«

»

Data rape and the impending privacy apocalypse

cyberlock_740_416

 By Simon Davies

In the 1970s – frustrated by an aggressive, male dominated legal regime and a timid judicial system – justice campaigners for rape victims coined a powerful phrase that cemented a cultural mindset for decades to come: No means No.

Consumers and lawmakers alike are increasingly confused by largely phoney justifications for diminished privacy and increased surveillance.

Over time those three words shifted the centre of gravity of public debate. That simple slogan cut through the quagmire of convenient justifications for male sexual aggression. Consent needed to be explicit – and a clear refusal was unqualified.

In that sharp iteration, a prior – or even a current – relationship doesn’t give anyone license to violate. You cannot infer permission. You have no right to intellectualise a justification. Rights are absolute – and so is the violation of those rights. No means No.

Privacy urgently needs such a battle cry. Consumers and lawmakers alike are increasingly confused by largely phoney justifications for diminished privacy and increased surveillance. The foundation of evidence for intrusive practices by government is as unstable as it has ever been. The language and imagery used by many corporations has reached the point of outright deception. And some global corporations are – at least in the realm of data protection – openly defying the rule of law in Europe and elsewhere.

The language and imagery used by many corporations has reached the point of outright deception

We might imagine that the current media prominence of privacy scandals is evidence that matters are improving, but the reality of what is happening in 2013 is little short of data rape. The rules of consent that were supposed to underpin the information economy are being attacked with breathtaking ferocity, while the core principles of data protection have never been so exposed. These days it seems in many online realms that almost every use of personal data is permissible as long as it is specified in the privacy policy or if notice is given. That’s not how data protection was conceived – nor is it a sustainable formula for a new age of limitless information.

The proposed EU data protection regulation – to provide just one example – once had the potential to establish a trusted foundation for decades into the future. Instead it has become a playground for aggressive companies and governments who wish to re-negotiate core rights. The regulation has been crippled by almost 4,000 amendments – many demanding the devastation of a framework of data rights that has taken three decades to win. It is perhaps too early to call odds on the fate of the regulation, but the signs are not healthy right now.

what is happening in 2013 is little short of data rape.

The regulatory corrosion is global. The Mexican Congress is considering abandoning many of its data protection enforcement mechanisms. India is proposing an astonishingly weak data protection law that some powerful interests in the European Commission recklessly wish to be recognised as “adequate” under the EU’s (presently) much tighter regime. Pragmatism often triumphs over principle.

Crucially, the regulatory dialogue between the US and Europe been stalled for more than a decade. The US is making headway on privacy reform with baby steps, but is being overwhelmed by an aggressive industry lobby that scares timid politicians with lurid claims of economic devastation should there be a serious federal privacy law for companies. Advanced economies such as that of Germany tell a different story. The US government is also demonstrating why that country’s legal safeguards still have a long way to go. .

The US is making headway on privacy reform with baby steps, but is being overwhelmed by an aggressive industry lobby that scares timid politicians with lurid claims of economic devastation

Thankfully, there are some notable positive developments – particularly the introduction of privacy law in much of South America and Asia – but these laws will fail if the international privacy scene starts to crumble. Those countries will surely end up with regulatory mechanisms that are unsupported and under-resourced. It’s also true that an innovative micro industry of privacy engineering has been created – but again the take-up of the resulting products depends on an integrated global support by regulators and major industry players. Such support has yet to materialise.

We are told of wonderful advances in privacy thinking. Privacy by Design is the latest idea – the concept of embedding privacy into the very fabric of an organisation’s business model and engineering. However there are almost no examples of such a practice in mainstream commerce. We hear of great advances in technologies that enable anonymity, yet there is a huge risk that anonymity will be almost fatally compromised within the emerging EU privacy rules.

However it is heartening to witness a new generation of astute and dedicated activists and experts such as Ian Brown, Gus Hosein, Chris Soghoian and a constellation of others who bring truth to an arena noted for its deception. The challenge for these people is that they work under enormous stress, engaging fields that mutate with breathtaking speed and complexity.

That the international privacy arena is under pressure is beyond question. For example, the global online advertising industry is currently being allowed to control the privacy agenda by arguing that it has a natural right to track customer activities without their explicit consent. The industry’s hilarious claim to being the Internet’s engine room is peddled to justify an opt-out tracking regime.

Even if it were true that advertising fuelled the Internet economy the onus should be on industry to find ways of conducting its business within a framework of safeguards and rights.

