The protection of an individual is fundamental to today’s society and business freedom should never come above that of person’s dignity and that is what this trial has shown.

I agree, entirely, with the first part of that statement — but when the prosecutor argues “… and that is what this trial has shown” I have to ask myself: what trial is he talking about? Whose dignity is being protected here? Certainly not the dignity of a wired society who is likely to face greater surveillance and censorship as a result of this irresponsible ruling. And, certainly not the dignity of that poor boy who can not “delete” his memories of that horrible act of violence. Of all the serious privacy issues associated with the practices of corporations like Google (see here) and Facebook (see here), and governments like the U.S. (see here and here) and China (see here), how does this qualify as a triumph for privacy when it has the potential to further erode individual privacy on the Internet?

Peter Fleischer is quoted in the Telegraph as saying he found it ironic that “as privacy director I have been found guilty of breaching privacy.” With respect to Fleischer, that’s not ironic — it’s to be expected that the person in charge of privacy policies for the most prominent global information company would find himself (fairly or unfairly) held accountable for those policies. What’s ironic is that three Google executives were convicted for violating privacy laws in an instance where they actually didn’t violate anyone’s privacy, and that conviction has the potential to further compromise individual privacy. Now, that’s irony.

Labour MP Tom Watson said it best in the Telegraph:

This is the biggest threat to internet freedom we have seen in Europe. The only people who will support this decision are Silvio Berlusconi and the governments of China and Iran. It effectively breaks the internet in Italy.

The new step is not foolproof, the editors acknowledged. It was possible for a reporter to register successfully on several major sites under falsified names and ID and cellphone numbers.

So, this new layer of surveillance doesn’t really give the state much new information, and it’s at least as fallible as existing forms of digital surveillance. While this surveillance practice, and others, will evolve and become more sophisticated – allowing access to more kinds of (formerly) personal information – people will also evolve and become more sophisticated in their efforts to ensure a comfortable level of privacy. Questioning the efficacy of such a policy, in order to rationalize or irrationalize its application, seems limited. It’s a powerful line of inquiry, particularly for short term tactical gain such as getting Verizon Wireless to stop censoring texts from NARAL, or convincing China to scale back its implementation of the Green Dam Youth Escort. In both cases, however, their was no omission of wrong doing and their was no agreement that they won’t do it again. The only admission was that, within a specific context, a specific surveillance practice was considered to be an ineffective means of ensuring security. In short, questions of efficacy challenge whether a specific surveillance practice does what it claims to do, not how a specific surveillance practice restructures our environment and shapes our daily behaviors (for better or worse).

A better question would ask how this “new layer of surveillance” restructures everyday life – how does this layer shape the built environment and our behaviors within it?  What are the costs, benefits, pleasures, and perils associated with this new layer of surveillance?

Whether or not signing into a web site with a “true identity” will compromise public discourse by making individuals more susceptible to retribution, it certainly does introduce a new practice that a person must perform before participting in a public discussion. That sort of embodied practice, even when subverted, shapes our experiences and influences our behavior. Acknowledging upfront that surveillance always works allows us to get to the more important questions of how it works.

I hear (and read) many people reference the fallibility of the latest and greatest corporate/government surveillance practice — by which they mean “surveillance practice X” doesn’t actually do what “group X” claims it’s supposed to do. This often feeds the illusion that because “it doesn’t do what it’s supposed to do” it’s somehow benign and ineffectual — that it doesn’t work. Yet every time a new surveillance policy is implemented it works, in a multitude of ways, on our environment and it encourages a broad range of behavior. Attention to how surveillance works in (and on) everyday life gets us away from short-term questions of efficacy and closer to important long-term issues of social (in)justice, equality, and well being.

Our product is extremely valuable … and if we are offering it on another platform or in another location for the consumer to access it, I believe that’s more value we are delivering [to a distributor or consumer] and we should get paid appropriately.

If Disney plans to make their content space-time specific, how exactly do they plan to enforce that without violating the privacy of their consumers? Disney would have to track their content over time and across space — even after it’s been purchased. Welcome to the Cyberspace Enclosure Movement (CEM).

Apple made this argument to the U.S. Copyright Office in response to a request from the Electronic Frontier Foundation that the U.S. Librarian of Congress grant an exemption to the Digital Millennium Copyright Act that would clearly define jailbreaking as legal (under certain conditions). Back in 2006 the Librarian of Congress granted six 3-year exemptions to the DMCA, the fifth of which stated:

Computer programs in the form of firmware that enable wireless telephone handsets to connect to a wireless telephone communication network, when circumvention is accomplished for the sole purpose of lawfully connecting to a wireless telephone communication network.

