British Government Goes Bananas

26th June, 2015 — Laura Kalbag

A banana with UK Union flag sticker
Original Banana by Telrúnya (CC BY 3.0)

The UK Conservative Government isn’t even two months old, and everything is already going to hell in a handbasket. And our word of the week is “creepy”…

You can’t burn this!

This week, the High Court of the United Kingdom has made ripping (creating your own copy) CDs illegal. It’s hard to believe that it’s only been legal to rip a CD for the last year

The whole argument focuses around whether a copy can have more value than the original, and whether the copyright owner could, or should be, compensated for any value that they don’t get back. This is largely the fault of the European Union Copyright Directive which brought a new restriction into British copyright law: “no new copyright limitations and exceptions could be introduced without compensation to rightsholders, unless its introduction would cause them minimal or no harm.”

This restriction enabled the music industry (the Musicians’ Union, UK Music, and the British Academy of Songwriters, Composers and Authors) to sue the UK Government, claiming that by making a copy of purchased content, you do cause harm to the copyright holder. To get around this, other European countries have “extracted a private copying levy for things like blank CDs, MP3s, printers and smartphones.” As Andrés Guadamuz explains, it’s an oddly outdated argument in a world where digital downloads and streaming are the norm. And what if you want to digitise your vinyl collection because it isn’t available digitally?

Hack all the things!

UK Government Communications Headquarters (GCHQ) spies have received government permission to study software programs for ways to infiltrate and take control of computers. Apparently reverse engineering and hacking software in this way could be considered copyright infringement (see above!) but that’s okay, because the Foreign Secretary has granted GCHQ a legally-dubious warrant to hack whatever they want. As Andrew Fishburn and Glenn Greenwald explain, these catch-all warrants means GCHQ’s justification of mass surveillance (claiming rigorous oversight and judicial approval is required) doesn’t hold much water.

Civil Liberwhats?

We also learned this week that the GCHQ has been spying on civil liberties organisations in a targeted manner. The South African Legal Resources Centre (LRC) and the Egyptian Initiative for Personal Rights (EIPR) had communications intercepted by GCHQ. Bizarrely, the surveillance itself wasn’t judged as being illegal, the judicial tribunal responsible for handling complaints against the intelligence services has ruled that the handling of the communications was illegal. The communications were possibly wrongly accessed or selected for examination, and held for longer than they should have been, according to the GCHQ’s (secret) internal guidelines.

As James Welch, legal director for Liberty, said:

“Last year it was revealed that GCHQ were eavesdropping on sacrosanct lawyer-client conversations. Now we learn they’ve been spying on human rights groups. What kind of signal are British authorities sending to despotic regimes and those who risk their lives to challenge them all over the world? Who is being casual with human life now?”

Talking of being casual with human life, it also turns out that GCHQ’s Joint Threat Research Intelligence Group (JTRIG) has been extensively using surveillance, propaganda, and other deceitful and manipulative tactics at home in the UK, even as a part of domestic law enforcement. A document from 2011 reveals horrifying insights, including methods devised by JTRIG to increase “obedience” and “conformity” online, with methods intended to “deny, disrupt, degrade/denigrate, delay, deceive, discredit, dissaude or deter.” As Cory Doctorow points out, many of the targeted groups (neo-nazis, extremists) aren’t the type of people we really want around, but:

“…the right way for a state to intervene in political debates isn’t through secret misinformation campaigns. The philosophies of these groups are laughable on their face, and it’s alarming to learn that the UK establishment’s go-to rebuttal for ideas this dumb is to create fake newspaper articles. If that’s how debate works at Eton and Oxbridge, it’s no wonder Prime Minister’s Question Time is such a clownshow.”

Word of the week: Creepy

GCHQ have definitely achieved creepy status. And creepy really has become the word of the week. Starting with Snapchat, their Chief Executive, Evan Spiegel told a bunch of advertising types that Snapchat “really care about not being creepy.” It’s one thing to say you care about doing something, it’s another to actually do it. We know from last year that Snapchat is already pretty creepy. But how can we blame them? It’s hard not to be creepy when your business is based around selling your users’ data.

Uber

Jim Killock, of Open Rights Group, has called Uber “greedy and creepy” over their new policy allowing them to keep track of users’ location data when the app is closed and the smartphone’s GPS is disabled… all the things you do to prevent apps from tracking your location. Uber has also made changes enabling them to access its users’ contact details. In response to the planned update, Electronic Privacy Information Center (Epic) have submitted a complaint to the US Federal Trade Commission (FTC) requesting an investigation into Uber’s business practices. Hopefully corporate surveillance will continue to be challenged this way in the future.

