Monday, February 16, 2015

Fashionistas and counter-surveillance

For all those who want to counter surveillance, be it from drones, cameras or mobile phones, here are some more ideas from New York artist Adam Harvey: http://www.bbc.co.uk/news/technology-25914731
It ranges from low-tech, wacky hair-over-the-face arrangements to higher-tech heat-disguising jackets. We'll be discussing such transparency arrangements further in Sheffield in march, for our Seminar 2 on the technical and ethical limits of secrecy and privacy. All comments welcome below!

Monday, February 9, 2015

Andrew McStay: Response to Iain Bourne

Many thanks Iain for your contribution and for taking time out for a considered response. Here are my responses (Iain’s comment is the main bullet point, followed by my response). I’ve posted this as a standalone post because the comment tool will not accept such a long comment! (4906 characters is the limit apparently.)
-       Iain: Should our objective should be to prevent surveillance per se?
o   Andy: No, I think all in the debate understand that surveillance is not innately bad. The question is one of proportionality, type of surveillance, the role of indiscriminate surveillance, and whether we should be surveilling good folk with tools that most do not understand to chase bad guys. Consent and openness seems to be missing.
-       Freedom depends on security and that security depends on surveillance.
o   Agree to an extent, but the question is about form, type, proportionality, controls on mission creep and the role of politics (frequently reactionary, e.g. ISIS and Charlie Hebdo).
-       ‘If you have done nothing wrong you have nothing to fear’ … ‘it is likely that CCTV or electronic surveillance will have a more significant effect on someone who has broken the rules than on someone who hasn’t’. 
o   Other people interested in privacy will answer this their own way (there are lots of arguments against it). Some of these will entail appeals to the nature of consent in democracies, the need for some healthy distance between citizenry and governments, problems with what happens when the next government comes to power, who incumbents will choose to share this information with, and so on.
o   For me it boils down to a question of trust. Can the state be trusted with increasingly granular information about us (and not just metadata as claimed)? The answer for me is no – indeed the Snowden leaks themselves highlighted how badly cared for this data is. This is exacerbated by the fact that we are in very early days of networked living (pre-internet of things and wearables). I agree though that oversight, accountability and conversation is required.
-       ‘Maybe we need to look more at the effect of surveillance than on the surveillance itself. Maybe this is as true in ‘bad’ states as ‘good’ ones. Maybe the issue even in true surveillance societies is not the surveillance itself but the subsequent arrest, unfair trial and internment in a gulag’.
o   This is akin to the big data argument and shift towards explicit harm over data collection itself. I appreciate this is a convenient solution when so many organisations are collecting so much information, but my gut reaction is “no”. Consent does not work that way around and, particularly in the case of personal information (i.e. DPA definitions), we should push back against this tendency.
-       ‘Despite much effort I think privacy advocates have found it very difficult to demonstrate the negative effect of surveillance per se on ‘ordinary’ citizens.’
o   I think this is true to an extent, we have struggled to state clear, specific and demonstrable harms. My feelings on this are three-fold: 1) concerns are longitudinal (what issues are we storing up for the future?); 2) are we to open the door to total transparency (of searches, speech, location, emotional states and so on)? There are very powerful technologies in use and on the horizon (I’m interviewing many of the companies making these) and I’m not sure our future is best served by state employment of these; 3) can we rely upon this government and the next to care for sensitive information (that was not collected with informed or tacit consent).
o   I would counter too that the state has struggled to make the logical case why indiscriminate surveillance of all communications, webcams, mobile phone telephony amongst other sources is required.
-       Actually, I think most people make a Hobbesian surveillance – freedom trade-off most of the time, but won’t articulate it as such. I think people are aware of CCTV cameras and of GCHQ and Snowden and have seen detective shows where the police use telecoms data to catch the baddies. Maybe they believe that state surveillance is there to stop bad guys doing bad things, not regular people doing good things, and that the world would be more dangerous and traditional freedoms would be eroded faster without surveillance. A perfectly understandable view.’
o   This argument entails tacit agreement with the state in exchange for security. There are a few problems with the Hobbes analogy, not least that we were not in a “state of nature” beforehand ("solitary, poor, nasty, brutish and short"). Note too that this explicitly means tacit agreement of freedoms (i.e. freedom is reduced for an exchange). Do you agree then that surveillance entails some loss of freedom? Also, a [social] contract usually implies that terms are understandable. This is not the case in surveillance and instead we are asked to take it on faith that: a) surveillance is necessary; b) that powers will not be exceeded; c) that there will be no mission creep; d) that data will be cared for and not lost or leaked. Plus, it is unclear that consent was gained (even privacy activists were surprised by scale of Snowden leaks). Lastly, if we are going by the social contract approach, then surely the state broke the last contract through indiscriminate surveillance?
o   I agree with the general point about Hobbes in that we have a police force to make us safe, but this argument does not scale to the activities undertaken by GCHQ/NSA because of the nature of the over-reach.
-       We need a proper set of surveillance safeguards – rights for ‘surveillees’, effective oversight and review, transparency, no dodgy deals with tech cos. etc. Establishing this depends on the development of a much more mature and mutually understanding relationship between privacy advocates and our surveillants.
o   Agreed! I do not think people working for the security service are malevolent, but I do think there is a systemic problem in how we are managing information and the capacities of new technologies. This requires social conversation and politicians who understand that they are not above the law, and who believe themselves to be accountable to the electorate.
-       Privacy advocates will not get anywhere if they’re permanently in opposition to forces that will always be stronger than they are. 
o   Unfortunately I agree, although I think you caricature the situation somewhat. Few believe the situation to be one where we seek no surveillance, but rather most prefer one that watches the bad guys/gals rather than the good guys/gals.


