Habeas Data, or Why any Silicon Valley ‘bill of rights’ will guarantee you never have any

by

Widespread ridicule has greeted the announcement that eight giant technology companies led by Google and including Facebook and LinkedIn were going to save us from the NSA.

The ridicule is thoroughly justified, for trusting giant corporations – whose business models rely on selling your identity to advertisers – to safeguard your privacy is like hiring a kleptomaniac to guard the sweet shop.

Thirty years after the Khmer Rouge declared war on “the Garden of the individual”, Silicon Valley was lauding the collective “hive mind” while stealthily dismantling the rights that protect the individual.

Both practically and philosophically, today’s giant web corporations are incapable of defending you – and how can they, when don’t really accept that the individual really exists? In Silicon Valley, the individual is merely a phantom: a collection of patterns, or a node secreting data into one of its giant analytical processing factories.

Before we can understand why tech/media companies can’t protect the individual, and why their “solutions” are impoverishing us, let us remind ourselves what’s happened. We need to see how complicit the data business was with the behaviour of the intelligence agencies.

Spooky action at a distance

Edward Snowden’s revelations confirmed that 20 years after it was opened to the public for commercial access, the internet is subject to the same casual warrant-free surveillance as the circuit-switched telephone network. Fantasies that the internet would put us beyond the reach of the spooks turned out to be just that: fantasies. Only a fraction of Snowden’s material has been released, and much of it is banal: spies spy on foreign powers, for example. But the material did confirm that the physical infrastructure of packet communication is completely compromised, and security backdoorsare apparently commonplace.

This week’s disclosures in Der Spiegel confirmed the lack of protection. Spiegel did not draw from the Snowden cache in its report, which details alleged offensive capabilities of the NSA’s Office of Tailored Access Operations (TAO).

According to the German magazine’s report, TAO’s operations range from Q-Branch-style custom hardware to directed hacks on suspected individuals, networks and infrastructure. It would be naive to think this didn’t already go on, given the capabilities of Russian and Chinese cyber-warfare teams against political and industrial targets. The sophisticated Stuxnet malware, believed to be a joint US-Israeli effort, was constructed to disable control systems in Iran’s nuclear fuel processing plant.

Yet at least the NSA is subject to democratic scrutiny. Technology companies are not. The scrutiny of the NSA may have been supine and ineffective, thanks to senators including Democrat grandee and chair of the Senate Intelligence Committee Dianne Feinstein – but the structure is there to provide better oversight.

The Great Data Slurp

What I find far more disturbing than anything in Snowden’s cache is the fact that Silicon Valley’s internet companies have been complicit in denuding citizens of the privacy an individual requires to be an individual.

Firstly, these companies are a data acquisition industry. They hired the best engineers and mathematicians of their generation and set them about creating a kind of derivatives bubble of inferred human behaviour. The gimmicky gadgets we feature – Android phones and Google Glasses – are simply subsidised data-capture devices. I am doubtful there is as much value in this data as the hypesters want us to believe – because economists always put more store by “revealed preferences” – what you actually spend on a good – than by second guessing what you might spend.

Far from being bold and “disruptive”, Google and Facebook appear to be deeply conservative companies that seem loathe to stray from their comfort zones. They’d prosper from helping other industries build transaction-based markets, which makes the inferral analytics less important than traditional business skills. Why don’t they go there? Perhaps the nerds who run these web companies fear being smaller fish a bigger pond.

Yes, I like cat videos. What’s it to you?

However, if there is value in this data they capture, then we are giving it away too cheaply. New elites prosper on the back of this. This prompted Jaron Lanier to suggest that we charge them for it, receiving a micropayment when an ad is clicked. There are two drawbacks in Lanier’s suggestion. One is that it relies on micropayments, which only ever work in aggregate amounts – discrete micropayments are too expensive to process. The second, rather larger problem, is that there isn’t enough money there in the first place.

So, instead of conducting a real transactional business, or helping other people make operational IT efficiencies, they’ve created a ghost world of their own instead, in which we’re the product. This required a public relations effort to try to persuade us we don’t have any property rights over our data, anyway.

While you were out fighting SOPA, we left you this note

One of the most ironic sights of 2013 was seeing the fugitive Snowden open up a laptop emblazoned with stickers for the EFF, the Electronic Frontier Foundation. The EFF is just one of many groups that receives money from the technology industry – with Google leading the handouts – waging a ceaseless war on the individual’s digital rights, while claiming to defend them.

