understanding the importance and impact of anonymity and authentication in a networked society
navigation menu top border

.:home:.     .:project:.    .:people:.     .:research:.     .:blog:.     .:resources:.     .:media:.

navigation menu bottom border
main display area top border

« April 2006 | Main | June 2006 »

Clearing Away the Debris?: Webcamming in the Context of Feminist Tensions over Pornography, Privacy and Identity

posted by:Jane Bailey // 11:59 PM // May 30, 2006 // ID TRAIL MIX


Pornography, privacy and identity are three of the many unresolved tensions within feminist communities. Digital technologies, such as webcamming, offer us the opportunity to think not only about the impact of technical change on the meaning of these concepts, but also on the rightness of prior positions taken in relation to them.

In the 1980s and 1990s, feminists like Catherine MacKinnon and Andrea Dworkin argued that pornography undermined women’s ability to be recognized as the social equals of men by objectifying women as commodities for male consumption. The law worked to reinforce these and many other aspects of patriarchy by, among other things, constituting pornography as the constitutionally protected free expression of the members of the male-dominated industry and by strenuously protecting men’s right to consume pornography in the privacy of their own homes. In these and other ways, the law colluded with market forces to enable the stereotyping of women as submissive sexual objects for the use and abuse of men. MacKinnon, Dworkin and others called for an end to that collusion through creation of a civil ordinance that would allow women to call pornographers to account for their sexually discriminatory conduct. Law could then be used as a tool to redress, rather than reinforce, the harmful stereotype of “woman” socially constructed through pornography.

Much water has flowed under the bridge since the failed attempt to bring the civil ordinance to fruition. Critical race scholars and post modern thinkers such as bell hooks, Audre Lorde and Judith Butler have launched provocative criticisms of the situatedness and limited emancipatory potential of a movement premised exclusively, or at least predominantly, on a category such as “sex” or “gender”. Postmodern thinking pushes toward destabilizing categories, like “sex” and “gender” that have acted as historical bases for discrimination. From this perspective, individual political action is critical, as it is through consciously “performing” gender that we might work to upset the stereotypical definitions that have historically confined us. Postmodern performativity theory promotes a sense of individual power to make change. Championing the possibility of collective change through individual action sits well with many in the current generation who, Baumgardner and Richards have explained, understand anti-pornography feminism to be laced with dictatorial anti-sex and anti-pleasure sentiment.

Enter the Internet and webcams …

Ongoing or regular streaming of one’s perspective, existence, latest break-up (or break-out) seems to have become de rigueur online. Webcamming and vlogging seem to fit quite well in two arenas. First, the two mesh with what seems to be a current voyeuristic cultural fascination with the notoriety of the mundane. The analysis, however, does not stop there. Webcamming has been argued to be a potential source of empowerment for women in at least two senses.

First, Kimberlianne Podlas has argued that webcamming may empower women to take directorial control over pornography by reducing the financial resources necessary to produce and broadly distribute content. Moreover, as suggested in the film Webcam Girls, webcam technology provides a much safer, more controlled space for women engaged in the sex trade.

Second, Terri Senft has argued that autobiographical webcamming by women may actually serve to destabilize both the public/private divide and stereotypical constructions of femininity and domesticity that have historically confined women. One of the examples Senft discusses is the Jennicam, through which aspects of the day to day life of Jenni Riley were, for some seven years, filmed and distributed on the web. Jenni characterized her efforts as a “social experiment” in which she sought “to show people that what we see on TV- people with perfect hair, perfect friends and perfect lives--is not reality.” In postmodern language, one might say that Jenni sought, through online exposure of everything from the most mundane to the most intimate aspects of her life, to explode the myth of the “perfect”, feminine stereotype woman. In so doing, she might be said to have been negotiating new boundaries between the public and the private by making exceedingly “public” some of the most “private” details of her life in that historic bastion of privacy - her own home.

Without wishing to wholly dismiss, with a single sweep of my dictatorial broom, the subversive “potential” of new technologies in giving women greater control over representations of sex, gender and sexuality, I must confess tremendous skepticism about webcamming “experiments” such as the Jennicam as a means for doing so.

What is it exactly that is being subverted here in terms of the public/private divide? While historically discrimination has isolated women in the private sphere by foreclosing their participation in the public sphere, there is also a long and complicated history that involves treating the bodies and images of women as public – from the thousands of scantily clad women monotonously presented in mainstream media to the strange idea that anyone can touch the abdomen of a pregnant woman to legal restrictions on women’s rights to obtain medical services such as abortions. The Jennicam and other webcams set up to monitor women in their homes may push the boundaries of the geographic locations that we consider to be public and those we consider to be private. Cams of this nature would also work toward suggesting that it is women who should what aspects of their lives are public and private. However, the focal point of the webcam gaze remains the very familiar public domain of the woman’s body.

Further, even if one believed that one could reclaim control over the projection of the image of woman by taking control of the means of projecting it, how much control do Jenni and other “webcam girls” actually have? Jenni carried on her daily life as the object of the gaze of a fixed camera that she set up – and she from time to time posed for it in pin-up girl fashion. Once disseminated, she lost control over the compilation and use of her image. As a result, collectors (some with permission and others seemingly without it) clipped and pasted together versions of her life for their own private consumption, as well as making them available to others. In some instances, Jenni has been pornified through her audience’s collection of nude and partially-clad clips that otherwise constituted only fleeting moments in seven years worth of video of her life.

Regardless of whether one believes that women’s emancipation is best served by some or all of legal regulation of certain kinds of pornographic content; encouraging alternative performances of gender and sex; or empowering women’s control over these representations, one observation seems unavoidable. Patriarchal constructions of “woman” continue to clutter the spaces in which women seek to build their own identities. On its face, webcamming seems to offer the possibility for women to take a degree of control over those spaces. Even someone prepared to accept that increased individual control is enough, webcamming’s control-limiting features suggest it is unlikely to play a significant role in clearing away the debris.

| Comments (1) |

A Dignity Worry about Automated Identity Management

posted by:David Matheson // 12:05 PM // May 28, 2006 // Core Concepts: language and labels | Digital Identity Management | Surveillance and social sorting

Consider an extreme proponent of the ancient Greek practical philosophy known as Cynicism. I’ll call him Diogenes, without implying anything about how closely he resembles the historical Cynic of the same name (who, you might recall, once suggested to a fawning Alexander the Great that the greatest honor the king could bestow on him was that of moving a little to the side so that he could continue to soak up the sun’s rays). Our fictitious Diogenes takes the Cynical doctrine of following the lead of nature, and of flouting any inhibitive social conventions, to a shocking level. In a way that might remind a dog-owner of her lovable companion (“Cynic,” after all, comes from kunikos in Greek, meaning “like a dog,” cf. Piering 2006), Diogenes makes no attempt to hide whatever inclinations and desires he happens to find coming his way naturally, and is quite happy to satisfy them whenever and wherever he can. Bodily functions that we would normally consider to be deeply private he carries out in full view of whoever happens to be in his presence. He says whatever comes to mind, regardless of who it might happen to offend or of how it might make him appear to others. Simply put, Diogenes lets it all hang out, always. And he’s convinced that doing so is the true road to happiness.

