Posts Tagged 'Data Protection'

The Circle (a rare book review)

The CircleSam Seaborn (or Aaron Sorkin) said it in 1999: “The next 20 years will be about privacy.” So it’s not surprising that serious authors will tackle the issue, as Dave Eggers has now done in The Circle.

The eponymous company in The Circle is quite obviously Google, or a successor to it. It dominates the internet and begins to dominate the world. Its name is apt, for the purposes of a book if not a real company: the Circle is closing in on us, one ring to rule them all, as it were.

Much discussion of the book has consisted of a misguided complaint that it lacks authenticity. Critics have made the absurd argument that because Eggers is not an insider it is not a valid portrayal. The complaint appears to be that he has not faithfully represented the internet, or Silicon Valley, as they exist (or are perceived to exist) today. This Wired review misses the point entirely.

In his desire to create a world where The Circle rules all, Eggers creates so many extremely unlikely or outright impossible scenarios that happen simply because he needs them to happen. As they stack up through the course of the book, it gets harder and harder to take it seriously even as satire until finally it becomes outright fantasy, with only a tenuous connection to reality as we know it.

It is true, to an extent, that some things happen because Eggers needs them to happen. Call it artistic licence or call it deus ex machina: an author is entitled to move a plot forward. Wired want a book about technology, which The Circle is not. Neither is it quite true that the book strays into the realm of fantasy; but even if it did, is that not a valid way of exploring the issues raised?

The Guardian, less obsessed with fidelity to the tech industry, struck the right note:

It’s not clear whether The Circle is intended as a satire of the present or a dystopian vision of the near future. Eggers’s writing is so fluent, his ventriloquism of tech-world dialect so light, his denouement so enjoyably inevitable that you forgive the thin characterisation and implausibility of what is really a clever concept novel.

The quality of the prose is not quite as the Guardian would have you believe and certainly does not match his earlier works. The Circle is patchy and clumsy in places (never in literature was a shark jumping pun more deserved). It is Crichtonesque and notably screenplay-friendly, but it fails to meet the standards set by either Crichton or Eggers himself. The Wall Street Journal sums it up well:

The Circle is not great literature. But it is a great warning—one that you’ll be hearing a lot more about.

The book is not interesting because of its prose or its authenticity: it is an allegorical tale, “a clever concept novel”. The allegory is not subtle and the tale is not particularly inventive, but nevertheless, even where the plot seems to overstretch, such as in the messianic monologues of The Wise Men, one does not have to go far to find similar statements and ideas already out there.

The Circle aims for “completion”, a state of complete “transparency” in society which effectively eliminates private spaces. Everyone has full access to everyone and everything else. That critics view this eventuality as being far fetched is astounding. For years now influential figures have formulated a philosophy of voluntarily limited privacy. In this profile of Mark Zuckerberg published by the New Yorker in 2010, a media and communications specialist at Microsoft Research outlined a key element of Zuckerberg’s views on privacy:

This is a philosophical battle. Zuckerberg thinks the world would be a better place—and more honest, you’ll hear that word over and over again—if people were more open and transparent.

In The Circle, it is as if Eggers has taken this quote and run with it. The book merely ties together a few strands that are already hanging out there today and develops them to a reasonably logical conclusion: how would people behave following a period of sustained erosion of privacy, cataloging of all information and aggressive privitisation or outsourcing of public services?

Zuckerberg, according to some, doesn’t believe in privacy. His response?

Zuckerberg defended the change — largely intended to keep up with the publicness of Twitter, saying that people’s notions of privacy were changing.

There are, generally, two primary ways the situation is currently viewed. In Zuckerberg’s articulation we have voluntarily modified our behaviour and our expectations of privacy. On the opposite end of the spectrum, as recently articulated by Eugene Kaspersky at the Dublin Web Summit, privacy can never be guaranteed online so you modify your behaviour accordingly. Either way there is grim inevitability.

“There is less and less privacy now. Fifty years ago, if governments and private companies were watching peoples every move there would have been huge protests,” he added.

A speaker at the same event pointed out that, despite the Snowden revelations, “nobody seems to care”, a view which arguably supports Zuckerberg’s vision of privacy.

In The Circle, the ability to modify behaviour and maintain privacy is challenged as the Circle closes in on everyone. Mercer, the totemic refusenik of the book, tries to live outside of the Circle and, in partly comic fashion, it closes in on him too.

