17th July, 2015 —
The roundup is back! Aral and I are settling into our new office in the shed, and I’ve been itching to share links with you all week.
UK High court rules data retention and surveillance legislation unlawful
Big news! The British government has been going bananas, but today the high court has ruled that the Data Retention and Investigatory Powers Act (Dripa) 2014 was unlawful. This law was rushed through by the coalition government last year, and allowed the police and security services to spy on citizens without proper safeguards, making it incompatible with human rights regarding privacy and data retention.
This legislation was overturned thanks to a judicial challenge by Tom Watson (Labour MP) and David Davis (Conservative MP), supported by the human rights group, Liberty. The overturning of the legislation means that the UK parliament has to go back, look at the legislation again, put it right, and bring those changes into effect by next March.
Today’s victory shows that we have some hope in political figures such as Tom Watson and David Davis, regardless of their party allegiances. There will still be work to do. We must ensure that the same, or similar, legislation isn’t passed over the next year, especially now the UK is subject to the witless Conservative government. The Home Office has already said it will appeal.
U-Turns that aren’t U-Turns
The UK Prime Minister, David Cameron, has come under fire in the last six months for attacking encryption, and generally not understanding encryption at all. So this week, when Number 10 seemed to do a U-turn on encryption, saying “We accept and completely recognise the importance of encryption,” a lot of folk breathed a sigh of relief.
However, in an article on the supposed U-turn in Wired, Eerke Boiten has suggested that these bold declarations and U-turns are designed to confuse and deceive, leaving the general population believing that the current levels of government surveillance are an acceptable compromise:
“Cameron’s advisors are smart enough to know that you can’t ban encryption, and probably also to know that you can’t build in secure and reliable government backdoors. But that’s too complex and subtle for a large number of politicians let alone the majority of the population, so they can get away with Cameron grandstanding on loose sand.”
Chris Lamb has an objection to the backdoor objectors: why are the defenders of encryption just using the argument of “it literally can’t be done.” “Where's the principled opposition to the ‘WhatsApp ban’?”
“Whilst it's certainly easier to dissect illiberal measures on technical merit than to make an impassioned case for abstract freedoms, every time we gleefully cackle "it won't work" we are, in essence, conceding the central argument to the authoritarian and the censorious. If one is right but for the wrong reasons, were we even right to begin with?”
Another interesting article by Gordon Corera pointed out that the UK Government Communications Headquarters (GCHQ) will continue to circumvent encryption no matter what. Governments will continue to lie (knowingly or unknowingly) about what goes on behind the scenes. Spies will be spies. A long article on The Crypto Wars explains why this is also the case in the US.
This doesn’t mean that we should give up on encryption. But it does point out the importance of our continuing battle against mass surveillance, and the significance of the overturning of DRIPA. It’s important that intercepting the communications of every citizen is considered an illegal invasion of our privacy and human rights.
Another report was released this week from the Royal United Services Institute panel looking at the privacy implications of UK government surveillance in the wake of the Snowden revelations. A Guardian article by panelist, and journalist, Heather Brooke, contains fascinating insight into how the panelists attempted to balance privacy and security, oversight and transparency, but the resulting report seems diplomatic and, ultimately, a bit limp.
Not such good news in Europe
Europe has not had a good week with Germany, and other countries, bullying Greece into austerity. Evgeny Morozov pointed out that the media attention on Greece has distracted Europe from the European Parliament passing a non-binding resolution on the Transatlantic Trade and Investment Partnership (TTIP). We looked at the dangers of TTIP and similar trade agreements a few weeks ago.
As Evgeny emphasised in his article, it doesn’t matter if ISDS (Investor-State Dispute Settlement), which would allow corporations to sue governments for decisions made that compromise corporate interests, is removed from TTIP. We’re already subject to corporate interests through capitalism, and these corporate interests are inherently anti-privacy because our data is worth so much money:
“Essentially, citizens not only won’t have a right to privacy but their very attempts to hide something will be interpreted as either an offence against free trade or as an effort to undermine national security. But even if citizens vote to elect a government that promises to reverse this despicable trend, that government itself is likely to be sued out of it; the treaties will contain all the necessary legal instruments to do so. The 21st century of transatlantic prosperity has arrived, indeed.”
