The Imbalance In Transparency

Transparency

Image c/o Jonathan McIntosh on Flickr (CC BY-SA).

Yesterday was a big day in terms of transparency, democracy and information rights. After months of criticism for the way in which it has been loaded to discriminate in favour of curbing Freedom of Information legislation, the Independent Commission on Freedom of Information published their findings, followed by publication of the government’s response. On top of all this, the government published its revised Investigatory Powers Bill (or “Snooper’s Charter”). In terms of the information flow between state and the individual, these two developments couldn’t be more important. The question is, to what extent is the information flow weighted in favour of citizens rather than the state? A question to which the answer is, I think, obvious to anyone with even the vaguest grasp of the history of the British state.

Given the sheer size of the debate and discussion in these two areas, I thought I’d bang all this together in one post, but split it up into two many themes: Information From Them and Information FOR Them. Seems to me that both these areas say a lot about where we are as a country, and I think such a distinction further emphasises the current state of play.

Information From Them

The FoI commission may have found that there is no case for new legislation with respect to the Act (meaning no substantial changes to how it operates), but this does not mean that it won’t continue to have serious limitations. The Act itself is imperfect as it stands now (and the increased outsourcing of public services to the private sector further limits its scope), and it’s not clear to what extent the government will use the findings of the Commission to come up with new and innovative ways to further restrict its impact. As Maurice Frankel, director of the Campaign for FoI, notes, rather than changes to the legislation it “could be that they are now possibly talking about various forms of guidance”.

For the government, the FoI Act has a very narrow appeal. It’s less about creating a culture of full transparency across government, both nationally and regionally, and more about beating the drum for value and efficiency. The Freedom of Information Act is more than just providing citizens with access to information on how taxpayers’ money is spent, it’s about holding politicians to account, ensuring that that all of their decisions are subject to scrutiny, not merely about how money is spent. This narrow perspective is still very much central to the government’s thinking, as evidenced by Matt Hancock’s statement in response to the findings:

“We will not make any legal changes to FoI. We will spread transparency throughout public services, making sure all public bodies routinely publish details of senior pay and perks. After all, taxpayers should know if their money is funding a company car or a big pay off.”

For the Conservatives, it makes sense that this is the extent of their endorsement of transparency. Spending taxpayers’ money plays directly into their narrative of difficult economic conditions that warrant the rolling back of public spending. Ensuring a focus on FoI as purely a mechanism to monitor local government spending shifts the emphasis and, ultimately, sends a message about how they view FoI. It’s not about transparency, or holding politicians to account. It is purely and simply about being a stick with which members of the public can beat local government profligacy.

One recommendation that is worth noting is the position regarding the “Cabinet veto”. The Commission recommended that:

“…the government legislates to clarify beyond doubt that it does have this power. We recommend that the veto should be exercisable where the executive takes a different view of the public interest in release, and that the power is exercisable to overturn a decision of the IC. We recommend that in cases where the IC upholds a decision of the public authority, the executive has the power to issue a ‘confirmatory’ veto with the effect that appeal routes would fall away, and any challenge would instead be by way of judicial review of that veto in the High Court.”

Although the government have decided that the veto will only be deployed “after an Information Commissioner decision”, the Minister’s statement adds that so long as this approach proves “effective”, legislation will not be brought forward “at this stage”. This is, to say the least, disappointing. As has been noted before, the veto simply acts as a way for ministers to avoid embarrassment (see the Prince Charles letters for example). Of course concerns about this particular aspect need to be considered in the context of the fact that the worst case scenario regarding Freedom of Information has not come to pass, but the phrase “at this stage” should put us all on alert regarding the government’s intentions.

That said, contrast the government’s position on freedom of information (where openness comes with caveats) with their position on surveillance (where caveats barely seem to exist)…

Information For Them

Following a number of critical reports about its Investigatory Powers Bill, the Home Office yesterday put forward revised draft legislation seeking to, in their words, “reflect the majority of the recommendations” from these reports. The reality is quite different, and very troubling on a number of levels, not least because of the intention to rush this bill through parliament at a time where other stories with substantial ramifications are dominating the news cycle (the intention seems to be to rush it through before DRIPA expires at the end of the year).

What of the proposals themselves? Well, they don’t make for comforting reading if you care about individual liberty and intellectual privacy. Despite criticism that the initial draft lacked any sense that privacy was to form the backbone of the legislation, the only change in this respect has been to add the word “privacy” to the heading for Part 1 (“General Protections” becomes “General Privacy Protections”). This tells you all you need to know about how the government views privacy. It’s a minor concern when compared to the apparent desire to engage in mass surveillance.

