Making the case for privacy in libraries after an atrocity

We must continue to defend civil liberties, no matter how difficult it seems

There is never a harder time to argue in defence of civil liberties than in the aftermath of a horrific and deadly terrorist attack. It’s easy to argue for universal rights during periods of relative stability, after all, what harm could possibly come to pass? But during times of bloodshed, of anger and of disgust, it’s somewhat harder to step back and make the case for civil liberties, even when that case appears to suggest a lack of will to tackle the cause of the bloodshed. But it is important that we do so, because we can be sure that those that are the enemies of liberty and freedom will be seizing the opportunity (whilst simultaneously failing to see who they share that cause with).

The suicide bombing in Manchester was truly horrific. Words seem inconsequential in these circumstances. What can you possibly say to the friends and family of the victims? There are no words. Only horror and sorrow.

Not everyone is without words, however. As is the case with every prior terrorist attack in the West, attention turns to the motivations of the perpetrator, the beliefs of the perpetrator, the intentions of the perpetrator. Sadly, for some, this consideration of the motives and intentions leads them to consider that it is necessary to curtail civil liberties to prevent further atrocities. We hear this argument made time and time again. We cannot permit a safe space for terrorists, we cannot allow them to communicate and plot away from the gaze of the security services. We must permit mass surveillance if we wish to put an end to the terrorism on Western streets. The reality is that this chipping away of civil liberties will have no effect whatsoever, other than to degrade our civil liberties, limit intellectual freedom and subject us all to state scrutiny.

When I write/talk about surveillance and its effects, I always make it very clear that I am talking about mass surveillance, not targeted surveillance. It’s an important distinction for me. No-one in their rights minds would oppose targeted surveillance. Whilst the targets of such surveillance may often be unwarranted, we accept as a society that the security services should monitor activity where there is a suspicion that a violent act will be perpetrated. Mass surveillance is quite different. It places us all as suspects. It places all of our actions under scrutiny, regardless of whether there is an objective reason to monitor us or not. It is indiscriminate, and it’s an invasion of our civil liberties. It is not a strategy that will have any substantive impact on tackling the wave of terrorism that has affected the West in recent years (not that we should solely be concerned with the relatively low amount of terrorism in the West). Indeed, we will be surrendering our civil liberties on spurious grounds with no material benefit for the state other than to provide it with a wealth of information about every single citizen. A dangerous thing indeed when crisis hit democracies turn to unstable demagogues like Trump.

To date, there is no evidence that mass surveillance would have prevented a single terrorist attack. As Ryan Gallagher outlines here, the perpetrators of a number of terrorists attacks between 2013-2015 were known to the police and/or security services. Post-2015 it continues to be the case. The Brussels attackers of 2016 were known to the police. Khalid Masood was known to the police. The Stockholm attacker was known to the police. Abu Yousif al-Bajiki was known to the police. And Salman Abedi was known to the police.

Despite the fact that they were all known to the security services, the government continues to press ahead with its assault on civil liberties. Following the Manchester attack earlier this week, it has been revealed that:

UK government ministers are planning to enforce new powers that would compel tech companies like WhatsApp and Apple to hand over encrypted messages, according to a report in The Sun.

The report was published less than 24 hours after Salman Abedi blew himself up at the Manchester Arena, killing 22 people in the process.

The UK government reportedly intends to lobby MPs to ensure that new rules — being referred to as Technical Capability Notices — get passed through Parliament soon as the general election is over on June 8.

It is hard to see how this is justified. When it is clear that these individuals are known to the security services, it is unclear why there is a need to facilitate access to encrypted messages (effectively ensuring a backdoor), particularly when it places all of us at risk. (And when I say “all”, I should more accurately point out that it will affect us all disproportionately, particularly in terms of race.)

Many people working in libraries get jumpy about the argument that we should be encouraging the use of encryption in libraries, not least because they argue we should not impede attempts to apprehend those engaging in criminal activity. But it’s important to remember that these tools only really offer protection for the average member of the public, they do not protect those that are of interest to the security services. If you are a target of the state, no amount of privacy orientated tools will protect you. They will protect you against mass harvesting of data, but they will not hide all of your activities from the state.

In all of the incidents referred to above, better targeted surveillance is the answer. Forcing the tech companies to install backdoors, or to “ban encryption“, is not a solution. It merely places at all at risk. Indeed, given the tacit acceptance that there are rogue forces operating online, it seems the height of irresponsibility to make everyone more vulnerable rather than ensuring our security to protect against such elements.

Making the case for civil liberties in the aftermath of any terrorist attack is difficult. Arguing for greater privacy in our libraries is not an easy case to make when government and media argue that such privacy is an impediment to preventing terrorist attacks. The reality is that ensuring privacy protects the most vulnerable, it does not protect those that seek to commit atrocities. The alternative to mass surveillance is not no surveillance at all, rather it is better targeted surveillance. When it comes to protecting library users, we need to ensure we don’t fall into the trap of believing the former, no matter how hard the government or media try to persuade us otherwise.

