Tag: data retention

The Circle (a rare book review)

The CircleSam Seaborn (or Aaron Sorkin) said it in 1999: “The next 20 years will be about privacy.” So it’s not surprising that serious authors will tackle the issue, as Dave Eggers has now done in The Circle.

The eponymous company in The Circle is quite obviously Google, or a successor to it. It dominates the internet and begins to dominate the world. Its name is apt, for the purposes of a book if not a real company: the Circle is closing in on us, one ring to rule them all, as it were.

Much discussion of the book has consisted of a misguided complaint that it lacks authenticity. Critics have made the absurd argument that because Eggers is not an insider it is not a valid portrayal. The complaint appears to be that he has not faithfully represented the internet, or Silicon Valley, as they exist (or are perceived to exist) today. This Wired review misses the point entirely.

In his desire to create a world where The Circle rules all, Eggers creates so many extremely unlikely or outright impossible scenarios that happen simply because he needs them to happen. As they stack up through the course of the book, it gets harder and harder to take it seriously even as satire until finally it becomes outright fantasy, with only a tenuous connection to reality as we know it.

It is true, to an extent, that some things happen because Eggers needs them to happen. Call it artistic licence or call it deus ex machina: an author is entitled to move a plot forward. Wired want a book about technology, which The Circle is not. Neither is it quite true that the book strays into the realm of fantasy; but even if it did, is that not a valid way of exploring the issues raised?

The Guardian, less obsessed with fidelity to the tech industry, struck the right note:

It’s not clear whether The Circle is intended as a satire of the present or a dystopian vision of the near future. Eggers’s writing is so fluent, his ventriloquism of tech-world dialect so light, his denouement so enjoyably inevitable that you forgive the thin characterisation and implausibility of what is really a clever concept novel.

The quality of the prose is not quite as the Guardian would have you believe and certainly does not match his earlier works. The Circle is patchy and clumsy in places (never in literature was a shark jumping pun more deserved). It is Crichtonesque and notably screenplay-friendly, but it fails to meet the standards set by either Crichton or Eggers himself. The Wall Street Journal sums it up well:

The Circle is not great literature. But it is a great warning—one that you’ll be hearing a lot more about.

The book is not interesting because of its prose or its authenticity: it is an allegorical tale, “a clever concept novel”. The allegory is not subtle and the tale is not particularly inventive, but nevertheless, even where the plot seems to overstretch, such as in the messianic monologues of The Wise Men, one does not have to go far to find similar statements and ideas already out there.

The Circle aims for “completion”, a state of complete “transparency” in society which effectively eliminates private spaces. Everyone has full access to everyone and everything else. That critics view this eventuality as being far fetched is astounding. For years now influential figures have formulated a philosophy of voluntarily limited privacy. In this profile of Mark Zuckerberg published by the New Yorker in 2010, a media and communications specialist at Microsoft Research outlined a key element of Zuckerberg’s views on privacy:

This is a philosophical battle. Zuckerberg thinks the world would be a better place—and more honest, you’ll hear that word over and over again—if people were more open and transparent.

In The Circle, it is as if Eggers has taken this quote and run with it. The book merely ties together a few strands that are already hanging out there today and develops them to a reasonably logical conclusion: how would people behave following a period of sustained erosion of privacy, cataloging of all information and aggressive privitisation or outsourcing of public services?

Zuckerberg, according to some, doesn’t believe in privacy. His response?

Zuckerberg defended the change — largely intended to keep up with the publicness of Twitter, saying that people’s notions of privacy were changing.

There are, generally, two primary ways the situation is currently viewed. In Zuckerberg’s articulation we have voluntarily modified our behaviour and our expectations of privacy. On the opposite end of the spectrum, as recently articulated by Eugene Kaspersky at the Dublin Web Summit, privacy can never be guaranteed online so you modify your behaviour accordingly. Either way there is grim inevitability.

“There is less and less privacy now. Fifty years ago, if governments and private companies were watching peoples every move there would have been huge protests,” he added.