The Bill proposes that police forces will be able to access all web browsing records and hack into phones, servers and computers. Although the Home Office later claimed that hacking powers date from the 1997 Police Act and would only be used in “exceptional circumstances”, when giving evidence to the scrutiny committee, Det Supt Paul Hudson noted that these powers were used “in the majority of serious crime cases”. Needless to say, he refused to provide any further detail on the record. But there does appear to be a shift here from the police being able to view any illegal sites you have visited, to enabling them to view any website you visit.

In terms of encryption technologies (the bête noire of Western democracies hostile to privacy), there has been some clarity and yet there also seems to be somewhat of a loophole that could prove advantageous to those who know what tools to use to ensure their intellectual privacy. In the government’s response to pre-legislative scrutiny it advises:

“The revised Bill makes clear that obligations to remove encryption from communications only relate to electronic protections that have been applied by, or on behalf of, the company on whom the obligation has been placed and / or where the company is removing encryption for their own business purposes.”

The implication here seems pretty clear: to ensure you provide sufficiently strong encryption technologies, move towards encryption that you do not control, rather than those you do. If you don’t control it, you cannot remove it. I suspect the net consequence of this will be a muddying of the waters for those who wish to protect their intellectual privacy. It is already difficult to differentiate between which encryption tools truly protect you from mass surveillance, and which arguably do not (consequence being a new manifestation of the digital divide). Being able to differentiate between which tools do control the encryption placed on communications and which tools do not will undeniably require a degree of social capital that not everyone has the privilege to possess.

There are many significant concerns regarding this draft bill, many of which would take a huge blog post to cover…and I’ve not even read the full bill and accompanying documents yet. Rather than hit the 2,000 word mark, I’ve put together a list of key resources below. As librarians and information professionals we need to be on top of this. Defending the intellectual privacy of our users (whether that be in schools, public libraries, further or higher education) is a fundamental ethical concern. We need to take whatever steps we can to ensure we advance privacy, ensure the protection of digital rights and reject the monitoring and/or collection of users’ personal data that would compromise such privacy.

One thing I will add is that the combination of these two developments speaks volumes about the nature and transparency of government and in the United Kingdom. It is far less about ensuring a democratic system by which elected officials can be held to account, and far more about treating citizens with suspicion and thus undermining the democratic process. Given these circumstances, it is difficult to conclude that we live in a fully functioning democracy. When the state is entitled to more information about us than we are about them, there is no democracy.

Further resources

IFLA Statement on Privacy in the Library Environment

Investigatory Powers Bill – all government documents

Privacy International statement on IPBill

Investigatory Powers Bill – How To Make It Fit-For-Purpose

Don’t Spy On Us (authors of the above report on making it fit for purpose)

Access Now statement on IP Bill

 

Independent Commission on Freedom of Information report

Statement by Matt Hancock on Commission’s report

Campaign for Freedom of Information statement

Woolwich, surveillance, politics and extremism

I wasn’t going to write a post on this initially. Even at this early stage, there will be a million other blog posts on the topic (a million better written blog posts on the topic). But there are some things I felt I could not ignore or not pass comment on. Sometimes the urge to share a perspective on events is too strong not to ignore, or to bury away for fear of being seen to make political points on the back of what is a very tragic and distressing event. Given that, this may come across as a somewhat confused and stumbling post.

Whilst still coming to terms with an event that has shocked everyone, there are already the familiar rumblings about How This Must Not Happen Again. As is to be expected, the talk of legislation has once more reared its head, in particular the Draft Communications Data Bill has been put forward as a necessary step to ensure such events are prevented. Unsurprisingly, this has been proposed by the usual authoritarian figures, principally John Reid, a man who was and remains a keen believer in invasive state power (and is, incidentally, a spokesman for the security industry in the House of Lords – being a director of security firm G4S).

But, as we know, the Draft Communications Data Bill would have made no discernible difference in this case. Both suspects were, apparently, known to the security services before this terrible event took place. They already had their suspicions about these individuals without the power of the Draft Communications Data Bill, so it is unclear how much difference the powers behind the proposed bill would make in this particular case. Even Eric Pickles, not one I am keen to cast in a positive light in normal circumstances, argued that it would have made no difference whatsoever in this case.

Whenever such an event as this takes place, security measures are proposed that, so the politicians claim, will make the streets safer and prevent such tragedies from happening again. But will they really? Will any legislation prevent two individuals armed with knives from going out onto the streets and butchering someone in broad daylight? No, the problem of violent extremism, no matter how it manifests itself, needs to be tackled at a far deeper level than just through simple, flawed legislation.