We might say that Diogenes believes that shame-avoidance -- at least as we commonly think of shame -- stands in the way of human happiness. Or we might say that he presents a formidable challenge to our convictions about the negative value of shame. But it seems to me that, whatever we say on those matters, Diogenes can at least properly be said to be living a shameful life. Even if he couldn’t care less about avoiding shame, and regardless of whether he thinks it’s something to be quite pleased about, Diogenes is in the business of performing one shameful act after another.

It’s interesting to note that this intuitive (to me, at any rate) verdict about Diogenes’s behavior -- it’s shameful -- sits ill at ease with philosophical accounts of shame that render it essentially a matter of sensitivity to the disapproval of others. Consider, for example, the view that an individual’s behavior is an occasion for shame just in case she feels bad about engaging in it when she considers that others disapprove. In this view, Diogenes is not living a life of shame. He knows that others disapprove of his startling behavior, but he doesn’t feel bad in the light of this knowledge, for he thinks that sensitivity to the disapproval is inimical to the prime directive of happiness.

Recently, New York University philosopher J. David Velleman (2001) has presented an alternative account of shame that is more accommodating to the intuitive verdict about Diogenes. According to this account, shame is at its core about failures of selective self-presentation: to say that an individual’s behavior is an occasion for shame, in other words, is to say that she has failed to take adequate care -- failed to manifest appropriate concern -- when it comes to selectively revealing (or, on the flip side, concealing) different aspects of herself in different contexts. Despite the fancy name, the concern for selective self-presentation is a pretty familiar feature of our lives. Indeed, according to some, it’s “among the most important attributes of our humanity.” (Nagel 1998: 4) It’s manifested in everything from such mundane activities as the wearing of clothes in public, retiring to designated rooms for intimate engagements, and taking care not to say everything we think to be true of individuals in their presence, to more elaborate attempts to respect what another NYU philosopher, Helen Nissenbaum (1998) has called “norms of contextual integrity” of personal information, whether in online environments or elsewhere.

If we accept this alternative account of shame, with its focus on failures of selective self-presentation, I think we’re in a good position to explain why Diogenes is living a life of shame. Diogenes can’t be said to be taking adequate care when it comes to selectively revealing different aspects of himself in different contexts, because he really takes no care at all. His starling behavior, given that lack of care, amounts to a radical failure of selective self-presentation, and is thus an occasion for shame.

Of course, occasions for shame need not be as radical as what’s involved in Diogenes’s case. He manifests a general, pervasive, and ongoing lack of concern for selective self-presentation. In more realistic cases, failures of selective self-presentation are considerably more acute, stemming from particular bits of behavior that manifest a temporary lack of care for selective self-presentation against the background of a more general care for it. To illustrate, consider the individual who make an ill-considered, out of character remark that exposes his feelings about another individual to a much larger audience than he intends. His remark can be said to be an occasion for shame because, despite the fact that he generally makes an active effort to reveal such attitudes only to a limited circle of close friends -- thus manifesting a general, ongoing concern for selective self-presentation -- this particular remark has undermined the general effort and thus manifests a temporary carelessness about self-presentation, one that amounts to a relatively small-scale instance of shame.

Notice that the avoidance of shame seems to be centrally tied to human dignity: an individual’s behavior can hardly be dignified if it is an occasion for shame, and dignified behavior seems to preclude shameful behavior. If we accept it, then, the failure of selective self-presentation account of shame would seem to translate into an important insight about human dignity, viz. that manifesting an adequate concern for selective self-presentation, through the active avoidance of failures of selective self-presentation, is a central condition on our dignity.

It seems to me that this insight about human dignity may well ground a worry about certain kinds of identity management technologies that are becoming increasingly prevalent on the contemporary scene. What I have in mind are those technologies that tend to automate the management of users’ identities to a very high degree, by significantly diminishing the users’ active participation in processes of their own identification. Consider, for example, implanted RFID microchips. One of the primary benefits of these technologies is identification convenience: if you’ve got the chip in your arm, the process of being identified in various ways is easier for you than processes involving old-fashioned counterparts. You don’t have to bother with finding the right card, producing the right documentation, providing the right answers to relevant questions, and so on. You just walk on through, and let the chip do your identifying for you. Brin (2004) makes the point in connection with biometric identification systems: “When your car recognizes your face, and all the stores can verify your fingerprints, what need will you have for keys or a credit card?”

Perhaps, however, the convenience of these technologies comes at too high a price on the dignity scale -- at least for those of us who, unlike our fictitious Diogenes, care about human dignity in the relevant sense. For it seems to me that there’s a case to be made that the more we subscribe to automated identity management technologies, the less likely we are to maintain a robust concern for selective self-presentation, because we are more likely to leave the presentation of aspects of ourselves up to the technologies and the systems of which they are a part. And if the insight about human dignity mentioned above is on the right track, this carries as a consequence an increased likelihood of diminishing our dignity as humans.

Diogenes in effect gives up on selective self-presentation by leaving his self-presentation to the hand of nature. Perhaps we should be careful about giving up on our selective self-presentation by leaving our self-presentation to the hand of technology. Our dignity may well be what hangs in the balance.