Google’s long-stated aim has been to make the world, not just the internet, searchable. This can be achieved only by putting more information online and Google have been active in digitising libraries and cultural institutes to that end. Add in years of your emails and documents and they range of analyses they can perform are significant. The book addresses the issues raised by the digitisation of old information.

In Ireland, we are finally getting around to introducing a law on “spent convictions”. According to Remy Farrell SC:

as time passes the relevance of a person’s previous convictions diminishes to the point that they should be ignored.

Should a similar principle be said to exist in relation to information? Data protection law already requires that personal information should not be kept for longer than necessary; but how long is that? If you set up a Bebo account in 2005 which is now dormant but you have never deactivated it, at what point should there be an obligation on Bebo to shut it down and remove your photos from public view? At present, the European Union is preoccupied with “right to be forgotten” which, in The Circle, becomes the stated “right to disappear” of a high profile objector.

The Circle addresses, but does not fully confront, the manner in which the new global surveillance society is coming about: as a trade-off. You exchange your personal information for useful “free” services. You exchange your personal liberties for useful security services. The book presents the ultimate trade-off: what would you trade to stop child abduction?

Elements of The Circle that seem fanciful, such as politicians and individuals becoming “transparent” by voluntarily wearing webcams which broadcast at all times, seem less preposterous as technologies like Google Glass emerge. Adrian Weckler, reporting on the Web Summit, recently ran into Robert Scoble roaming the RDS wearing Google Glass. He mentioned, in jest, that you could not be sure if he was recording you or not.

These technologies initially take off due to their “cool” factor. They gain critical mass and then the trade-off comes: why don’t you want to be transparent? What are you hiding? Eric Schmidt has already made outstanding statements:

If you have something that you don’t want anyone to know, maybe you shouldn’t be doing it in the first place, but if you really need that kind of privacy, the reality is that search engines including Google do retain this information for some time, and it’s important, for example that we are all subject in the United States to the Patriot Act. It is possible that that information could be made available to the authorities.

The “nothing to hide, nothing to fear” argument is Orwellian, oppressive, ridiculous and easily debunked. But it persists. Schmidt suggests privacy is some personal foible or luxury that you might unreasonably insist on, not a basic human right which, by the way, is enshrined in numerous laws.

An interesting aspect to corporate attitudes to privacy is the reaction of Google and others to the Snowden revelations. Google and Facebook believe you should be transparent, that you should put as much as your life online as possible and open that up to as many people as possible while also allowing them to analyse the information and your interactions with others. But when it is revealed that the NSA may be carrying out some analyses of their own by using backdoors to their systems, it’s a different matter.

“We have long been concerned about the possibility of this kind of snooping, which is why we have continued to extend encryption across more and more Google services and links, especially the links in the slide,” he said.

“We do not provide any government, including the US government, with access to our systems. We are outraged at the lengths to which the government seems to have gone to intercept data from our private fiber networks, and it underscores the need for urgent reform.”

So, Google’s chief legal officer says they don’t provide access to their systems. But just a few years ago, pre-Snowden, Google’s then-CEO warned that information retained by Google could be made available to the authorities. They want to ensure that your data is protected from others, but not themselves.

What is particularly confusing and contradictory about the current erosion of privacy is the extent to which corporate, institutional and governmental secrecy is on the rise. We are told to accept limits on our personal freedoms in exchange for security while also being told to accept limits on the transparency of organisations for the same reason. Glenn Greenwald is the cause célèbre:

I really urge everyone to take note of, and stand against, what I and others have written about for years, but which is becoming increasingly more threatening: namely, a sustained and unprecedented attack on press freedoms and the news gathering process in the US. That same menacing climate is now manifest in the UK as well, as evidenced by the truly stunning warnings issued this week by British Prime Minister David Cameron.

Attacking press freedom attacks the citizen’s ability, and right, to know what is going on. Transparency is for Us, it seems, but not for Them.

The Boston Globe’s review of The Circle begins:

When I finished reading Dave Eggers’s chilling and caustic novel, The Circle, I felt like disconnecting from all my online devices and retreating for a while into an unplugged world. I gather that’s what he had in mind.