Facebook

Also described as “creepy” this week is Facebook’s new “Moments” app. Moments groups photos by events, then draws on users’ “faceprints” to tag them in all the photos, and allows instantaneous sharing of a photo with all the pictured users. It sounds like a great user experience, right? But as Jeff John Roberts says, “Facebook already has detailed biographical data about each of its users, and now it is using faces to create an archive of where they were and who they were with.” What makes it even creepier is that Facebook now has technology to recognise you even if your face is obscured. Such a huge data archive is why Facebook’s auto-tagging technology isn’t allowed in Europe or Canada. As the Privacy Commissioner of Canada explains:

“Of significant privacy concern is the fact that Facebook has the ability to combine facial biometric data with extensive information about users, including biographic data, location data, and associations with “friends.” […]

The availability of cheap facial recognition for the masses may have the effect of normalizing surveillance over time. We are not yet at the point where we can take pictures of people on the street with our smartphones, identify them, and gain access to information about them. However, this reality may not be too far off”

However, citizens of the US and other countries aren’t necessarily protected as laws aren’t up-to-date enough to cope with this kind of technology. What’s even more worrying is that this week nine civil liberties and consumer advocate groups withdrew from talks with trade associations over guidelines for fair commercial use of face recognition technology, because they couldn’t even achieve “minimum rights” for consumers.

Google

Where do I start with Google this week? Disconnect, a company founded by former Google engineers, is taking legal action against Google over claims it has engaged in a “pattern of abusive behavior” and is violating privacy rights on a “massive scale.” Disconnect’s tools aim to help people take control of their privacy by flagging and disabling tracking technology, and have therefore been rejected by Google on their Google Play store. Disconnect’s legal complaint cuts right to the heart of the corporate surveillance issue:

“[I]nvisible, unsolicited tracking is Google’s lifeblood. The company makes virtually all of its revenue from advertising. Tracking permits Google to target its ads and, hence, to charge advertisers far more for ad placement. Indeed, Google is under enormous pressure from the financial community to increase the “effectiveness” of its tracking, so that it can increase revenues and profits. Giving a user the ability to control his own privacy information (and to protect himself from malware) by blocking invisible connections to problematic sites constitutes an existential threat to Google.”

Why do we need tools like Disconnect? Because Google has been silently downloading audio listeners onto every computer that has Chrome. This behaviour was first discovered by Rick Falkvinge, and justified by Google as a way to make “OK, Google” work. But as Alec Cope puts it, “a computer black-box was installed, hooked onto a private corporation’s server and now has the ability to eavesdrop on you and Google had no intention to let anyone know about it!”

A piece in Wired looks at Google’s new plans to turn old pay phones in New York City into WiFi hubs. Issie Lapowsky does acknowledge that it’s not necessarily an altruistic move, “there’s also a business case for them: [m]ore connectivity means more potential for growth,” but doesn’t mention that it also gives Google key potential to collect more data from people using these WiFi hubs.

And finally on the Google front, Julia Powles has looked at what’s happening with the EU competition commissioner’s antitrust case against Google. The legal proceedings are slow and largely secret, though Julia notes that the intentions of this case are really quite straight-forward. The Commissioner intends to set a precedent against Google, allowing complainants to take their search cases to nationals courts, and then to get Google to take action themselves, which could happen if Google are given a deterrant fine. However, as Julia points out:

“This makes the commission’s case rather miniscule in the wider scheme for competitors and consumers. The case will shed no light on Google’s scraping and consolidation of data, nor its role in manipulating advertising markets.”

A few weeks ago, we shared the audio from Hans de Zwart’s wonderful re:publica talk on Demystifying The Algorithm. If you missed it then, we recommend you read his writeup. It’s a great way to understand just some of the influence that Google has on our lives.

Time for some good news

Our positive new segment is back. If you’ve got any good news related to privacy and corporate surveillance, please email me.

Farewell to Facebook

Last week Aral was part of the Facebook Farewell Party thrown by Waag Society, Amsterdam Municipal Theatre, and HVA - Institute of Network Cultures in Amsterdam. The event included talks and advice on how people can liberate themselves from Facebook’s clutches. If you’re thinking of throwing a Facebook Farewell Party, you should contact Waag Society for materials and guidance.

Digital self-defence

Our friend Pernille Tranberg has written a book, ‘Fake It! Your Guide to Digital Self-Defense.’ At Ind.ie, we hope that someday we won’t need to protect ourselves against the surveillance of corporations and governments. But all the while we do, Pernille and Stefan’s advice and tools will help you become more informed and equipped to protect your privacy.

Taking tech back

Not so much news as hope, a wonderful series of five short essays in The Nation looks at ways to take back tech. These are thoughtful and optimistic ideas, such as bringing platforms into the commons, and forming cooperatives, that could improve society and help use technology for good.

If you’re after even more roundup material, I’d recommend taking a look at Wired’s Security News This Week for Yael Grauer’s thoughts on why your phone isn’t as safe as you think.