understanding the importance and impact of anonymity and authentication in a networked society
navigation menu top border

.:home:.     .:project:.    .:people:.     .:research:.     .:blog:.     .:resources:.     .:media:.

navigation menu bottom border
main display area top border

« December 2005 | Main | February 2006 »


posted by:Carole Lucock // 11:17 PM // January 31, 2006 // ID TRAIL MIX


The Internet has greatly expanded access to the decisions of courts and administrative tribunals, which enhances an open, accessible and accountable system of justice. Courts and tribunals across Canada provide online access to their decisions, which is further enhanced by services such as those provided by the Canadian Legal Institute, a not-for-profit organization initiated and funded by the Federation of Law Societies of Canada to make primary source legal information freely available on one website.

Such ready access to decisions has also brought questions about its impact on privacy, particularly when a significant amount of personal information is disclosed in the decision and is readily accessible to anyone who wishes peek.

This is illustrated by an investigation report issued earlier this year by the Information and Privacy Commissioner of Saskatchewan, Gary Dickson. The Commissioner had been asked to investigate the Saskatchewan Automobile Injury Appeal Commission’s practice of publishing the full text of its decisions on its website. Commissioner Dickson was of the opinion that this practice was not in compliance with the provisions of Saskatchewan’s access to information and protection of privacy legislation and recommended that the Automobile Injury Appeal Commission amend its practice by masking the identity of claimants, thus accommodating the goal of public accountability while protecting the privacy of a claimant.

The Commissioner’s report provides a thorough and thoughtful analysis of the issues and the interests at stake. The Commissioner notes that:

Each decision typically includes information about the diagnosis, treatment and care of the individual. It typically reflects things said by the applicant and things said about the applicant by others including medical experts. It may include gross income, income tax, CPP, EI and total deductions. It may discuss living arrangements, children and relationships. The information about the physical and mental health of the applicant is detailed and extensive. We expect that if an applicant had a mental illness, HIV/AIDS, a miscarriage, an abortion, and that was viewed as somehow relevant in the Commissioner’s deliberations, that would be described in the decisions as it appears on the website.

The Commissioner recognizes that privacy rights are clearly implicated when personal information revealed. He also raises more pragmatic concerns related to facilitating identity theft as well as noting the additional negative consequences that might flow from this practice including: the shame, embarrassment or discrimination that might ensue; the potential impact on the personal safety of victims of domestic violence; and the opportunities for data profiling and marketing by private business.

The Commissioner’s recommendation to mask identity seems like a reasonable solution. It was not followed. The Saskatchewan Automobile Injury Appeal Commission continues to publish this information on its website, which was a subject of comment by the Information and Privacy Commissioner in his 2004-2005 annual report to the Saskatchewan legislative assembly.

Apart from raising significant issues about the real teeth in public sector legislation that purports to give citizens privacy protection in the records held about them by government yet only provides the Commissioner with the power to make ‘recommendations’ that can be followed or rejected at will, it raises more fundamental questions concerning the principles that should be adopted as courts and tribunals move to grant unprecedented access to their decisions via the Internet.

The Canadian Judicial Council, a body comprising the chief justices and associate chief justices of Canada’s superior courts, has spent some time reviewing this issue in the context of publishing the decisions of courts. It developed and disseminated a discussion paper, Open Courts, Electronic Access to Court Records, and Privacy, which noted that courts across the country were using different strategies to address the problem of access to personal information through access to judgments. For example, some jurisdictions had stopped publishing family law decisions on the Internet. The discussion paper has been followed up with a recommended protocol on the use of personal information in judgments.

The protocol seeks to maintain and encourage an open system of justice, including the publication of decisions, unless there is an express publication ban in place. It recommends that privacy interests be accommodated by judges by omitting certain personal information in their reasons for judgment. The protocol devises three levels of protection: personal data identifiers, legal prohibitions on publication and discretionary protection of privacy rights.

Personal identifiers related to information such as date of birth, SIN number, credit or bank account information – information, which is subject to misuse from such purposes as identity theft. In general the protocol notes that it is not generally necessary to include such information and recommends omitting it from judgments; however, in cases where such information is necessary to the judgment then the protocol recommends considering obscuring it by removing elements of it.

When a publication ban is in place, the name of an individual is typically masked. The protocol recognizes that removal of a name is not always sufficient to mask identity and recommends the omission other types of information such as: personal identifiers and acquaintance and location information.

Finally, the protocol addresses discretionary privacy rights of those who while not protected by a publication ban should nonetheless be protected, these would generally be restricted to cases where there “may be harm to minor children or innocent third parties, or where the ends of justice may be subverted by disclosure or the information might be used for an improper purpose.”