The Manifestos 2017 – a library and information studies perspective

Parliament

Houses of Parliament. (CC-BY ijclark)

You may have noticed there’s an election on the way (hands up if you are fed up with it already *raises hands*). Although it is only a few weeks away now, it already feels like a depressing long slog towards a grimly predictable outcome. There is one reason and one reason only why we are having an election, and that’s because Theresa May wants to shore up her government as we enter into negotiations with the EU (negotiations that we won’t have a say in, despite the fact the referendum last year offered no mandate for any particular outcome) – so much for the Fixed Term Parliament Act.

Anyway, I decided now the Tory manifesto has been published, it would be a good idea to scan through all of the three main parties’ programmes to see how they look from a LIS (library and information sciences) perspective. Of course, no-one is going to vote purely on the basis of policies related to LIS (at least I hope not), but I thought it would be interesting nonetheless. Identifying a few key terms, I scanned each of the manifestos across five key areas: libraries, data, privacy, freedom of information and research. I may have missed some key elements in running these in-text searches, so they aren’t fool-proof (please say in the comments if I have missed anything obvious!).  The policies are presented below with direct quotes from the individual manifestos.

Libraries

Labour Manifesto

Libraries are vital social assets, valued by communities across the country. We will ensure libraries are preserved for future generations and updated with wi-fi and computers to meet modern needs. We will reintroduce library standards so that government can assess and guide councils in delivering the best possible service.

Conservative Manifesto

N/A

Liberal Democrat Manifesto

Set up a £2 billion Rural Services Fund of capital investment to enable communities to establish a local base from which to co-locate services such as council offices, post offices, children’s centres, libraries and visiting healthcare professionals.

Data

Labour Manifesto

Labour is committed to growing the digital economy and ensuring that trade agreements do not impede cross-border data flows, whilst maintaining strong data protection rules to protect personal privacy.

We all need to work harder to keep children safe online. Labour will ensure that tech companies are obliged to take measures that further protect children and tackle online abuse. We will ensure that young people understand and are able to easily remove any content they shared on the internet before they turned 18.

Conservative Manifesto

Where we believe people need more protections to keep them safe, we will act to protect them. We will give people new rights to ensure they are in control of their own data, including the ability to require major social media platforms to delete information held about them at the age of 18, the ability to access and export personal data, and an expectation that personal data held should be stored in a secure way. To create a sound ethical framework for how data is used, we will institute an expert Data Use and Ethics Commission to advise regulators and parliament on the nature of data use and how best to prevent its abuse. The Commission will help us to develop the principles and rules that will give people confidence that their data is being handled properly. Alongside this commission, we will bring forward a new data protection law, fit for our new data age, to ensure the very best standards for the safe, flexible and dynamic use of data and enshrining our global leadership in the ethical and proportionate regulation of data. We will put the National Data Guardian for Health and Social Care on a statutory footing to ensure data security standards are properly enforced. We will continue with our £1.9 billion investment in cyber security and build on the successful establishment of the National Cyber Security Centre through our worldleading cyber security strategy. We will make sure that our public services, businesses, charities and individual users are protected from cyber risks. We will further strengthen cyber security standards for government and public services, requiring all public services to follow the most up to date cyber security techniques appropriate.

And we will take up leadership in a new arena, where concern is shared around the world: we will be the global leader in the regulation of the use of personal data and the internet.

Liberal Democrats Manifesto

N/A

Privacy

Labour

Labour is committed to growing the digital economy and ensuring that trade agreements do not impede cross-border data flows, whilst maintaining strong data protection rules to protect personal privacy.

Conservative

In addition, we do not believe that there should be a safe space for terrorists to be able to communicate online and will work to prevent them from having this capability.

For the sake of our economy and our society, we need to harness the power of fast-changing technology, while ensuring that our security and personal privacy – and the welfare of children and younger people – are protected.

It is in no-one’s interest for the foundations of strong societies and stable democracies – the rule of law, privacy and security – to be undermined.

If we are going to respond to rapid changes in technology, we need government to make Britain the best place in the world to set up and run modern businesses,
bringing the jobs of the future to our country; but we also need government to create the right regulatory frameworks that will protect our security and personal privacy, and ensure the welfare of children and younger people in an age when so much of life is conducted online.

Liberal Democrats

Oppose Conservative attempts to undermine encryption.

Notify innocent people who have been placed under targeted surveillance where this can be done without jeopardising ongoing investigations.

Roll back state surveillance powers by ending the indiscriminate bulk collection of communications data, bulk hacking, and the collection of internet connection records.

Freedom of Information

Labour

We will extend the Freedom of Information Act to private companies that run public services.

Conservatives

N/A

Liberal Democrats

End the ministerial veto on release of information under the Freedom of Information Act, and take steps to reduce the proportion of FOI requests where information is withheld by government departments.

