Privacy, Freedom & IT

Simon Davies led this off with an overview of the effects on Privacy and Civil Rights post Sept 11. These events sent a chill through civil rights activists. It's much harder to argue against Government proposals when you are seen as arguing against patriotism. But at the same time we seem to have a unanimous government view that some civil rights need suspending. They are draging out and dusting off every proposal from the last 10 years and trying to rush it through again. But these were all fought off, debated and found wanting in normal times, so why should they now be seen to be essential. Some have been passed with almost no debate such as the use of Carnivore in the USA to monitor emails. We already have the Human Rights act, Data protection act, police powers act, immigration controls and the prevention of terrorism act. And yet the UK has no computerised records of who has entered the country and no records of who has left.

Take the Identity card as an example. Over the last 15 years there have been two attempts to introduce these in the UK. Each time there was serious political discussion and each time it was thrown out as both parliament and the cabinet were unable to reach consensus. this time the logic is that it will streamline State processes and make the benefits and social security system more efficient. Excuse me? Do we really need such an extreme social move because the state is incapable of managing their own systems? Then we have the problem of preventing forgery. A Terrorist with a forged ID card is much more dangerous in a society where ID cards are carried and required. So to prevent forgery we would need biometric testing; an immature technology which should result in the biggest political dislocation ever. Are we seriously suggesting that we should fingerprint every single citizen in the land? Blunkett has come up with some wonderful double think on this. "ID cards would entitle you to quick and streamlined Government access", "We need to avoid a police state by granting greater police powers".

Then we have the connection between commercial interests and political interests and the media spin which is put on this. We really should refuse to accept that global rights and privacy should be sacrificed on the alter of airline profits. It's becoming clear that the extraordinarily poor security on US flights was at least partly due to the lobbying of politicians by airlines to reduce the state requirements on them. Even while this is happening, we have cases of the Media spinning objections into a lack of patriotism and dissent into treason.

Privacy is increasingly under threat from commercial interests and becoming as much a consumer rights issue as a civil rights issue. The collection of data about individuals has been going on for some time from a commercial point of view. Now we are seeing Sept 11 as an additonal impetus. This is remnding us that there is no fundamental difference between commercial and state tracking of individuals. What is interesting here is that this is commercially self defeating. Profiling and personalization has a self defeating aspect that it locks the consumer into patterns of spending. Supermarkets have long understood the need to randomise their store layouts periodically to break this. A surveillance approach can have a negative economic. The LSE has estimated that the RIP bill would result in a £46B loss in GDP.

Question time threw up some interesting points. Peter Bottomley MP raised the issue of media controls vs Government controls. One person said, "Terrorists are not irrational, they're wrong". Perfect identification is impossible for stupid reasons. Pandora's Box is open. From a technological point of view, perfect anonymity and privacy are already available. By making them illegal, we are making everyone a criminal. And finally, "Anonymity is the touchstone. Find one piece of information in your life where anonymity and privacy are essential, and then ask whether that should be taken away from you."

The second session on this subject led off with Casper Bowden. His first question was "Who hasn't heard of the RIP Bill". The point being that while it would have had far reaching effects, it was almost impossible to generate any media interest in it at all. Key to understanding this is to appreciate the difference between accessing content and accessing patterns of usage. The second being accessible to the Government without a warrant. So they can track a letter but they can't open it. But in an Internet world, these two things are very blurred. Is a URL of a web page, content or location? The issue here is about the requirement of service providers to track and save all patterns of usage, where a service provider is anyone provides services to enable communications by electronic means. This drags not just ISPs but also centralized authentication systems such as Hailstorm into the mix.

A few other points made. Regarding the question of whether RIP isn't necessary to control terrorism, well the Anti-terrorism bills already give wide powers to trawl data. RIP simply makes it the norm rather than the exception. Banning cryptography is pointless as it already exists. Not only that it is going to become essential to trade and normal activity on the Internet. The fundamental problem with technology legislation is that the legislators are clueless about technology. The cabinet, the officials, MI5, the civil service and all, and all.

John Fitzpatrick talked more about the difference between privacy and freedom. His point being that privacy matters because it is about freedom, but privacy does not equal freedom. Freedom is something practical in that it is about activity. The simple fact that we have the concept of freedom shows recognition that we are not free. In the USA, privacy is not enshrined in the constitution, it is the result of case law. But the courts have consistently ruled in it's favour with the Abortion case Roe vs Wade being one of the most significant. In Europe, the right to privacy is seen as a basic human right. The right to make personal decisions about personal things without regard to our fellow citizens. This is understandable but opens a can of worms about what is a personal thing which has no effect one way or another on our peers.

In the IT world, privacy has a problematic character. Usually it might be better explained as the right and ability to take part in public and private debate. This raises issues of Anonymity vs Pseudonimity vs Authentication. He commented later, in all matters of privacy ask, "Why does this matter to me?" It's not black and white, scrape a little deeper and better attitudes emerge. We must keep asking the question, "Why does it matter" and "How should I act".

John finished by saying that he was not in mourning for WTC as mourning is a personal thing. Realistically he is more at risk from his local train company than terrorists. Without taking a Pollyanna-ish or Pangloss attitude, he believes in the innate goodness of humanity. So we must not let our vague fears drive our control of Liberty. A good future is something we can achieve and we can win!

One lovely point came out in question time about the government's view of which ISPs would have to install a black box recorder to monitor Internet usage. this recognises that smaller ISPs may not have the resources to manage this. They said that the boxes would only be installed in large ISPs "because that's where criminals would be". Doh!

Over and over, both in the public debate and in conversations outside, we kept coming up with the same problem. Legislation that attempts to control the existence of technology and to a certain extent the usage and discussion of that technology is fundamentally flawed. This is not so much that it is not appropriate but that it is ineffectual. Because it cannot easily distinguish between them, the controls on the criminals inevitably imposes unreasonable restrictions on the law abiding. If we must legislate in the technological area, then it should be on the basis of behaviour not on possession of technology.

On the subject of surveillance, given that it is likely to increase, the problem is the asymmetry of the data. Why should the few have access to all the data about the many. This argument leads to an equally scary but at least more democratic future of The Transparent Society. If every CCTV was a webcam, then at least the populace could watch the state as easily as the state watches them. Hopefully as demonetrated by the Rodney King case, this would prevent the worst excesses of State control.

[ << Business Plans for Software Development ] [ Don't blow IT - Part II >> ]
[ 0 comments ] [ G ] [ # ]