Whilst it is impossible to know their true motivations, or the sequence of events that led to their decision to launch such a vicious attack, one does wonder how violent extremism in general can be tackled effectively. I should emphasise here that I am not talking about the incident in Woolwich, but rather the broader issue of extremism and marginalisation. Could it be, perhaps, that our political culture is so limited as to push individuals ever closer to the fringes of both the political spectrum and of society in general? Where factors such as poverty probably have a far greater impact, perhaps the way political discourse is framed in this country is also a contributory factor?

Over the past fifty or sixty years (perhaps more than that), our political system has increasingly crowded around the so-called ‘centre-ground’. Despite what many of the ‘loyalists’ on either side might argue, there is very little difference between the main political parties. They have been broadly united on a number of key issues in the recent past, from the invasion of Afghanistan to the need for ‘austerity’. There is very little room for discussion on the margins of these issues (how often do you hear a mainstream politician argue against ‘austerity’, for example, considering the number of esteemed economists who argue it is a damaging economic policy?). For those who take a reasonable position in opposition to these policies (reject ‘austerity’ or oppose foreign wars, both entirely reasonable positions), where is there to go? Given the majority of the media and the political discourse doesn’t really enable reasonable arguments in opposition to the governing orthodoxy (or at least very rarely), it is perhaps no surprise the people shift to the fringes to look for answers. And when you shift to the fringes, where you feel that no-one is listening or representing you, desperation sets in – the desperation to be heard.

In my entire voting life, I have never voted for the Labour Party. The first time I was able to vote was in 1997 and I chose not to vote Labour, predominantly because I felt Blair was, in essence, a Tory wrapped in a red cloak (a very flimsy red cloak at that). However, whilst I am not pre-disposed to voting for Labour, this doesn’t mean to say I would never have considered voting Labour had I lived in an earlier era. Take the Attlee government of the immediate post-war period. If the Labour Party adopted the kind of platform Attlee’s government occupied, I would be more inclined to vote for them as it is a great deal closer to my position than the current Labour Party (although perhaps still not as close as I would like). But this is no longer the party of Attlee and Bevin, and it is highly unlikely ever to be so again. They have, in essence, conceded the battle fought in the 1980s and have accepted neo-liberal economic positions that are at odds with the views and positions espoused by those at the heart of the Attlee government (even though that government was itself not as radical as many would have liked).

So what is left for me? I cannot conceivably vote for any of the major parties, and I am left with the fringes (or the Greens) and I fear that many others across our society equally feel that their views have been marginalised and that there is no-one expressing their own particular point of view. People feel that there is no-one speaking for them and consequently that they have little option but to look to the fringes for the answers they crave. Whether that be radical preachers in mosques, or racist thugs. This isolation from the mainstream and marginalisation is not an excuse for violence, one does not have to resort to violence to express a perspective that public discourse has pushed to the fringes. But one wonders whether the marginalisation itself would be minimised if public discourse wasn’t constrained within such tight boundaries. If, for example, it was seen as reasonable to argue that ‘austerity’ is built on a false premise or that the wars in the Middle East are immoral, perhaps those that hold those reasonable views would not feel so marginalised and consequently pushed to the extremes.

Throughout history, a clustering around the centre-ground has resulted in people being pushed to the extremes in ever-increasing numbers. Where the answers provided by the centre seem inadequate, people begin to look elsewhere for answers. Perhaps we should pause for a minute and ponder whether it is healthy for our society to have otherwise reasonable and sensible positions (moral and political) pushed to the margins. Perhaps, and this seems incredibly naive I accept, perhaps our political debate should be more mature, accepting that there are reasonable views outside the orthodoxy. Of course, broadening public discourse would in no way be a panacea in terms of dealing with extremism or marginalisation but perhaps providing that room for alternative voices in the public debate would be a step towards dealing with the problem

As I said at the beginning, these are at present rather confused and incomplete thoughts. There is no doubt that the murder in Woolwich was a deeply shocking and tragic event. I am not convinced, however, that any amount of legislation or ‘snooping’ will prevent such despicable acts from happening again in the future. The only thing I am sure of is that we need to look at our society, our political culture and our public discourse and see if we can find some answers. We certainly should not look to John Reid and his authoritarian acolytes.

When it comes to the internet, it’s not just government snooping we should be worried about…

Corporations want your data as much as governments want to snoop.
(Image: El Alma Del Ebro in Zaragoza by Saucepolis on Flickr.)