Research

Labour

A Labour government will ensure that the UK maintains our leading research role by seeking to stay part of Horizon 2020 and its successor programmes and by welcoming research staff to the UK. We will seek to maintain membership of (or equivalent relationships with) European organisations which offer benefits to the UK such as Euratom and the European Medicines Agency. We will seek to ensure that Britain remains part of the Erasmus scheme so that British students have the same educational opportunities after we leave the EU.

Conservative

We will deliver this and ensure further growth so that overall, as a nation, we meet the current OECD average for investment in R&D – that is, 2.4 per cent of GDP – within ten years, with a longer-term goal of three percent. We will increase the number of scientists working in the UK and enable leading scientists from around the world to work here. We will work hard to ensure we have a regulatory environment that encourages innovation.

Our world-beating universities will lead the expansion of our R&D capacity. We must help them make a success of their discoveries – while they have a number of growing investment funds specialising in spin-outs, we have more to do to replicate the success of similar university funds in the United States.

To fix that, we will work to build up the investment funds of our universities across the UK. We want larger, aggregated funds to increase significantly the amounts invested in and by universities. We want universities to enjoy the commercial fruits of their research, through funds that are large enough to list, thereby giving British investors a chance to share in their success.

Liberal Democrats

Protect the science budget, including the recent £2 billion increase, by continuing to raise it at least in line with inflation. Our long-term goal is to double innovation and research spending across the economy. We would guarantee to underwrite funding for British partners in EU-funded projects such as Horizon 2020 who would suffer from cancellation of income on Brexit.

Public libraries and the UK Digital Strategy

digital inclusion

Are libraries becoming nothing more than data cash cows for the private sector?

Last week the Department for Culture, Media and Sport published its UK Digital Strategy, to much fanfare and eager anticipation amongst those of us with an internet in digital inclusion and how we advance it. The report made mention of libraries as crucial elements in the efforts to advance digital inclusion (yay!), but not quite in the way many of us advocating for public library services would want (boo!). And as for how this strategy squares with the Investigatory Powers Act, well…we’ll come to that. But let’s start with the role of public libraries…

In section two of the report, under the heading “How libraries deliver improved digital access and literacy”, great play is made of the role of libraries. They “have an important role”, they “tackle the barrier of access” and they make “significant inroads towards tackling the combined barriers of skills, confidence and motivation by offering skills training”. All of these things are true, however this role is not the preserve of libraries and library staff alone. As the report makes clear:

“Public libraries work in partnership with charities and private partners such as Halifax, BT, and Barclays to improve the lives of some of the most socially and digitally excluded people.”

They do work in partnership with these private partners and, from the private partners’ points of view, there is a big win for them in doing so. As I’ve pointed out before, the way such skills sessions are delivered is a particular bonus for companies such as Barclays. By guiding the members of the public towards using tools that are, shall we say, less then privacy friendly, it just so happens that they gain a certain advantage in terms of marketing their products. Something, of course, that would not be encouraged had library workers been providing such support (were they to receive the proper funding in which to do so).

Indeed, it seems to me that rather than being places where people can get online and gain the basic digital skills our society increasingly demands, they are becoming a gateway to massive data collection for corporations eager for more and more data to drive their marketing campaigns and, ultimately, to drive growing profits. Let’s make no mistake here, if libraries were properly funded, proper training was provided and the service was delivered according to the ethical principles by which the professional body for librarians guides its members, digital skills would be delivered in an entirely different way.

For example, there is no known reason as to why search engines such as Google or Bing are advocated for over and above alternatives such as DuckDuckGo. They work in a similar way, one is not somehow easier to learn than the other. There is one fundamental difference however. Google is an extremely successful data harvester. Create a Google account, login to your Google Chrome browser, use your Google Mail account and voila, huge amounts of data is being gathered about your online activities. And if you are Barclays, providing members of the public with guidance on using the internet and you just so happen to have additional guidance on the Barclays website, well…there’s certainly an opportunity there for free direct marketing to Gmail accounts. With DuckDuckGo, there is no data. No trail of your search history. You simply search, find what you want and no data is left behind.

As someone who is concerned about digital inclusion, I can only conclude that the current strategy amounts to not getting people online for the benefits it brings to the individuals, but getting more people online to create benefits for corporations and the government. The more people that are online, the more data is created and, ultimately, the more profit is created. Getting people online is good for business. It enables a marketing strategy that is not possible if people remain offline. For little outlay, large corporations like Barclays can get people online, teach them how to expose their data, then take advantage of this for profit and business growth. Let’s not kid ourselves into believing that any corporation is seeking to tackle digital inclusion because, for example, it increases democratic engagement or accrues any other benefit. Likewise, given the Investigatory Powers Act and the mass surveillance it permits, the more online the better the government are able to monitor the people. If you are not online, you are a black hole of data. Get connected, and you become a useful source of information. And what of the Investigatory Powers Act…