Really look forward to meeting in Sheffield and carrying on this much needed conversation!

Thursday, February 5, 2015

Iain Bourne, Group Manager – Policy Delivery, Information Commissioners Office

In response to policy recommendations produced from Seminar 1 on 'Transparency Today: Exploring the Adequacy of Sur/Sous/Veillance Theory and Practice, 6th January 2015'

These views are my own and do not represent the ICO.


Interesting paper and recommendations – thank you.


On recommendations 4 and 5 – maybe we need to stand back a little bit and question some basic assumptions in this debate about the relationship between surveillance, privacy and freedom. In particular we should ask ourselves whether our objective should be to prevent surveillance per se and whether we can really expect individuals to seek to avoid interference with their privacy through ‘sousveillance’.


Maybe we should acknowledge that, to a large extent, freedom depends on security and that security depends on surveillance. Maybe we need to challenge the ‘classical’ view that more surveillance necessarily equals less freedom.


I think there’s a very compelling Hobbesian argument that by surrendering a degree of our privacy to the state through toleration of its surveillance, we are in fact safeguarding our security and ultimately our freedom. Of course this depends on what kind of state you are dealing with and what sort of person you are – and of course on how much privacy you are expected, or required, to surrender.


‘If you have done nothing wrong you have nothing to fear.’ Generally this argument is harshly rejected in privacy circles. However, in the context of surveillance it is largely true, again depending on what sort of society you inhabit. If the system is working right, it is likely that CCTV or electronic surveillance will have a more significant effect on someone who has broken the rules than on someone who hasn’t. (Whether the rules are the right ones is of course a crucial matter.)


Maybe we need to look more at the effect of surveillance than on the surveillance itself. Maybe this is as true in ‘bad’ states as ‘good’ ones. Maybe the issue even in true surveillance societies is not the surveillance itself but the subsequent arrest, unfair trial and internment in a gulag.


Despite much effort I think privacy advocates have found it very difficult to demonstrate the negative effect of surveillance per se on ‘ordinary’ citizens. There has been talk of psychological inhibition and so forth, but the evidence has never been very convincing.