I didn’t have that reaction. Rather, I was angry at the reaction of publications like Wired who so easily dismiss it. We have already sleepwalked into an era of eroded privacy and astounding information storage. It is not at all unlikely or impossible that the trend will continue. There have been a number of horrific privacy breaches over the past years that should make people question the extent to which they engage with online services or which might have led to changes in those services, but it hasn’t happened. Sometimes a work of fiction is needed to allow people to think about these issues outside of the dense worlds of tech and law.

Instagate

InstagramInstagram has courted controversy this week by announcing changes to its terms and conditions. There are clauses in Instagram’s new terms which are likely to cause them difficulty with privacy and advertising regulators but the most controversial new terms are that:

  • Instagram will have a full licence to use your photographs, including to sub-licence or transfer use of them; and
  • customers of Instagram (that’s advertisers, not you) can pay to have your name or photos (along with other information) displayed in advertising messages, without paying you or even notifying you.

Changes to intellectual property terms on free online services have long been a source of controversy, not least because when services like Instagram are involved many of the users are involved in creative industries. Even if a user is not a creative professional, the service involves the creation of intellectual property. Mess with those users’ rights at your peril.

Of course, blame for these changes is being laid firmly at the door of Facebook who famously paid through the nose to acquire Instagram. While the new terms are not surprising, given the involvement of Facebook, whoever owned Instagram was always likely to attempt such a change in order to monetise the business.

If the online reaction is anything to go by, the changes are a boon for Flickr. The death knell of that service had been sounding for some time but it, and its new app which has launched with serendipitous timing, could see a significant return of dormant users. I have noticed a surge in activity in the past few days as Instagram users have returned to Flickr and began uploading photos for the first time in months while also seeking out contacts from the Instagram universe.

But what do Flickr’s terms say?

With respect to … Content you elect to post to other publicly accessible areas of the Services, you grant Yahoo! the royalty-free, perpetual, irrevocable, non-exclusive and fully sub-licensable right and licence to use, reproduce, modify, adapt, publish, translate, create derivative works from, distribute, perform and display such Content (in whole or part) worldwide and/or to incorporate it in other works in any form, media, or technology now known or later developed.

The difference between this and what Instagram’s terms will say is not clear to me, apart from the fact that Instagram are more explicit in what they plan to do with your photos. Neither is it clear if a Flickr account which is set to private constitutes a “publicly accessible area of the Services”.

Strangely, this does not appear to be the situation in the US, where their local version of the Yahoo!/Flickr terms are limited and provide a licence “solely for the purpose for which such content was submitted or made available.” This limitation does not appear in the terms applicable in Ireland. So is there any difference between Instagram and Flickr?

Yet another Toyota recall

I wrote twice before on product recalls by Toyota and the apparent legislative oversight which meant that there was no legal provision allowing Toyota to obtain records of Toyota owners from the vehicle licensing authorities.

At the time I wrote those posts, the most recent legislation on the issue was the Finance Act 1993 (Section 60) Regulations 2005. Now that Toyota are undertaking another product recall, I discover the  Finance Act 1993 (Section 60) Regulations 2009, which took effect on 25 September 2009 but which, oddly, were not available on the Irish Statute Book when I wrote my posts in 2010 and 2011.

At any rate, the 2009 Regulations revoke and replace the 2005 Regulations and designate specified manufacturers and distributors as being entitled to obtain vehicle licensing records, rather than the generalised category stated in the 1996 Regulations.

So, it appears that I was mistaken, but had no way of knowing it at the time.

The strange, hypocritical attitude of the Irish Government to copyright, the internet and citizens

[Updated, at end] The introduction yesterday of an amendment to the Copyright & Related Rights Acts has been in the works for a long time (posts here, here and here). The issue has generated quite a bit of heat on both sides and the Government would do well to observe that opponents to the law have not held a monopoly on intemperate comment.

The amendment was destined to be introduced by statutory instrument and the concerns of any critics were always going to be ignored but the attitude of Séan Sherlock, junior Minister for Research & Innovation, to the issue is strange and contradictory.

His announcement of the new law contains a significant dig at those who opposed the statutory instrument the Government has just introduced.

I urge all interested parties on all sides to come together and work in a constructive and realistic way to the benefit of all.

This is a boggling statement. Like any campaign there was a lunatic fringe that fired off ill-informed comments. But most opponents were relatively well organised and the Minister met with representatives of some of them (read Michele Neylon’s account here). So, at least some “sides” came together. The Stop Sopa Ireland campaign was up and running in a very short time and, unlike most campaigns of opposition, actually proposed alternative wording to the Minister.