On scanning through the report it’s interesting to note that there is not a single mention of encryption technologies. Not one. There is even a section in the report called “A safe and secure cyberspace – making the UK the safest place in the world to live and work online”, it doesn’t mention encryption once. Why? It is the single most important tool available to ensure individual safety and security online. So why isn’t it even mentioned? Because the Investigatory Powers Act is explicitly hostile to it. It wants to discourage encryption technologies wherever possible. Because encryption technologies obscure data from the state. And it doesn’t want your data obscured, because it might be useful for intelligence purposes (it won’t…). Not only is it not welcome for the government, it is also not welcome for corporations. Use encryption technologies and you are obscuring data from them too. Data that they could use to sell you products, to generate sales, to drive profit. Encryption is bad for business when it is used in a way that limits the harvesting of data used for profit. (But good for business when it enables secure transactions they benefit from of course.) As Paul Bernal notes about the strategy document in terms of encryption and safety online:

Which takes us back to where we are in terms of digital inclusion. It seems to me that the overall digital inclusion strategy is not one driven by the needs of the public (if so, why isn’t individual privacy at the forefront of the strategy when privacy is a growing concern?), but driven by the needs of government to get people online for the cost benefits and surveillance benefits it brings, and the needs of corporations that need data to be freely exchanged so that it can be utilised and monetised to drive profit. The needs of the general public are secondary, the prime motivator (for policy makers) is the creation of data. If our libraries were properly funded, if the people working in them were properly trained, that data would not be created on the scale it is when the banks (the banks!!) are providing that kind of support. Which of course, should not surprise us. The weakening of public services is exactly designed to lead to a full consumerist society.

How we prevent this is a more difficult question to tackle. The causes are deeply-rooted in an ideology hostile to public services and strongly in favour of shifting people from being citizens to being consumers. The digital strategy simply makes more explicit the extent to which the government (and corporate Britain) seeks to turn us into consumers driving profits, rather than citizens engaging in the democratic process and using access to information purely for our own benefit. With the sidelining of privacy and individual freedoms in the drive towards a mass surveillance state and in the push towards “digital inclusion”, it’s clear how close that goal is to being realised.

Our communities are under threat, what are we going to do?

Image c/o Paulo Valdivieso.

Image c/o Paulo Valdivieso.

The murder of the Labour MP Jo Cox in the build up to the EU referendum vote was a shocking and disturbing act conducted by a man who appears to be a far-right extremist with a fascination for the Nazi regime (I’m being deliberately careful with my wording due to the ongoing court case – I am no legal expert so I prefer to err on the side of caution). It is impossible to view this act without placing it in the context of a renewed neo-Nazi far-right menace that has grown in Europe and overseas. In some ways, discussing this case in the context of the ethics of library work seems pretty ridiculous. But there is a convergence of issues here that highlight the extent to which we are currently failing our communities and urgently need to take steps to protect them.

As noted above, newspapers reported that the defendant in the court case had accessed a range of resources related to extremist political viewpoints. How did this detail emerge in court? It is claimed that his fascination was identified by investigating his internet usage at his local public library.

The jury was told that the day before Cox was killed, the defendant had gone to the library in Birstall, where he had used a computer to access a number of items, including the Wikipedia page for an online publication called the Occidental Observer.

This is a troubling development, yet unsurprising given the extent to which libraries are not a safe space for anyone (although they certainly should be). Of course, it’s difficult to be concerned about an invasion of privacy against such an individual. He committed a vile, murderous act. But we have to be careful here, particularly in terms of our current environs, not to make exceptions when it comes to what should be core to our ethical principles. We cannot, and must not, pick and choose whose privacy should be invaded in pursuit of justice.

The case will be made that accessing Thomas Muir’s internet browsing history has provided proof of his far-right extremism and murderous intent. But can this really be so? Can murderous intent be deduced from looking at the browsing history of an individual? This is the premise upon which not only the Prevent strategy is built, but also the Investigatory Powers Bill. That if somehow we could observe internet users, see what they are accessing, we (the state) can intervene and prevent a terrorist atrocity. If we accept that accessing Muir’s internet history is necessary in order to prosecute, then we accept that privacy in accessing information is no longer tenable. Indeed, we play into the very hands of those seeking to justify both Prevent and the Investigatory Powers Bill. We need to ask ourselves serious questions here if we believe this act is justifiable, and we need to return to CILIP’s ethical principles and consider to what extent we are serious about upholding them.

If we decide that we are not serious about upholding them, then we are putting our communities at very real, very serious risk. We are living in a period where the far-right are rising to prominence with alarming speed. Where they are gaining ground not only in Europe, but in the United States following the election of Donald Trump. The consequences of this are stark. Minorities are placed in greater danger. Lives are at risk. We are witnessing, once more, the rise of an authoritarian, anti-libertarian strain of right-wing populism dressed up as libertarianism. That the neo-Nazi right have achieved this under the guise of advancing liberty (posing as libertarians) makes their rise to prominence even more cynical and deadly. It is in this context we must consider both Prevent and the Investigatory Powers Bill and the impact they will have upon our work and, more importantly, our communities.