This expiring exemption was widely understood to legalize the act of jailbreaking for otherwise legal, personal, and non-profit purposes. However, now that the EFF is seeking a similar exemption, Apple is going further than previous arguments (i.e. jailbreaking violates your license agreement) and is now arguing that jailbreaking results in copyright infringement and could compromise national security. This continues the meme, advanced by corporations and governments alike, that “loose code” is a threat to security in the informational age – thus, equating piracy and hacking with insecurity in order to rationalize monopolistic business practices. The very same business practices that Tim Berners-Lee, inventor of the World Wide Web, warned would lead to “vertical integration” between the medium and content. As Wired’s Threat Level points out:

This also explains why Apple rejected the official Google Voice App for the iPhone this week. We thought it was because Google Voice posed a threat to AT&T’s exclusivity deal with Apple. Now we know it threatened national security. At stake for Apple is the closed business model it has enjoyed since 2007, when the iPhone debuted. More than 30 million phones have been sold. Apple has told the Copyright Office that its locked-down platform is what made the iPhone’s success possible

Here are 3 key excerpts from Apple’s statement to the U.S. Copyright Office:

1. Jailbreaking does violate a license agreement between Apple and the purchaser of an iPhone.  All purchasers of iPhones must accept the terms and conditions of the iPhone Software License Agreement (“IPSLA”) at the time of purchase of the iPhone (and any later updates of the software)…
2. Jailbreaking constitutes copyright infringement.  Because jailbreaking involves unauthorized modifications to Apple’s copyrighted bootloader and OS programs, it is a violation of 17 U.S.C. § 106(1) & (2)…
3. Because jailbreaking makes hacking of the BBP software much easier, jailbreaking affords an avenue for hackers to accomplish a number of undesirable things on the network…  For example, a local or international hacker could potentially initiate commands (such as a denial of service attack) that could crash the tower software, rendering the tower entirely inoperable to process calls or transmit data. In short, taking control of the BBP software would be much the equivalent of getting inside the firewall of a corporate computer – to potentially catastrophic result. (emphasis added)
   

And 2 key excerpts from EFF’s statement to the U.S. Copyright Office:

1. Jailbreaking an iPhone in order to run lawfully obtained software does not constitute copyright infringement. Nothing in the Apple iPhone Software License Agreement changes this conclusion. As explained in our original submission, any reproductions made in the course of jailbreaking an iPhone are privileged by both Section 117 and the fair use doctrine.
2. With respect to the application of Section 117 to jailbreaking, the Librarian will have to evaluate whether an iPhone owner is the “owner of a copy” of the Apple firmware that is delivered with and operates the device. In addition, the Librarian will have to evaluate whether the process of jailbreaking the iPhone involves an “adaptation” that falls within the scope of Section 117. (emphasis added)

In our article, Cookie Monsters: Seeing Young People’s Hacking as Creative Practice, Cindi Katz and I spoke at length about jailbreaking (and hacking more broadly) as a form of play — as a creative practice that helps young people to better understand and control their technological environments. To help make our case, we profiled AriX — the then 13-year-old iPhone hacker and developer of the ijailbreak application:

In an article entitled “Hacking: The New Child’s Play?” posted on an IT security website, AriX is associated with a list of young crackers who have engaged in malicious and clearly criminal activities. With the subtitle “Researchers worry as teens and pre-teens play an increasing role in illegal online exploits,” the piece makes no distinction between the hacking of AriX and the reported computer crimes of the other youth profiled, even though the latter’s activities included derailing trains in the Polish city Lodz and stealing considerable sums of money from people’s bank accounts (Wilson 2008). The distinction between these activities and hacking like AriX’s is clear.  But even at that, the U.S. Librarian of Congress granted six exemptions to the DMCA in 2006…

If Apple gets its way, young hackers like AriX would be considered criminals — and any attempt to rework the copy of a software program that they legally own would be considered illegal at best and a threat to national security as worst. Creating a generation of people who are forced by law to simply take technology “at interface value” (as Sherry Turkle likes to say) is a recipe for disaster. I wonder how many mechanics or engineers our society would  have produced during the industrial age if a generation of young people were told it was illegal to tinker with a car or bike that they legally owned? Would Bill Gates or Steve Jobs have even existed (at least as we know them) if they weren’t allowed to tinker with the various technologies they interacted with during their youth? Copyright laws were created to ensure creativity – not to ensure the power of certain governments or corporations.

Sweden’s Pirate Party won a seat in the European Union Parliament, swept in Sunday amid outrage over a new copyright law and the convictions of the four founders of The Pirate Bay.

