Our communities are under threat, what are we going to do?

Image c/o Paulo Valdivieso.

Image c/o Paulo Valdivieso.

The murder of the Labour MP Jo Cox in the build up to the EU referendum vote was a shocking and disturbing act conducted by a man who appears to be a far-right extremist with a fascination for the Nazi regime (I’m being deliberately careful with my wording due to the ongoing court case – I am no legal expert so I prefer to err on the side of caution). It is impossible to view this act without placing it in the context of a renewed neo-Nazi far-right menace that has grown in Europe and overseas. In some ways, discussing this case in the context of the ethics of library work seems pretty ridiculous. But there is a convergence of issues here that highlight the extent to which we are currently failing our communities and urgently need to take steps to protect them.

As noted above, newspapers reported that the defendant in the court case had accessed a range of resources related to extremist political viewpoints. How did this detail emerge in court? It is claimed that his fascination was identified by investigating his internet usage at his local public library.

The jury was told that the day before Cox was killed, the defendant had gone to the library in Birstall, where he had used a computer to access a number of items, including the Wikipedia page for an online publication called the Occidental Observer.

This is a troubling development, yet unsurprising given the extent to which libraries are not a safe space for anyone (although they certainly should be). Of course, it’s difficult to be concerned about an invasion of privacy against such an individual. He committed a vile, murderous act. But we have to be careful here, particularly in terms of our current environs, not to make exceptions when it comes to what should be core to our ethical principles. We cannot, and must not, pick and choose whose privacy should be invaded in pursuit of justice.

The case will be made that accessing Thomas Muir’s internet browsing history has provided proof of his far-right extremism and murderous intent. But can this really be so? Can murderous intent be deduced from looking at the browsing history of an individual? This is the premise upon which not only the Prevent strategy is built, but also the Investigatory Powers Bill. That if somehow we could observe internet users, see what they are accessing, we (the state) can intervene and prevent a terrorist atrocity. If we accept that accessing Muir’s internet history is necessary in order to prosecute, then we accept that privacy in accessing information is no longer tenable. Indeed, we play into the very hands of those seeking to justify both Prevent and the Investigatory Powers Bill. We need to ask ourselves serious questions here if we believe this act is justifiable, and we need to return to CILIP’s ethical principles and consider to what extent we are serious about upholding them.

If we decide that we are not serious about upholding them, then we are putting our communities at very real, very serious risk. We are living in a period where the far-right are rising to prominence with alarming speed. Where they are gaining ground not only in Europe, but in the United States following the election of Donald Trump. The consequences of this are stark. Minorities are placed in greater danger. Lives are at risk. We are witnessing, once more, the rise of an authoritarian, anti-libertarian strain of right-wing populism dressed up as libertarianism. That the neo-Nazi right have achieved this under the guise of advancing liberty (posing as libertarians) makes their rise to prominence even more cynical and deadly. It is in this context we must consider both Prevent and the Investigatory Powers Bill and the impact they will have upon our work and, more importantly, our communities.

One of the oft used defences of mass surveillance is the illogical maxim that “if you have done nothing wrong you have nothing to fear”. Such naïve sentiment obscures the obvious: you are not the one that determines whether you have done wrong. The state does. It also obscures another truism – the state is fluid, not fixed. Liberal democracies do not remain in situ for perpetuity. They are always at risk of collapsing. History demonstrates the extent to which this is the case and recent events have demonstrated just how precarious liberal democracies actually are. It is this that should always be kept in mind when we discuss mass surveillance and it’s this we should be alert to when we consider our current environs.

The rise of the far-right in Europe and the United States is a warning sign about the acceptance of mass surveillance. There is no doubt, thanks to the work of the NSA and GCHQ, that we have the infrastructure in place for a truly efficient and ruthless fascist state. In a liberal democracy, you have the luxury of debate over its efficacy and its relationship with ethical concerns. In a fascist state you have no such luxury. It is used to persecute minorities. There is no debate. There will be no dismantling of the surveillance state under the fascist right, rather it will be ramped up and used in ways that make the previous warnings about the dangers of developing a surveillance society seem like stark understatements..

This is why it is vital to consider where we are in relation to the ethical principles clearly stated by the body that represents us. We are tasked with ensuring the intellectual privacy of our patrons. Our failure to do this in a liberal democracy is one thing, our failure with a rising fascist movement is quite another. Our failure to tackle this question firmly and consistently will put lives at risk. If we accept that, in a liberal democracy, it is justifiable to interrogate the internet history of those perpetrating vile crimes, then what precedent is being set for democracy less liberal, less tolerant, more fascistic?