A key paragraph in that alternative wording would have included an obligation on a court to carry out a balancing act when considering whether or not to grant an injunction to a copyright owner.

In considering an application for an injunction under this subsection, the court shall have due regard to the rights of any person likely to be affected by virtue of the grant of any such injunction (including the freedom to conduct business, the right to protection of personal data and the right to receive or impart information) and the court shall give such directions (including a direction requiring that persons likely to be affected be notified of the application) as the court considers appropriate in all of the circumstances.

It appears that Minister Sherlock considers such a proposal to be non-constructive and part of a campaign of setting the “dogs” on him. However, a few weeks ago the Minister bizarrely “welcomed” the decision of the European Court of Justice in Sabam v. Netlog with the following comment:

[T]his decision … reiterate[s] that, in the context of measures adopted to protect copyright holders, national authorities and courts must strike a fair balance between the protection of copyright and the protection of the fundamental rights of individuals who are affected by such measures …

I welcome today’s decision from the European Court of Justice. This will provide further clarity to Irish courts in adjudicating such matters.

What would also have provided clarity to Irish courts in adjudicating such matters is a clause like the one included in the alternative wording submitted to Minister Sherlock.

Instead, a bare-bones statutory instrument has been used to amend the Copyright & Related Rights Acts providing none of the clarity that the Minister otherwise appears to favour.

[Update 7 March 2012] A recent press release by Minister Sherlock’s party colleague, Phil Prendergast MEP demonstrates what appears to be quite a different attitude to citizen engagement with copyright reform.

Commenting on the referral of the Anti-Counterfeiting Trade Agreement to the Court of Justice of the European Union, Ms Prendergast says:

This extraordinary u-turn by the European Commission, who had up until now dismissed legitimate concerns, demonstrates that engaged citizens and civil society groups can have a decisive impact on politics, especially when fundamental freedoms are at stake.

Not under Labour in Ireland, it would seem.

Battle of the Bakers: Round 2 (and an interesting update re Round 1)

Exhibit A

Exhibit A: McCambridge bread

I had assumed that the McCambridge v. Brennan brown bread case was solely one of intellectual property infringement but the judgment of Mr Justice Peart, which has now been published, shows that there is more to it (an Irish Times report of the case is here).

Indeed, Peart J notes that McCambridge do not “have any proprietary rights as such over that type of re-sealable bag, its shape or indeed the shape and size of the loaf of bread inside.” The company itself accepted that it does have such proprietary rights, nor rights over the shape and colour or ingredients of the bread itself.

Notwithstanding that, Peart J agreed that the overall impression on consumers satisfied the conditions for passing off (a form of action used to protect unregistered intellectual property rights).

[I]t would take more care and attention that I believe it is reasonable to attribute to the average shopper for him or her not to avoid confusion between the two packages when observed on the shelf, especially when these are placed adjacently or even proximately so.

Peart J indicated that an injunction should be granted to prevent further passing off. However, the interesting element of the case comes next: he also considered whether McCambridge are entitled to an injunction under section 71 of the Consumer Protection Act 2007 on the basis that Brennans were engaging in a misleading commercial practice.

The Minister for Jobs, Enterprise & Innovation recently announced a planned overhaul of consumer legislation, arguably ignoring that the 2007 Act was supposed to be just that (I wrote about it here in April 2011). The 2007 Act was quite significant, but appears to have been barely used, particularly by the National Consumer Agency. Indeed, Peart J states that they held a watching brief in McCambridge v. Brennan but, strangely, adopted “a neutral position”.

(The failure of the Agency to adopt a position is reminiscent of the refusal of the Data Protection Commissioner to involve his office in the EMI v. eircom case. Ironically, he recently went on to order eircom to halt the three-strikes system which resulted from that case.)

Exhibit B

Exhibit B: Wot, no McCambridge?

Peart J decided that McCambridge were not entitled to an injunction under section 71, apparently (my interpretation) on the basis that the design of its packaging was not a commercial practice involving marketing or advertising.

Peart J was to hear the parties in relation to the exact terms of his proposed injunction, but the decision to grant an injunction has since been appealed to the Supreme Court by Brennans.