No doubt discussion of these matters will continue into the future and courts and tribunals will be challenged to review their practices in this changed environment. Commissioner Dickson notes the important distinction between allowing a person to attend and review a record or decision and posting it on the Internet. “I find that there is a ‘practical obscurity’ of paper files … that no longer exists once the report is posted to the website.”

While the concept of an open system of justice may not have been well served by practical obscurity, undoubtedly privacy interests were, and we now have to face the thorny issues of how to accommodate both in the wide-open world of the Internet.

Further reading

| Comments (0) |

Invasion of privacy is (finally) recognized as a tort in Canada

posted by:Alex Cameron // 06:58 PM // January 27, 2006 //

An Ontario court has just settled what has been unsettled in Canada for a long time. From the decision...

"Can someone whose privacy has been violated by another person pursue a civil remedy in the courts of Ontario? Does our law recognize the tort of invasion of privacy? These are the questions raised in this motion ..."


"Even if the plaintiff's claim for invasion of privacy were classified as "novel" (which, in any event, is not a proper basis for dismissing it) the foregoing analysis leads me to conclude that the time has come to recognize invasion of privacy as a tort in its own right."

Link to the decision.

| Comments (0) |

NYT reports on an uptick in online anymizing tools

posted by:Marty // 11:06 PM // January 25, 2006 //

The New York Times reports on an increase in usage of anonymizing tools, applications and services (such as Tor). Also mentioned in the article is the increased variety of these products and services.

A question for our readers - call it an informal survey of sorts - are you using these tools and services? If so, which do you prefer? Have any of these things turned you off?

Read the article here: http://www.nytimes.com/2006/01/25/technology/techspecial2/25privacy.html?_r=1

| Comments (0) |

Giving it up for Free: Teens, Blogs, and Marketers’ Lucky Break

posted by:Jackie Strandberg // 11:38 PM // January 24, 2006 // ID TRAIL MIX


In 2004 the Miriam Webster Dictionary named “blog” the word of the year. This is only one indication of the increased popularity and visibility of blogs in the media, and blogs have become a viable and highly accessible source of information and opinion for all internet users. The very fact that I’m writing a blog for work purposes attests to their new found respect and acceptance in academic culture.

However, we earnest bloggers are not the only people out in cyberspace making good use of the free publishing services offered by software sites such as Blogger or LiveJournal. Because blogs are published on the internet, a public forum, they offer marketers a rich source of consumer information: one that they can access absolutely for free.

There is no question that personal information regarding consumer identity and spending habits online is highly valuable to marketers. Typically, much of this information is collected by web sites in the form of registration required for site access. “Lately there has been a tendency to trade information quid pro quo (See Custers 2000), and web users often have to fill out a form to simply gain access to a site” (Van Wel and Royakkers, 2004, p. 132). In many jurisdictions, including Canada, this information can be collected and used only with the explicit and ongoing consent of the consumer, and this requirement puts considerable onus on those collecting and using consumer information to ensure that consumers have offered their informed consent.

The type of information collected through blog mining is especially useful when the target demographic is teenagers, one the marketing industry’s most sought after consumer groups. Digital Marketing, a Toronto based industry magazine advocates mining teenagers’ blogs as they

“are important … not only as a tool to reach those groups [teenagers], but as a tool to get into their heads. I’m completely selling out my generation here by typing this, but so much money is spent trying to figure out what the average teenager is thinking and here on the Internet you have several thousand examples of a teenager’s open diary.” (Crittenden, 2003)

There are a lot of blogs out there produced by teenagers. In fact, teenagers make up more than half of the blogging population (Bocij, 2004, p. 17). Traditional safeguards used to protect privacy in the face of marketers are effectively defeated in a blogging context because teen bloggers are actively posting their consumer information, often of a highly personal nature, of their own volition. Marketers no longer need to conduct pesky focus groups, obtain parental consent, or concern themselves with ethical issues regarding intrusion in order to mine the rich data published on teenagers’ blogs. Teenagers who blog are essentially giving it up for free.

Web mining practices are used by marketers as a set of more subtle “techniques … used to automatically discover and extract information from web documents and services” (Van Wel and Royakkers, 2004, p. 129). When these documents and services are in the public domain, no explicit consent is required for data mining; furthermore, bloggers often are not even aware that their blogs are being mined.

Blog mining is the ability for a computer program to seek out blogs and search the content for information of use to a corporation – contact information (including email and other identifiers), social network information (contact information for connections within a social network), product likes and dislikes, recent purchases, opinions and attitudes, etc. Blog mining gives marketers a unique opportunity to track and capitalize on trends (see Domingos 2005 and Morinaga et. all 2002), with the resulting information contributing significantly to viral marketing practices. Blog mining gives marketers information direct from the source regarding products or services, and the information is acquired faster and for less cost compared to focus groups, surveys, or interviews (see Van Wel and Royakkers, 2004).