One of the oft used defences of mass surveillance is the illogical maxim that “if you have done nothing wrong you have nothing to fear”. Such naïve sentiment obscures the obvious: you are not the one that determines whether you have done wrong. The state does. It also obscures another truism – the state is fluid, not fixed. Liberal democracies do not remain in situ for perpetuity. They are always at risk of collapsing. History demonstrates the extent to which this is the case and recent events have demonstrated just how precarious liberal democracies actually are. It is this that should always be kept in mind when we discuss mass surveillance and it’s this we should be alert to when we consider our current environs.

The rise of the far-right in Europe and the United States is a warning sign about the acceptance of mass surveillance. There is no doubt, thanks to the work of the NSA and GCHQ, that we have the infrastructure in place for a truly efficient and ruthless fascist state. In a liberal democracy, you have the luxury of debate over its efficacy and its relationship with ethical concerns. In a fascist state you have no such luxury. It is used to persecute minorities. There is no debate. There will be no dismantling of the surveillance state under the fascist right, rather it will be ramped up and used in ways that make the previous warnings about the dangers of developing a surveillance society seem like stark understatements..

This is why it is vital to consider where we are in relation to the ethical principles clearly stated by the body that represents us. We are tasked with ensuring the intellectual privacy of our patrons. Our failure to do this in a liberal democracy is one thing, our failure with a rising fascist movement is quite another. Our failure to tackle this question firmly and consistently will put lives at risk. If we accept that, in a liberal democracy, it is justifiable to interrogate the internet history of those perpetrating vile crimes, then what precedent is being set for democracy less liberal, less tolerant, more fascistic?

I put much of the blame of our current malaise at the feet of professionals who have abandoned ethical principles in favour of money and prestige. This cuts across all professions. It’s led to the creeping privatisation of our health service, the academisation of our schools, the erosion of civil liberties and the destruction of our public library network. In many respects, it’s long since passed the point of no return. But if we don’t act on our principles now, if we don’t protect our communities, the far-right will take advantage. They are coming for the people we should be protecting. The success of the far-right in the United States was the latest in a series of lethal blows to our communities. It’s time we stood side-by-side with them and asserted that we can no longer tolerate such incursions and that we will not throw them to the wolves.

The digital skills crisis

Untitled | Flickr c/o melancholija via a BY-NC 2.0 license.

Today the Science and Technology Committee published their report on the “digital skills crisis” which concluded that “up to 12.6 million of the adult UK population lack basic digital skills” and 5.8m have “never used the internet at all” (you can view the full report here). In setting out the report, the Committee makes the following claim:

Digital exclusion has no place in 21st Century Britain. While the Government is to be commended for the actions taken so far to tackle aspects of the digital skills crisis, stubborn digital exclusion and systemic problems with digital education and training need to be addressed as a matter of urgency in the Government’s forthcoming Digital Strategy. In this report, we address the key areas which we believe the Digital Strategy must deliver to achieve the step change necessary to halt the digital skills crisis and bring an end to digital exclusion once and for all.

Which all sounds very laudable, unfortunately the goal of ending digital exclusion is virtually impossible in a capitalist society – it’s permanent. There will always be a large proportion of the population that are digital excluded, no matter what effort we make to eradicate it. Indeed, the progress of the Investigatory Powers Bill rather underlines the extent to which digital exclusion is being entrenched, not eradicated.

The term “digital skills” is defined as follows within the report:

Digital skills have no single definition, but have been variously described to include a general ability to use existing computers and digital devices to access digital services, “digital authoring skills” such as coding and software engineering, and the ability to critically evaluate media and to make informed choices about content and information—“to navigate knowingly through the negative and positive elements of online activity and make informed choices about the content and services they use”.

The European Commission uses indicators from “browsing, searching and filtering information, to protecting personal data and coding” (apologies for the secondary source, it didn’t seem possible to download the original at the time of writing). It’s the “protecting personal data” bit that I am most interested in, and the bit that reveals the extent to which digital exclusion will always exist within a capitalist society. (Let’s take for a given that I think the approach by government is generally terrible in this area, not least with public libraries being closed or farmed out to local communities forced to run them against their will…I’ve repeatedly gone down this road so I don’t feel I need to make these arguments again.)

I’ve argued before that corporate surveillance is permanent in a capitalist society. Corporations rely on the collection of personal data to deliver profits. They make their products “free” to use, then accrue profit through the [mis-]use of personal data. In a capitalist society, individuals will always choose that which is free over that which is not (particularly the less privileged who have no choice whatsoever). Factor into this the impending Investigatory Powers Bill and we have a further undermining of any individual’s efforts to protect personal data, because private companies will store that personal data which may then be made available to the state upon request (and, incidentally, if it is your data, it will be illegal for you to be told such action has taken place).