I put much of the blame of our current malaise at the feet of professionals who have abandoned ethical principles in favour of money and prestige. This cuts across all professions. It’s led to the creeping privatisation of our health service, the academisation of our schools, the erosion of civil liberties and the destruction of our public library network. In many respects, it’s long since passed the point of no return. But if we don’t act on our principles now, if we don’t protect our communities, the far-right will take advantage. They are coming for the people we should be protecting. The success of the far-right in the United States was the latest in a series of lethal blows to our communities. It’s time we stood side-by-side with them and asserted that we can no longer tolerate such incursions and that we will not throw them to the wolves.

The digital skills crisis

Untitled | Flickr c/o melancholija via a BY-NC 2.0 license.

Today the Science and Technology Committee published their report on the “digital skills crisis” which concluded that “up to 12.6 million of the adult UK population lack basic digital skills” and 5.8m have “never used the internet at all” (you can view the full report here). In setting out the report, the Committee makes the following claim:

Digital exclusion has no place in 21st Century Britain. While the Government is to be commended for the actions taken so far to tackle aspects of the digital skills crisis, stubborn digital exclusion and systemic problems with digital education and training need to be addressed as a matter of urgency in the Government’s forthcoming Digital Strategy. In this report, we address the key areas which we believe the Digital Strategy must deliver to achieve the step change necessary to halt the digital skills crisis and bring an end to digital exclusion once and for all.

Which all sounds very laudable, unfortunately the goal of ending digital exclusion is virtually impossible in a capitalist society – it’s permanent. There will always be a large proportion of the population that are digital excluded, no matter what effort we make to eradicate it. Indeed, the progress of the Investigatory Powers Bill rather underlines the extent to which digital exclusion is being entrenched, not eradicated.

The term “digital skills” is defined as follows within the report:

Digital skills have no single definition, but have been variously described to include a general ability to use existing computers and digital devices to access digital services, “digital authoring skills” such as coding and software engineering, and the ability to critically evaluate media and to make informed choices about content and information—“to navigate knowingly through the negative and positive elements of online activity and make informed choices about the content and services they use”.

The European Commission uses indicators from “browsing, searching and filtering information, to protecting personal data and coding” (apologies for the secondary source, it didn’t seem possible to download the original at the time of writing). It’s the “protecting personal data” bit that I am most interested in, and the bit that reveals the extent to which digital exclusion will always exist within a capitalist society. (Let’s take for a given that I think the approach by government is generally terrible in this area, not least with public libraries being closed or farmed out to local communities forced to run them against their will…I’ve repeatedly gone down this road so I don’t feel I need to make these arguments again.)

I’ve argued before that corporate surveillance is permanent in a capitalist society. Corporations rely on the collection of personal data to deliver profits. They make their products “free” to use, then accrue profit through the [mis-]use of personal data. In a capitalist society, individuals will always choose that which is free over that which is not (particularly the less privileged who have no choice whatsoever). Factor into this the impending Investigatory Powers Bill and we have a further undermining of any individual’s efforts to protect personal data, because private companies will store that personal data which may then be made available to the state upon request (and, incidentally, if it is your data, it will be illegal for you to be told such action has taken place).

What the situation creates is one where only a small minority of privileged individuals will be able to protect their personal data effectively (and even then, with limitations). The vast majority will not. The vast majority will not have the social or economic capital with which to make the choice to protect their personal data. They face permanently remaining on the wrong side in terms of digital inclusion, because the infrastructure is in place to prevent them from ever bridging that gap. If we are to be serious about tackling digital exclusion, then we have to take a much wider look at the protection of personal data and what that entails.

In one recent study, John Penney found that, following Edward Snowden’s disclosures about mass surveillance, there had been…

“…a 20 percent decline in page views on Wikipedia articles related to terrorism, including those that mentioned ‘al Qaeda,’ ‘car bomb’ or ‘Taliban.'”

Penney went on to conclude that:

“If people are spooked or deterred from learning about important policy matters like terrorism and national security, this is a real threat to proper democratic debate.”

This is not even a controversial point at odds with established thinking on the effects of surveillance. In 1967, for example, the President’s Commission on Law Enforcement and Administration of Justice concluded that:

“In a democratic society privacy of communication is essential if citizens are to think and act creatively and constructively. Fear or suspicion that one’s speech is being monitored by a stranger, even without the reality of such activity, can have a seriously inhibiting effect upon the willingness to voice critical and constructive ideas.”

