|Privacy & Surveillance, Stream 1, Sunday|
|ADOPTER(S)||martin, email: m dot pedersen AT lancaster dot AC dot UK|
|FACILITATOR(S)||emma, email: esd AT riseup dot net|
Format of the session
We have three hours to discuss privacy and surveillance, which is not a long time. Below you can find a wide range of background information, pointers towards academic debates, references to human rights and links to tools with which you can protect your self. Given the short time available it is a very good idea to have a look at the material provided, and even better: add some yourself!
There will be an introduction to some practical/technical issues concerning privacy in cyberspace, while the academic/theoretical aspects can take a variety of forms, depending of the level of interest, ambition and background knowledge people in the session have.
The rest of the page -and of course the many links- will give you an idea of the range of topics and debates that we can cover.
This primarily theoretical and abstract/technical session will be followed by a hands-on workshop to learn how to encrypt your own emails.
Privacy has become an essential human need. This is not to say that there is anything primordial or natural about the private sphere, but to say that in many so called developed countries it has become generally accepted that children in nuclear families have their own rooms, and it is generally accepted that a bedroom is a private space for private activities. Much can be said for sometimes being able to close the door on the world.
But where do get the idea of privacy from and how can it be organised of - if it is something that we do want to have and maintain?
Justifications and Articulation
There is a difference between a justification, which is a typical philosophical approach to a concept, and an articulation, which is a typically legal/law approach to a concept.
With regards to privacy there are for instance a range of differing lines of argument that justifies privacy. Although we may say that privacy is by now a need beyond discussion it is of course necessary to understand the different existing patterns of thought with which privacy traditionally has been justified (defended or argued for), in order to contemplate adequate, useful, helpful or necessary articulations to realise, maintain, secure and protect privacy.
There are, perhaps, three major lines of arguments for the justification of privacy.
1. Derived from John Locke: self-ownership. You naturally own information about yourself, so to speak. There are many problems with this argument that has been and continues to be highlighted within the traditional debates, which in contemporary forms spill over into concept like "informed consent" (within what is called bioethics).
2. --- coming tmorrow :)
3. Social network - about friends, intimacy and stuff - also yet to come :)
In the following: from justifications to articulations. A process of coordination and differences.
Concepts, examples and quotes
The concept of privacy is problematic. Its modern conception can be attributed to an 1890 article by Warren and Brandeis in Harvard Law Review titled "The Right to Privacy”. The article points towards what we may call a desire to protect "the noble men in power" from scrutiny in the printed media and as such can be understood as a reaction to "investigative reporting":
"The design of the law must be to protect those persons with whose affairs the community has no legitimate concern, from being dragged into an undesirable and undesired publicity and to protect all persons, whatsoever; their position or station, from having matters which they may properly prefer to keep private, made public against their will. It is the unwarranted invasion of individual privacy which is reprehended, and to be, so far as possible, prevented. The distinction, however, noted in the above statement is obvious and fundamental. There are persons who may reasonably claim as a right, protection from the notoriety entailed by being made the victims of journalistic enterprise."
In the article they note:
"“That the individual shall have full protection in person and in property is a principle as old as the common law; but it has been found necessary from time to time to define anew the exact nature and extent of such protection. Political, social, and economic changes entail the recognition of new rights, and the common law, in its eternal youth, grows to meet the new demands of society.“
One may wonder if the right to privacy, then, can also be constructed or articulated as a right to produce arms without being confronted with public opinion, such as in the case of EDO:
Privacy can also inform a discourse that makes the development of new technologies appear as if they were safe and sound, and so you can find website like BioPrivacy Initiative™, which despite its informative content is a front for the Biometric Group, LLC. They take the view that "[b]iometrics, like any technology, are defined by their usage. The broad range of biometric technologies, infrastructures, and deployment environments render any all-encompassing statements on biometrics pointless. Biometrics can be deployed in a privacy-invasive fashion, in a privacy-neutral fashion, and in a privacy-protective fashion." (from http://www.bioprivacy.org/FAQ.htm). This leaves out the fundamental questions concerning ownership and the rights to the profit from producing and selling these technologies.