Brin, David. (2004). “Three Cheers for the Surveillance Society!” Salon, http://dir.salon.com/story/tech/feature/2004/08/04/mortal_gods/index_np.html. Retrieved 26 May 2006

Nagel, Thomas. (1998). “Concealment and Exposure.” Philosophy & Public Affairs 27: 3-30

Nissenbaum, Helen. (1998). “Protecting Privacy in an Information Age: The Problem of Privacy in Public.” Law & Philosophy 17: 559-96

Piering, Julie. (2006). “Cynics.” The Internet Encyclopedia of Philosophy, http://www.iep.utm.edu/c/cynics.htm. Retrieved 25 May 2006

Velleman, J. David. (2001). “The Genesis of Shame.” Philosophy & Public Affairs 30: 27-52

| Comments (0) |

“Where No Court has Gone Before…” Issues of Identity and Equality in Nixon v Vancouver Rape Relief

posted by:Jena McGill // 11:59 PM // May 23, 2006 // ID TRAIL MIX


In December 2005, the British Columbia Court of Appeal released its long-awaited decision in Vancouver Rape Relief v Nixon [Nixon]1. This is the highest level court in Canada to ever rule on a case of alleged discrimination against a transsexual person; in fact, Ms. Nixon’s is the first trans-based human rights case in Canada to move past the level of a Human Rights Tribunal. As the case has proceeded through the B.C. Human Rights Tribunal, the B.C. Supreme Court and most recently the province’s Court of Appeal, it has generated an ongoing dialogue in legal and feminist communities around the country that focuses on issues of identity, exclusion and the human rights of gender variant people. Following the release of the Court of Appeal’s decision, Ms. Nixon announced that she plans to seek leave to appeal to the Supreme Court of Canada.2

This may seem an unremarkable choice, however if Ms. Nixon does indeed go ahead with her plans to appeal, the Supreme Court will face its first opportunity to consider the human rights of gender variant people, specifically transsexual women, and the particular nature of discrimination experienced by individuals with gender identities that do not fit neatly into the traditional male-masculine/female-feminine sex/gender binary that so many people take for granted. The location of gender variant identities, and in particular transsexuals, in today’s legal and social climate may be likened to the position of gay, lesbian and bisexual persons 30 years ago – legally invisible, unprotected and subject to serious and injurious forms of discrimination. Ms. Nixon’s case therefore represents a significant opportunity for the Court to go “where no court has gone before” in addressing the human rights of gender variant individuals in society and under the law. If Nixon indeed seeks leave to appeal, will the Court take on the challenge presented by her case? Quite a challenge it is, as Nixon presents a number of important, but not easily resolvable questions about identity, equality and exclusion – questions the Supreme Court might not be ready to answer.

Kimberly Nixon was turned away from a volunteer training session at the Vancouver Rape Relief Society in 1995. Rape Relief held that Ms. Nixon’s male-to-female transsexual status meant that she did not have the life experience of growing up as a girl and living all of her adult life as a woman, experience that Rape Relief considers critical in allowing a woman to act as a peer mentor for other women using the rape crisis centre and the shelter. Following her expulsion from the training session, Kimberly Nixon filed a human rights complaint with the now defunct B.C. Human Rights Commission against Rape Relief, accusing the organization of breaching section 8 of the B.C. Human Rights Code, which proscribes denying "to a person or class of persons any accommodation, service or facility customarily available to the public … because of … sex;" and section 13, which states "[a] person must not … refuse to employ or refuse to continue to employ a person … because of … sex."3 Rape Relief denied discriminating against Nixon, invoking the Code’s section 41 “group rights exemption,” which specifies: "If a[n] … organization or corporation that is not operated for profit has as a primary purpose the promotion of the interests and welfare of an identifiable group or class of persons characterized by a physical or mental disability or by a common race, religion, age, sex, marital status, political belief, colour, ancestry or place of origin, that organization or corporation must not be considered to be contravening this Code because it is granting a preference to members of the identifiable group or class of persons."4 The case was referred to the British Columbia Human Rights Tribunal.

The Tribunal released its decision in 2002, finding in favour of Ms. Nixon, and holding that Rape Relief had failed to demonstrate any connection between being treated as a woman for one’s entire life and one’s capacity to be an effective volunteer at Rape Relief. 5 The Tribunal judged that Rape Relief’s primary purpose is to serve women, and with no dispute over the fact that Nixon is a woman (as reflected by her amended birth certificate) Rape Relief had discriminated by drawing a distinction between her and other women. Rape Relief sought judicial review of the Tribunal’s decision, and at the B.C. Supreme Court, the decision was overruled. The Court applied the discrimination analysis in Law v Canada6, and held that Rape Relief’s exclusion of Ms. Nixon was not discriminatory because she had failed to prove an injury to her dignity. The Court further found that her exclusion from Rape Relief did not prevent Ms. Nixon from participating in the cultural life of society because it was not an exclusion from the mainstream economic, social and cultural life of the province.7 Ms. Nixon appealed this decision at the B.C. Court of Appeal, which upheld the result below in favour of Rape Relief, although it rejected the incorporation of the Law test in the human rights context. The Court found that although Rape Relief’s policy of excluding transsexual women constituted discrimination under the B.C. Human Rights Code, the section 41 exemption permits a women’s service organization to discriminate against a sub-group of women, namely transsexual women, based on its own subjective wishes, because it had acted in good faith and established a connection between its exclusion of transsexual volunteers and its work in counseling female rape victims.8

Whatever side of the debate you may find more compelling, or even if you find yourself stuck on the fence, it is undeniable that this case is ripe with questions about identity, exclusion and equality that, if the Supreme Court chooses to grapple with them, could change the legal landscape not just for gender variant and transsexual persons, but for anyone who suffers discrimination and files a human rights complaint in this country. My goal here is not to assert a preference for one side of the case or the other, but rather to highlight some of the issues raised by Nixon, particularly as they relate to identity and equality. That said, I must admit that if the respondent in this case was McDonald’s or Wal-Mart, instead of a women’s service organization, I, like many others, would likely have little trouble expressing my support for Ms. Nixon’s case. On the facts as they exist, however, a number of seemingly irreconcilable questions arise.

First and foremost, the Nixon case has sparked what is perhaps an unprecedented debate about the precise combination of social, psychological, and biological factors that constitute the category of “woman.” Is it primarily a matter or anatomy, in which case Kimberly Nixon’s post-surgical body and amended birth certificate qualify her as a woman, though she lived until her 30s as a man, or is it based on important lived experience, as Rape Relief contends? Rape Relief’s argument focuses on the fact that because Ms. Nixon lived and was socialized for a significant part of her life as a man, she lacks the relevant insights that are necessary to be an effective peer counselor to women who have been victimized by men. Ms. Nixon is not, according Rape Relief, a peer to its clientele.

Rape Relief maintains a hard-won women-only space because it rightly believes that its clients, many of whom have been victimized by men, are more comfortable in this environment. An important part of preserving a women-only space is that volunteers and staff members be, and appear to be, women. Here is where things start to get sticky. How much of this case rests on Kimberly Nixon’s physical identity and appearance? Who is to say what a “real” woman – a woman who has been socialized as a girl and women her whole life - does or does not look like? Are those who qualify as “looking like women” simply subscribing to sexist constructs of how a woman should dress, wear her hair, walk and talk? However you might choose to answer these questions, the importance of maintaining Rape Relief’s women-only space is undeniable in ensuring the safety and wellbeing of its clientele, and maybe the security of those women trumps the fashion choices of others. As Rape Relief neither screens for “masculine-looking” women nor allows the participation of “feminine-looking” transsexuals, Ms. Nixon argues that its blanket transsexual exclusion policy is both under and over-inclusive. All of this said it is noteworthy that Ms. Nixon does, for all practical purposes look like a woman…I think.

