Privacy

Nothing to Hide

An often used argument against privacy is “nothing to hide” – this refers to the concept that if you have nothing to hide then you should not be concerned about your privacy. In part it is built on a reversed no smoke without fire idea. The problem with this is not that people have something to hide but rather the problem is that innocence is not necessarily an defense against bad consequences.

Often the nothing to hide idea is use against those who argue for more privacy regulation i.e. stronger protection against invasion of privacy. The numerous examples of innocent people getting hurt should provide an abundance of material to ensure that such an argument is not used but again this is wrong. We tend to forget past injustice and often believe that our legal system will only act against the guilty.

Daniel Solove has written an interesting article on the other use of the nothing to hide argument. This is from the abstract:

In this short essay, written for a symposium in the San Diego Law Review, Professor Daniel Solove examines the nothing to hide argument. When asked about government surveillance and data mining, many people respond by declaring: I’ve got nothing to hide. According to the nothing to hide argument, there is no threat to privacy unless the government uncovers unlawful activity, in which case a person has no legitimate justification to claim that it remain private. The nothing to hide argument and its variants are quite prevalent, and thus are worth addressing. In this essay, Solove critiques the nothing to hide argument and exposes its faulty underpinnings.

Read ‘I’ve Got Nothing to Hide’ and Other Misunderstandings of Privacy.

Posted on by mklang

University email & student privacy

Some time ago Linköping University proudly announced that they were outsourcing their student email to Google. Basically the students will see the university email address but “under the hood” the system will be run by Google. The BBC reports (11 June) that Trinity College Dublin is doing the same thing.

Google email (gmail) has some privacy issues:

Google automatically scans e-mails to add context-sensitive advertisements to them. Privacy advocates raised concerns that the plan involved scanning their personal, assumed private, e-mails, and that this was a security problem. Allowing e-mail content to be read, even by a computer, raises the risk that the expectation of privacy in e-mail will be reduced. Furthermore, e-mail that non-subscribers’ choose to send to Gmail accounts is scanned by Gmail as well… (wikipedia)

So an uninformed gmail user may be losing some integrity. This is bad but at the same time it can be seen as a question of choice. (Don’t get me started on the problems of uninformed choice). But now the universities are pushing students to become gmail users. In Sweden universities are publicly funded government bodies and therefore they should be more concerned about forcing citizens to become customers of a private corporation.

Generally people are not to aware of the privacy risks which technology may create. Universities should help people to understand society and it is a shame that they are now acting as a sales representative for a company providing them with customers instead of acting as an example and educating citizens about the advantages and disadvantages of technology.

Posted on by mklang

Stop the SPY Act

This is an important anti-spyware campaign from the EFF:

The SPY Act is supposed to help stop spyware, deceptive adware, and other malicious software, but it is unlikely to do any good and could actually make things worse. If enacted, it would block lawsuits similar to the one EFF brought against Sony-BMG for infecting customers’ computers with privacy-invasive copy protection. Don’t let badware makers off the hook — tell Congress to go back to the drawing board and draft a more sensible law.

Both the Federal Trade Commission and Department of Justice have said that they already have the authority they need to go after badware vendors, and this bill doesn’t add any funds or significant tools for federal enforcement.

At the same time, the bill would stunt states’ enforcement, preempting most of their stricter badware laws. For acts covered by the bill, state statutes (including consumer protection laws) wouldn’t be available to consumers themselves as grounds for a lawsuit. And it leaves enforcement exclusively in the hands of federal bureaucrats, specifically barring private citizens and organizations like EFF working on their behalf from using the new law to fight back in the courts.

This is a terrible move. If Congress is serious about enacting tough laws against deceptive and malicious programs, it should create incentives that would encourage private citizens to pursue the bad guys. The federal government and state attorneys general can’t possibly take on the entire job alone.

Congress should also focus on protecting anti-badware tool companies from harassing lawsuits brought by spyware and adware vendors. After all, badware removal programs are doing far more to protect your computer than the federal government ever will. Unfortunately, this bill does nothing to help sustain these helpful tools.