What the situation creates is one where only a small minority of privileged individuals will be able to protect their personal data effectively (and even then, with limitations). The vast majority will not. The vast majority will not have the social or economic capital with which to make the choice to protect their personal data. They face permanently remaining on the wrong side in terms of digital inclusion, because the infrastructure is in place to prevent them from ever bridging that gap. If we are to be serious about tackling digital exclusion, then we have to take a much wider look at the protection of personal data and what that entails.

In one recent study, John Penney found that, following Edward Snowden’s disclosures about mass surveillance, there had been…

“…a 20 percent decline in page views on Wikipedia articles related to terrorism, including those that mentioned ‘al Qaeda,’ ‘car bomb’ or ‘Taliban.'”

Penney went on to conclude that:

“If people are spooked or deterred from learning about important policy matters like terrorism and national security, this is a real threat to proper democratic debate.”

This is not even a controversial point at odds with established thinking on the effects of surveillance. In 1967, for example, the President’s Commission on Law Enforcement and Administration of Justice concluded that:

“In a democratic society privacy of communication is essential if citizens are to think and act creatively and constructively. Fear or suspicion that one’s speech is being monitored by a stranger, even without the reality of such activity, can have a seriously inhibiting effect upon the willingness to voice critical and constructive ideas.”

Online privacy cannot be viewed purely on narrow terms when it comes to digital exclusion. The inability to protect one’s privacy online has serious ramifications in terms of democratic engagement. If people are not able to seek out information or to communicate with each other in private, then they will be effectively digitally excluded. And, again, a lack of social or economic capital will ensure that a significant proportion of the population always will be digitally excluded. We may reduce the numbers of people that are digital excluded, but we can never eradicate it. The only way to do so would be to ensure all online tools and methods of communication are fully encrypted, but this is impossible in a corporatised internet where data = profit. Equally, it is not possible when you have laws going through parliament that are hostile to digital privacy.

Digital exclusion may well have “no place in 21st century Britain”. Unfortunately, a combination of government policy and prevailing economic doctrine will ensure that not only is digital exclusion a reality for those without privilege in the 21st century, it will remain so for a long time to come.

For more on this topic, see my paper “The digital divide in the post-Snowden era.

Crypto Party…in a public library…in the UK

Newcastle Central Library (CC-BY).

Well, this is a turn up for the books. When I wrote my recent article on Snowden and the digital divide I made a few limited recommendations (in hindsight I could have been more extensive in this regard). Having worked in public libraries myself, I was somewhat hesitant to recommend that all public libraries install Tor Browser as the default – I knew (or at least had a very strong suspicion based on working in public libraries) it just simply wasn’t going to happen (in terms of my local library authority, I’ve pretty much had this confirmed). Instead, I kinda vaguely pushed that we as a profession should learn some of the skills and, however possible, share them with our communities (I’ve vaguely started on this road, but I’ve been less than great at doing so). There would be nothing wrong with hosting workshops, even if the tech cannot be the default on the council computers. It’s clear to me there’s an intellectual privacy divide – between those that are able to ensure digital privacy, and those that cannot due to lack of skills, knowledge etc. Libraries, for me, should play a role in bridging this gap. The protection of intellectual privacy is, after all, a core principle underpinning the profession.

I was, therefore, both pleased and surprised to see that Newcastle libraries are working with the Open Rights Group (North East) to run a Crypto Party later this month – the first public library service I am aware of to officially run and deliver one in the UK (if you know of an official library organised event that is comparable, please let me know!). According to the details on cryptoparty.in, they intend on covering:

  • Safe browsing
  • Tor Browser & TAILS
  • Signal
  • Full Disk Encryption
  • PGP

A cursory glance at the website looks promising…the Newcastle library service seem to be giving it a bit of a promotional push as well. It will be interesting to hear how this develops and whether other library services take Newcastle’s lead and teach privacy enhancing tools. It’s something I think we should be doing much more of, rather than leaving the teaching of digital skills to private companies with a vested interest in promoting certain tools and approaches to online engagement. Hopefully others will follow Newcastle’s lead….

The Imbalance In Transparency

Transparency

Image c/o Jonathan McIntosh on Flickr (CC BY-SA).

Yesterday was a big day in terms of transparency, democracy and information rights. After months of criticism for the way in which it has been loaded to discriminate in favour of curbing Freedom of Information legislation, the Independent Commission on Freedom of Information published their findings, followed by publication of the government’s response. On top of all this, the government published its revised Investigatory Powers Bill (or “Snooper’s Charter”). In terms of the information flow between state and the individual, these two developments couldn’t be more important. The question is, to what extent is the information flow weighted in favour of citizens rather than the state? A question to which the answer is, I think, obvious to anyone with even the vaguest grasp of the history of the British state.