Online privacy cannot be viewed purely on narrow terms when it comes to digital exclusion. The inability to protect one’s privacy online has serious ramifications in terms of democratic engagement. If people are not able to seek out information or to communicate with each other in private, then they will be effectively digitally excluded. And, again, a lack of social or economic capital will ensure that a significant proportion of the population always will be digitally excluded. We may reduce the numbers of people that are digital excluded, but we can never eradicate it. The only way to do so would be to ensure all online tools and methods of communication are fully encrypted, but this is impossible in a corporatised internet where data = profit. Equally, it is not possible when you have laws going through parliament that are hostile to digital privacy.

Digital exclusion may well have “no place in 21st century Britain”. Unfortunately, a combination of government policy and prevailing economic doctrine will ensure that not only is digital exclusion a reality for those without privilege in the 21st century, it will remain so for a long time to come.

For more on this topic, see my paper “The digital divide in the post-Snowden era.

Crypto Party…in a public library…in the UK

Newcastle Central Library (CC-BY).

Well, this is a turn up for the books. When I wrote my recent article on Snowden and the digital divide I made a few limited recommendations (in hindsight I could have been more extensive in this regard). Having worked in public libraries myself, I was somewhat hesitant to recommend that all public libraries install Tor Browser as the default – I knew (or at least had a very strong suspicion based on working in public libraries) it just simply wasn’t going to happen (in terms of my local library authority, I’ve pretty much had this confirmed). Instead, I kinda vaguely pushed that we as a profession should learn some of the skills and, however possible, share them with our communities (I’ve vaguely started on this road, but I’ve been less than great at doing so). There would be nothing wrong with hosting workshops, even if the tech cannot be the default on the council computers. It’s clear to me there’s an intellectual privacy divide – between those that are able to ensure digital privacy, and those that cannot due to lack of skills, knowledge etc. Libraries, for me, should play a role in bridging this gap. The protection of intellectual privacy is, after all, a core principle underpinning the profession.

I was, therefore, both pleased and surprised to see that Newcastle libraries are working with the Open Rights Group (North East) to run a Crypto Party later this month – the first public library service I am aware of to officially run and deliver one in the UK (if you know of an official library organised event that is comparable, please let me know!). According to the details on cryptoparty.in, they intend on covering:

  • Safe browsing
  • Tor Browser & TAILS
  • Signal
  • Full Disk Encryption
  • PGP

A cursory glance at the website looks promising…the Newcastle library service seem to be giving it a bit of a promotional push as well. It will be interesting to hear how this develops and whether other library services take Newcastle’s lead and teach privacy enhancing tools. It’s something I think we should be doing much more of, rather than leaving the teaching of digital skills to private companies with a vested interest in promoting certain tools and approaches to online engagement. Hopefully others will follow Newcastle’s lead….

The Imbalance In Transparency

Transparency

Image c/o Jonathan McIntosh on Flickr (CC BY-SA).

Yesterday was a big day in terms of transparency, democracy and information rights. After months of criticism for the way in which it has been loaded to discriminate in favour of curbing Freedom of Information legislation, the Independent Commission on Freedom of Information published their findings, followed by publication of the government’s response. On top of all this, the government published its revised Investigatory Powers Bill (or “Snooper’s Charter”). In terms of the information flow between state and the individual, these two developments couldn’t be more important. The question is, to what extent is the information flow weighted in favour of citizens rather than the state? A question to which the answer is, I think, obvious to anyone with even the vaguest grasp of the history of the British state.

Given the sheer size of the debate and discussion in these two areas, I thought I’d bang all this together in one post, but split it up into two many themes: Information From Them and Information FOR Them. Seems to me that both these areas say a lot about where we are as a country, and I think such a distinction further emphasises the current state of play.

Information From Them

The FoI commission may have found that there is no case for new legislation with respect to the Act (meaning no substantial changes to how it operates), but this does not mean that it won’t continue to have serious limitations. The Act itself is imperfect as it stands now (and the increased outsourcing of public services to the private sector further limits its scope), and it’s not clear to what extent the government will use the findings of the Commission to come up with new and innovative ways to further restrict its impact. As Maurice Frankel, director of the Campaign for FoI, notes, rather than changes to the legislation it “could be that they are now possibly talking about various forms of guidance”.