Assuming there is more surveillance now than twenty years ago – has our freedom been curtailed in any apparent or measurable way? Have we changed our behaviour so as to avoid surveillance? No. Au contraire. We willingly create and disseminate more and more data about ourselves all the time. There doesn’t seem to be much opposition either to state or private organisations collecting more and more data about us. I don’t put the lack of opposition or counter-surveillance down to a lack of consciousness. I put it down to the lack of negative effect of the expansion of data collection and analytical activity on ordinary people’s lives. (Note that data creation and surveillance are quite different but are often conflated in this debate. There could be more data but less surveillance or vice versa. Some apparently highly intrusive societies were very data poor - e.g. theocratic mediaeval villages.)


The fact that most people find it hard to see surveillance as having any negative effect on them is presumably why they tolerate it. There is very little evidence of ‘ordinary’ citizens actively taking measures to avoid surveillance. For example who – apart from a fleeing bank-robber – would be likely to vary their route home in order to avoid CCTV cameras? Speed traps maybe but that’s about the consequences of surveillance (a fine) rather than the surveillance itself and – again – the good drivers who stick to the rules have nothing to fear and indeed probably want the bad drivers to be caught. (Check out iSee here: http://www.appliedautonomy.com/projects.html for a CCTV avoidance program.)


The privacy – surveillance debate often lacks political context. It’s easy to see it as the state versus citizens and to ignore the different types of state and the different types of citizen. Privacy and freedom are often conflated. They need to be separated and treated as different social values. You can have freedom without privacy and privacy without freedom: discuss. It’s too simplistic to say though that more privacy necessarily equals more freedom.


Actually, I think most people make a Hobbesian surveillance – freedom trade-off most of the time, but won’t articulate it as such. I think people are aware of CCTV cameras and of GCHQ and Snowden and have seen detective shows where the police use telecoms data to catch the baddies. Maybe they believe that state surveillance is there to stop bad guys doing bad things, not regular people doing good things, and that the world would be more dangerous and traditional freedoms would be eroded faster without surveillance. A perfectly understandable view.


So far so good but the good state equals good surveillance view, and the benign privacy – freedom trade-off, depends on the integrity of the state. This in turn depends on good state actors doing good state things. Your seminar summary talks about the ‘dark corners of power’, where good state actors can presumably do bad state things – although the light of surveillance could presumably stop them doing this.


The reason all this is so important now is that yes we have more data than ever and probably more surveillance than ever (if more surveillance equals more data x more people). It is clear that our surveillants (another good French word) are getting twitchy – post-Snowden – about the
general governance regime surrounding state surveillance and about public attitudes to it.

We need a proper set of surveillance safeguards – rights for ‘surveillees’, effective oversight and review, transparency, no dodgy deals with tech cos. etc. Establishing this depends on the development of a much more mature and mutually understanding relationship between privacy advocates and our surveillants. This works both ways but it depends on challenging the assumption that stronger privacy equals weaker security. It might mean more targeted and precise security, but that’s different to weaker security. (I think this is what Obama is trying to do with his oversight board post-Snowden.)


Privacy advocates will not get anywhere if they’re permanently in opposition to forces that will always be stronger than they are. They will remain marginalised and irrelevant – in relation to both the state and the general population. The benign effect they could have in terms of introducing effective safeguards will never materialise. Both sides need to recognise that they are in fact on the same side, that we have common enemies and that security without privacy is as undesirable as privacy without security – both result in a lack of freedom.


It would be interesting to see what would happen if we had a surveillance moratorium of say two weeks where we turn off all the cameras and shut down all the data feeds. Maybe we’d all enjoy a golden era of unrepressed, uninhibited freedom. Maybe it would make no difference at all. Or maybe very bad things would happen. Personally I would book a holiday somewhere else. James Madison – the 4th US president – said that ‘if men were angels no government would be necessary’. Maybe the same is true of surveillance.


These are my personal observations, intended to further discussion of an increasingly important issue. They do not reflect the view of the ICO, although we are keen to support and contribute to debate in this area.