Given the sheer size of the debate and discussion in these two areas, I thought I’d bang all this together in one post, but split it up into two many themes: Information From Them and Information FOR Them. Seems to me that both these areas say a lot about where we are as a country, and I think such a distinction further emphasises the current state of play.

Information From Them

The FoI commission may have found that there is no case for new legislation with respect to the Act (meaning no substantial changes to how it operates), but this does not mean that it won’t continue to have serious limitations. The Act itself is imperfect as it stands now (and the increased outsourcing of public services to the private sector further limits its scope), and it’s not clear to what extent the government will use the findings of the Commission to come up with new and innovative ways to further restrict its impact. As Maurice Frankel, director of the Campaign for FoI, notes, rather than changes to the legislation it “could be that they are now possibly talking about various forms of guidance”.

For the government, the FoI Act has a very narrow appeal. It’s less about creating a culture of full transparency across government, both nationally and regionally, and more about beating the drum for value and efficiency. The Freedom of Information Act is more than just providing citizens with access to information on how taxpayers’ money is spent, it’s about holding politicians to account, ensuring that that all of their decisions are subject to scrutiny, not merely about how money is spent. This narrow perspective is still very much central to the government’s thinking, as evidenced by Matt Hancock’s statement in response to the findings:

“We will not make any legal changes to FoI. We will spread transparency throughout public services, making sure all public bodies routinely publish details of senior pay and perks. After all, taxpayers should know if their money is funding a company car or a big pay off.”

For the Conservatives, it makes sense that this is the extent of their endorsement of transparency. Spending taxpayers’ money plays directly into their narrative of difficult economic conditions that warrant the rolling back of public spending. Ensuring a focus on FoI as purely a mechanism to monitor local government spending shifts the emphasis and, ultimately, sends a message about how they view FoI. It’s not about transparency, or holding politicians to account. It is purely and simply about being a stick with which members of the public can beat local government profligacy.

One recommendation that is worth noting is the position regarding the “Cabinet veto”. The Commission recommended that:

“…the government legislates to clarify beyond doubt that it does have this power. We recommend that the veto should be exercisable where the executive takes a different view of the public interest in release, and that the power is exercisable to overturn a decision of the IC. We recommend that in cases where the IC upholds a decision of the public authority, the executive has the power to issue a ‘confirmatory’ veto with the effect that appeal routes would fall away, and any challenge would instead be by way of judicial review of that veto in the High Court.”

Although the government have decided that the veto will only be deployed “after an Information Commissioner decision”, the Minister’s statement adds that so long as this approach proves “effective”, legislation will not be brought forward “at this stage”. This is, to say the least, disappointing. As has been noted before, the veto simply acts as a way for ministers to avoid embarrassment (see the Prince Charles letters for example). Of course concerns about this particular aspect need to be considered in the context of the fact that the worst case scenario regarding Freedom of Information has not come to pass, but the phrase “at this stage” should put us all on alert regarding the government’s intentions.

That said, contrast the government’s position on freedom of information (where openness comes with caveats) with their position on surveillance (where caveats barely seem to exist)…

Information For Them

Following a number of critical reports about its Investigatory Powers Bill, the Home Office yesterday put forward revised draft legislation seeking to, in their words, “reflect the majority of the recommendations” from these reports. The reality is quite different, and very troubling on a number of levels, not least because of the intention to rush this bill through parliament at a time where other stories with substantial ramifications are dominating the news cycle (the intention seems to be to rush it through before DRIPA expires at the end of the year).

What of the proposals themselves? Well, they don’t make for comforting reading if you care about individual liberty and intellectual privacy. Despite criticism that the initial draft lacked any sense that privacy was to form the backbone of the legislation, the only change in this respect has been to add the word “privacy” to the heading for Part 1 (“General Protections” becomes “General Privacy Protections”). This tells you all you need to know about how the government views privacy. It’s a minor concern when compared to the apparent desire to engage in mass surveillance.

The Bill proposes that police forces will be able to access all web browsing records and hack into phones, servers and computers. Although the Home Office later claimed that hacking powers date from the 1997 Police Act and would only be used in “exceptional circumstances”, when giving evidence to the scrutiny committee, Det Supt Paul Hudson noted that these powers were used “in the majority of serious crime cases”. Needless to say, he refused to provide any further detail on the record. But there does appear to be a shift here from the police being able to view any illegal sites you have visited, to enabling them to view any website you visit.

In terms of encryption technologies (the bête noire of Western democracies hostile to privacy), there has been some clarity and yet there also seems to be somewhat of a loophole that could prove advantageous to those who know what tools to use to ensure their intellectual privacy. In the government’s response to pre-legislative scrutiny it advises:

“The revised Bill makes clear that obligations to remove encryption from communications only relate to electronic protections that have been applied by, or on behalf of, the company on whom the obligation has been placed and / or where the company is removing encryption for their own business purposes.”