It is certainly also worth noting that the "[t]he United Kingdom leads the world in the deployment of Closed Circuit Tele Vision camera technology. However, we seem to have no coherent, legally enforceable rules or regulations which ensure that Public CCTV schemes are run properly.", from Watching Them, Watching Us - UK Public CCTV Surveillance Regulation Campaign . This means, in effect, that the government is invading some people's privacy to protect the (privacy of property holding) others:
"As part of the £12m scheme funded by the Office of the Deputy Prime Minister, residents of Shoreditch in the East End will also be able to compare characters they see behaving suspiciously with an on-screen “rogues’ gallery” of local recipients of anti-social behaviour orders (Asbos).", from The Sunday Times, January 8, 2006
Phil Zimmerman stated in 1996 (cf. http://www.philzimmermann.com/EN/essays/Testimony.html) that centralized surveillance is unhealthy for today's societies and can be dangerous:
"But while technology infrastructures tend to persist for generations, laws and policies can change overnight. Once a communications infrastructure optimized for surveillance becomes entrenched, a shift in political conditions may lead to abuse of this new-found power. Political conditions may shift with the election of a new government, or perhaps more abruptly from the bombing of a Federal building."
This idea is relevant to the "trouble of google":
"Google logs all the searches made on it and stores this information indefinitely; and Google installs a cookie on the computer of everyone who uses it, which helps log that user's searches. Because every computer has a unique IP address, every visit to every website can be traced back to the computer making it - a fact which is well known in geek circles but remarkably under-publicised outside them. Users of Google's Gmail service, who have their emails scanned to place targeted ads, have already given the company their identity, a full record of all their searches, and copies of all their emails, stored indefinitely.
It is over the issue of money-making that the question of privacy will bite. So far, everyone who has invested in Google has made out like the proverbial bandit; but one day the share price will drop, and people who've bought shares will find that they've lost money. It is then that Google's leaders will come under pressure to find some uses for that unprecedented goldmine of personal data.", by John Lanchester in The Guardian Thursday January 26, 2006.
If Google's mission is to organise all information in the world, as they claim and actively seek to do, then it is potentially, given the argument/suggestion above, a new Ministry of Information straight out of Terry Gllliam's "Brazil".
It is also tempting to ask Lancaster University what this exactly means:
"IMPORTANT NOTICE: Communications on the University's computer systems may be monitored and/or recorded to ensure the effective operation of these systems and for other legal purposes.", which can be found at the bottom of the Uni's web interface to email.
And, business as usual, of course, there are some who get rich on such intrusions. Andrew L. Shapiro writes: “With the rise of online commerce and communication, this collection increasingly happens imperceptibly and without the consent of the observed. The result is a broad and lucrative market for personal information that allows anyone with a buck to find out a whole lot about anyone else—often just by trolling around the Net. It’s Orwell meets Adam Smith, introduced by Bill Gates.”.
Privacy and private property: the ambiguity of protection
There is an academic debate concerning the possibility of articulating, realising and protecting privacy as private property. See for instance an article called Information Privacy/Information Property by Jessica Litman in Stanford Law Review from 2000. Another paper in the same debate about Privacy As Intellectual Property? - NOTE: this links to a .doc, by Pamela Samuelson, 2000, who notes in her conclusive section:
It could be argued that this view relies on a narrow conception of (liberal) ownership. In a "full" version of liberal ownership there are restriction upon the holder of private property rights in objects (see: Honore, A.M. 'Ownership' in Guest, A. G. (1961) Oxford Essays in Jurisprudence. Oxford: Oxford University Press).
The main points upon which the common liberal conception rests is three-fold: (i) the right to exclude (you cannot have it, it is mine); (ii) the power of alienation (agency in the market place) and (iii) immunity from expropriation (the state cannot take what one owns, although this, of course happens “when need be” by way of “appropriate measures”). On this perspective, there are no limitations on the owner, only limitations on the external world: the state and other individuals cannot take what is his or hers. We can call this a narrow conception of private property. Honoré wanted to present a “full” version of ownership, which is to say a broader conception of private property that includes limitation from the perspective of the individual. Honore wrote (ibid p. 113):
“The present analysis, by emphasising that the owner is subject to characteristic prohibitions and limitations, is an attempt to redress the balance.”