This new approach to information gathering has opened up the hitherto untapped information resource of blogs. In fact, blog mining is now virtually de rigueur: according to one industry analyst

“like unstructured content captured on Web forms that never really gets used, blogs' explosive growth is generating raw data sets that your company really can't afford to ignore.” (Columbus, 2005)

The legality of web mining as a whole is, admittedly, a grey area within Canadian Federal law. The Personal Information Protection and Electronic Documents Act (PIPEDA) received royal assent from the House of Commons in 2000, well before data mining had come into its own. An updated version of PIPEDA in the summer of 2004 failed to make any mention of web mining and the legalities surrounding it. Given the relative novelty of blogging as an emerging trend, it is unlikely the government will come to address it or the concerns surrounding the invasion of teenager’s online privacy in the near future. The reality, however, is that bloggers willingly publish these jewels of information and make them publicy acessible, making it “debatable whether this kind of information deserves to be protected at all” (Van Wel and Royakkers, 2004, p. 131).

On the technological side, there is no guaranteed way for bloggers to actively protect their blog from being indexed by a robot or spider, an essential step for data mining to work effectively. LiveJournal does provide advice to its users on how to best avoid being indexed. These recommendations include offering a block spiders/robots option, encouraging the use of Friends only or Private entries, and suggesting users avoid putting personal and contact information on the publicly viewed areas of their blogs. LiveJournal, however, is quick to point out that

“Not all robots respect the rules, although most of the popular search sites' robots do. LiveJournal cannot guarantee that the indexing option will keep your journal from being indexed by search engines. If your journal has been listed in a search engine, you will need to contact the search engine to have it removed from their listings” (Frequently Asked Questions).

Thus, the onus is placed directly on the user to ensure their own privacy and security, and users who do not take this step will leave the content of their blogs accessible to web mining.

This may leave teen particularly vulnerable to blog mining. Considering the fact that most teenagers have shown little to no security or privacy concerns about using the internet, it seems unlikely that they would bother to change the default setting of their blog to ensure their privacy (see Lenhart, Rainie, and Lewis, 2001).

In the end, teens must be encouraged to weigh the benefits of posting a blog against the costs of having their personal information mined without their knowledge. In the case of teenagers, it is difficult to see blogs being given up entirely, especially when their popularity is considered. All we can do is encourage teens to consider the privacy implications of posting information on publicly available blogs, and encourage them to exercise their rights with respect to privacy protection.

Special thanks to Jacquie Burkell for all her editorial assistance.


Bocij, Paul. (2004). Camgirls, blogs and wish lists: how young people are courting danger on the internet. Community Safety Journal. 3 (3), 16-23.

Columbus, L. (2005). Blog Mining Gets Real. CRM Buyer [online]. Available: http://www.crmbuyer.com/story/43483.html

Crittenden, S. (2003). He wuz a sk8er boi... . Marketing Magazine. 108 (10), 20.

Domingos, P. (2005). Mining social networks for viral marketing. IEEE Intelligent Systems, 20 (1), 80-82.
Frequently Asked Questions: What can I do to help stop my journal from ending up on search engines? (2005). LiveJournal [online]. Available: http://www.livejournal.com/support/faqbrowse.bml?faqid=50

Lenhart, A., Rainie, L., Lewis, O. (2001). Teenage Life Online: The rise of the instant- message generation and the Internet's impact on friendships and family relationships. Pew Internet and American Life Project [online]. Available:

Morinaga, S., Yamanishi, K., Tateishi, K., Fukushima, T. (2002). Mining product reputations on the WEB. Proceedings of the 8th ACM SIGKDD International Conference on Knowledge Discover and Data Mining, 341-349.

Office of the Privacy Commissioner of Canada (2005). The Personal Information Protection and Electronic Documents Act. [online]. Available: http://www.privcom.gc.ca/legislation/02_06_01_e.asp

Van Well, L., & Royakkers, L. (2004). Ethical issues in data mining. Ethics and Information Technology, 6 (2), 129-140.

| Comments (0) |

Search engine privacy

posted by:Marty // 01:45 PM // January 20, 2006 // Surveillance and social sorting

Concerned about the Justice Department trying to find out what you're searching on-line? Wired has posted an FAQ on search engine privacy, which contains a few helpful hints. Jump to it here.

| Comments (0) |

Feminism, Privacy, and Battered Women

posted by:Krystal Kreye // 11:53 PM // January 17, 2006 // ID TRAIL MIX


I am sure that some of you have heard about the "Heron" case in British Columbia. For those of you who have not here are very brief and general facts about the case, taken from the Globe and Mail,