These groups also loudly claim to be privacy watchdogs – yet have turned their meek protest into a funding activity. And guess who’s doing the funding? When Google and Facebook settled their respective Buzz and Beacon privacy lawsuits, the biggest beneficiaries were not individuals but “organizations that are currently paid by [Defendant] to lobby for or to consult for the company” thanks to a quirk called cy-près. The EFF and ACLU each bagged $1m from the settlement, which for the EFF was more than it raised in donations. And it has some pretty wealthy donors.

So the poachers are paying off the gamekeepers.

The web giants have also paved the way for the NSA by driving a bus through legal loopholes. For example, The Washington Post reported how the NSA justified its infrastructure interceptions by arguing it wasn’t really doing interception.

The distinction is between “data at rest” and “data on the fly.” The NSA and GCHQ do not break into user accounts that are stored on Yahoo and Google computers. They intercept the information as it travels over fiber optic cables from one data center to another.

Sound familiar?

It should do, as it was the same argument Google used when it launched Gmail in 2004. Google was reading your email because it wanted to inject advertisements based on your private communication. So it sought to redefine “reading” as “not actually reading”. Here’s what security expert Mark Rasch predicted at the time.

Google will likely argue that its computers are not ‘people’ and therefore the company does not ‘learn the meaning’ of the communication. That’s where we need to be careful. We should nip this nonsensical argument in the bud before it’s taken too far, and the federal government follows…

Imagine if the government were to put an Echelon-style content filter on routers and ISPs, where it examines billions of communications and ‘flags’ only a small fraction (based upon, say, indicia of terrorist activity). Even if the filters are perfect and point the finger only completely guilty people, this activity still invades the privacy rights of the billions of innocent individuals whose communications pass the filter. Simply put, if a computer programmed by people learns the contents of a communication, and takes action based on what it learns, it invades privacy.

So what’s to be done?

Well, you can adopt DIY crypto tools, and try to teach your neighbour to use them. But most will give up long before they’re proficient in them – which means affordable powerful legal tools for the individual to exercise against government and corporations are vital. Laws and procedures that recognise the individual as sovereign, the supreme owner of the data, of digital objects or things. The individual would then have contractual relationships with companies and governments, as need be. In other words, property rights that allow every individual to assert where their property is used and for how long. This has a name: habeas data.

And the very good news is these powerful individual legal rights to assert ownership and usage over stuff we create are already here. They’re called intellectual property laws. And now you can begin to see why technology companies have lobbied so hard and furiously to weaken them, particularly by weakening copyright. This is a classic misdirection. Invent a bogeyman, and divert the people’s attention to fighting it, while you quietly steal their rights. Try and persuade people they’re not rights at all, but restrictions on freedom. Lobby governments to make those rights ineffective. And if that fails, weaken the ability of the individual to get access to justice in enforcing those rights.

Alas, I expect lots of windy rhetoric about a “bill of rights”, in which web giants would promise to never, ever abuse your privacy… unless you allowed them to in a 94-page click-through contract. A government-blessed privacy right would be little more use, particularly as these things contain acres of exceptions that render the rights meaningless. (Example: ECHR Article 10, supposedly guaranteeing freedom of speech. Except when the shit hits the fan – and you don’t have any.)

Because the web industry has spent 20 years fighting the application of individual property rights to digital things, like data, we can expect it to fight very hard for a meaningless set of “rights” that don’t protect your privacy. Through campaigns branded with the over-used phrase “open data”, the web industry has even persuaded governments to give away potentially lucrative data for nothing, without a penny being returned to the investor: the taxpayer. Yet without being able to assert property-ish rights (rights that exclude others), you’ll never have any privacy.

The way forward should not be as complicated as you might fear. First we need to recognise the web industry with its “siren servers” isn’t our friend, or any defender of the individual – and that’s already happening, I think. It’s apparent with every feature on Google Glass. Then we can begin to assert that we own everything we produce, extending copyright rights and practice to our own data. Only then will the giant web companies – who have lots of positive things to contribute – realise that they need to show respect to the individual, too. The “collective externalised mind” is its own form of tyranny.

Is it too much to ask? We’ve seen a concerted effort to grant legal rights to trees and rivers – with lawyers ventriloquising on their behalf. If trees can gain rights, why must we lose ours? ®

Photo by Tingey Injury Law Firm on Unsplash

0 responses to “Habeas Data, or Why any Silicon Valley ‘bill of rights’ will guarantee you never have any”