Thursday, March 27, 2008

JCHR condemns govt privacy record

"The Committee regrets that it has taken the loss of personal data affecting 25 million people for the Government to take data protection seriously. Once reviews of data protection legislation and practice have been completed, it expects the Government to take action to foster a positive culture for the protection of personal data by public sector bodies." —Joint Committee on Human Rights report on Data Protection and Human Rights

Tuesday, March 25, 2008

Everywhere and nowhere

Interesting Economist article suggesting that social networking functionality will migrate from sites like Facebook and LinkedIn into our e-mail clients, calendars and address books — giving more opportunity for privacy-friendly design.

Friday, March 21, 2008

Officials snooped on Obama passport files

Barack ObamaThree US State Department officials have been disciplined for improperly accessing the passport records of Democrat presidential candidate Barack Obama. It is good to hear that audit systems protecting the data of "high-profile Americans" worked in this case and two of the employees concerned were fired. But what about the 99% of US citizens who are not politicians or others of special interest? Doesn't their data deserve protection too?

There are also questions over why the State Department was collecting and storing more sensitive personal information (such as travel plans) than it needed to issue a passport. Minimisation of personal data collection is a key data protection principle. Nor should State Department workers have been technically able to access records they had no legitimate reason to see. Most security breaches come from "insiders" (employees with authorised access to systems and information) — systems must be designed to prevent illegitimate access.

UPDATE: It seems these officials also snooped on the passport files of Hillary Clinton and John McCain.

How to cheat at voting

"What [the Electoral Commission] needs to do now is follow [Mr Justice Mawrey's] robust lead and accept that seven years of experimentation with postal voting on demand has undermined our democracy to an unacceptable degree. Far from being outmoded pieces of victoriana, the polling station and the secret ballot are priceless 19th century inventions that we should never have dreamed of abolishing. What the Electoral Commission should do is stand up for voters and recommend an end to postal voting on demand, reversing the so-called reform voted by parliament in 2000. Convenience voting, like convenience food, leaves a nasty taste in the mouth." —John Morrison

Wednesday, March 19, 2008

Postal voting cheats are threat to May elections

An election court has stripped a Conservative councillor in Slough of his seat after finding that hundreds of "phantom" postal ballots were cast in his election. Judge Richard Mawrey QC commented that changes to electoral law allowing postal voting on demand have been “lethal to the democratic process” and made “wholesale electoral fraud both easy and profitable.”

Unfortunately for the integrity of our voting system, the government has rejected the opinion of the Electoral Commission that postal votes should be limited to those who cannot physically attend a polling station — or even to require individual rather than household voter registration. Perhaps they will now pause for thought before massively increasing opportunities for fraud by introducing electronic voting.

Tuesday, March 18, 2008

Convergence, competition and innovation

Peter BazalgetteAn interesting seminar this morning at the government's Convergence Think Tank. This is a joint BERR-DCMS group set up "to examine the implications of technological development for the media and communications industries, and the consequences for both markets and consumers." Today's event was on content and services.

Former Endemol UK chairman Peter Bazalgette stole the show with his presentation on opportunities for the UK creative industries. His view was that most TV networks around the world are now extremely wary of taking risks with new programme formats, but that the UK and US are highly successful at launching new shows. The UK also has an extremely strong advertising market, with 40% of total European online spend. The government should therefore be focussed on supporting this risk-taking environment with continued investment in public sector broadcasting, deregulation of the advertising market (particularly rules on product placement) and fast roll-out of high-speed broadband networks. Bazalgette also said that the writers and directors of tomorrow are already advertising their talent through content on sites like YouTube; it is up to production companies to seek out the best of them and commercialise their product.

After this tour de force it was difficult for the panel discussion to add a great deal. The only notable suggestion was from Dawn Airey, ITV's MD of Global Content, that search engines be forced to promote content from terrestrial broadcasters. It was unclear why this would be a good idea, or how it could work in practice. As Peter Bazalgette added, the Internet has decisively disintermediated TV networks and big music labels alike; intermediaries can only be successful in future by finding new ways to add value.

The panel seemed to agree that the music industry needs to follow the TV world in focussing on getting their product out to the maximum number of listeners, and that we are now living in a "post-DRM world" where teenagers will not accept restrictions on their use of content. Bazelgette was scathing about the idea of government regulating Internet Service Providers in an attempt to reduce copyright infringement.

There was some discussion of "two-sided markets" or, in plain English, content providers and access networks developing joint products and sharing revenues. Andrew Budd from mBlox said that the greatest challenge to the mobile content market was per-megabyte charging by carriers, which makes video content extremely expensive. While Budd thought network neutrality requirements were an imposition too far for ISPs, he seemed to think government should intervene to require flat-rate pricing of mobile data access, or that mobile providers should offer a "sender-pays" model. Yahoo's Emma Ascroft replied that full user transparency and choice over costs would be preferable.

The one subject that could have done with more discussion was privacy. Several panelists claimed that advertisers need to know much more about Internet users in order to display more "contextual" adverts. While they seemed to think industry self-regulation is sufficient to protect user privacy, they may be unpleasantly surprised by the arrival of the EU's data protection regulators in this debate. Current controversy over the scanning of Web sessions by Phorm gives a taste of how customers might react to a wholesale invasion of their online privacy.