A speaker at the same event pointed out that, despite the Snowden revelations, “nobody seems to care”, a view which arguably supports Zuckerberg’s vision of privacy.

In The Circle, the ability to modify behaviour and maintain privacy is challenged as the Circle closes in on everyone. Mercer, the totemic refusenik of the book, tries to live outside of the Circle and, in partly comic fashion, it closes in on him too.

Google’s long-stated aim has been to make the world, not just the internet, searchable. This can be achieved only by putting more information online and Google have been active in digitising libraries and cultural institutes to that end. Add in years of your emails and documents and they range of analyses they can perform are significant. The book addresses the issues raised by the digitisation of old information.

In Ireland, we are finally getting around to introducing a law on “spent convictions”. According to Remy Farrell SC:

as time passes the relevance of a person’s previous convictions diminishes to the point that they should be ignored.

Should a similar principle be said to exist in relation to information? Data protection law already requires that personal information should not be kept for longer than necessary; but how long is that? If you set up a Bebo account in 2005 which is now dormant but you have never deactivated it, at what point should there be an obligation on Bebo to shut it down and remove your photos from public view? At present, the European Union is preoccupied with “right to be forgotten” which, in The Circle, becomes the stated “right to disappear” of a high profile objector.

The Circle addresses, but does not fully confront, the manner in which the new global surveillance society is coming about: as a trade-off. You exchange your personal information for useful “free” services. You exchange your personal liberties for useful security services. The book presents the ultimate trade-off: what would you trade to stop child abduction?

Elements of The Circle that seem fanciful, such as politicians and individuals becoming “transparent” by voluntarily wearing webcams which broadcast at all times, seem less preposterous as technologies like Google Glass emerge. Adrian Weckler, reporting on the Web Summit, recently ran into Robert Scoble roaming the RDS wearing Google Glass. He mentioned, in jest, that you could not be sure if he was recording you or not.

These technologies initially take off due to their “cool” factor. They gain critical mass and then the trade-off comes: why don’t you want to be transparent? What are you hiding? Eric Schmidt has already made outstanding statements:

If you have something that you don’t want anyone to know, maybe you shouldn’t be doing it in the first place, but if you really need that kind of privacy, the reality is that search engines including Google do retain this information for some time, and it’s important, for example that we are all subject in the United States to the Patriot Act. It is possible that that information could be made available to the authorities.

The “nothing to hide, nothing to fear” argument is Orwellian, oppressive, ridiculous and easily debunked. But it persists. Schmidt suggests privacy is some personal foible or luxury that you might unreasonably insist on, not a basic human right which, by the way, is enshrined in numerous laws.

An interesting aspect to corporate attitudes to privacy is the reaction of Google and others to the Snowden revelations. Google and Facebook believe you should be transparent, that you should put as much as your life online as possible and open that up to as many people as possible while also allowing them to analyse the information and your interactions with others. But when it is revealed that the NSA may be carrying out some analyses of their own by using backdoors to their systems, it’s a different matter.

“We have long been concerned about the possibility of this kind of snooping, which is why we have continued to extend encryption across more and more Google services and links, especially the links in the slide,” he said.

“We do not provide any government, including the US government, with access to our systems. We are outraged at the lengths to which the government seems to have gone to intercept data from our private fiber networks, and it underscores the need for urgent reform.”

So, Google’s chief legal officer says they don’t provide access to their systems. But just a few years ago, pre-Snowden, Google’s then-CEO warned that information retained by Google could be made available to the authorities. They want to ensure that your data is protected from others, but not themselves.

What is particularly confusing and contradictory about the current erosion of privacy is the extent to which corporate, institutional and governmental secrecy is on the rise. We are told to accept limits on our personal freedoms in exchange for security while also being told to accept limits on the transparency of organisations for the same reason. Glenn Greenwald is the cause célèbre:

I really urge everyone to take note of, and stand against, what I and others have written about for years, but which is becoming increasingly more threatening: namely, a sustained and unprecedented attack on press freedoms and the news gathering process in the US. That same menacing climate is now manifest in the UK as well, as evidenced by the truly stunning warnings issued this week by British Prime Minister David Cameron.

