In anticipation of a session that I will be giving on MAC301 in a couple of weeks, I thought I'd post a few links here which touch on the issue of data privacy. These might make interesting case studies for anyone looking to explore what seems like a hot topic at the moment (think Twitter, Facebook, Big Brother, reality television, mobile phones, etc). Indeed, The Guardian has a handy collection of resources here. City University London even offers a MA in Surveillance Studies.
Google's Street View
Earlier this week Jamie Doward wrote for The Observer about how the Information Commissioner ruled that Google's Street View, the service which depicts 360-degree views of buildings and highways, is not a threat to personal privacy. This in itself is not new news, but it is just one article among many that have highlighted anxieties about the new service. Privacy advocates like Privacy International have already complained about the service, claiming it has led to moments of embarrassment or distress, when the Street View car has captured members of the public at importune moments (eg such as people being caught on camera leaving sex shops).
Google has already gone some way to offset this type of criticism by obscuring the faces of people caught on camera, as well as car numberplates. However, this hasn't allayed all anxious that the service may be abused, such as the inhabitants of Broughton, North London, who were so fearful that their affluent neighbourhood's appearance on Street View would attract criminals that they remonstrated with the driver of the Google vehicle (see CNN story here for more details). This isn't the first or last time that Google's tools have been used inappropriately, but that doesn't mean there are no advantages to its services.
There are obvious advantages to a location-aware service like Street View, especially for people trying to find their way to places they have never visited previously. A three-dimensional representation will help bridge the gap that satellite images cannot.
I've mentioned Phorm (aka Webwise) on this blog before. They are a company who harness intrusive DPI (Deep Packet Inspection) technologies to monitor our private personal data so that they can sell this data to interested parties in order to 'improve' targeted advertising. Briefly, this means that the sites we visit and the kind of links we follow will build up a profile of our behaviour so that more suitable adverting content can compete for our attention rather than being bombarded with blanket advertising that we have little or no interest in. BT and Virgin Media have been linked with this technology in the past.
Several high profile groups have criticised Phorm, especially the Open Rights Group (ORG) and the inventor of the Internet, Tim Berners-Lee. ORG have managed to get a number of key sites to opt out of Phorm's Webwise project, including Amazon.co.uk.
There is very little average web users can do to prevent targeted behavioural-based advertising from happening (beyond complaining to their ISPs and supporting groups like ORG) as the technology works at the ISP server side. I recently wrote about Google's decision to employ similar techniques and how to prevent privacy being invaded here.
Phorm have claimed that they are not being invasive. The data gathered is anonymous in that individual Internet use is collated into similar user types - Phorm will not create a unique target-based system for everyone just yet. An individual's behaviour will fall into a specific set of established categories with relevant advertising directed at those groups of users.
The UK government has approved Phorm but the European commission has launched legal proceedings against them for allegedly breaching EU data protection laws (see The Guardian article here for details). It seems that the intercept technology employed does not neatly fit within present guidelines of the intentionality of the interception and the amount of consent given to Internet users.
Government intercept powers
Recently the UK government shored up the final bit of data interception law that was missing from it's portfolio when it added email and VoIP to the list of things that communication service providers had to keep records of. Mobile and fixed-line phone connection records have already been part of the package for a few years now. As of March 15th 2009, ISPs have to retain data about when and where emails were sent (not about the content) - historically this was voluntary - in case one of over 600 public bodies makes a request to access the information. This was part of a wider EU Data Retention Directive (2006/24/EC OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL), agreed back in 2006.
The rationale behind this move is to protect our freedom - to keep an eye on potential and actual terrorists using these services in order to prevent an attack. It is debatable whether or not buidling up these network profiles actually prevent terrorism (as in the 9/11 incident when the network was known to officials but ineffective as a means of prevention). Charles Arthur wrote a piece for The Guardian this week in which he astutely highlighted the dangers of this legislation for investigative journalism - something which is already under threat in a period when news producers are facing tough economic conditions.
The implications are clear - a journalist's data and sources for investigative stories, if gathered electronically, will be accessible for those bodies with a 'valid request'. This is potentially harmful for democracy when a whistleblower's anonymity is far from guaranteed.
What will be covered next? Messages sent across social networks sites like Twitter and Facebook or across gaming networks like the Playstation Network and Microsoft Live? So, just how private is private when so many disparate bodies are interested in the minuate of everyday communications? Is it best to think of everything we do which we may have thought of as being private as being public?