But even a full conception of private property that pays attention to the many facets that liberal and conservative scholars have historically underpinned privatisation with, is highly contested and always have been. From pirates to non-conformist christians, from marxists to anarchists, people have attempted to reject the violent imposition of private property.
Jessica Litman seems to come to the same kind of conclusion as Samuelson about the inadequacy of private property rights as a way of organising privacy:
"From most objective standpoints, protecting information privacy though industry self-regulation is an abject failure. The current political climate has been hostile to proposals for meaningful privacy regulation. Privacy advocates have been casting around for some third alternative and a number of them have fastened on the idea that data privacy can be cast as a property right. People should own information about themselves, and, as owners of property, should be entitled to control what is done with it. The essay explores that proposal. I review the recent enthusiasm for protecting data privacy as if it were property, and identify some of the reasons for its appeal. I examine the model and conclude that a property rights approach would be unlikely to improve matters; indeed, it would tend to encourage the market in personal data rather than constraining it.".
Litman also goes down another road:
"After critiquing the property model, I search for a different paradigm, and explore the possibility that tort law might support a workable approach to data privacy. Current law does not provide a tort remedy for invasion of data privacy, but there are a number of different strands in tort jurisprudence that might be extended to encompass one. In particular, a rubric based loosely on breach of confidence might persuade courts to recognize at least limited data privacy rights. I conclude, however, that while the tort solution is preferable to a property rights approach, it is likely to offer only modest protection. Common law remedies are by their nature incremental, and achieving widespread adoption of novel common law causes of action is inevitably a slow process. Even established common law remedies, moreover, are vulnerable to statutory preemption. Although a rash of state tort law decisions protecting data privacy might supply the most compelling impetus to federal regulation we are likely to achieve, the resulting protection scheme is unlikely to satisfy those of us who believe that data privacy is worth protecting."
Reconstructing the concept of private property to fit the bill
NB: this section is far from developed - merely thoughts for a draft- for an authoritative overview of privacy, visit the Stanford Encyclopedia of Philosophy entry on privacy.
Despite the rejection of private property as an adequate means with which to realise and protect privacy, the very idea of privacy finds its roots intertwined with the concept of private property.
Anything associated with private property makes many people on the socalled/traditional "Left" (and some anarchists who reject is wholesale as theft), to say the least, suspicious, and renders the concept of privacy an ambiguous concept that require a certain reorientation towards private property and individuality, which otherwise are central themes of the capitalist economy that drives the advance of the technologies and policies that threaten privacy.
But what else are conceptions of private property good for, if not for organising such needs as privacy? After all the need for privacy has emerged alongside and grown with the impositions of private property.
In order to transcend the simple polarity of ideologies that characterised the 20th century, and to retain what is valuable about the institution of private property while at the same time overcoming its excesses, may it be necessary, ar least for now, to: (i) accept private property as an adequate means with which to organise privacy and related needs, such as concerning "identity", as well as to protect the individual from intrusion of malevolent, powerful groups and to (ii) focus instead on creating and elaborating property relations that bring together individuals in collective realms???
There could be both strategic reasons and reasons of principle for defending certain forms of private property, despite the violence with which private property has been imposed and despite the way in which its accompanying institution, the centralised, liberal state, is in great part a result of scheming to withhold resources???
If privact as private property opens up the concept of private property for further scrutiny, in fact rquires a re-orientation towards private property, then it may perhaps be a good way forward.