"VANCOUVER -- The legal strategy of the federal and B.C. governments to blame Sherry Heron and her mother for their slayings has been described as "alarming" and "beyond comprehension" by groups that work with abused women.
Ms. Heron, 41, was a patient at Mission Memorial Hospital when she was shot to death by her husband, Bryan Heron, in May, 2003. The provincial corrections officer also killed his mother-in-law, Anna Adams, at the hospital before committing suicide three days later.
Ms. Heron and her family had spoken to the RCMP about her fears of her husband, and she obtained a restraining order.
The four siblings of Ms. Heron have filed a lawsuit against the RCMP, the provincial government and the Fraser Health Authority, alleging negligence in their failure to protect their sister. In response, the defendants are claiming Ms. Heron and her mother were negligent and contributed to their own deaths." (Shannon Kari - for the Globe and Mail)

The 'privacy' connection in this case may not be absolutely apparent to everyone at first glance but the privacy and confidentiality needs of battered women continue to be among the most important and pressing ones in our society. The central question being: can we really fault those who are unable to secure their privacy against their abusers?

This issue is problematic and does a good job of highlighting 'the value problem' of privacy. I call it the 'value problem' because in some cases we want to value privacy and in some cases we should not value privacy. The case where I do not believe feminist theorists should champion privacy any longer is in the home. I know some of you are probably shocked and appalled right now but let me make some clarifications and some arguments before you dismiss this as absolutely crazy. I do feel that the rationality behind people's conception of privacy in the home contributes (maybe even the origin?) to the abuse of women in the first place. The "my home is my castle" mentality is a driving force behind people's ability to abuse their spouses. Very rarely do you see someone hitting his or her spouse in a public place or in a communal living situation where violence is unacceptable. When we theorize the home as a private space not only are we misrepresenting that space (I say misrepresenting because the home is never really 'private') but also we are doing great injustice to those who are made prisoners or subjects of cruelty by this sometimes termed 'intimate sphere'. Does this mean that we should all live in glass houses? No, of course it does not. What it means is that when feminists theorize about privacy we should stop trying to create an 'intimate space' out of the household and try and focus on those whose lives are ruined and in many cases taken away by the rationality of that household. I believe that once spousal violence has been stopped (and it can be) then it would be productive for feminist theorists to start theorizing and championing an 'intimate sphere' (away from government interference) but until that time our focus and efforts should be on those who are terrorized by such a space. It is the job of feminist theorists to help provide a platform on which people suffering from violence or oppression can speak. This is not done when we talk about the home as a space of love, care, and positive identity formation. Certainly, the positive view is representative of some homes, but those are not the ones that require our attention. It just does not seem to help to say 'look some homes which provide intimate spheres help women flourish so we just need to work on transforming your home into providing this same kind of intimate space and you should flourish' - it seems to miss the problem entirely. The problem, again, being why women are the victims of violence at the hands of those who (supposedly) love them? I should clarify that I do not believe it is the space itself but rather it is the rationality that this space helps to create.

So, how do we still value privacy when we have recognized it as a source of great suffering and oppression? Well, we value it in its seemingly contradictory nature, always sure to clarify and contextualize all instances in which its value is contested. It is not always a 'good', it has not always served everyone in society equally or well and it will continue along this curiously bad/good path in ways that are unpredictable.

In conclusion, if we return to the case of Ms. Heron, it saddens me to think that her case is actually representative of most spousal homicide cases. It is when women leave their abuser/abusive space that they are usually the victims of homicide (divorced or seperated men, as opposed to husbands living with their wives, commit 79% of all spousal violence - Joan Zorza "Recognizing and Protecting the Privacy and Confidentiality Needs of Battered Women"). We, as a society know this, have known this for years, and yet are considering holding these women (who are no longer with us) responsible for our inability as a society to come up with a way to live with one another without hurting one another. This is not just Ms. Heron's families issue or problem this is definitely all of our problem. What is it about our society that we continue to create individuals that want to harm others? What is it about the way that individuals relate to eachother that makes one act violently towards the other? Our world does not have to be this way; women do not have to continue to fear for their life. We should be disgusted and outraged that in the twenty first century this is still occurring in our society. In the case of spousal abuse/homicide privacy is a woman's worst enemy and best friend; the privacy helps create the oppression and yet it is privacy that they must seek to save their lives and those of their family.

I look forward to hearing any thoughts or comments on this issue as my thought itself is continually changing and in constant turmoil over the nature of privacy. peace.

| Comments (1) |

Anonymity and Accountability

posted by:David Matheson // 11:59 AM // January 13, 2006 // Commentary &/or random thoughts

In a very nice article recently drawn to my attention, Bruce Schneier asks us to reconsider the relation between anonymity and accountability. I'm reminded of an interesting exchange on this blog (see here, here, and here) where the discussion focused on the extent to which anonymity and credibility are compatible. There, I drew attention to the following line of reasoning, which I'll here call the "No Credibility Argument":

The No Credibility Argument

Premise 1. If a source is anonymous to you, then you don't know who that source is.
Premise 2. If you don't know who a source is, then you ought not to trust that source.
Conclusion. Therefore, if a source is anonymous to you, then you ought not to trust that source.