The industry argues that its revenue fuels the development of the Internet. Not only is this one of the most brazen deceptions of recent times, but it is also completely irrelevant. Even if it were true that advertising fuelled the Internet economy the onus should be on industry to find ways of conducting its business within a framework of safeguards and rights. That’s how most other industries have learned to function.

Elected representatives who promote the argument that economic development and profit need protection at the expense of rights should be ashamed. It’s disingenuous to compare, say, environmental sustainability with a contrived notion of privacy sustainability when the information industries have never even been required to seek privacy solutions that will nurture current growth. Indeed in my view there’s ample evidence that an overall improvement across industry in privacy would increase consumer trust and therefore would expand and enrich the information economy.

Meanwhile the business models of major corporations are forcing a re-conceptualisation of data rights in ways that are perilous to privacy. Defining consumers as online publishers and thus dumping corporate liability onto them is a dangerous notion. Creating privacy policies that stress what will be done to compromise consumer data rather than what will be done to protect it is a pernicious trend.

Rather than recognising that rapidly emerging facets of the information age require a rigorous and far-reaching framework of rules, many business lobbies and governments are working to return us to the information equivalent of a 1950’s Mississippi rape trial. Consumers – now defendants – are constantly reassured that our rights are respected, while in the background powerful interests stitch up the odds in their favour. Those standing up in defence of rights are belittled as naive and uninformed – or are said to be extremists with no awareness about how the world needs to work.

Rather than recognising that rapidly emerging facets of the information age require a rigorous and far-reaching framework of rules, many business lobbies and governments are working to return us to the information equivalent of a 1950’s Mississippi rape trial.

Is this analogy over the top? Not if you consider what is at stake. The partnership between humans and information technology is in its infancy, but already there are huge challenges for the protection of privacy. Ahead of us is the fusion of our digital personas with the machinery of commerce. We are only just beginning to explore a future of ubiquitous and ambient computing in which we become enmeshed in a technological ecosystem – the fusion of flesh and machine. The consequences for privacy cannot easily be overstated.

Gerald Santucci of the European Commission observes: “The issue… is the upcoming reality that smart objects endowed with intelligence and unprecedented self configuring and self healing capabilities will make choices for us or on our behalf. It’s not just more data that will be generated, it is new kinds of data, i.e. data sensed by humans’ artefacts and processed by the IoT systems.”

In the privacy realm we have become accustomed to the machinations of greedy governments and data-hungry industry. We wearily accept the manipulative language and deceptive claims that characterise the constant battle against meaningful consumer protections.

It has not always been this way. Eighty years ago the manufacturing industry’s bogus justification for avoiding health and safety measures was ripped apart by forward-looking legislators. In the 1970s the deceptive safety claims of the automobile industry became totally unacceptable. At much the same time the fake accountability of the nuclear power industry was shredded by outraged public sentiment. In each case informed people realised that rigorous rules were needed to nurture trust and growth – and public safety.

History teaches us that unless strict and unequivocal standards are put in place early in the development of new industries then people and communities will suffer. Entire regions are denied decent public transport; nations devastate priceless historical precincts in favour of investment; the environment is irrevocably damaged because of short term economic convenience. Such case studies are depressingly familiar.

Perhaps it is time to identify the data rapists and the violations against privacy that they are perpetrating.

In the case of the information and communications sectors, laws that unequivocally put people – rather than entities – at the centre of the ecosystem need to be put in place without delay. We need to enshrine these rights now before the information economy reaches a level of complexity that we can yet barely comprehend.

The intersection of mobile and Internet is merely the first stage of a seamless fusion between humans and technology. In less than the time span that was historically required to deploy a single technology, we now face the challenge of managing a rapidly evolving global matrix of platforms upon which are deployed apps of almost infinite variety from millions of (largely) unknown and unregulated developers. This situation requires immediate and sharply focused regulatory attention. Instead, many mobile and social networking platforms fiercely compete for new apps by making the entry barrier on privacy as minimal as possible.

Future generations may view this tactic as an utter disgrace. Powerful and wealthy household brands are lobbying to remove almost every foundation stone of data rights. In their view consent should be implied – not explicit. In their view our information should be aggregated into vast data lakes that can be harvested for huge profits, rather than contained in ways that allow people to exercise some control over it.

The unswerving universal rights we imagined the 21st century would bring are thus being downgraded to discretionary values.

Perhaps it is time for activists – and indeed for anyone who cares – to take a stronger and more aggressive stand on privacy. Perhaps it is time to identify the data rapists and the violations against privacy that they are perpetrating.