Attacking press freedom attacks the citizen’s ability, and right, to know what is going on. Transparency is for Us, it seems, but not for Them.

The Boston Globe’s review of The Circle begins:

When I finished reading Dave Eggers’s chilling and caustic novel, The Circle, I felt like disconnecting from all my online devices and retreating for a while into an unplugged world. I gather that’s what he had in mind.

I didn’t have that reaction. Rather, I was angry at the reaction of publications like Wired who so easily dismiss it. We have already sleepwalked into an era of eroded privacy and astounding information storage. It is not at all unlikely or impossible that the trend will continue. There have been a number of horrific privacy breaches over the past years that should make people question the extent to which they engage with online services or which might have led to changes in those services, but it hasn’t happened. Sometimes a work of fiction is needed to allow people to think about these issues outside of the dense worlds of tech and law.

Privacy and the press

I wrote a short article for last week’s Sunday Business Post on the super-injunctions story and the conflict between freedom of speech and privacy. It appeared in the Computers and Business magazine and is available here.

It’s a difficult topic to tackle in a short article and some more thoughts on the issue are in my earlier rambling blogpost. However, Karlin Lillington dealt with the issue expertly in last Friday’s Irish Times by contrasting the UK super-injunctions saga with the Irish experience of data protection and retention laws.

PRIVACY HAS two definitions. There is the definition that applies if you are wealthy, or a celebrity, or a corporation or organisation, and you wish carefully to protect from the public eye your infidelities, personal peccadilloes, ethically questionable activities, illegal doings or other foibles that might damage your income, reputation or bottom line.

Then, there is the definition that applies if you are just an ordinary citizen and a bank, an insurance company, an electronics manufacturer, a telecommunications company, a law enforcement agency, a government department or other organisation holds or would like to view lots of potentially sensitive information about you.

If you are in the former, elite group, lucky you. You will find you are entitled to all sorts of perks and privileges when it comes to your special definition of privacy. Your national government may come up with laws specifically to protect your version of privacy.

Justice systems may invent special protections that mean not only is no one allowed to mention whatever it is you or your company is said to have done, but no one is even allowed to mention that such a legal protection is there in the first place.

Social media and internet companies may, despite public statements about valuing their users and freedom and democracy, relinquish information about the people who might have said something annoying about you, your company or your government, the better to enable the justice system to get these aggravating people off your back.

If you are in the second group, your privacy is too often a commodity.

Election 2011: Privacy, intellectual property & the internet

With so much of the electoral attention focussed on crisis management, it is easy to ignore other aspects of each party’s manifestos (or the absence of same in the case of many independents).

It is worth checking these manifestos for references to any issues you have a particular interest in: you might be surprised at what you find. Luckily, blogs like Maman Poulet and Human Rights in Ireland are keeping an eye on the aspects of the party manifestos not concerned solely with bond-burning.

Crowd checking the 1931 general election results, Willis Street, Wellington, 1931
Election night results, pre-Twitter

Our courts and citizens are having to deal with an increasing number of issues under our privacy, data protection and intellectual property laws, so I had a look at the parties’ positions in these areas. If I have missed anything, please let me know in the comments, along with suggestions as to what the manifestos should contain.