I was then, and am still inclined to say that Premise 2 of the No Credibility Argument is pretty implausible. That's because, first, there seem to be various ways in which the credibility of anonymous sources can be supported without revealing the relevant identities of the sources, and, second, having support for credibility of anonymous sources can make it entirely appropriate to trust them. For example, anonymous sources can -- without losing their anonymity -- have their credibility supported by such things as:

(i) the word of other credible sources, who vouch for but do not reveal the identities of the anonymous sources
(ii) our knowledge of the anonymous sources' track-records with respect to their past reports
(iii) the coherence or internal consistency of the anonymous sources' reports.

Compare now a line of reasoning about accountability similar to the No Credibility Argument. Call this parallel line of reasoning the "No Accountability Argument":

The No Accountability Argument

Premise 1. If an agent (i.e. someone engaged in activity) is anonymous to you, then you don't know who that agent is.
Premise 2. If you don't know who an agent is, then you can't hold that agent accountable.
Conclusion. Therefore, if an agent is anonymous to you, then you can't hold that agent accountable.

One way to read what Schneier is up to in his piece is as pointing out, quite effectively, the implausibility of Premise 2 of the No Accountability Argument. Just as there are ways of supporting the credibility of anonymous sources without forcing them to relinquish their anonymity, so there are ways of holding anonymous agents accountable without forcing them to relinquish their anonymity. Schneier provides a nice example:

"In an anonymous commerce system -- where the buyer does not know who the seller is and vice versa -- it's easy for one to cheat the other. This cheating, even if only a minority engaged in it, would quickly erode confidence in the marketplace, and eBay would be out of business. The auction site's solution was brilliant: a feedback system that attached an ongoing 'reputation' to those anonymous user names, and made buyers and sellers accountable for their actions."

Here, in effect, we have something very similar to (i) and (ii) above working to help us hold anonymous agents accountable, through gauging their credibility as sources. I think the question of what other ways -- outside of the likes of (i), (ii), and (iii) above -- accountability and credibility can be obtained while still respecting anonymity is a fascinating one.

| Comments (0) | | TrackBack

Exploring Privacy and Difference

posted by:Marsha Hanen // 11:08 PM // January 10, 2006 // ID TRAIL MIX


An article in the New York Times for January 1, 2006 by John Schwartz entitled “What Are You Lookin’ At?” points out that people view privacy in very different ways. Schwartz suggests that the public reaction to breaches of commercial security, such as the ChoicePoint debacle has been a “collective shrug,” as people feel they have no power to do anything about such situations. But does this mean that individuals are becoming less concerned than before about preserving their privacy? Or is it just that they believe that, in a networked world, individuals have no control over information about them that exists in cyberspace?

Evidence often cited for the thesis that people are unconcerned about privacy is the fact that many young people seem to feel no compunction about posting highly personal information on blogs accessible to millions. But perhaps these same young people would be less cavalier if they discovered that their blogs were being read by sexual predators or, for that matter, their own parents, or if they were to lose control over information they did wish to keep private. Even for young people, it matters who has access to information about them, and which information about them is widely accessible. As well, the proliferation of privacy legislation and complaints about invasions of privacy argues that many people remain profoundly interested in preserving as much personal privacy as possible.

That we have different attitudes about privacy is not surprising. For one thing, the long history of attempts to characterize privacy, useful though it has been, has not resulted in a clear, generally accepted understanding of the nature of privacy, and the notion of privacy remains contested. There may be a number of reasons for this – technological change, changing attitudes about what is personal, socio-economic, cultural and status factors, particularly those which make individuals or groups vulnerable to degrading or dehumanizing treatment by governments or businesses or social agencies, the effects of media attention and the cult of celebrity. Many of our expectations of privacy change with time. For example, our expectations of physical privacy are much greater than would have been the expectations of most of our grandparents. Along other dimensions, we have lesser expectations: pretty clearly the privacy that was accorded to political figures such as Franklin D. Roosevelt or John F. Kennedy with regard to their sexual infidelities would be unlikely to prevail now. On the other hand, public figures now do not feel the need to hide physical disabilities or medical problems as they once did: such situations are no longer thought to disqualify people from public office. Geography also plays a role: there are societies and parts of the world where people have little or no expectation of privacy in the respects in which we do.