Remember the early days of the internet?  When start-up companies seemed to be, somehow a different breed from the companies that we had grown accustomed to? “Don’t be evil” appeared not only to be Google’s mantra, but the mantra of a whole host of companies that emerged in tandem with the growth of the internet.  Whereas we had grown accustomed to companies that were focused on shareholder profit over rather than the interests of ‘consumers’ or society in general, these companies seemed to be benign, friendly, sensitive to their social responsibilities.

In contrast to the growth of these ‘benign forces’ of the internet, governments and politicians have become increasingly suspicious of the technology, predominantly because it is an area over which they do not feel they exercise sufficient control.  In the UK, this has manifested itself most obviously and most recently in the Data Communications Bill (or Snoopers’ Charter).  A particularly invasive piece of legislation that was seriously considered by the coalition, it proposed to grant powers to the Home Secretary (or another cabinet minister) to order any ‘communications data’ by ‘telecommunication operators’ to be gathered and retained, effectively collecting ostensibly private data on citizens for whatever purpose they deemed worthy.  It appears, on the face of it, that these proposals have now been abandoned, although that is not to say they won’t come back in a slightly modified form.  If one were a cynic, one might suggest the Liberal Democrats applied pressure to drop the legislation in advance of the local elections to ensure they were case in a positive light? Unlikely perhaps, but my cynical mind can’t help but believe there is more to this than simply a matter of principle, after all Nick Clegg wasn’t always so opposed…

This suspicion, however, doesn’t begin and end at the Snoopers’ Charter. There was also, for example, the introduction of the Digital Economy Act, which enables the blocking of website access for anyone who is deemed to have infringed copyright laws but, consequently, also risks penalising those entirely innocent of any such activity.  Then there is the Regulation of Investigatory Powers Act 2000 (Ripa) used to investigate Osita Mba, a whistleblower who uncovered a “sweetheart” deal with Goldman SachsUsing Ripa:

…HMRC can see websites viewed by taxpayers, where a mobile phone call was made or received, and the date and time of emails, texts and phone calls. According to the revenue website, these powers “can only be used when investigating serious crime”.

And it doesn’t end with proposed or existing legislation; individual politicians have also made calls for illiberal and unhelpful restrictions on the internet. Back in 2011, following the riots, one politician called for Twitter and Facebook to be blacked out during any further disturbances.  Needless to say this was a particularly stupid and disturbing suggestion, not least because the very same social media helped people in the area affected by the riots to communicate with others and ensure their own safety.  There’s no doubt that the freedom provided by the internet frightens those who believe it threatens existing power structures, underlining that, from their point of view, freedom only goes so far…

The desire to highlight some of these illiberal measures isn’t solely restricted to organisation such as the Open Rights Group, many of the giants of the internet are quick to point the finger at the role of government as a threat to the freedom of the individual. Take, for example, the largest of all the companies to emerge in the internet era – Google.

Last week, in an article for The Guardian, Eric Schmidt (executive chairman) and Jared Cohen (Director, Google Ideas) warned that global governments are monitoring and censoring access to the web, which could lead to the internet becoming ever increasingly under state control.  The usual examples are rolled out of authoritarian regimes seeking to restrict what their citizens can access online.  Curiously, however, there is no mention of the United States or Europe (Russia appears eight times, China seven), it appears that we are not affected by the government monitoring or censoring access to the web – oh, apart from the Data Communications Bill, the Digital Economy Act, Ripa etc etc.This omission seems curious considering an admission by Schmidt in a separate interview with Alan Rusbridger, also in The Guardian.

During the interview, Rusbridger notes:

But [Schmidt’s] company collects and stores an extraordinary amount of data about all of us, albeit in an anonymised form. Which is all well and good, until government agencies come knocking on Schmidt’s door – as they did more than 20,000 times in the second half of last year. The company usually obliges with US officials. (It’s more complicated with others.) This will only get worse.

Clearly, as the legislative examples shown above demonstrate, attempts to monitor the web are not only restricted to authoritarian regimes but are also a problem in Western, (supposedly) liberal democracies as well.  When the US is making 20,000 requests in six months (around 100 requests a day on average), it is clear that the problem is not restricted to just China, Russia and other authoritarian regimes.  But there’s another side to this equation. A side that Schmidt and others in the business community seem to be reluctant to talk about, for very obvious reasons.

The extract from Rusbridger’s interview with Schmidt reveals two facts that everyone concerned with the internet and the free flow of information need to be worried about.  First are the actual requests from US officials for data from Google. The second is the data that Google collects and makes available to US officials.  There are, I would argue, two concerns about the future of the internet: government control and corporate control. The former Schmidt is keen to talk about, the latter not so much.

