WELCOME to Connected Rights, your hat in the ring of digital rights news and analysis.
THANKS TO CAMBRIDGE ANALYTICA AND FACEBOOK, the purpose of data protection seems to have finally broken through into the public consciousness this past week. Here are several factors that have made this particular scandal exceptional and potentially game-changing.
1. This is all about data protection, rather than privacy as such. The distinction between the two is often blurry, but they’re separate fundamental rights (in Europe) for a reason. The Snowden revelations were ultimately about the right to personal privacy – the right to not be spied upon. The Cambridge Analytica scandal is about control over personal data, who had that control, to whom they gave it, and the result of that power grab.
2. As such, the latest scandal has provided a deeply educational demonstration of what happens when data protection regulations are not in place, or are simply ignored. A Facebook personality quiz was a ruse to harvest the data not only of those who took the quiz, but all their contacts too (to be fair, Facebook has since made the latter bit impossible). That data was then sold on, to be used for purposes entirely unrelated to those for which it was ostensibly harvested: to undermine the democratic process.
3. The EU’s General Data Protection Regulation could not hope for a more appropriate backdrop to its birth. Yes, there will no doubt still be a bunch of companies and Peter Thiels whining about how restrictive and unfair it is (as though it didn’t apply to EU firms as well as the American tech giants), but the Cambridge Analytica affair drastically undermines their credibility. It shows why we need such laws, and makes the EU look forward-thinking rather than progress-averse.
4. Unlike the Snowden scandal, the Cambridge Analytica allegations have arrived as part of a broader wave of concern, over both election-tampering and the tech giants’ responsibilities and motivations. What Snowden told us was more revelatory, in the sense that government spying is thoroughly pervasive, but it was made clear in more of a drip-drip fashion. Carole Cadwalladr has been after Cambridge Analytica for a while, but her new stories are bombshells that feel like they’ve come all at once, at a point where the public is already primed to place them into a wider context.
5. This time, the outrage of governments and regulators is more likely to bear fruit. There was a lot of noise after Snowden, but little really changed for the better – for the most part, governments spluttered a bit, then effectively legalised the illegal stuff their intelligence agencies were doing. This time the guilty parties are firmly in the private sector, and they are about to have the crap kicked out of them.
…SO, IS DECENTRALISATION THE SOLUTION? Here’s Lizzie O’Shea, writing for the Guardian on the Facebook scandal: “The blockchain also has the potential…to help people deal with each other without having to rely on a centralised platform or ledger. We have the technical capacity to chat, cooperate and trade directly with each other, without relying on private platforms that measure value in ad revenue.”
However, decentralisation is not necessarily a panacea. As I wrote last month, blockchains present major data protection issues of their own, due to their effective immutability. Similarly, any (legally compliant) decentralised alternative to Facebook is going to have to give people the ability to ensure that their personal data is erased or amended everywhere.
And these issues are unlikely to remain abstract for long. Yesterday, the Guardian also reported that researchers have found the Bitcoin blockchain to include many links to child sexual abuse material.
I’ve long been an advocate of decentralisation, as you can see from my book and other writings. But I’m also a fan of the capacity for law enforcement, in the realm of data protection and otherwise. If re-decentralisation is going to happen – as I hope it does – it will need to involve technical advances that have not yet appeared. There must be some way to avoid the censorship and surveillance vulnerabilities of today’s centralised frameworks without falling into a toxic, anti-fundamental-rights trap. Right?
SPEAKING OF BITCOIN, THE INTERCEPT REPORTS that the NSA was, several years ago, working hard to track down users of the cryptocurrency and to spy on them by collecting their password information and internet activity logs.
To support my work, please consider visiting my Patreon page or buying my book, Control Shift: How Technology Affects You and Your Rights. Here are the links to the book’s British, American and German Amazon pages.
“ACADEMICS AND CHARITY BOSSES” ARE URGING the Scottish government to back trials of online voting, in order to boost participation.
The signatories, led by a group called WebRoots Democracy, say security challenges “should be tackled through pilot schemes rather than avoided altogether”. And that’s pretty much all they say on the topic of security, which is the reason why online voting isn’t already a thing. It had better be an innovatively-designed pilot.
WIRED HAS A SCARY PIECE ABOUT DOMESTIC ABUSE AND SURVEILLANCE technologies, which all too often go hand in hand.
A terrifying passage: “[Support worker Amy] Glover advises abuse survivors to turn off ‘Find my iPhone’, as well as lock down social media. Glover says such attacks are regular occurrences. ‘One example is a woman who was placed in temporary accommodation after fleeing abuse,’ she says. ‘The following day she received a text from her perpetrator with a screenshot of her new front door. It turned out that he had found her via location services on her smartphone.'”
GITHUB, THE ONLINE CODE REPOSITORY, is urging developers to lobby EU lawmakers to ensure that the bloc’s proposed new copyright filters don’t include online code repositories.
“False positives (and negatives) are especially likely for software code because code often has many contributors and layers, often with different licensing for different components,” Github said in a blog post. “Requiring code-hosting platforms to scan and automatically remove content could drastically impact software developers when their dependencies are removed due to false positives.”
CALIFORNIA IS CONSIDERING A NET NEUTRALITY LAW THAT’S TOUGH on zero rating, the practice where internet service providers don’t charge end-users for the data used by specific services.
As I noted a couple weeks back, many U.S. states are setting up their own net neutrality laws to fill the gap left by the FCC rescinding its rules. However, California’s version is even stronger on the zero rating issue than the FCC’s rules were. It also stops ISPs from charging online services to send data to end-users.
If you’d like me to write articles for you about digital rights issues, speak at your event or provide privacy advice for your business, drop me an email at firstname.lastname@example.org.
YOUTUBE’S APP FOR KIDS HAS BEEN FOUND to be full of somewhat anti-educational conspiracy theory videos. Some, including classic David Icke lizard-people stuff, have now been removed. “Sometimes we miss the mark,” the Alphabet-owned firm admitted.
THE DUTCH DATA PROTECTION AUTHORITY ACCIDENTALLY LEAKED the names of some of its employees in more than 800 public documents. The agencies policies forbid revealing its employees’ names, but it didn’t scrub those details from the documents’ metadata.
A GUY WHO FILMED HIS DOG GIVING “NAZI SALUTES” and posted the footage on YouTube has been convicted of committing a hate crime. The dog raised its paw when Mark Meechan said things like “gas the Jews” and “Sieg Heil”. Meechan said he did this to annoy his girlfriend, who is the pug’s owner. Here’s a Twitter thread from human rights barrister Adam Wagner on why this isn’t a good conviction.