In another area, many people express enhanced concerns for security which, they believe, should trump privacy. But those who find themselves subject to eavesdropping on their electronic communications owing primarily to a particular racial or ethnic profile have a legitimate concern about privacy, notwithstanding the importance of security in a post 9/11 world.

Although philosophers usually think that defining privacy must precede considerations of its value, it is difficult in practice to fully separate the two. It may even be useful to think about this the other way round: if we value privacy differently, perhaps that is because we have differing understandings of what it involves. We value privacy for many reasons, perhaps most importantly as a way of supporting personal autonomy and liberty, and providing respect for individuals without discrimination. But the experience of many people – women in a variety of situations, individuals in need, persons who belong to groups believed to be dangerous, or which are the subject of hatred, and many others who are socially or culturally or economically vulnerable – is one of having their privacy needs ignored or devalued, sometimes for bureaucratic reasons, sometimes through being targeted as dangerous in some way, sometimes through being viewed, even if only implicitly, as less worthy, or less “mainstream” than others. Some will seek privacy and some reject it, depending upon the values being served, and often the degree to which we have control over what is known about us matters more than a determination as to whether privacy is, in itself, a good or bad thing. Thus, whether discrimination on grounds of sexual orientation is prohibited in human rights codes (and the codes are enforced) may make the difference between a gay person’s claiming or rejecting privacy.

One way of thinking about the contextual nature of privacy derives from the thirty-year tradition of feminist epistemology. Some of this work has argued that, in trying to understand the concept of knowledge, it matters not just what is known, but also who is doing the knowing. Similarly, discussions about privacy need to take into account the question of whose privacy is under consideration: not only may different individuals value privacy differently, but the communities to which they belong may value it differently as well. And there may be good reasons for these differences in valuation, rooted in differing experiences.

Feminists have long been concerned about the public/private dichotomy which for centuries placed women in the private sphere and men in the public. Because there was a belief that what was important was in the public realm, women’s experience was systematically devalued and denigrated, as Virginia Woolf made clear in A Room of One’s Own. Although much has changed since these insights were first articulated, the experience of many people is still treated as not mainstream and therefore as less important and sometimes less deserving of privacy (and other protections) than that of members of the dominant culture.

The hallmark of these situations is that the personhood and preferences of the individual whose privacy or lack of it is under consideration are given slight weight. Put another way, vulnerable individuals or groups often have the experience that their unique needs are thought unimportant, as is the claim that they are entitled as much as others to exercise control over what is known about them.

Are there, then, considerations which might help us to think specifically about ways of understanding and protecting the privacy of vulnerable persons as much as that of less vulnerable members of society? It strikes me that we need more subtle and less abstract analyses than we have at present of those situations in which privacy needs to be protected, and ways in which this can be done. Anita Allen’s work has been a beacon on the subject of women’s privacy. Perhaps a way into further analyses of privacy is through a form of practical reasoning that utilizes a more complex appreciation of the experiences of those different, in various ways, from ourselves.

| Comments (0) |

UK Court Rules Tell-All Book an Invasion of Privacy

posted by:Valerie Steeves // 08:10 PM // January 07, 2006 // Commentary &/or random thoughts

There was an interesting development in the tortious protection of privacy in the UK this week. Folksinger Loreena McKennitt was granted an injunction and damages with respect to a book published by a former friend. The UK court held that passages of the book that described McKennitt's Irish cottage and detailed her emotional reaction to the death of her partner invaded her privacy. Accordingly to the Globe & Mail, the court relied on the European Convention on Human Rights to support the ruling. I didn't link to the Globe article because it requires a subscription, but a CBC article summarizing the case can be found at http://www.cbc.ca/story/arts/national/2005/12/21/Loreena-McKennitt.html.

| Comments (0) |


posted by:Ian Kerr // 11:07 PM // January 03, 2006 // ID TRAIL MIX

Ian Kerr and Steve Mann

I. Over and under the Valences of Veillance

Surveillance literally means (in French) “to watch from above.” Of course, surveillance is about much more than mere observation. As Jim Rule once defined it, surveillance is “any systematic attention to a person's life aimed at exerting influence over it”. Surveillance studies have spawned a number of excellent journals, such as Surveillance & Society . Such research has also resulted in noteworthy academic collaborations and networks, such as The Surveillance Project .

As leaders in the field such as David Lyon remind us:

Surveillance is not simply about large organizations using sophisticated computer equipment. It is also about how ordinary people - citizens, workers, travelers, and consumers - interact with surveillance. Some comply, others negotiate, and yet others resist.

One important form of negotiation and resistance has been a movement known as sousveillance. Coined by Steve Mann, sousveillance stems from the contrasting French words sur, meaning "above", and sous, meaning "below." Sousveillance, a practice that originated with the use of eyetap (electric eyeglasses as described here) and other wearable computing devices, refers both to inverse surveillance, as well as to the recording of an activity from the perspective of a participant in the activity (i.e. personal experience capture).