For the government, the FoI Act has a very narrow appeal. It’s less about creating a culture of full transparency across government, both nationally and regionally, and more about beating the drum for value and efficiency. The Freedom of Information Act is more than just providing citizens with access to information on how taxpayers’ money is spent, it’s about holding politicians to account, ensuring that that all of their decisions are subject to scrutiny, not merely about how money is spent. This narrow perspective is still very much central to the government’s thinking, as evidenced by Matt Hancock’s statement in response to the findings:

“We will not make any legal changes to FoI. We will spread transparency throughout public services, making sure all public bodies routinely publish details of senior pay and perks. After all, taxpayers should know if their money is funding a company car or a big pay off.”

For the Conservatives, it makes sense that this is the extent of their endorsement of transparency. Spending taxpayers’ money plays directly into their narrative of difficult economic conditions that warrant the rolling back of public spending. Ensuring a focus on FoI as purely a mechanism to monitor local government spending shifts the emphasis and, ultimately, sends a message about how they view FoI. It’s not about transparency, or holding politicians to account. It is purely and simply about being a stick with which members of the public can beat local government profligacy.

One recommendation that is worth noting is the position regarding the “Cabinet veto”. The Commission recommended that:

“…the government legislates to clarify beyond doubt that it does have this power. We recommend that the veto should be exercisable where the executive takes a different view of the public interest in release, and that the power is exercisable to overturn a decision of the IC. We recommend that in cases where the IC upholds a decision of the public authority, the executive has the power to issue a ‘confirmatory’ veto with the effect that appeal routes would fall away, and any challenge would instead be by way of judicial review of that veto in the High Court.”

Although the government have decided that the veto will only be deployed “after an Information Commissioner decision”, the Minister’s statement adds that so long as this approach proves “effective”, legislation will not be brought forward “at this stage”. This is, to say the least, disappointing. As has been noted before, the veto simply acts as a way for ministers to avoid embarrassment (see the Prince Charles letters for example). Of course concerns about this particular aspect need to be considered in the context of the fact that the worst case scenario regarding Freedom of Information has not come to pass, but the phrase “at this stage” should put us all on alert regarding the government’s intentions.

That said, contrast the government’s position on freedom of information (where openness comes with caveats) with their position on surveillance (where caveats barely seem to exist)…

Information For Them

Following a number of critical reports about its Investigatory Powers Bill, the Home Office yesterday put forward revised draft legislation seeking to, in their words, “reflect the majority of the recommendations” from these reports. The reality is quite different, and very troubling on a number of levels, not least because of the intention to rush this bill through parliament at a time where other stories with substantial ramifications are dominating the news cycle (the intention seems to be to rush it through before DRIPA expires at the end of the year).

What of the proposals themselves? Well, they don’t make for comforting reading if you care about individual liberty and intellectual privacy. Despite criticism that the initial draft lacked any sense that privacy was to form the backbone of the legislation, the only change in this respect has been to add the word “privacy” to the heading for Part 1 (“General Protections” becomes “General Privacy Protections”). This tells you all you need to know about how the government views privacy. It’s a minor concern when compared to the apparent desire to engage in mass surveillance.

The Bill proposes that police forces will be able to access all web browsing records and hack into phones, servers and computers. Although the Home Office later claimed that hacking powers date from the 1997 Police Act and would only be used in “exceptional circumstances”, when giving evidence to the scrutiny committee, Det Supt Paul Hudson noted that these powers were used “in the majority of serious crime cases”. Needless to say, he refused to provide any further detail on the record. But there does appear to be a shift here from the police being able to view any illegal sites you have visited, to enabling them to view any website you visit.

In terms of encryption technologies (the bête noire of Western democracies hostile to privacy), there has been some clarity and yet there also seems to be somewhat of a loophole that could prove advantageous to those who know what tools to use to ensure their intellectual privacy. In the government’s response to pre-legislative scrutiny it advises:

“The revised Bill makes clear that obligations to remove encryption from communications only relate to electronic protections that have been applied by, or on behalf of, the company on whom the obligation has been placed and / or where the company is removing encryption for their own business purposes.”

The implication here seems pretty clear: to ensure you provide sufficiently strong encryption technologies, move towards encryption that you do not control, rather than those you do. If you don’t control it, you cannot remove it. I suspect the net consequence of this will be a muddying of the waters for those who wish to protect their intellectual privacy. It is already difficult to differentiate between which encryption tools truly protect you from mass surveillance, and which arguably do not (consequence being a new manifestation of the digital divide). Being able to differentiate between which tools do control the encryption placed on communications and which tools do not will undeniably require a degree of social capital that not everyone has the privilege to possess.