The implication here seems pretty clear: to ensure you provide sufficiently strong encryption technologies, move towards encryption that you do not control, rather than those you do. If you don’t control it, you cannot remove it. I suspect the net consequence of this will be a muddying of the waters for those who wish to protect their intellectual privacy. It is already difficult to differentiate between which encryption tools truly protect you from mass surveillance, and which arguably do not (consequence being a new manifestation of the digital divide). Being able to differentiate between which tools do control the encryption placed on communications and which tools do not will undeniably require a degree of social capital that not everyone has the privilege to possess.

There are many significant concerns regarding this draft bill, many of which would take a huge blog post to cover…and I’ve not even read the full bill and accompanying documents yet. Rather than hit the 2,000 word mark, I’ve put together a list of key resources below. As librarians and information professionals we need to be on top of this. Defending the intellectual privacy of our users (whether that be in schools, public libraries, further or higher education) is a fundamental ethical concern. We need to take whatever steps we can to ensure we advance privacy, ensure the protection of digital rights and reject the monitoring and/or collection of users’ personal data that would compromise such privacy.

One thing I will add is that the combination of these two developments speaks volumes about the nature and transparency of government and in the United Kingdom. It is far less about ensuring a democratic system by which elected officials can be held to account, and far more about treating citizens with suspicion and thus undermining the democratic process. Given these circumstances, it is difficult to conclude that we live in a fully functioning democracy. When the state is entitled to more information about us than we are about them, there is no democracy.

Further resources

IFLA Statement on Privacy in the Library Environment

Investigatory Powers Bill – all government documents

Privacy International statement on IPBill

Investigatory Powers Bill – How To Make It Fit-For-Purpose

Don’t Spy On Us (authors of the above report on making it fit for purpose)

Access Now statement on IP Bill

 

Independent Commission on Freedom of Information report

Statement by Matt Hancock on Commission’s report

Campaign for Freedom of Information statement

In defence of internet anonymity

Image c/o Thomas Hawk.

It recently emerged that Twitter has added the need to register mobile phone numbers as part of the sign-up procedure when creating an account to use the network. The move is, as is always the case, presented as part of their effort to protect those that use the service, particularly from abusive trolls. However, as with all such protections, it only offers protection to a degree and does actually create more danger for others.

For those of us that live in Western ‘liberal’ countries, the requirement to provide a mobile phone number is perhaps not massively problematic. It is fairly easy to obtain a mobile and use it without having an data connected to that phone (if you’ve watched The Wire you’ll know that those that wish to protect themselves from the law will use so-called “burner phones”). Outside of nations like the UK and the US, particularly in authoritarian regimes, there are far more hoops that need to be jumped through and the possibility of obtaining a so-called burner is fairly slim. As The Guardian noted, Turkey requires all mobile phones to be registered and a passport is required to obtain a sim card and mobile number.

The request to provide a mobile number in order to use the service is therefore troubling for those living in authoritarian regimes. As we know, communication tools that provide anonymity have played a role in overturning a variety of authoritarian regimes (although the extent to which these tools have played a role is perhaps overstated). Anonymity in Western liberal states may be perceived as a tool to harass and intimidate individuals, but in less democratic states they are essential for survival and for hope. Without this cover of anonymity, lives can and will be placed at risk. Anonymity maybe a troubling concept from our point of view (not least given the media coverage) but it is essential. When weighing up the social cost, the removal of anonymity will come at a much greater cost than if it was to be maintained.

Trolls are an unpleasant side effect of creating a space where everyone can engage in public discourse. But whilst there is a need to figure out how we tackle this phenomenon, we also have to accept that the internet will probably only ever be an imperfect space and that imperfection is what makes it so valuable. Because so long as there as there is anonymity, there will be trolls. But there will also be opportunities for dissidents to communicate, organise and challenge the status quo. Whilst I would not wish to minimise the harm that trolls cause to individuals (as I’ve stated before, I don’t buy into this current “right to offend” trend), I prefer to think of the positive impact of anonymity. The potential it provides for people to be free. Either free to engage in discourse without fear of reprisal or harm, or to seek to secure freedom from state oppression.

Of course services such as Twitter have to seek to protect those that use the service. But, when it comes to the internet, every measure of protection can also do great harm. This is true of removing the right to anonymity for those who wish to communicate free from fear of reprisal, but also in creating internet filters that prevent people from accessing information. Those filters may provide some benefit in terms of the things that they block, but they will also prevent those who are most vulnerable from accessing the information they need. Such measures are presented as offering protection to individuals (indeed, isn’t this always how states present measures that repress individual freedoms?), when in fact this is only partially the case. Protection for some, insecurity or danger for others.

Ultimately, we must seek to defend the right to remain anonymous online. It is not always comfortable, but then defending our freedoms to the fullest extent will never be entirely comfortable because we understand that there are those that will abuse the freedoms we are advocating. But we have to accept that the benefits of protecting anonymity far outweigh the consequences of removing this protection. Because the consequences of this will not be felt in the middle-class suburbias of the West, but within the communities seeking to throw off the chains of oppression.