On another level, this is a case of dueling rights. Should individual rights triumph over group rights? Is Rape Relief’s clientele more worthy of protection than Kimberly Nixon? Although it is Ms. Nixon’s individual rights that are immediately at stake in the confines of this case, she has come to represent an entire community of gender variant people who suffer discrimination and harassment every day. Through the validation of Ms. Nixon’s individual rights, the door could be opened for the recognition of the human rights of all gender variant people, making Kimberly Nixon a veritable poster-child for Canadian trans-equality. One can only imagine the stress that more than 10 years of trials and appeals puts on one’s personal and professional life, and Nixon herself has stated that the drawn out trial has been difficult. “Every time there is another hearing,” said Nixon, “I lose another job because of the publicity.”9 Similarly, Rape Relief, a non-profit collective offering a variety of services including a crisis phone line, an emergency residential facility and ongoing support groups and peer counseling to women who have survived violence, has also been tied up in legal wrangling for the past decade. There is little doubt that the case has affected Rape Relief’s reputation, financial security and ability to offer critical services to women in its community. If the Supreme Court does decide to take on the Nixon case, I do not envy the judges who will be obliged to decide whose rights will triumph.

Finally, at the root of the legal conflict there lies a clash between formal and substantive understandings of equality. Substantive equality stands in contrast to formal equality in that it recognizes that differential treatment can at times promote equality because the accommodation of differences – the “essence of true equality”10 – frequently requires that distinctions be made. Ms. Nixon is arguing for the recognition of her sameness with non-transsexual women, advancing a formal equality approach where each individual – in this case every woman – is treated exactly the same despite real differences in their experiences of disadvantage. Rape Relief is requesting a substantive-equality handling of the case, taking into account the patterns of disadvantage and oppression in society and the particular context within which the unique facts of this case occur.

Allow me here to reiterate how much simpler this case might be had Kimberly Nixon been refused a job at McDonald’s instead of the opportunity to be a peer counselor at a women-only rape crisis centre. In the former scenario, as in many employment contexts where gender does not contribute to an individual’s ability to be an effective employee, McDonald’s has no right to discriminate against Ms. Nixon on the basis of her transsexual status. In a women-only space like Rape Relief - a space specifically created for the purpose of organizing against a gendered form of violence and oppression - gender does matter.11 Rape Relief argues that gendered life experience is relevant to the objectives and membership of the organization, and so its differential treatment of Ms. Nixon does not amount to discrimination. From a substantive equality perspective, would Nixon come down to a comparison of the disadvantage and oppression suffered by transsexual persons versus that suffered by women who have experienced rape and sexual assault? Such a “race to the bottom” among equality-seeking claimants is dignity-harming in and of itself, and presents an almost impossible balancing act without a clear winner no matter what the outcome.

All of the questions raised by Nixon v Vancouver Rape Relief offer no easy answers – and perhaps no definitive answers at all – making the possibility of the Supreme Court judges turning their minds to the issues both exciting and somewhat terrifying. What are the chances that the Supreme Court will hear Ms. Nixon’s case should she file for leave to appeal? Is the Court ready to wrestle with the legally problematized transsexual identity? My hunch says that if given the chance, the Court will not go there. The transsexual identity remains problematic for the mainstream, the body too complicated, the very possibility of recognizing and acknowledging the ultimate “other” too remote, particularly on the facts of Nixon. Ultimately, this case attests to the madness of our cultural rigidity. If children and adults were not jammed into pink or blue categories, with prescribed sets of feelings, behaviours and appearances, maybe gender variant individuals would not feel the need to alter their physical bodies to accord with the “norm” and society could acknowledge and respect a spectrum of identities and individuals.

1 [2005] BCJ No. 2647.
2 Ms. Nixon’s desire to apply for leave to appeal to the Supreme Court was announced in a number of forums, including: Lancaster House: Labour, Employment and Human Rights Law, online http://www.lancasterhouse.com/about/headlines_1.asp.
3 British Columbia Human Rights Code [RSBC 1996] Chapter 210, online http://www.qp.gov.bc.ca/statreg/stat/H/96210_01.htm.
4 British Columbia Human Rights Code [RSBC 1996] Chapter 210, online http://www.qp.gov.bc.ca/statreg/stat/H/96210_01.htm.
5 Nixon v Vancouver Rape Relief Society 2002 BCHRT 1.
6 [1999] 1 SCR 497.
7 Vancouver Rape Relief Society v Nixon [2003] BCSC 2899 at 154.
8 Vancouver Rape Relief Society v Nixon [2005] BCJ No.2647.
9 DisAbled Women’s Network Ontario (DAWN) http://dawn.thot.net/nixon_v_vrr.html
10 Andrews v Law Society of British Columbia, [1989] 1 SCR 143 at 169.
11 Christine Boyle, “The Anti-Discrimination Norm in Human Rights and Charter Law: Nixon v Vancouver Rape Relief” (2004) U.B.C. L. Rev 31 at 56.

| Comments (3) |

Spread the Word -- Ottawa now hosts a "Copynight"

posted by:Ambrese Montagu // 10:14 AM // May 19, 2006 // Core Concepts: language and labels | Digital Activism and Advocacy | Digital Democracy: law, policy and politics | TechLife | Walking On the Identity Trail

Ottawa's first ever Copynight will be held at 6pm Tuesday May 23rd at The Royal Oak Pub (161 Laurier Avenue Eas, which is located on the north edge of the Ottawa University campus).

CopyNight is a monthly social gathering of people interested in restoring balance in copyright law. We meet over drinks once a month in many cities to discuss new developments and build social ties between artists, engineers, filmmakers, academics, lawyers, and many others. Everyone is welcome.

In future, Copynight's will be held on the 4th Tuesday of every month. To learn more or get on the mailing list, please email ottawa (at) copynight.org.

| Comments (0) |

Ctrl-Shift-Delete: Learn-it, Love-it, Live-it

posted by:Jeremy Hessing-Lewis // 04:59 PM // May 18, 2006 // Commentary &/or random thoughts | Digital Identity Management | TechLife

Clean-up after yourself.

For you privacy-loving web-surfers using Firefox as their browser, there’s a new command to learn: Ctrl-Shift-Delete. This little trick prompts a purge of your browser’s private data. It’ll be like you didn’t spend the day perusing the Internet’s best distractions. And as every employer will attest; a good record is a blank record.