Surveillance connotes a kind of systematic omniscient “eye-in-the-sky” (God's eye view) by authoritarian, though human, eyes and architectures. Conversely, sousveillance involves the recording of an activity by a participant in that activity.

Surveillance often requires secrecy and panopticism (Bentham’s fancy word used to describe a centralized optical system that ensured total transparency in one direction and zero transparency in the other direction). Conversely, sousveillance seeks to decentralize in order to achieve transparency in every direction. Sousveillance thus seeks invert (reverse) the panopticon.

Although it is tempting to see SUR and SOUS as binary, us-versus-them opposites, we are hoping to spend this week thinking instead about equiveillance, that is, the possibility that these two very different social practices might somehow result in some kind of equilibrium.

While Steve is optimistic that such an equilibrium can be achieved, Ian expresses more ambi-veillance. Both of us have invited a number of colleagues, professors and students to engage in this dialogue. Below are some of the issues that we will explore this week.

II. The Promise of Equiveillance

If equiveillance is an achievable state, there will be a balance between surveillance and sousveillance. If achieved, such a balance will result in a better ability to document the world from a diversity of perspectives. From an evidentiary point of view, an equi-veillant state would better preserve the contextual integrity of veillance data. For example, the decentralized capture of personal experience would provide an enriched evidentiary record which could prevent one-sided (surveillance-only) data from being taken out of context. The search for truth and justice has already experienced glimpses of this potential as more and more controversial episodes of public interest are caught-on-tape.

It is well known that surveillance can be used to exert power and influence. For better and for worse, both State and private sector surveillance can create tremendous power imbalances. In an equi-veillant world, a better balance would be achieved since, in its best light, sousveillance would act as a kind of ombudsperson: a vehicle through which individuals can exercise complaints and mediate fair settlements more effectively against large and powerful entities.

Equiveillance promises a freer society, one which places emphasis on respect and balance of power. With the greater transparency it provides through its decentralized watchful vigilance, power-brokers would be held to greater accountability. Equiveillance might even result in a purer form of democracy, where respect, power and participation are shared and well distributed amongst the demos.

III. The Challenge of Equiveillance

While the existing literature on equiveillance discusses its promise, less has been written on the practical challenges that equiveillance seekers face. Here are a few.

1. Is Equiveillance Possible?

Part of what equiveillance seekers hope to achieve is a balance of informational power. According to Steve and others, this has a better chance of happening if and when the field of personal cybernetics converges with techniques in personal imaging and cyborglogging, creating user-friendly means for individuals to store and archive personal information and personal experience capture.

But even if this convergence becomes technically achievable, producible en masse, economically feasible, affordable to all, and mass adopted, what will ensure that the big muscles that the super-powers of surveillance now flex will in any way meet a balance of force? Although it is conceivable that the addition of sousveillance could undermine Foucaultian panopticism’s “visibility and unverifiability”, how do we know that the veillances (Sur + Sous) will truly cancel each other out or reach some kind of steady state? What good reason is there to think that these veillances operate like chemical valences?

While the balance/equilibrium metaphors are alluring, equiveillance theorists need to be able to explain what would otherwise seem counter-intuitive to most folks who care about privacy and excessive surveillance:

(i) How does a world that contains more and more information capture devices and greater numbers of information capturers find itself in a state of equilibrium?
(ii) Since sousveillance and surveillance share a similar potential to do harm, how would the change from the one-sided monopoly on surveillance ensure an outcome of greater balance in informational power, more freedom and deeper respect for and among citizens?
2. Will Equiveillance Respect Fair Information Practice Principles?

One of the virtues of equiveillance would be an increased reciprocal transparency in the operations of powerful entities engaged in surveillance. Such reciprocal transparency has become necessary, in part, because surveillance often takes place surreptitiously, i.e., without the knowledge and consent of the people who are being monitored.

Consent to the collection, use and disclosure of personal information is central among the fair information practice principles (FIPPs) set out in PIPEDA, Canada’s private sector privacy legislation. Although FIPPs currently apply only to “organizations”, in an equiveillant society, one might expect that FIPPs could apply equally to the decentralized masses of individuals enagaged in cyborglogging and other personal experience capture techniques.

FIPPs requires much more than a simple consent to the capture of personal data. FIPPs requires significant accountability for collection/use/disclosure in a number of ways. For example, organizations are generally required: to identify the purposes for collection; to narrowly limit the collection to those purposes; to limit the use/disclosure/retention of the information collected; to maintain the accuracy of the information; to provide safeguards; to provide open access to information subjects; and to provide a form of recourse for complaints about improper collections of information.