Fine Gael

  • FG would “review and update Intellectual Property legislation currently in place to benefit innovation.” This commitment is vague and suggests that the party is aware of issues but hasn’t thought about any solutions yet.
  • FG would “clarify the laws relating to on-line copyright infringement and the enforcement of rights relating to digital communications”. This probably refers to the consequences of the IRMA litigation (contrast with the Green Party manifesto, below). Again, the party does not appear to be ready to offer solutions.
  • What is meant by “the enforcement of rights relating to digital communications”? Does it refer to data retention or freedom of speech? The sentence is somewhat worrying in the absence of elaboration.
  • FG will revamp the Patents Office website. This is a bizarrely specific proposal, by contrast with the other high-level proposals.
  • The consultancy industry will be delighted to learn of plans for “an E-day on January 1st, 2016 by which all government services to business will be on-line only.”
  • FG would “develop Ireland as a ‘Digital Island’ and first-mover when it comes to information technology.” One might be forgiven for thinking that is an aspiration that is somewhat unrealistic in 2011.
  • FG would introduce a national DNA database. The process of doing so had already been started by the outgoing administration.
  • The party proposes a Circuit Commercial Court along the lines of the existing Commercial Court but which deals with smaller-value commercial disputes (the Circuit Court can generally hear cases for claims worth up to €38,092.14)

Labour

  • Labour’s Innovation Strategy Agency would, among other things, “make Ireland a world leader in the management of [IP]”.
  • Labour “supports the development of an International Content Services Centre in Ireland, and its potential to make Ireland a European hub for the dissemination of Intellectual Property.” This was, in fact, a commitment of the renewed Programme for Government agreed by Fianna Fáil and the Green Party in October 2009. It is also firmly in Your Country, Your Call territory: one of the winning YCYC proposals was to establish an ICSC. The competition winners were announced in September 2010, almost one year after the establishment of an ICSC became Government policy.
  • Labour propose to introduce civil orders against serious offenders following conviction, for example, restrictions on the use of the internet by those convicted of child sex offences.
  • Labour wants to make Ireland a headquarters location for data centres and cloud computing. The party would establish an expert group to review security and privacy issues arising from these areas. A data protection review group established by the Minister for Justice 2008 published a report in 2010. The EU is also currently reviewing the Data Protection Directive (Irish law implements the Directive) and cloud computing is one issue under review in that context.

Fianna Fáil

I will not be the first to suggest that the FF manifesto consists primarily of a defence of the outgoing Government’s policies and lists of achievements since 1997. It is not surprising, therefore, that party does not appear to offer much in the areas of privacy, IP and the internet.

No direct reference is made to copyright, data protection, privacy or the internet (not one instance of the word internet in the whole manifesto, though commitments are made about broadband). One, incidental, reference is made to IP in the context of publicly-funded research. While FG want to clarify the law on exploiting IP developed by third level institutions, FF want the outcomes of publicly-funded research to be made freely available “save where there are specific commercial intellectual-property issues.”

  • FF commits to supporting research and development and to continue use of the innovation voucher system to help small businesses acquire R&D.
  • Like the Labour party, the FF manifesto commits to fostering cloud computing services. It also commits to establishing the International Content Services Centre (as already mentioned, this has been Government policy since 2009).

Green Party

  • The Greens would “[p]revent private organisations from intruding into a citizen’s privacy”. The Data Protection Acts 1988 and 2003 already do this in general terms, but I assume that the Greens are proposing either reform of those Acts or the implementation of some form of specific privacy law, as was proposed but not implemented by the outgoing administration.
  • The Greens would prevent organisations from “summarily punishing citizens for alleged illegal activities and from interfering with citizens’ legitimate and legal uses of content.” Again, a little interpretation is required, but I assume this suggests that the Greens would deal with the consequences of the IRMA litigation in a manner which favours citizens over companies. As Minister for Communications, Eamon Ryan said that he was seeking the advice of the Attorney General in this area but his holding statement to the Dáil last year did not indicate any thinking along the lines of what is now contained in the manifesto.
  • The party would “[u]pdate the role of the Data Commissioner to ensure evolving technologies are in check with the rights of Irish citizens.” This might refer to increased enforcement powers, which would be welcome.
  • The party would completely oppose the introduction of software patents.

Sinn Féin

The SF manifesto makes no direct reference to copyright, intellectual property, data protection, privacy or the internet. However, the party would “focus on creating new jobs across the agri-food, tourism and IT/pharma sectors, and Research and Development as well as with initiatives that will ensure Ireland becomes a world leader in green energy.”