While it is unclear whether a browser really needs to keep any personal data, the content collected seems to grow with every subsequent browser release. As it stands, you’re leaving a long, incriminating trail including your browsing history, saved form information, saved passwords, download history, cookies, cache, and a record of authenticated sessions. Although your body may have been sitting at your desk for the past 8 hours, your browser remembers where you’ve really been.

The fact that such a keyboard shortcut exists is worth noting. Software begins by making a feature available. Usually, this comes in the form of a button buried deep within the assorted menus of a program. Here, only an experienced user will be able to locate and use a program’s abilities. If the functionality proves popular, it migrates through the menus into locations of increasing prominence.

A select few functions prove worthy of a button shortcut. Even fewer receive their own keyboard command. This exclusive list includes the iconic “Save” (ctrl-s), “Copy” (ctrl-c), “Paste” (ctrl-v), and of course “Undo” (ctrl-z). And now, the Mozilla development team has institutionalized a command for privacy. Current versions of Internet Explorer don’t have anything close and it won’t be surprising if Microsoft decides not to follow suit with their release of IE 7.

As your work-day draws to an end and you clear your desk, don’t forget to clear your browser. Make a habit of keeping your private data…private.
Ctrl-Shift-Delete: Learn-it, Love-it, Live-it

| Comments (1) |

Canada’s Privacy Community Releases Open Letter on Copyright and Technological Threats to Privacy

posted by:Alex Cameron // 03:52 PM // May 17, 2006 //

I just thought I would point out that a number of ID Trail team members are among the very impressive list of signatories to this initiative, including Marsha Hanen, Ian Kerr, Val Steeves, Paul van Oorschot, CIPPIC, and of course the Ontario Privacy Commissioner's office has released it's own letter on point. This will be sure to get the attention of our government as it moves ahead with possible copyright reform!

Privacy Commissioners of Canada, Ontario and British Columbia Release Own Letters of Concern


Privacy Commissioners of Canada, Ontario and British Columbia Release Own Letters of Concern

A group of public-interest oriented organizations and privacy and civil liberties experts have released an open letter to the Ministers of Canadian Heritage and Industry along with a Background Paper detailing their concerns over how proposed changes to Canadian copyright law implicate privacy, freedom of expression and civil liberties. The open letter focuses on dangers to privacy posed by the extension of legal protection to “digital rights management” (DRM) technology.

In separate letters of support, the Privacy Commissioner of Canada, Jennifer Stoddart, the Information and Privacy Commissioner for British Columbia, David Loukidelis, and Dr. Ann Cavoukian, Ontario’s Information and Privacy Commissioner, each wrote to Minister of Canadian Heritage Bev Oda and Industry Minister Maxime Bernier to express their concern with the privacy implications of DRM technology.

For more information, visit: www.intellectualprivacy.ca


| Comments (0) |

ethics and on-line friendships

posted by:Angela Long // 11:22 AM // // Commentary &/or random thoughts

i read an interesting article this morning on arts and letters daily that likens ranking your friends on myspace to a "lifeboat ethics" exercise.

| Comments (0) |

Watch what you type, or THEY will

posted by:Jeremy Hessing-Lewis // 10:22 AM // // Surveillance and social sorting | TechLife

Next time you type your password or send a lover an adjective-dense email, you may want to consider the intermediaries. If you're lucky enough to have a boss who doesn't care about your keystrokes, that doesn't mean even more surrepticious intermediaries don't have similar intentions. A new study suggests that spyware keystroke logging is on the rise. Just because you can't see your password, **********, doesn't mean nobody else can.

CNET: Study: Keystroke spying on the rise
CNET: Spying at work on the rise, survey says

| Comments (0) |

HollaBack NYC: Sites of Resistance, Sousveillance, and Street Harassment

posted by:jennifer barrigar // 11:59 PM // May 16, 2006 // ID TRAIL MIX


On the afternoon of 19 August 2005, Thao Nguyen was taking the New York City subway back to her office when a man sat down across from her and began fondling himself, extracted his penis from his pants and beginning to masturbate. Nervous and wanting to feel safer, she removed her camera-enabled cellphone and eventually took a picture of the masturbator. He left the train at the next stop. Ms. Nguyen immediately reported the incident to a police officer.

She went further than that, however – she also posted the photo and an account of the incident on Flickr and Craigslist. On 26 August 2005, the New York Daily News carried an article on their front page which reproduced a (cropped) version of the photo and asked readers to call the NY Daily News if they recognized the man. Three days later, the News reported that over 2 dozen people had identified the man in the photograph as Dan Hoyt, a local raw foods restaurateur. The next day they added that 6 more reports of being flashed by the man in the photo had been received. It was also noted that Mr. Hoyt had been arrested in 1994 for unzipping and flashing at a New York subway station, had pled guilty and was sentenced to two days of community service. Mr. Hoyt was eventually arrested and charged with public lewdness. He pled guilty and was sentenced to two years’ probation, with mandatory counselling.

Meanwhile, the blogging (and commuting) community had been energized by the effectiveness of Thao Nguyen’s actions. The HollaBack NYC site was created by the Artistic Evolucion collective "to expose and combat street harassment as well as provide an empowering forum in this struggle.”1 The FAQ was posted on 2 October 2005. The inaugural post to the site was on 3 October 2005 and read:

Here's the skinny--next time you're out and about and some cocky ass on a power trip whistles, hoots, or hollas--Just Holla back! Whip out your digicam, cameraphone, 35mm, (or sketchpad), and email us the photo. We'll post their ugly face for the whole world to see.
If you can't pull out a camera, or you don't have one on you, just send us a story and we'll post that too.2

HollaBack’s response to street harassment has received quick and global uptake. A European HollaBack site is expected to be up and running soon and in the meantime the HollaBack NYC site reports an average of 1,000 hits daily, including womyn from Spain, Italy and India.3

Since I became aware of this, I’ve been intrigued by it. I think it provides a fascinating lens through which to view some of the issues we deal with on this project. I’m particularly interested in where we situate our analysis of a site like HollaBack NYC or actions like Nguyen’s. Sadly, there’s nowhere near the time and space to address them all here, but I hope to sketch out at least some of my response and hope to generate deeper discussion(s).