(iii) Should sousveillance also be practiced in accord with FIPPs?
(iv) If it should, then what regulatory/oversight mechanisms would be used to ensure that this is so? (For example, would the current infrastructure of the Office of the Privacy Commissioner of Canada suffice? Does equiveillance demand that private sector privacy legislation needs to be amended to contemplate and accommodate sousveillance?)
3. If Equiveillance Does Not Respect FIPPs, what is its Moral or Legal Justification?

Some equiveillance seekers believe that FIPPs must give way to the goal of achieving greater reciprocal transparency in society, that to have a society within which personal freedoms and justice are equally distributed, greater reciprocal transparency is needed. At the same time, other equiveillance theorists have been careful to distinguish themselves from David Brin and others who also see the need (and have the desire) to sacrifice privacy in order to achieve what often amounts to unidirectional transparency.

Even if symmetry of transparency is not seen as an overarching goal, obtaining equiveillance might be seen by some to require an abandonment or at least a suspension of FIPPs. Part of the justification for doing so would be that powerful entities engaged in surveillance do not comply with FIPPs and that the only way to destroy the monopoly on surveillance is to “shoot back” or “fight fire with fire.”

(v) How can privacy be maintained if FIPPs-values are jettisoned for the sake of symmetry in transparency or the change away from the surveillance-only monopoly?

One justification for doing sousveillance in a way that jettisons FIPPs-values might be to understand equiveillance seekers as engaged in morally-minded civil disobedience in the tradition of Henry Thoreau, or Dr. Martin Luther King Jr.. This form of sousveillance is a deliberate, open, and peaceful violation of FIPPs. Its purpose is to undermine or resist an unjust, illegitimate and immoral surveillance monopoly.

(vi) Is sousveillance properly understood as civil disobedience even if it is surreptitious?

(vii) A hallmark of civil disobedience is the willingness of the civil disobedient to accept the legal consequences. Should equiveillance seekers who breach FIPPs be held to this standard?
(viii) If Equiveillance does not respect FIPPs, what is its moral or legal justification?

IV. Legal Protection of Sousveillance

Finally, we consider issues regarding the legal protection of sousveillance in our current, unbalanced surveillance-centric society. If we arrive at the conclusion that equiveillance is in the public interest, how can we protect it against law, policy, and practices that are biased in favour of surveillance-only regimes?

For example, we already recognize certain social benefits from fire exits, wheelchair ramps, and the like. Private property owners and governments are not at liberty to create environments that are unsafe, or that discriminate in certain ways.

(ix) Should property owners be required to facilitate, permit, or, at the very least, not to impede sousveillance activities?

Clearly, some sousveillance activities might result in public safety benefits (e.g., a memory aid or seeing aid worn by the elderly might happen to collect evidence useful to a physician or a jury in determining the cause of a slip-and-fall incident).

(x) What legal remedies might be provided to deal with those who attempt to obstruct equiveillance? Do information rights extend to those who wish to have a record of their own personal experiences? For example, what remedies are available to a person who is prohibited from capturing personal experiences (eg, “no photographs allowed”)?
(xi) Is requiring a person to turn off recording devices ever akin to “tampering with evidence”? If the result of such an incident is that the surveiller has a record but the sousveiller does not, ought there to be some sort of legal recourse to the sousveiller? Is there a rule of evidence or equity that could support equiveillance in such a situation? Consider, for example, a situation in which entities “A” and “B” would have each recorded their own version of “the truth” (i.e. their own choices of camera angle, etc., when they are interacting with each other), but for the fact that “A” prohibits “B” from recording. In this case, “A” has the only recording, because it has instituted a monopoly on the “recording of fact”. Might a reasonable legal remedy to the possible conflict-of-interest inherent in such recording monopoly be to dismiss any such recordings made by “A” as inadmissible evidence in a trial or proceeding against “B”?

V. Discussion Time

Unlike many of the ID TRAIL MIX articles published in this space, the purpose of which is to espouse a particular position or opinion, in this piece, we have tried to describe what equiveillance is and raise some challenging questions for discussion. Our aim is exploration. Rather than providing a typical point-counterpoint debate, we think it will be more interesting to put forward for discussion the most plausible and appealing version of equiveillance theory and to inspire a dialogue that investigates its virtues and vices with the aim of determining the best and most appropriate approaches for confronting the harms flowing from the excessive and monopolistic surveillance society that we currently live in.

We view the outcome of the discussion as up-for-grabs, i.e., that any of those involved in the discussion might be convinced to change their views. Part of our hope is that the discussion will help focus on solutions that work.

So lets talk!

| Comments (35) | | TrackBack

main display area bottom border

.:privacy:. | .:contact:.

This is a SSHRC funded project:
Social Sciences and Humanities Research Council of Canada