The SPY Act has already passed the House, but with your help we can make the Senate understand that they need to do better.

More info:

  1. Complete the form below with your information.
  2. Personalize the subject and text of the message on the right with your own words, if you wish.
  3. Click the Send Your Message button to send your letter to these decision makers:
Posted on by mklang

What Google wants

To many users Google is understood as a neutral tool. A search engine without bias in any form. While Google has never made any such claim their attitudes and appearance do nothing to dispel this common misconception. It is easy to understand how the idea that technology in itself is neither good nor bad and may be seen as neutral comes about. But such an idea fails to take into account that technology is a man-made phenomenon and as such is the result of countless decisions and perceptions of right and wrong. Therefore while the technological thing may be neutral the choices behind its design, manufacture and use are not.

One of the implementations of Google that may be seen as less than neutral is the harvesting of user searches. Google has a long tradition of recording what people search for. This practice is not without its critics but until now Google has been silent about their purpose for harvesting this data. Last week Googleâ??s Global Privacy Counsel Peter Fleischer posted three reasons why Google captures and retains usersâ?? search queries. The reasons fall into three areas:

  1. Improve our services
  2. Maintain security and prevent fraud and abuse
  3. Comply with legal obligations to retain data

This has not passed uncommented. Micheal Zimmer and Seth Finkelstein are both critical to these explanations in two excellent commentaries they explain why Google’s reasons are mainly unsatisfactory and even misguided.

Posted on by mklang

On not pulling my weight

Sometimes I really feel that I don’t have the energy to mobilize against the next stupid/dangerous/horrifying/hair-brained scheme proposed by some evil/half-witted/misguided (take your pick) parliament. So I relax and let others write and argue for causes that I also should be arguing. It’s complacency legitimized with sentiments such as “I have a lot to do right now” or “I don’t have time to understand this new threat” etc.

This has been the way in which it was with the new Swedish proposal on digital surveillance. Yes, yes I know that this is not going to be a good thing. Yes, yes I know that the politicians are either intentionally lying to the people or are too stupid to understand what they are actually doing (I often wonder which is worse?) – but look I really don’t have the time or energy right now. Lots of work, lots of personal shit, lots of everything. So I lean back and let others write. The more I read the more I realize that my words are unnecessary.

Then today I read Oscar Swartz blog on the topic (his blog is excellent – unfortunately, or naturally, in Swedish) and I realized something. It’s not a matter of whether or not my voice is needed. Of course it isn’t needed. Not mine, personally. But by leaning back and letting others do the work I am making others work a little bit harder. It’s like being on a tug-of-war team that may still win even if one team member isn’t pulling his/her weight. Damn! I knew I should have been active earlier. Guilt bores its way under my skin, my orginal annoyance at the suggestion has been fermenting for much too long.

So here it is.

The proposed FRA law in brief is that the National Defence Radio Establishment (Försvarets radioanstalt – FRA) shall be given the power to listen to all cable based communication (yes that means everything on the Internet) which crosses Sweden’s borders. The idea is that only international communication (i.e. communication exiting Sweden) will be monitored. Basically since even most national Internet communication passes over international borders the focus on international communication is only a way of pacifying the general population.

Basically the idea is to force all Internet and Telecom providers to copy all communications to state surveillance systems. This means telephones, email, chat, websites, comments on blogs – the works.

Naturally in the age of doublespeak the proposed mass violation of integrity is legitimized by the need to protect the democratic country. People will lose their rights and be viewed as criminals as a default. This will not protect the country. It may help catch people after they have done something but it will not (it cannot) prevent actions.

To make matters worse – oh yes it can be worse – the surveillance is not being carried out by the police. Why is this important?

Well the police have to follow due process. This means in practice that when the police want to bug someone they need to have probable cause to suspect a crime. This new system will make this unnecessary. Everyone will be under surveillance and the state may now order special surveillance on individuals or groups who are not suspected of crimes but who hold political views which are “wrong” – oops now we lost freedom of thought.