Google’s business is data.  They collect data from users to ‘enhance the user experience’ (a brilliant phrase used to suggest that the collection of your personal data is actually doing you a favour).  The volume of data collected is vast and is collected for a specific purpose: to make money (to “enhance the user experience”). These services do not charge you to make money, they use a commodity you are giving away for free and then selling it on to advertisers. The transaction is different from the traditional service model (consumer purchases goods from service provider), but it is effective and relies on your data to ensure profitability for the service provider. For example, Google was making $14.70 per 1,000 searches in 2010.  Some services do not even require you to visit the service itself to obtain your personal data.  Facebook, for example, has been known to track light users of the service across 87% of the internet.

Google’s executive chairman, Eric Schmidt (image c/o Jolie O’Dellon Flickr).

The sheer volume of data handled by many of the largest internet companies should be a cause for concern. Indeed, not only is the data collection itself a concern, but also the willingness with which they give it up to government agencies (note in the aforementioned interview, Schmidt suggests that Google usually say yes to government requests for data).  Of course, many would argue that there is nothing to fear about the collection of personal data: if you have done nothing wrong etc. But you are not in control of the personal data and the rules that govern its use, corporations and governments are. Imagine for a moment a different type of government, a different set of rules, a different environment altogether, would you be so keen on US officials demanding your data and it being handed over as easily as Google do now? And what if Google engineered this change in government? Sounds far-fetched doesn’t it? Maybe it’s not as far-fetched as it might sound…

A recent study by United States-based psychologists, led by Dr. Robert Epstein of the American Institute for Behavioral Research and Technology, revealed the disturbing amount of power at the hands of companies like Google. Epstein’s study found that Google has the capability to influence the outcome of democratic elections by manipulating search rankings.  The study (available here – PDF) presented three groups of eligible American voters with actual web pages and search engine results from the 2010 Australian general election. Participants were randomly assigned to one of three groups, two groups were provided with search engine rankings favouring one of the candidates, the remaining group were provided with rankings that favoured neither:

Beforehand, individuals reported having little or no familiarity with the candidates at all. Based on short biographies, they were asked to rate each candidate and say how they would vote.

They then spent time gathering information using a mock search engine, after which they again rated the candidates in various ways and again said how they would vote.

Before their Internet search, there were no significant differences in how they rated the candidates. Afterwards, however, two thirds of the people in the first two groups said they would vote for the candidate that was favored in the search rankings – a dramatic shift that could easily “flip” the results of many elections, especially close ones, concludes the report.

Now, there is nothing to suggest that Google have actually weighted search results in the way suggested in the study nor that they ever have the intention of doing so, but they can. Not only can they do it, but they can do it without our awareness of such manipulation.

Governments may attempt to monitor us through the introduction of ever more illiberal regulatory measures applied to the internet, but it’s important to remember that the corporations profiting from the internet also benefit from our manipulation.  It strikes me that there are two crucial considerations that we need to remember when we reflect upon the role of the corporation (as opposed to that of the state) in the development of the internet:

1)      The relationship between the user and the service.  Unlike traditional relationships, we are not simply the consumers purchasing goods from a service provider.  They are taking data from us and selling it to advertisers to make money.  Our data is the product and we are the vendor.  The problem is we are not remunerated for this transaction, only permitted to use a service under the terms stipulated by the service provider.  They are not acting out of kindness in offering such services for free, they want more data from users to increase profits.  Users need to be more aware that they are the vendors in this relationship, not the customers.  Of course, we believe and trust them because we are not ‘buying’ from them, we still see them as providing us with something for free when actually they make their money using our data.

2)      Considering the volume of data given away, there is a need to remind ourselves of the nature of government and corporations.  Like governments, corporations are not fixed.  Corporations change.  They change either because of a need to increase profits, or they change because they have been bought out by a rival.  You may well be happy giving Google all your data, but what happens when it is no longer Google?  What if your personal data fell into the hands of a company you were not comfortable gaining access to it?  What then? And whilst a takeover attempt of Google may seem far-fetched at this point, remember that that the very idea that Time Warner would merge with a company called AOL was a fanciful notion towards the end of the last century. Nothing remains static in either the worlds of business or technology.

Above all else, however, we need to remember that companies like Google and Facebook are just that: companies. Whilst they appear warm, fuzzy and less stuffy than traditional corporations, they are still corporations.  Corporations that are acting the same as every other corporation before them, lobbying government to lighten regulation, maximising profit and, where possible, shift the focus onto government shortcomings in the hope that their own activities won’t be subject to scrutiny. They are, after all, just corporations like any other and we should treat them with the same scepticism as we treat older, more established corporations.  For when it comes to the internet, we need to keep a close eye on both the governments who regulate it and the corporations who profit from it.