In an article in New York Magazine, Hoyt critiques both Nguyen and the dissemination of the photo on the Internet:

In his account, the perpetrator is Nguyen, who misread his intentions (he claims he was already mid-masturbation when she stepped onto the train) and then humiliated him by posting his picture on the Web. He says he didn’t even realize he’d been photographed. “Even so, I wouldn’t imagine somebody throwing it up on the Internet for millions of people and destroying your life like that,” he says. “It’s one thing to take it to the police. But on the Internet, I read a lot of people saying,’“that was not too cool of her. That was really screwed up.’”
Hoyt believes that if he and Nguyen had only met under different circumstances, she might really like him. “You know, she’d go, ‘That guy’s pretty cool. He’s got this restaurant, and he’s fun,’” Hoyt says. “She’d probably want to go out with me.”

Hoyt seems almost to be suggesting that his behaviour should have been of no consequence to Nguyen – that his masturbation was a private affair which did not concern her. Looked at that way, her response was a “misreading” of his masturbation as somehow linked to her. The implication seems to be that the only right of response is by s/he who is personally attacked. By construing things this way, he sets himself up as the victim, unfairly exposed and exploited not just by womyn who “misunderstand” him but by the power of an increasingly technologized society.

James B. Rule has defined surveillance as “any systematic attention to a person’s life aimed at exerting influence over it.” Steve Mann speaks of it as meaning “to watch from above”.

The HollaBack NYC FAQ defines street harassment as:

…a form of sexual harassment that takes place in public spaces. At its core is a power dynamic that constantly reminds historically subordinated groups (women and LGBTQ folks, for example) of their vulnerability to assault in public spaces. Further, it reinforces the ubiquitous sexual objectification of these groups in everyday life.

It seems to me, putting these comments together, that street harassment may be read as a form of (or consistent with) surveillance – by being applied against the Other, it is hierarchical and aimed at those under; it exerts influence over womyn’s lives by reinforcing vulnerability and Otherness.

I’d like to suggest, then, that the HollaBack NYC project be understood as resistance to surveillance – a form of sousveillance if you will. That rather than being the victim of surveillance, Dan Hoyt was himself engaged in surveillance, part of a systemic surveillance directed at womyn and those perceived to be womyn.

As a tool of resistance, I think HollaBack NYC is exciting. I find myself returning to a quote from the August 29 New York Daily News article where another womyn who’d been flashed by Mr. Hoyt says “I just wanted to forget about the whole thing. I am glad someone had the wherewithal to do something about this.” I am pleased that HollaBack NYC is providing the wherewithal for womyn to name street harassment and begin to address it.

Steve Mann and Ian Kerr discussed equiveillance, the notion that the intersection of surveillance and sousveillance might create “some kind of equilibrium.” I question whether HollaBackNYC will (or can) create such a state. At the very least, I think there are some issues which must first be considered.

Steven Davis has expressed concern about the impact of sousveillance on third parties, as have others. It seems to me that the HollaBack NYC project mediates that concern as much as possible. Rather than a stream of ongoing surveillance, pictures (or stories, where pictures cannot safely be acquired) are of the harasser. Further, there has been a conscious decision by the HollaBack NYC moderators to retain the space as one of empowerment from, not power to. For example, the site has developed a strong anti-racism policy which mandates that the race of harassers or other racialized commentary not be part of the posted narrative. Where race is mentioned, it is expected that the necessity of doing so will be “clearly and constructively” explained.

While Cynthia Grant Bowman points out the universality of street harassment for womyn, she also recognizes that “women of different backgrounds may experience street harassment through the lens of different historical and personal experiences.”4 It strikes me that this is especially noteworthy on a site like HollaBack NYC because the womyn themselves are invisible – they are not in the photographs, they are taking the pictures, recounting the narrative rather than defined by it, turning the gaze back on men. This has strong potential for empowerment, allowing womyn the power to define their experience of harassment for themselves. At the same time, I am concerned that the anti-racism policy may have the effect of silencing these womyn and creating a homogenized “victim”, without any recognition of the particularities of race, class, sexual orientation, etc. which shape womyn’s experiences of street harassment.

I am also concerned about the safety of womyn who choose to “HollaBack” at their harassers. I was chilled by the entry for Friday 12 May 2006 where the man in the photo “ran after me and took a picture of the back of my head with his camera phone, wailing “now you can’t do anything!”

I wonder about the economic and class implications of this strategy. HollaBack NYC is a response predicated on access to technology – access to cellphones to take pictures, access to computers to upload them, access by others to computers in order to see the pictures etc. Ultimately, this increases the digital divide, simultaneously creating a site/voice of resistance and then denying it to some members of the marginalized population(s).

I worry about the unregulated nature of such sites. The HollaBack FAQ insists that “what specifically counts as street harassment is determined by those who experience it.” While my feminist self initially rejoices in this definition and in the act of resistance that is HollaBack itself, I begin to wonder what measures there might be to stop the posting of pictures of or allegations about individuals for other reasons. The anti-racism policy notwithstanding, what about issues of systemic racism that may fuel one’s perception of something as a “threat”? What about other power disparities which shape the interaction between photographer and subject? Can exposure on HollaBack NYC create stigma such that mistaken posting is an issue? Will there be way(s) for individuals who are mistakenly identified to have their photos removed? How can an individual without internet access be aware of the mistaken posting and/or negotiate its removal? Is the value of the HollaBack resistance lessened by the risk of malicious or mistaken posting(s)?

Finally, I find myself uncomfortable with what this response implies about the ubiquity of technology and surveillance, that rather than seek to dismantle the existing surveillance, we respond with the imposition of another layer of veillance.

As Linda Richman says: talk amongst yourselves….

1 http://www.hollabacknyc.blogspot.com/2005/10/hollafaq.html.
2 http://hollabacknyc.blogspot.com/2005_10_01_hollabacknyc_archive.html.
3 http://www.womensenews.org/article.cfm?=aid=2734.
4 Cynthia Grant Bowman, “Street Harassment and the Informal Ghettoization of Women” (1993) 106 Harv. L. Rev. 517 at 534.

jennifer barrigar is an LL.M. candidate at the University of Ottawa and Legal Counsel, Office of the Privacy Commissioner of Canada. The opinions expressed in this article are personal and do not represent those of the Office of the Privacy Commissioner nor bind that Office in any way.
| Comments (5) |

Fair Use and the Fairer Sex: Gender, Feminism, and Copyright Law

posted by:Ian Kerr // 04:06 PM // // Digital Democracy: law, policy and politics

some of you will be interested in a new piece by one of my fave US cyberprofs, ann bartow.

in it, she argues that the copyright infrastructure plays a role, largely unexamined by legal scholars, in helping to sustain the material and economic inequality between women and men. she also advocates low levels of copyright protections.

if you lke the piece, you should also check out her excellent blog

| Comments (0) |

Jargon Watch

posted by:Jeremy Hessing-Lewis // 03:05 PM // // Commentary &/or random thoughts | Core Concepts: language and labels | Walking On the Identity Trail

New words to keep in mind.