It’s grim. Remember to contact your MP or MEP to make sure your thoughts on TTIP are heard.
The Internet Of Things (That Spy On You)
This week Julia Powles executed a wonderful takedown of Philip N Howard’s Pax Technica: How the Internet of Things May Set Us Free or Lock Us Up. Philip’s thesis heralds a new Internet Of Things age, where everything is interconnected, data is free flowing between governments and corporations, social media informs our every decision, and helps satisfy our every whim. And it’s all in our best interests. Julia explains how she is terrified, not excited, by this vision:
“By tracking us in intensive and intrusive ways – not only in our homes, but in our vehicles and bodies – data-driven devices can nudge, manipulate and mould our behaviours, habits and preferences, limit our autonomy, and bring quantification, segregation and discrimination to what is currently a political economy held together by social fuzziness.
This fuzziness assists us individually – because we have control over who has, and importantly who does not have, personal information about us. But it is also important socially, unless we want to turn into an intensely individualistic, segmented, micro-financialised network of semi-autonomous, tethered beings.
We deserve a smarter solution that offers more than empty marketing rhetoric for “open”, “inclusive” monopolistic big tech business models.”
Heeding Julia’s warnings in mind, and keeping on the theme of frightening future scenarios, Quentin Hardy’s piece on ‘The Real Threat Posed by Powerful Computers’ will really give you the heebie-jeebies. Quentin writes that we’re less at threat from Terminator-like conscious technology and artificial intelligence than we are from “artificial stupidity.” Machine learning isn’t stored and generalised the same way as human learning. Despite neural networks and early “transfer learning,” artifical intelligence still has a long way to go before it truly understands context. Team the lack of context-aware computers with the visions of an algorithmically-run Internet Of Things-based future, and we really have the makings of a sci-fi dystopia.
What have those cheeky corporations been up to this week…?
Of course there’s no mass surveillance without corporate surveillance, and it’s been a while since we looked at the activities of our favourite Silicon Valley pals…
Google can tell if an email is from you or an imposter. Google has been showing off its artificial neural network which can tell a genuine email from a company from a phishing attempt. Great news for victims of spam, but it also emphasises just how capable Google is of analysing the data of its users.
Google and the right to be forgotten
Google has released a transparency report this week, and accidentally leaked data on the “right to be forgotten” which was shrewdly picked up by the Guardian. The right to be forgotten is a largely EU concept and directive which gives a citizen the right to suppress information from their past as part of protecting their privacy. As a “data controller,” Google is required by law to remove data that is “inadequate, irrelevant, or no longer relevant” upon request. We covered this briefly in an earlier roundup where we showed how Google is punishing the EU in its search results. Google is clearly against the directive and claims “that dangerous criminals and shady public figures are using European law to request that Google removes information about them.”
However, the Guardian’s examination of the data leaked in Google’s transparency report shows otherwise:
“Google tells us that this was a test categorisation of data, not considered reliable enough to release publicly. Yet even with a very big margin of error, the data would still show that the right to be forgotten issue is overwhelmingly about everyday people, often with little public profile – victims of algorithmic failure on the indelible web.”
As Julia Powles writes further, this shows Google has a worrying level of control as the judge, jury and executioner of our data: “Google is the web’s main arbiter of information, and has immense control over how we are represented and identified digitally.”
Apple, Google, and cars
Car manufacturers, Ford and Audi, are limiting the amount of data they share with Apple and Google through Apple’s CarPlay and Google’s Android Auto products. Not in the interest of the drivers, mind. Mathias Halliger, Audi’s senior systems architect for connected vehicle technologies said:
“This enables a business model that completely belongs to the carmaker”
Yup. Audi don’t want to let Apple and Google at your valuable data, because they want to keep it all to themselves.
People with keen eyes on patents noticed this week that Apple have been awarded a patent “to analyze the user’s available credit in order to assess the likelihood of a user being able to purchase advertised goods and/or services.” This doesn’t sound compatible with Tim Cook’s stance on privacy, so here’s hoping they don’t ever use it.
That’s all for this week, and a big thanks goes to John Hagemeister for giving me a heads-up on the fabulous Chris Lamb piece. If you have any suggestions for interesting privacy news and writeups, please send me an email, or a tweet.