Privacy is about the rights of individuals, but can be and is used at once by those seeking social change and peace in the world as well as those supporting the status quo - and so, as E.P. Thompson famously wrote in the context of his reorientation towards "the rule of law" (Whigs & Hunters: The origin of the Black Act, Allen Lane 1975; p. 265):
“The rhetoric of society and the rules of a society are something a great deal more than a sham. In the same moment they may modify, in profound ways, behaviour of the powerful and mystify the powerless. They may disguise the true realities of power, but, at the same time, they may curb that power and check its intrusions. And it is often from within that very rhetoric that a radical critique of the practice of the society is developed”
This is to say that when understood in a practical context privacy (combined with the rule of law) becomes a barricade against the imposition of totalitarian, neoliberal, neoconservative, or more precisely Orwellian, initiatives of governments and their implementations of surveillance technology that the "free" market produces and force down our throats through lobbying and consequent dubious public policy research by the bioethics and science and technology studies sectors. And at once, it may be used, as already noted above, as a justificatory framework for the development of the very means with which privacy is intruded upon.
Can we define, articulate, realise and secure and sustain privacy without a central, coercive state?
This last question links the Privacy and Surveillance discussion session to general issues of property relations and to the Enclosures & Commons session.
Privacy & Human Rights
See for instance "Developing Key Privacy Rights: The Impact of the Human Rights Act 1998", edited by MADELEINE COLVIN. [Oxford: Hart Publishing. 2002], which is reviewed by Nicole Moreham in The Cambridge Law Journal, Volume 63, Issue 02, June 2004.
Universal Declaration of Human Rights, Article 12:
No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honour and reputation. Everyone has the right to the protection of the law against such interference or attacks.
EU Convention for the Protection of Human Rights and Fundamental Freedoms, Article 8 – Right to respect for private and family life:
1. Everyone has the right to respect for his private and family life, his home and his correspondence. 2. There shall be no interference by a public authority with the exercise of this right except such as is in accordance with the law and is necessary in a democratic society in the interests of national security, public safety or the economic well-being of the country, for the prevention of disorder or crime, for the protection of health or morals, or for the protection of the rights and freedoms of others.
It may also be relevant to note that there are severe problems with "elite Human Rights actors", such as Human Rights Watch. See Gabriele Zamparini's Watching Human Rights Watch - Open Letter to the Executive Director of HRW in which he writes about Marc Garlasco, Senior Military Analyst at Human Rights Watch, whose biography he qoutes:
"Before coming to HRW, Marc spent seven years in the Pentagon as a senior intelligence analyst covering Iraq. His last position there was chief of high-value targeting during the Iraq War in 2003. Marc was on the Operation Desert Fox (Iraq) Battle Damage Assessment team in 1998, led a Pentagon Battle Damage Assessment team to Kosovo in 1999, and recommended thousands of aimpoints on hundreds of targets during operations in Iraq and Serbia. He also participated in over 50 interrogations as a subject matter expert."
Privacy and EU legislation
Check your rights as a citizen.
And then realise that you have none! The Statewatch Observatory writes:
"The European Parliament has failed on almost every count to protect fundamental rights and privacy. The two big parties in the parliament believe more in "inter-institutional loyalty" to the Council (the EU governments) than their responsibility to the people who elected them. This is turning into a democratic fiasco. The Council has a long list of reservations by member states and four substantive issues where it disagrees with the European Parliament. The European Parliament rapporteurs have had three secret trialoges with the Council and the Commission - now the PPE (conservative group) and the PSE (socialist group) appear to be carrying out their own negotiations with the Council with the aim of rushing through the measure before Xmas under the "fast-track" procedure (intended for non-controverisal measures). What is quite extraordinary about the Council's demand that the European Parliament rush the measure is that the Council has not even agreed its own final text."
Tools & Tips to keep safe on the net
There are various things one can do to (try to) maintain privacy, or to, rather minimise the amount of data that can be collected about and tied to one's person.
They have their own pros and cons.
"Journalists use Tor to communicate more safely with whistleblowers and dissidents. Non-governmental organizations (NGOs) use Tor to allow their workers to connect to their home website while they're in a foreign country, without notifying everybody nearby that they're working with that organization.