"Techade"(noun): Technology emerging over the next ten years.

"Co-operation Superhighway"(noun): Ongoing private-public international partnerships. eg. FTC attorneys being helped by law enforcement and/or ISPs in the country where the problem originates.

"Best-of-breed Anti-fishing Security Vendor" (noun): Depends on which anti-phishing vendor you ask.

"Evasive Malware"(noun): see Sony Rootkit.

"Tricklers"(noun): Automatic download software. See Windows Update.

"Potentially Unwanted Technologies"(noun): Something you may not want on your computer. See also spyware.

| Comments (0) |

Anti-Spyware Coalition: Public Workshop Part II

posted by:Jeremy Hessing-Lewis // 02:24 PM // // Commentary &/or random thoughts | Digital Activism and Advocacy | Surveillance and social sorting

Everyone should be happy to know that Microsoft and the Department of Homeland Security are looking-out for your personal privacy. They represent the so-called "international public-private cooperation" that is hard at work keeping your computer free from all kinds of scary threats.

Joe Jarzombek, the Director for Software Assurance in the Policy and Strategic Initiatives Branch of the National Cyber Security Division (phew), spoke of the DHS' efforts (see National Cybersecurity Division) to contain risks presented by a non-standard, outsourced supply chain. That's right, the threat isn't local, its from one of the "stans" or "anias." They've established a common directory of malware in order to standardize spyware definitions. They are also kindly offering a software assurance program so that the DHS can have a look at your code and make sure its alright.

Spyware is a serious threat to your privacy, but Microsoft and Homeland Security are doing their best to ensure that your personal information doesn't get into the wrong hands. Trust them.

While the FCC is pushing for their The Safe Web Act, it seems that the DHS is sitting pretty. Big business is openly sharing information with them and, in turn, they are sheltering big business from the public's prying eyes through "critical information protections". The key phrase that was left unspoken by all parties was "mandatory backdoors".

(By Ambrese and Jeremy HL)

| Comments (2) |

Anti-Spyware Coalition Public Workshop

posted by:Jeremy Hessing-Lewis // 10:41 AM // // Commentary &/or random thoughts | Digital Activism and Advocacy | Digital Democracy: law, policy and politics | Surveillance and social sorting | Walking On the Identity Trail

Jeremy HL and Ambrese reporting from the Anti-Spyware Coalition Public Workshop: Developing International Solutions for Global Spyware Problems. The Workshop has brought together an interesting mix of consumer advocates, anti-spyware vendors, regulatory agencies, and public interest groups.

Ari Schwartz, of the Center for Democracy and Technology, presented a survey of some of the harms of spyware including:
1. Identity Theft
2. Corporate Espionage
3. Domestic Violence
4. Extortion
5. Unfair and Deceptive Trade Practices
6. General Privacy Invasions

Although the connection may not be immediately obvious, the relationship between domestic violence and spyware is particularly interesting. Both Anne Mau, of lokk.dk, as well as Cindy Southworth, of the National Network to End Domestic Violence, spoke of how women in abusive relationships can be put under surveillance by their own computers. The monitoring becomes an additional method of asserting complete control. One example marketed as "lovespy" was deployed as a harmless greeting card that would then install key tracking software. This is especially dangerous when women are trying to find social support information or are organizing themselves to leave the relationship.

Ambrese investigated the support services related to spyware and domestic violence only to find that they remain totally inadequate. One support worker offered the helpful advice: "Don't use the Internet." CIPPIC will be hosting Cindy Southwark this week as she trains social service workers to deal with these issues.

Stay Tuned.

| Comments (0) |

Wearable Sensors to Improve Soldier Post-Action Reports

posted by:Alex Cameron // 03:28 PM // May 15, 2006 // Surveillance and social sorting

Wearable Sensors to Improve Soldier Post-Action Reports

Future combat gear may feature wearable sensors, including cameras and audio pick-ups, to enhance the soldier's "situational awareness" and after-action reports as a result of the ASSIST project. ... A soldier’s after-action mission report can sometimes leave out vital observations and experiences that could be valuable in planning future operations. The Defense Advanced Research Projects Agency (DARPA) is exploring the use of soldier-worn sensors and recorders to augment a soldier’s recall and reporting capability. The National Institute of Standards and Technology (NIST) is acting as an independent evaluator for the “Advanced Soldier Sensor Information System and Technology” (ASSIST) project. NIST researchers are designing tests to measure the technical capability of such information gathering devices.

For those who remember my question at the team meeting, I thought this article was pretty interesting.

First, this picture of the soldier shows that Steve Mann is far ahead of the US military in terms of technology! I mean, the other soldiers must make fun of this guy with the camera on his helmet.

Second, and more on point with my question, I think the person collecting the info here is very interesting. Recall that part of my question was whether Steve had accounted for the possibility that the information gathered by the sousveiller would be more likely to be used against them than for them. As many people in this field know, privacy-invasive or rights diminishing measures are often tested first on soldiers and prisoners. Perhaps it is a coincidence that it is a soldier here but maybe it's evidence that there's something to my question. And recall that in the 'real world', it's not just an issue of the evidence being used against someone who shoplifts, it's a more general use of the information 'against' or to profile the individual that was part of my question.

Maybe some might consider this example as an example of surveillance of employees (because the military owns the tapes). However, if everyone's sousveillance tapes were accessible to others (through discovery in litigation) or other ways, then really what is the difference between sousveillance and surveillance.

Full story here

| Comments (1) |

EULAs and the Geniuses of Uninformative Dissemination

posted by:Jeremy Clark // 08:50 AM // May 09, 2006 // ID TRAIL MIX


“[C]ontrol of the Western species of the human race seems to turn upon language. Anyone who has worked with language, from the devil on, has been in the business of spreading knowledge. They are not knowledge itself. Novelists, playwrights, philosophers, professors, teachers, journalists have no proprietary right over knowledge. They do not own it. They may have some training or some talent or both. They may have a great deal of both. They will still be no more than the geniuses of dissemination. That knowledge — once passed on as the mirror of creativity or as an intellectual argument or as the mechanisms of a skill or as just plain information — may lead to increased understanding. Or it may not. So be it.” – John Ralston Saul, The Unconscious Civilization

In one unintentional way, Sony’s decision to secure a series of audio CDs with a very nasty piece of digital rights management (DRM) last fall was a partial victory for anti-DRM activists. This misstep on Sony’s part effectively catapulted a niche topic of concern to international attention and into the collective consciousness of the informed public where it lingered for a week or two, and then slipped into the chambers of recent history. The mainstream coverage largely focused, and rightly so, on how Sony’s DRM compromised the security, anonymity, and control of those who unwittingly inserted one of these audio CDs into their Windows machine. The DRM installed as rootkit — a technique that allows software to run invisibly on a system. Worst still, the DRM did not merely install itself as a rootkit; it created an open mechanism to allow itself to run invisibly, and by extension any other piece of properly constructed software. In other words, it left an open security hole for malware to slip through and become invisible to the majority of anti-virus and anti-spyware utilities protecting our systems. Once installed, the DRM will phone home each time the CD is inserted, and no method for uninstalling the DRM was originally offered.