The party, formed to protest copyright law, took 7.1 percent of votes in Sweden and one of that country’s 18 seats in the European Parliament. The party stands for radical reform of copyright legislation, abolition of the patent system and guaranteed online-privacy rights.

Check out wikipedia for background on the Pirate Party or visit the official Pirate Party website.

“The Online Liberation Movement (sm),” with its “simplify. organize. liberate.” motto,  is a collection of fictitious individuals who seek cyber-liberation through at&t’s online billing system (of course). Most interesting is “Ms. Suspicious,” a member of the “movement” who is presented as a paranoid, privacy-obsessed and “suspicious” customer. Below is a video recording I made of the ad, note Ms. Suspicious’s “keep out!” post-it on her laptop and the poster behind her of Uncle Sam’s hand covering a man’s mouth above the words “SILENCE means security.”

So, why is Ms. Suspicious so damn… suspicious? It couldn’t have anything to do with at&t’s illegal partnership with the NSA to spy on Americans, their development of a mass surveillance programing language,  their recent censorship of Pearl Jam, or their anti-free speech “can’t-criticize-us” contracts that all their customers must abide by. Nope, Ms. Suspicious is just some freaky civil libertarian who needs to calm down and find liberation through at&t’s new online banking system…

]]> http://gregorydonovan.org/cyberenviro/2008/08/11/wiretapping-atts-new-marketing-strategy/feed/ 0 http://gregorydonovan.org/cyberenviro/2007/09/15/global-privacy-standards/ http://gregorydonovan.org/cyberenviro/2007/09/15/global-privacy-standards/#comments Sat, 15 Sep 2007 23:30:42 +0000 gtdonovan http://gregorydonovan.org/cyberenvironmentalism/?p=62 While browsing washingpost.com I came across this gem: “Google Calls for International Standards on Internet Privacy.” The article discusses Peter Fleischer’s (Google’s global privacy counsel) recent call for the development of international privacy standards. The article does a fairly good job at presenting the nuance of the privacy debate – summarizing Fleischer’s argument (that current “fragmentary international privacy laws” are burdensome to companies and harmful to citizens, thus a coherent set of minimum privacy standards should be established at a global level) while addressing Google’s mediocre privacy policies.

Discussing the recent Google/DoubleClick merger and fears that it will “aggregate too much consumer data in the hands of one company,” the article notes:

Google, under investigation for violating global privacy standards, is calling for international privacy standards,” said Marc Rotenberg, executive director of the Electronic Privacy Information Center, a critic of the DoubleClick merger. “It’s somewhat like someone being caught for speeding saying there should be a public policy to regulate speeding.

Fleischer’s argument, in its entirety, can be found here. His point that data should be given the same consideration as other global flows in the informational age – namely copyrights, airplanes and pandemics – is certainly worth entertaining.

In today’s inter-connected world, no one country and no one national law by itself can address the global issues of copyright or airplane safety or influenza pandemics. It is time that the most globalised and transportable commodity in the world today, data, was given similar treatment.

Global standards which recognize the right to privacy as a basic human right in the informational age is certainly needed. Additionally, I would argue that the mass collection and aggregation of consumer data should be public record – whether assembled by the State or commerce, information on the public should be public information. Current standards at Google and Microsoft is to anonymize consumer data after 18 months. Once anoymized why not make these data sets public record?

In citing the APEC Privacy Framework, which “suggests that privacy legislation should be primarily aimed at preventing harm to individuals from the wrongful collection and misuse of their information,” Fleischer suggests that the “preventing harm” principle be applied to the proposed global privacy standards. But as the washingtonpost article points out, a focus on “preventing harm” is different than a focus on “privacy as a right.” Whereas a focus on “preventing harm” burdens consumers with the responsibility to prove they have been harmed, a focus on “privacy as a right” implies preventative policies that ensure a consumer or citizen’s right to privacy is not violated. How does a consumer prove they have been harmed let alone prove that their privacy has been violated?

I’m with Fliescher when he says:

Data is flowing across the Internet and across the globe. That’s the reality. The early initiatives to create global privacy standards have become more urgent and more necessary than ever. We must face the challenge together.

But looking at the recent NSA wiretapping fiasco which has allowed the illegal surveillance of innocent citizens, precisely because those spied on have no means to prove they were spied on, alarms me. We know telecommunication companies like at&t participated in government surveillance but because no consumer has yet to demonstrate harm – or even that they specifically were spied on – the surveillance program remains. In my opinion, any global privacy standard must – at a minimum -include the right to privacy.

:: sent wirelessly via blackberry