Sweden has a long tradition of presenting itself as a bastion of democracy. But this is old stuff. The last decade has seen Sweden shed these ideas and attempt to rush to the forefront of lowlife nations who feel the need to enact a surveillance regime which would have made big brother green with envy.

So what can be done? What did Oscar do to get me going? He just reminded me that the most important feature in a society is the ability of its members to remain active against opposition. To talk, to write and to maintain a voice of dissent – especially when the odds are stacked against us.

Posted on by mklang

Technology and Human Rights

On Friday it’s time for me to give a lecture on Technology and Human Rights for the local masters course on human rights. The nice part about this lecture is that it gives me the opportunity to collect and explore different strands of my work and present them to a new audience. My interest in this area began some time ago and resulted in 2005 in the collected edition Human Rights in the Digital Age which I edited together with Andrew Murray.

Discussing technology and rights can at times feel a bit banal. Human rights activists struggle to free people from torture and death so isn’t technology a small waste of time? There is no way in which it would be fair to compare technology and rights to the work of activists against the death penalty. But there is a major problem if all issues must be resolved in the order of magnitude. Speech rights may be less important to someone facing the death penalty but this does not mean that we should ignore speech rights until we have managed to abolish the death penalty.

For the lecture on Friday I am planning to look at three different areas.

The first area is going to be the use of the Internet as a “place” for political participation. I want to discuss the Internet as an area of political discourse and in particular show its possibilities and its fundamental flaws and limitations. This area should include freedom of speech and freedom of association.

The second area is privacy. In particular I want to focus on the merging of online and offline data. Or to put it another way the combination of spatial information (where you are) with the information traces stored in databases (who you are) to show the advanced control mechanism being created.

The final area is the aggregate use of technology. In this section I want to show the audience that with each piece of technology we may implement for our comfort we also form and shape our lives. In particular we also shape the way in which our lives may be controlled by others. This incremental implementation of technology does not bring large protests since no large rights are threatened overall. However the net long term result is darker than anything Orwell would have dreamed about.

Eric Drooker

The overall goal is to make the audience a bit paranoid about technology – to make them question the choices we are all making in our rush towards a more convenient way of life. Not bad for a Friday…

Posted on by mklang

Privacy Attitudes

One of the problems faced by researchers working with privacy is the fundamental question of why people do not care about privacy? It is easy to see either from studies or by simply looking at peopleâ??s behaviour that privacy is not a big thing for many people.

Oh course if you were to ask the question: Is you privacy important to you? Then most people would reply that their privacy was important. But if we look at the way in which people act with their privacy then we get the real picture. There is a radical difference between the way in which people want to be perceived (i.e. privacy conscious) and the way in which they act.

What does this mean? Well some of the discrepancy between the peopleâ??s theoretical and real standpoints can be explained by the lack of knowledge and awareness of the privacy threats. So for example, it is difficult to blame people for being unconcerned with their privacy simply because they us gmail or similar services.

A similar argument can be made to cover those who have no choice but to use less private alternatives. But wait! before you begin to argue that there is always a choice not to use the technology at all, I want to point out being a Luddite is not an option for many people and neither is it for you, considering where you got a hold of this text.

Why is peopleâ??s perception of privacy a problem? Well if we argue the right to privacy (and I often do) then the fact that people do not care about privacy makes this a problem. Can there be a human right if it is unwanted? For a long time I used the smoker analogy.

Smokers want to be healthy but still do not quit smoking despite all the information available. This is not meant to be understood as smokers do not want to be healthy, nor does it invalidate their right to healthcare. The problem with privacy however is that either you have it or you donâ??t.

Recently Paul Saffo wrote about the online habits of the young be warning them that they will come to regret their openness and online presences:

Which is why I pity teens today, for in a few decades their sophomoric musings will deliver a vast embarrassment utterly unknown to earlier generations. It is not that their words are any sillier than earlier generations; rather teens today have had the misfortune of being the first generation to record their thoughts in cyberspace where those thoughts will remain perfectly preserved until some wag drags them out at a school reunion or the authorâ??s children discover the IM affections that passed between mom and dad.