Irish data retention law now in force

There has been so much political uncertainty in recent weeks that one wonders what business of Government has gone on unnoticed. One such item of business, I discovered from the A&L Goodbody legislative FAQ referred to earlier, was the passing by the Oireachtas of the Communications (Retention of Data) Act 2011.

This controversial piece of legislation is not available,  as yet, in its final form as none of the Department of JusticeHouses of the Oireachtas or Irish Statute Book have published it.

The President signed the Act into law on 26 January 2011 but, as far as I am aware, this has not been reported on anywhere. The commencement date is not known but the latest draft available does not contain a commencement clause so, if one was not inserted before it was passed by the Oireachtas, it is now in effect.

[Update: I wasn’t correct in stating that the introduction of the Act hasn’t been reported on. I had missed Eoin O’Dell’s reference to its passing on his blog and Karlin Lillington‘s coverage in the Irish Times. She also covered the Seanad debates on twitter. However, it is still noteworthy that this news has been confined to analysis pieces and has not been headline news, by contrast with other rushed legislation recently signed by the President.]

According to the Internet Service Providers Association of Ireland:

ISPs providing Internet services to the public are now obliged to retain certain data, as set out in the Act, identifying the occurrence of a communication (but not about the content of the communication itself). This must be done for every user, whether they are a private or business customer. In the case of Internet communications the ISP must keep the data for a period of one year … [The] ISPAI regrets [the passing of the Act] despite the trojan efforts of non-government Senators who argued the amendments (which were defeated) aimed at giving greater clarity to the legislation and particularly to minimise its potential to put Ireland at a cost disadvantage to our EU neighbours for Internet based business.

Digital Rights Ireland summarised the effect of the legislation when it was first put before the Oireacthas as follows:

In essence, the Bill requires telecommunications companies, internet service providers, and the like, to retain data about communications (though not the content of the communications); phone and mobile traffic data have to be retained for 2 years; internet communications have to be retained for one year … This will impose significant costs on those obliged to retain and secure the data, and those costs will be passed on to their already hard-pressed customers. And it is likely to drive international telecommunications and internet companies to European states which have introduced far less demanding regimes.

The Irish Council for Civil Liberties made submissions to the Department of Justice about the legislation. Digital Rights Ireland took a constitutional challenge against the legislation and that challenge is en route to the European Court of Justice (the Act implements the EU data retention directive).

Telecoms industry surprisingly defensive on data retention

Karlin Lillington had an excellent piece in the Times on 25 September reporting on a private/confidential/secret (the correct adjective appears to be open to debate) deal between the State and the telecommunications industry in Ireland to supplement the law and proposed laws on data retention.

My contribution on the issue was published in the letters page on Friday (2 October), along with that of the industry. Karlin has a response on her blog:

“The fact is that no one I can find across the spectrum of those concerned about data retention — which include politicians, leading business figures, lawyers, and privacy advocates — knew they were off privately drawing up a memorandum figuring out how they would interpret a law and agreeing various provisions with the very people who can come demand our data from the operators. This job of interpretation, as I argued in my column, is normally the task of the legislature and the courts in democracies, and one might think on such a critical issue, should involve privacy advocates and some public input, something the telecoms industry has regularly called for when it has benefited them to do so (as some of the names on their letter know full well), but seemingly not at this critical juncture. I can only conclude that they only want ‘open’ discussion when they feel their input has been excluded, but that they don’t really want customers and businesses to know that they are now amongst the consultative closed circle.”

Her post includes some good onward links on the issue that are worth checking out. It’s also worth checking out Digital Rights Ireland’s posts.

What surprises me is the defensiveness of the industry. Originally, the industry was not receptive to the idea of data retention at all, as it saddles them with an extra financial and regulatory burden. Now, it would seem, they are cheerleaders for the Irish data retention regime and are first out of the blocks to defend it from criticism.