
- A right to be forgotten about.
- A requirement that privacy protection is on by default.
- A requirement that privacy protection is designed into systems before customers interact with it.
Privacy campaigners are obviously very keen for that shopping list to get passed, as it represents all of the features of their preferred way for consumers to deal with companies. Corporations seem to be a bit concerned that the regulations are very prescriptive and want more flexibility. That sets the scene for a face off in the EU and some 4000 ammendments have been tabled. Privacy campaigners are lobbying for their interests to be represented by MEPs and are tracking how MEPs vote, sorting “good” from “bad”.
The deputy information commissioner seemed more reasonable. He mentioned for example that a right to be forgotten that entitled consumers to have their data erased entirely would be difficult to acheive technically and would have to be relaxed. The word he used was “unrealistic”, quite so, every developer knows that you do not lightly delete database records. He also mentioned that impact assessments were a potential problem and “one size fits all” regulations may be onerous to some (I have heard that impact assessment might need to be conducted for every change to regulated software). Conversely there may be a problem of fragmentation in the data protection regime, with courts, police and public sector bodies subject to a separate regime. One regime could be hard enough with a great deal of detail in it, from the details of documentation to be filed and the qualifications of members of staff corporations would be required to retain.
Another item mentioned by the deputy information commissioner was that there is a stiff deadline for the regulations to pass. If they don’t get through by March/April 2014 then they will have to be abandoned as elections are held and may not be picked up again.
Kassey Chappelle spoke on behalf of Vodafone (video bookmark). She claimed there is a level of under-investment in privacy by corporations [not according to that Microsoft advert 🙂 ] and that Vodafone had tried to do more. They had conducted a health-check of privacy in the company and found a spaghetti mess of policies and procedures agreed on a product-by-product basis in a range of jurisdictions, all agreed beteen product managers and lawyers. She claimed, fairly I suppose, that lawyers are trained to provide technically correct answers about what to do in the face of the law and that the user experience, and the user’s desires of the product are secondary. Consent was being captured in various places, usually by just showing a massive block of legalese. It was not meaningful to users and was a mess to adminsiter.
The alternative approach outlined for Vodafone gave the marketing and product development functions control over privacy and made privacy a feature of their business model and user experience rather than a tick-box add-on considered only at the end. This was privacy by design, as intended for the new law, but brought into the business proposition and (it was claimed) into the culture of the company, at least that was the declared intent.
Chappelle called this model “accountability” and wanted legislation that gave companies the responsibility to deal with consumers in an accountable way, and placed the burden of getting audits of that behaviour onto the corporations. Of course, a large corporation like Vodafone has no problem paying for such processes but this is not the case for many start ups; although of course a start up also has full control of what promises it chooses to be accountable for.
The end of the conference EFF founder John Perry Barlow addressed the conference for the keynote. His was to be an interactive keynote and he pointed out every seat contained a microphone so that questions could be asked. This proved interesting.
Barlow’s vision was of a world in which any person, anywhere on Earth (a big enough vision for the next few decades), would be able to access any knowledge that is known to the human race as quickly as their particular mind was able to assimilate it, so without restrictions of access and intellectual property regimes. he saw the world changing fast as “religions”, such as Christianity or The United States of America suffered from the shock of new information flows and transparency.
For actual religions, he said, this made religious epistemology – the idea that what is right is in a particular book – unsustainable as young minds free to explore the Web would find superior answers more readily and which undermined religious texts.
For the governments, their secrets were no longer sustainable. They would have to act with integrity (I use the Randian word, Barlow may not have) and act they presented themselves to act (without breach between principle and action). State authority would also be undermined and governemace would have to be more “horizontal”. Here I think Barlow meant distributed, or heteroarchical, but you could also say that this would inevitably be market driven (markets, the ultimate free heteroarchy). BArlow may have meant something else here, but I cannot think what.
In corporations, the desire to hire blandly acceptable normal looking people will be undermined. At the moment, if you had a tattoed face – Barlow speculated – you would probably not get the job at IBM. In future you may do. The reason he gave is that the young today have no trouble asserting their individuality publicly so quirky lifestyles will be known openly and will be visible to everyone in the future workplace. He thought this would undermine the expectation that there is some kind of normal person.
Toward the end of the main talk he said something optimistic about our technology and tools. He said such tools are not malignant. That that they do is what we intend for them, as long as we give thought to what that intent is. Tim Wu would have interjected that we have a duty to supervise the tools as well, but did not. Barlow did say, however, that we may find we need new ways to get things done – new ways to solve societal problems – and would have to accept that.
The end of the talk was then encouraged to be a two way session. He said he spent is life trying to destroy broadcast media and did not want to become one. The microphones came out and back and forth segments were interspersed with longer repsonses from Barlow. It was during this period that Barlow mentioned he’s been working in Iceland, Ireland, New Zealand and Ecuador to find new ways to privately store and communicate data. He talked of various ways to build alternatives to “bit transport” (internet connections) that did not involve blowing up the Internet, as Tim Wu suggested, but rather tunnelling and layering over it. White spaces in radio spectrum were considered important.
There was a challenge made to Barlow, who remember is founder of one US digital civil liberties group called the EFF, to bring the 4th ammendment to protect the UK. The idea that PRISM was enabling massive surveillance of UK citizens as traffic passed through the UK had this audience understandably riled, but it was as if the failure of the NSA to adhere to America’s constitution while acting in America was somehow Barlow’s problem. His earlier caution that the NSA do care about the constition and are also incompetent was not considered protection enough, and so asking the audience to get some perspective on that riled them further. In response to this bizarre anger Barlow did promise and did repeat that his organisation would prefer the US constition to be intepretted as applying to foreign citizens, but frankly I don’t think this is entirely his problem! I found one part of his response quite compelling: he said there is no world government to enforce a privacy standard so if we want one then we – technologists, programmers – need to make it “practically and through technology architecture” because no one else will.
Nor, actually, was the next little challenge. Barlow was asked whether Julian Assange – still hiding in the Ecuadorian embassy – was the deserving recipient of Swedish due process for the rape allegation he was indicted for, or whether he was the victim of a US conspiracy to get him. This question put Barlow in the awkward position of having to comment on the reality of the rape itself (and that analysis is complicated by claims of ambiguity around consent). I cannot see how Barlow could have answered such a question satisfactorally and well, he did not and used the words “ungentlemanly conduct”. There was a little anger in the room and some people walked out early (without saying why), but the Twittesphere errupted with abhorrence and condemed Barlow as if he had said rape was okay. In fact, he had been diplomatic towards Assange in the face of imperfect knowledge, and before a trial, and had been placed on the spot by the questioner.
It was all very undignified but, bizarrely, only on Twitter.