Monday, March 17, 2008

Precious liberty

"The creation or adoption of instruments of control, surveillance, and eavesdropping, along with laws and powers to detain, proscribe, silence and punish in areas of thought and activity which were once not subject to such interference, is like loading a gun: we put the loaded gun in the hands of a benign and concerned government wishing to protect us from terrorism, illegal immigration and organised crime, then they pass the gun to the next generation of government, and they in turn to the next … and so unpredictably into the future, in the hope that things will always be such, and times such, and people such, that benignity can and will reign all the way, with the ordinary citizen still functionally free and secure throughout.

"History teaches a painfully different lesson about such naive hopes. If one would try to protect oneself against things going wrong, do not create instruments that could all too easily go wrong in the wrong hands — and very, very wrong at that." —A.C. Grayling

Thursday, March 13, 2008

Morality does not make good public policy

"Morality, which is hard to define let alone to measure, is not a good basis for public policy. Science is a good basis for public policy. Economics, even. But not morality. Look at sex education in the US. The Bush administration promotes abstinence. No information about condoms, nothing about safe sex. The result of this cross-your-legs-and-think-of-God approach, according to official figures released this week, is that a quarter of teenage girls in the US have a sexually transmitted infection. How moral is that?" —Elizabeth Pisani

Observing the English and Scottish 2007 e-elections

Last year's trials of electronic voting and counting systems in UK elections did not go particularly smoothly. Parliamentary Affairs has just published a review by myself and Jason Kitcat:

Elections held during May 2007 in England and Scotland for the first time allowed accredited observers access to polling stations and counts. This provided an opportunity for detailed scrutiny of the use of e-voting and e-counting equipment in these elections. This article assesses the use of these technologies using observations from 10 constituencies and data obtained using Freedom of Information Act requests, interviews with officials, candidates and parties and reports on previous trials. It finds that inadequate time was available during the procurement process for cross-party consensus to be built around the English e-voting trials or for systems to be fully tested. Design errors meant that a very large number of Scottish ballots were spoiled, while problems with ballot papers required a large number of votes to be counted manually. Votes initially missed due to an over-wide Excel spreadsheet changed the result in the Highlands and Islands and handed control of the Scottish Parliament from the Labour party to the Scottish National Party.

The ethical challenges of ubiquitous healthcare

One of the big medical trends of this coming decade will be the use of miniaturised computing devices to monitor and respond to changes in patients' key physiological indicators. You can read about the ethical implications in an article by myself and Andrew A. Adams, just published in International Review of Information Ethics:

Ubiquitous healthcare is an emerging area of technology that uses a large number of environmental and patient sensors and actuators to monitor and improve patients’ physical and mental condition. Tiny sensors gather data on almost any physiological characteristic that can be used to diagnose health problems. This technology faces some challenging ethical questions, ranging from the small-scale individual issues of trust and efficacy to the societal issues of health and longevity gaps related to economic status. It presents particular problems in combining developing computer/information/media ethics with established medical ethics.

This article describes a practice-based ethics approach, considering in particular the areas of privacy, agency, equity and liability. It raises questions that ubiquitous healthcare will force practitioners to face as they develop ubiquitous healthcare systems. Medicine is a controlled profession whose practise is commonly restricted by government-appointed authorities, whereas computer software and hardware development is notoriously lacking in such regimes.

Cyberspeech: the limits of free expression

Index on Censorship have kindly asked me to speak at their event on Internet censorship at the Soho Theatre on 25 March. I'm looking forward to the discussion, especially as the panel includes one of my favourite writers on rights, professor of philosophy AC Grayling:

Now that downloading the wrong kind of material can get you a prison sentence, is it time to challenge an encroachment on a fundamental liberty, or does the internet need tighter controls to combat the influence of extremism?

Index on Censorship presents a debate about the limits of free speech online, with AC Grayling, Panorama’s Shiraz Maher and Dr Ian Brown of the Oxford Internet Institute, chaired by Index editor Jo Glanville.

For a preview you can read a preprint of my forthcoming book chapter, Internet Censorship: Be Careful What You Ask for.

Saturday, March 08, 2008

Human rights are British values

"Along with the peoples of most other European nations, the British are keen for European institutions to stand up for human rights and sexual equality as the union's prime values. Is this not striking? We want to promote human rights and equality yet we face a permanent propaganda campaign against the Human Rights Act, against the European courts and, in the context of the now defunct EU constitution, against the charter of rights and freedoms — all of which have been relentlessly portrayed as threats to British ways and values rather than the embodiment of them that they really are." —Martin Kettle

Friday, March 07, 2008

ID cards are the ultimate identity theft

"The ID card itself isn't the real problem: it's the ID register. There, each entry will eventually take on a legal status. In time, all other proofs of identity will refer back to the one entry. If the register is wrong — and remember fallible human hands will at some stage have to handle your personal information — then all other databases will be wrong too. Given the propensity of officialdom to trust the details on their computer screen, rather than the person in front of them, you will have to conform to your entry in the register — or become a non-person.

"In effect, your identity won't reside in the living flesh and blood of you, but in the database. You will be separated from your identity; you will no longer own it. All your property and money will de facto belong to the database entry. You only have access to your property with the permission of the database. Paradoxically, you only agreed to register to protect yourself from 'identity theft', and instead you find yourself victim of the ultimate identity theft — the total loss of control over your identity." —Prof. Ian Angell