There are many significant concerns regarding this draft bill, many of which would take a huge blog post to cover…and I’ve not even read the full bill and accompanying documents yet. Rather than hit the 2,000 word mark, I’ve put together a list of key resources below. As librarians and information professionals we need to be on top of this. Defending the intellectual privacy of our users (whether that be in schools, public libraries, further or higher education) is a fundamental ethical concern. We need to take whatever steps we can to ensure we advance privacy, ensure the protection of digital rights and reject the monitoring and/or collection of users’ personal data that would compromise such privacy.

One thing I will add is that the combination of these two developments speaks volumes about the nature and transparency of government and in the United Kingdom. It is far less about ensuring a democratic system by which elected officials can be held to account, and far more about treating citizens with suspicion and thus undermining the democratic process. Given these circumstances, it is difficult to conclude that we live in a fully functioning democracy. When the state is entitled to more information about us than we are about them, there is no democracy.

Further resources

IFLA Statement on Privacy in the Library Environment

Investigatory Powers Bill – all government documents

Privacy International statement on IPBill

Investigatory Powers Bill – How To Make It Fit-For-Purpose

Don’t Spy On Us (authors of the above report on making it fit for purpose)

Access Now statement on IP Bill

 

Independent Commission on Freedom of Information report

Statement by Matt Hancock on Commission’s report

Campaign for Freedom of Information statement

In defence of internet anonymity

Image c/o Thomas Hawk.

It recently emerged that Twitter has added the need to register mobile phone numbers as part of the sign-up procedure when creating an account to use the network. The move is, as is always the case, presented as part of their effort to protect those that use the service, particularly from abusive trolls. However, as with all such protections, it only offers protection to a degree and does actually create more danger for others.

For those of us that live in Western ‘liberal’ countries, the requirement to provide a mobile phone number is perhaps not massively problematic. It is fairly easy to obtain a mobile and use it without having an data connected to that phone (if you’ve watched The Wire you’ll know that those that wish to protect themselves from the law will use so-called “burner phones”). Outside of nations like the UK and the US, particularly in authoritarian regimes, there are far more hoops that need to be jumped through and the possibility of obtaining a so-called burner is fairly slim. As The Guardian noted, Turkey requires all mobile phones to be registered and a passport is required to obtain a sim card and mobile number.

The request to provide a mobile number in order to use the service is therefore troubling for those living in authoritarian regimes. As we know, communication tools that provide anonymity have played a role in overturning a variety of authoritarian regimes (although the extent to which these tools have played a role is perhaps overstated). Anonymity in Western liberal states may be perceived as a tool to harass and intimidate individuals, but in less democratic states they are essential for survival and for hope. Without this cover of anonymity, lives can and will be placed at risk. Anonymity maybe a troubling concept from our point of view (not least given the media coverage) but it is essential. When weighing up the social cost, the removal of anonymity will come at a much greater cost than if it was to be maintained.

Trolls are an unpleasant side effect of creating a space where everyone can engage in public discourse. But whilst there is a need to figure out how we tackle this phenomenon, we also have to accept that the internet will probably only ever be an imperfect space and that imperfection is what makes it so valuable. Because so long as there as there is anonymity, there will be trolls. But there will also be opportunities for dissidents to communicate, organise and challenge the status quo. Whilst I would not wish to minimise the harm that trolls cause to individuals (as I’ve stated before, I don’t buy into this current “right to offend” trend), I prefer to think of the positive impact of anonymity. The potential it provides for people to be free. Either free to engage in discourse without fear of reprisal or harm, or to seek to secure freedom from state oppression.

Of course services such as Twitter have to seek to protect those that use the service. But, when it comes to the internet, every measure of protection can also do great harm. This is true of removing the right to anonymity for those who wish to communicate free from fear of reprisal, but also in creating internet filters that prevent people from accessing information. Those filters may provide some benefit in terms of the things that they block, but they will also prevent those who are most vulnerable from accessing the information they need. Such measures are presented as offering protection to individuals (indeed, isn’t this always how states present measures that repress individual freedoms?), when in fact this is only partially the case. Protection for some, insecurity or danger for others.

Ultimately, we must seek to defend the right to remain anonymous online. It is not always comfortable, but then defending our freedoms to the fullest extent will never be entirely comfortable because we understand that there are those that will abuse the freedoms we are advocating. But we have to accept that the benefits of protecting anonymity far outweigh the consequences of removing this protection. Because the consequences of this will not be felt in the middle-class suburbias of the West, but within the communities seeking to throw off the chains of oppression.