Saturday, July 4, 2015
Seminar 3 Position Statement: Mark Lizar, Technology Standards Developer
Commercial industry has run rampant with abuse of personal information, circumventing laws, being opaque about data sharing and surveillance practices. Much of this is a result of poor regulatory enforcement, the terrible accountability of government and dismal security oversight. As such, a rational approach to ‘Media Agenda-Building, National Security, Trust & Forced Transparency" is the development of trust and forced transparency in commercial practices through bridging the legal requirements found in notice and consent laws. (See Appendix.)
Positive Privacy is aggressive transparency, personal data control, withdrawal of consent to process, the objection to profile. These are opportunities in sousveillance, just like the tracking of police and public figures can produce accountability, a strengthening of personal security and, result in positive moves towards privacy, like what we have seen companies like Google in terms of privacy transparency.
Positive Privacy, as opposed to protectionisms like data protection, is about transparency, data control and watching those that profile and watch us.
As surveillance, the tracking of people, gets more ubiquitous and omnipotent, the systemic barriers to sousveillance become weaker. The demand for control of personal data by people become stronger, the market for transparency becomes more lucrative and opportunities for sousveillance increase.
Closed Consent: An Old Problem
The requirements for notice, consent and openness are universal in privacy principles.
Even so, privacy policies online are closed because they are customized, with no common format, hidden in different places and often change without warning or a chance to consent to their changes. These policies are used to drive data surveillance practices that strip people of their data and privacy.
Not only are people expected to agree to policies that they don’t read, are held to terms of services they can’t negotiate. People are expected to pay twice, once with their money and a second time with their data.
The current system forces people to login to each service provider separately; forces people to spread personal information everywhere, share secret passwords and most abhorrently maintain personal profiles of personal information for companies.
The systems of law that portend to give peoples rights are implemented to do the opposite.
Open Consent: A new Sousveillance Solution
Open Notice is an effort to create a common meta format for opening privacy notices by providing people with consent receipts so that people don’t need to read or understand long policy and terms documents. Or, login to each company to administer and control their own data. Open Consent is about enabling people with sousveillance; transparency over companies and their data surveillance and sharing policies. Through transparency, holding organisations accountable for these policies, enabling people to track company data sharing practices, withdraw consent, block profiling; stop automatic decision-making and critically enable people to manage consent on aggregate, i.e. withdraw 10,000 consents with one click of a button.
Open Consent is about setting up a deep system of systematic sousveillance that can be applied aggressively by everyday people. As policies are required to be open, people can scrape consents to create consent records independently. People can use consent receipts with existing and emerging law to manage consent, block profiling, crowd source opinion, and to make data sharing practices open and social. Whether companies participate or not!
As technologies have evolved rapidly, corporate policies also rapidly evolve. It is estimated that more than 80%-90% of consents are not compliant with consent regulation as they are out-dated, leaving companies and governments liable in the dawning age of systemic transparency. Material changes in policies mean that consent is not informed, and like Google’s change of privacy policies, our data is shared without consent.
Opening consent notices create a defacto framework that opens not only corporate practices, but the ability for people to independently control data and establish trust.
The greater the surveillance pressures on society, the more transparent society, and the greater the backlash, the pushback, and the demand for personal control of data from people.
Technology is the great leveller. We have a lot of faith in Positive Privacy, faith in systemic transparency, personal data control and the intelligent will of the masses.
A society equipped with wearables, sensor driven appliances, sousveillance, and personal data control is a much more intelligent society. A society that can evolve humans into a Smarter Species.
In 2010, my MSc thesis, which was published, started when I came across some CCTV research that indicated that in 2002, 82% of the surveillance notices were not compliant with basic consent and notice requirements in the UK Data Protection Act.
From here I submitted a freedom of information request to every borough in London for the location of surveillance cameras. A couple of boroughs refused, but Hammersmith and Fulham were aggressive in their refusal. As a result the complaint was escalated to the information commissioner and the focus of my research became the compliance of CCTV notice and its implied consent on a small street in the centre of the borough.
The result, the compliance of notices for surveillance was lower in 2010, with 91% not compliant and the Information Commissioner's Office ruled against Hammersmith and Fulham council forcing them to publish the location of the surveillance cameras. Today, every council camera location is now published across the country, but the notice obligation requirements in Data Protection Act go unenforced.
As a result, the concept of Positive Privacy was conceived