Groups such as Indymedia recommend Tor for safeguarding their members' online privacy and security. Activist groups like the Electronic Frontier Foundation (EFF) are supporting Tor's development as a mechanism for maintaining civil liberties online. Corporations use Tor as a safe way to conduct competitive analysis, and to protect sensitive procurement patterns from eavesdroppers. They also use it to replace traditional VPNs, which reveal the exact amount and timing of communication. Which locations have employees working late? Which locations have employees consulting job-hunting websites? Which research divisions are communicating with the company's patent lawyers?
A branch of the U.S. Navy uses Tor for open source intelligence gathering, and one of its teams used Tor while deployed in the Middle East recently. Law enforcement uses Tor for visiting or surveilling web sites without leaving government IP addresses in their web logs, and for security during sting operations.
The variety of people who use Tor is actually part of what makes it so secure. Tor hides you among the other users on the network, so the more populous and diverse the user base for Tor is, the more your anonymity will be protected..
The last point also goes for the use of the Free Software Foundation's GNU Privacy Guard according to the old proverb 'safety in numbers'.
- Anonym.OS LiveCD from kaos.theory, which is an OpenBSD 3.8 Live CD with strong tools for anonymizing and encrypting connections. Standard network applications are provided and configured to take advantage of the tor onion routing network.
- Arudius offers two Live-CD projects, Newbie based on NetBSD, and Arudius based on Slackware.
- Gibraltar is a professional security product for companies and organizations of any size, based on Debian/GNU Linux. Independent of the kind of Internet connection (dedicated line, ADSL, dial-up connection).
- Mixmaster is a type II remailer protocol and the most popular implementation of it. It can help you anonymise your emails.
- If you use Thunderbird as an email client, you can add the Enigmail extension, which can help you use GPG (mentioned above). See also [ http://dev.weavervsworld.com/projects/ptbirdeniggpg/ Portable Thunderbird with Enigmail / GPG].
- Offical GPG manual.
- Many links to Free Privacy, Encryption, Anonymity and Security Software and Services.
Links for further reading
- Berkman Center for Internet & Society BOLD site for "Privacy in Cyberspace" which was offered in the Spring of 2002.
- ID Cards - the case against, by NO2ID:
- Introduction to Section 3 of High Noon on the Electronic Frontier: Conceptual Issues in Cyberspace by Peter Ludlow
- Report by NATIONAL TELECOMM. AND INFO. ADMIN., U.S. DEP'T OF COMMERCE (1995): PRIVACY AND THE NII: Safeguarding Telecommunications-Related Personal Information.
- Article in The Register: Wiretapping, FISA, and the NSA - excerpt:
"US wiretapping laws, FISA and Presidential powers given to the NSA to intercept communications make for interesting times when coupled with technology. What are the issues surrounding privacy, search, seizure and surveillance? ---- Whenever a new technology is developed, or a new threat that causes us to deploy these technologies, questions invariably arise about their legality. When the telephone was first developed and used, it was not clear that the constitutional dictates on unreasonable searches and seizures applied to conversations that were neither "searched" nor "seized." The recent revelations that the US Department of Defense, through the National Security Agency, was targeting the international communications of US citizens for interception as part of a classified program raises questions about the constitutionality and legality of the program itself."
- Wikipedia entry on Crypto-anarchism
- Wikipedia entry on Computer_surveillance
- Wikipedia entry on Privacy, which reads:
"The earliest recognition of the concept of Privacy is in the Muslim religion. According to a report published by Privacy International (PHR2004 - Overview of Privacy on Nov 13, 2004) there is recognition of privacy in the Qur'an and in the sayings of Mohammed. The edict of privacy is in Chapters 24 and 49 of the Quran - The holy book of Islam. As quoted by Imad A. Ahmad on Islam-Online.net "In Islam the law is God-given and the right of privacy is a sacred right.". Imad A. Ahmad teaches courses on social change and on Religion & Progress at the Johns Hopkins School for Advanced International Studies, and the University of Maryland. Islam places a very great importance on privacy, and on keeping private what should be private. Women have to wear Hijab so that it is a screen of their privacy. Wearing a hijab is one of the methods of protecting the privacy of women."