As stated, my interpretation of Peart J’s comments (at paragraph 45) is that an injunction was not available because packaging was not “marketing or advertising”. I would have thought that the European Communities (Misleading and Comparative Marketing Communications) Regulations 2007 were aimed at preventing misleading advertising and that the (quite similar) provisions of the 2007 Act were of broader application such as would capture packaging. The 2007 Act is the Irish implementation of the Unfair Commercial Practices Directive which, in the UK, was implemented by statutory instrument. Guidance from the UK’s Office of Fair Trading gives the following example of a prohibited practice:

A trader designs the packaging of shampoo A so that it very closely resembles that of shampoo B, an established brand of a competitor. If the similarity was introduced to deliberately mislead consumers into believing that shampoo A is made by the competitor (who makes shampoo B) – this would breach the [Regulations].

Of course, Peart J had decided that Brennans’ passing off was not deliberate, and so could not have found them to have intended to “deliberately mislead consumers”. Nevertheless, it appears to be a case where the views of the Consumer Protection Agency would have been of use.

New data protection rules on cookies & mandatory data breach reporting for electronic communications providers

 

From George Eastman House

Not those kind of cookies.

Last week, the Minister for Communications, Energy and Natural Resources signed a group of statutory instruments into law which transpose the EU telecommunications reform package.

Among those regulations are the European Communities (Electronic Communications Networks and Services)(Privacy and Electronic Communications) Regulations 2011.

The Regulations are lengthy but the Data Protection Commissioner already has a guidance note online outlining the changes introduced, the most significant being:

  • Compulsory notification of individuals and the Office of the Data Protection Commissioner in the case of data breaches
  • More stringent requirements for user consent for the placing of “cookies” on electronic devices
  • Stricter requirements for the sending of electronic marketing messages and the making of marketing phone calls

I previously wrote about mandatory reporting of data breaches in the context of general data protection law (rather than sector-specific rules).

Leo Moore (William Fry) points out that the new rules on cookies do not provide for a lead in time, as was the case in the UK. This will put pressure on operators subject to the rules to get their house in order quickly. He notes:

Website operators and other interested parties are keenly following how the Cookie Regulations will be interpreted and enforced in Ireland in light of the need to obtain website user consent each time a cookie is placed on a website user’s computer. Many such parties have concerns in relation to the practical implications of complying with such obligations.

For more, try following Ronan Lupton (ALTO), TJ McIntyre (UCD/DRI), Leo Moore (WF) & David Cullen (WF) on Twitter.

Department of Jobs, Enterprise & Innovation (brief) consultation on filesharing injunctions

[Updated 23/06/11] In the (literally) last days of the previous Government, a rumour shot around that the then Minister for Enterprise, Trade and Innovation was about to sign a statutory instrument into law which would address the gap in the law criticised by Mr. Justice Chartleton in the EMI & ors v. UPC case.

A firm denial was issued by the Minister but I’m not sure anyone really believed that a draft SI wasn’t floating around somewhere. Anyway, the newly-titled Department of Jobs, Enterprise & Innovation has put a draft SI out to consultation. The relevant SI text is below.

Deadline for submissions is 1 July 2011: less than 2 weeks from today. That’s pretty swift consultation by any standard. Apparently the Department received a number of requests for an extension to the consultation period, so the new deadline for submissions is Friday 29 July 2011.

New section 40(5A) of the Copyright & Related Rights Acts:

(5A)(a) without prejudice to subsections (3) and (4), the owner of the copyright in the work concerned may apply to the High Court for an injunction against a person who provides facilities referred to in subsection (3) where those facilities are being used by one or more third parties to infringe the copyright in that work.

(b) In considering an application for an injunction under this subsection, the court shall have due regard to the rights of any third party likely to be affected and the court shall make such directions (including, where appropriate, a direction requiring a third party to be put on notice of the application) as the court may deem necessary or appropriate in all the circumstances.

New section 205(9A) of the Copyright & Related Rights Acts:

(9A)(a) without prejudice to subsections (7) and (8), the rightsowner may apply to the High Court for an injunction against a person who provides facilities referred to in subsection (7) where those facilities are used by one or more third parties to infringe any of the rights referred to in Parts III and IV.

(b) In considering an application for an injunction under this subsection, the court shall have due regard to the rights of any third party likely to be affected and the court shall make such directions (including, where appropriate, a direction requiring a third party to be put on notice of the application) as the court may deem necessary or appropriate in all the circumstances.

Thanks to Ronan Lupton for bringing the consultation to my attention.



Follow

Get every new post delivered to your Inbox.

Join 3,112 other followers