I will not detail each twist and turn of the subsequent events that eventually provoked a recall on the CDs, and a series of lawsuits. I refer those interested to the blog of Mark Russinovich who originally discovered the rootkit and to the Wikipedia article. I have denoted this specific case as a partial victory for those who oppose DRM because while it temporarily caught mainstream attention and hopefully left an impression, it did not do much to impede the relentless movement of content creators towards DRM — it only caused them to adopt subtler albeit equally restrictive technologies.

However there is another side to the Sony debacle that I want to focus on: user consent. Like most pieces of software, Sony’s DRM included an http://www.eff.org/wp/eula.php>end-user licence agreement (EULA); that daunting piece of legalese that ends with an “I Agree” button. In this case, not only did Sony’s EULA not disclose the rootkit, phoning home, or uninstallability, the DRM installed itself before even displaying the EULA. These issues were subject to an Electronic Frontier Foundation lawsuit, which was eventually settled out of court. While I fully applaud the efforts of EFF, I also have to make an uneasy confession to make. Even if companies like Sony did fully disclose and detail all the undesirable behaviours of their software in a proper EULA, I would never know because I never read them. And I know I am not alone.

As these events transpired, I recalled an opinion piece I read a few years ago in Wired by Mark Rasch. Rasch begins with an anecdote: “I have a recurring nightmare. Microsoft CEO Steve Ballmer shows up on my doorstep demanding my left kidney, claiming that I agreed to this in some "clickwrap" contract” [link mine]. While an attorney and security guru himself, Rasch flatly admits to never reading online privacy policies despite writing them for clients. This confession appears to be part of a widely held consensus. According to internet legend, the software vendor PC Pitstop once buried a potential monetary reward in one of its EULAs for any claimant who responded through a given email address. 4 months and 3000 downloads later, the first person finally wrote in and their diligence was rewarded with a $1000 cheque.

Companies can be surprisingly candid in their EULAs, shamelessly detailing in plain language their intention of installing bundled tracking software, displaying all forms of pop-up ads, or phoning home with user information that can be sold to third parties. However other companies purposely obfuscate the pertinent information with impervious legalese, and many EULAs run to multiple pages inside a tiny window that cannot be resized or copied to the clipboard. As along as we the consumers are complicate with this system, and continue to unintentionally consent to terms of service we make no effort to understand, we are empowering the software vendors to the status of geniuses of uninformative dissemination. The information that is communicated through EULAs falls squarely in the latter half of John Ralston Saul’s distinction — knowledge that does not increase understanding.

In Mark Rasch’s op-ed, he turns to technology to aid in consumer understanding. Specifically he calls for a law robot that can be programmed with user preferences and process a licence or policy on a user’s behalf. Now suppress any visions of an artificially intelligent bot capable of comprehending a legal document for moment, because that technology is still far in our future. Other options exist. One is to pressure vendors into offering a machine-readable summary of their contracts and policies. And ground has already been broken on this front by the Platform for Privacy Preferences (P3P).

P3P was initiated in 1997 by the World Wide Web Consortium (W3C) with the objective of developing a standardized syntax for encoding machine-readable privacy policies for web services. P3P use a versatile mark-up language called XML. Any of you reading this blog entry through an RSS feed is already making use of XML. A P3P policy has a set of predefined disclosures and a company must make all that are applicable to its policy. The absence of any disclosure presumes the action is never taken. This transforms the nature of the policy from being a one-way broadcast into being a response to predetermined questions. This disempowers the vendors from being geniuses of dissemination who push their carefully constructed terms of services onto consumers, and empowers the user to pull understandable information from the vendor.

>From a technological perspective, a P3P policy is very elegant. It uses a hierarchical tree of assertions that require the web service to disclose its identity, the methods that are open for resolving disputes concerning the policy, and what gathered information can be later accessed by the user. It then requires the web service to explicitly detail every type of information that is retained (from a comprehensive and predefined list), what purpose the information will be used for, whom the information can be disclosed to, and how long it will be retained. A user may then specify her preferences to a mediating agent such as Privacy Bird or use a P3P-enabled search engine which will analyze the privacy policies of each website she visits before she actually connects to the service itself, and report any discrepancies between the site and her preferences (or if the site does not have a P3P policy at all).

The syntax of P3P could easily be modified to handle EULAs. As a rough sketch, consider anchoring the assertions in two categories: monitor and install. Because spyware monitors user traffic, the monitor category would essentially inherit all the P3P assertions specifying the information retained. It could also specify, with an action assertion, how the data is obtained (keystrokes, data scrapping, packet sniffing, data interception, et cetera) and how often the information is being obtained (only when the program runs, as long as the operating system is running, one-time only, et cetera). The install category would disclose any third party software that is bundled with the principal software and reference this software’s EULA. It would also include assertions concerning the actions taken by the software (rootkit, displays pop-ups, url redirects, et cetera) and an assertion of how uninstallable it is.

Logistically, porting P3P to handle EULAs is not as simple. The legal status of EULAs is ambiguous, and the enforceability of a machine-readable version is something I am not qualified to speculate on. There was also a need to enforce the accuracy of P3P and natural language privacy policies, resulting in a group of non-profit seal programs that audit and certify web services' privacy practices. Expanding the progress made with privacy policies to EULAs would require similiar programs, and the process demands a massive collaboration between computer scientists and lawyers and other disciplines. ID Trail represents a rare occasion when all the right people are sitting at the same table, and as a result I look forward to feedback concerning this problem from all angles: implementation ideas, critiques concerning its viability, opinions on its legality, and speculation on vendor's incentives to comply. Would an undertaking be in the public interest? Is it needed? Could it be effective?

Jeremy Clark is an MASc student at the University of Ottawa.
| Comments (0) |

main display area bottom border

.:privacy:. | .:contact:.

This is a SSHRC funded project:
Social Sciences and Humanities Research Council of Canada