Saffo’s post seems to come as a reaction to (or proof of concept) the peice by Emily Nussbaum in the New Yorker “Kids, the Internet, and the End of Privacy: The Greatest Generation Gap Since Rock and Roll“.

Basically people (many of them young – but by no means all) are putting their lives online – innermost thoughts, bad poetry, homespun politics, private erotica and everything else that was previously covered by privacy. Add to this the number of cameras and videos that surround us – almost one in every pocket. We have a situation where every embarassing situation is recorded and transmitted to the rest of the disinterested world. The material is also stored away for no reason to resurface at a later date – even though I think most of it will be lost on trashed computers long before the future.

So the concern is: children doing things today with technology will live to regret it later.  And it will be a lot worse than when “we” were young since there will be texts and photos around to prove it.

I disagree.

The mass of material produced today will sink into obscurity. Yes some material (potentially embarassing) will remain to be found. But this change will not create the scandal that such material cuases today. Finding an embarrasing image from the teenage past of a prominent figure of today is hardly newsworthy – but it is considered to be news. In twenty years it will not even be news.

The self publication of ones teenage life and angst will not create a generation of people neurotic about the fact that someone may remember them or their thoughts, it will create a generation of people who can say that they were teenagers in much the same way as all other teenages were.

What about privacy?

This is not the death of privacy. Privacy is a “floating” value. Ideas of what is, and what should be, private change in culture, time and space. The only shock that we are seeing here is the death of the privacy concept as it has been understood by the “others” or “outsiders” – in other words it is the attempt of those outside the group to dictate norms on those inside the group.

Posted on by mklang

Bad Passwords

Most of us hate all the little passwords we need to get by in the digital world. Most online passwords are neatly stored in our browsers. But have you ever thought about how bad your passwords really are? Bruce Schneier has checked out the passwords people use on Myspace.

The most popular password was password1

The top 20 passwords? password1, abc123, myspace1, password, blink182, qwerty1, fuckyou, 123abc, baseball1, football1, 123456, soccer, monkey1, liverpool1, princess1, jordan23, slipknot1, superman1, iloveyou1 and monkey

We are such an original species 🙂 what’s your password?

Posted on by mklang

Anonymous Online

Most people have heard of the Zen koan “If a tree falls in a forest and no one is around to hear it, does it make a sound?” The purpose of the koan is not to have an answer but rather to be a point of departure for deeper reflection. Unfortunately for most of us with a western education we tend to attempt to answer the question with a yes or no – therefore defeating the purpose. My question of the day is a variation of the koan: If a protest is not heard – does it make a sound?

The ability to communicate in particular mass communicate is becoming easier. With all due respect to the numerous digital divides (age, knowledge, access, infrastructure etc) the ability to communicate via the internet is still growing. The question is whether this technology will serve the purpose of those attempting to conduct resistance or protest actions. The drawback with mass communication is that the communicator is all too easily identified and can be punished by those she is protesting or communicating against.

So there is a need to both be able to conduct mass communication via the internet and to remain anonymous. There is (thankfully) a growing number of relatively user friendly methods, in addition to tips and tricks, which the anonymous protester can use.

Many of these are to be found in the following guides:

Posted on by mklang

Surveillance Report

The Surveillance Studies Network (some information here) has released its â??A Report on the Surveillance Societyâ?? (editor: David Murakami Wood, authors: Kirstie Ball, David Lyon, David Murakami Wood, Clive Norris & Charles Raab)

The report consists of five sections entitled:

Introducing the Surveillance Society
A Survey of the Surveillance Society
A Week in the Life of the Surveillance Society 2006
Glimpses of Life in the Surveillance Society 2016
Regulating the Surveillance Society

Download the report as a PDF here.

The BBC website has a short readable list of ways in which surveillance takes place in addition to a news article on the new report.

In relation to this see also Privacy International and the results of their international survey. This survey showa that the UK is among the nations which have the worst protection of privacy rights. Or to put it in a more positive light â?? the UK is one of the leading surveillance states.

Posted on by mklang