understanding the importance and impact of anonymity and authentication in a networked society
navigation menu top border

.:home:.     .:project:.    .:people:.     .:research:.     .:blog:.     .:resources:.     .:media:.

navigation menu bottom border

: BLOG-ON-NYMITY :

About

Syndicate this site (XML)
RSS 1.0 | RSS 2.0 | Atom

: S E A R C H :



: R E C E N T    E N T R I E S :

: C A T E G O R I E S :

: A R C H I V E S :
main display area top border

My wish list for a few things we need in the privacy world

posted by:Kris Klein // 11:59 PM // October 23, 2007 // ID TRAIL MIX

trailmixbanner.gif

Okay, okay… It’s still a few months away from the Holiday season and the New Year. Regardless, they’ve given me the pen for this spot and I’m making a list. I figure if I get my wish list in early this year, maybe I’ll get a few of the things I want!

So, here’s my wish list for a few things we need in the privacy world:

1. Laws that break through or work around the limitations imposed by our constitution (I mean, provincially regulated employees have no privacy protection in legislation unless their information is used as part of a commercial activity or unless they live in Alberta, B.C. or Quebec).

2. Speaking of commercial purposes… can we please have a better definition that doesn’t involve someone circling and circling and circling? I mean a commercial activity is something of a commercial nature. Gee, thanks for that clarification.

3. Less restriction on the publication of the federal Commissioner’s Reports

4. A version of PIPEDA where the French and English versions translate properly (some sections even have different paragraph numbering)

5. An Act that contemplates that if you go to court on a matter that involved a violation of an individual’s privacy, the Court would be given explicit power to put controls in place that would allow the protection of privacy during the Court process.

6. A recognized ability to get real compensation when your privacy is invaded. Getting a “well-founded and resolved” report is only going to motivate people for so long to stand up for their rights.

7. A recognition that we are in a surveillance state. Question is, are we going to let it get worse, tolerate it the way it is, or fight back?

8. A Privacy Act that is written based on our understanding of computing and database technology in 2007. Not 1977.

9. A recognition that the Privacy Commissioner cannot oversee ALL of government and that it’s high time the government itself takes some responsibility for privacy (yes, they should have Chief Privacy Officers in many departments).

10. Privacy Impact Assessments… oh wait, we do have those, sometimes! (But not nearly enough – and even when they’re done, nobody knows about them.)

11. One more very good conference and then an acknowledgement that we need to actually get the work done and not just talk about it.

Things we probably don’t need:

1. Another privacy lawyer… ooops, well don’t check out www.krisklein.com then.

| Comments (0) |

Rewriting my Autobiography: Me, Myself, and (possibly) a Different ‘I’

posted by:Cynthia Aoki // 11:59 PM // October 16, 2007 // ID TRAIL MIX

trailmixbanner.gif

I’ve always wanted to write my own autobiography. Maybe it’s narcissistic, but I thought it would be a good chance for me to think back, reflect, introspect, and remember both the good and bad things that happened to me throughout my life. I could then maybe figure out what went right, and in some cases, what went horribly wrong. But I told myself that I would save this personal task until I was older and also until I had enough stories and experiences to share and write about. Otherwise, if I wrote my autobiography today, it would be a story about a girl named Cynthia, who went to school, who then decided to go to more school.

I then came across McAdams’ “Life Story Theory” of identity [1] and realized that I didn’t have to wait until I was old and experienced to write my autobiography. I was already in the midst of writing one and in fact, I had been writing and contributing to this autobiography my whole life. According to McAdams, the individual is the primary author of his or her autobiographical narratives and the individual’s memories link together the past, the present, and the future in order to provide a sense of identity and also to provide a sense of purpose for one’s thoughts and behaviours.

This means that all the memories that I formed (both consciously and unconsciously) have helped to provide me with my sense of identity and that I’m continuously evaluating my experiences and integrating them into the larger narrative of my life.

But what would happen if I experienced something so horrifically terrible that I didn’t want it to form part of my life story. Would I have the option of ensuring that I no longer remember this event and that the memory of the event no longer forms part of my autobiography? If so, and I can start actively meddling with my autobiography, would this change who I am?

Memory and Drugs

Because of the importance of memory and its role in defining one’s identity, scientists in the realm of psychology, neurology, and neuroscience have been investigating methods of enhancing or preserving different types of memory. [2]

More recently, scientists have started to focus on developing pharmacological agents that inhibit or dampen the strength of memory formation and recall. These memory dampening agents are currently being investigated for the treatment of post traumatic stress disorder (PTSD).

PTSD and Autobiographical Memories

PTSD is a psychiatric anxiety disorder that can develop in response to traumatic experiences. [3] One hallmark characteristic of this disorder is the alternation between re-experiencing and avoiding trauma-related memories. In some cases, the disorder can be so debilitating that the individual can no longer function in society due to the involuntary and continuous recall of the horrific event.

Currently, researchers are investigating the interaction between autobiographical memories and PTSD. According to Bernsten (2001), traumatic memories are important in that they become reference points to other experiences in one’s autobiographical memory database. More specifically, traumatic memories become significant landmarks, which represent a major threat that is perceived by individuals with PTSD. [4]

By inhibiting the formation of certain autobiographical memories with the use of these memory dampening agents, the potential formation of these important landmarks may be circumvented.

Pharmaceutical Forgetting

Research has shown in both animal and human studies that emotionally arousing experiences are better remembered than those that are emotionally neutral. [5] Arousal is dictated by the level of adrenaline in the body; a higher level of adrenaline results in increased arousal, and therefore, stronger memory formation. Propranolol, which is already being prescribed for the treatment of hypertension, is used to block the effects of adrenaline. Scientists hypothesize that propranolol could help to dampen the recall of traumatic experiences by dampening arousal. Propranolol is currently being tested in multi-centre clinical trials for the treatment of PTSD.

More interestingly, researchers have recently shown that propranolol can also blunt previously formed memories in humans. [6] In a double blind, randomized study, persons with chronic PTSD were asked to recall their traumatic experiences. The mere recall of these previously experienced traumatic events caused adrenaline to be released and resulted in increased arousal. Upon experiencing arousal, half of the participants were administered propranolol; the other half were administered a placebo. Results showed that propranolol retroactively blunted the recall of previously formed traumatic memories.

Once approved for the treatment of PTSD, what would be the legal implications of using these agents in society?

Legal Issues

Propranolol is known as a “beta-blocker” and was developed in the 1950s and has been prescribed for the treatment of hypertension since the 1970s. In both volunteer studies [7] and clinical trials [8] the use of beta blockers was found to impair memory recall. Interestingly, a similar dose (120 mg-160mg/day) is being prescribed for both the treatment of hypertension and for the treatment of memory dampening. [9] Results from these experiments suggest that individuals who are prescribed propranolol for the treatment of hypertension may be subject to memory impairment; perhaps without their knowledge or consent. Of concern to the legal system is that the reliability and accuracy of the testimonies given by these individuals taking propranolol will be called into question. When deliberating future cases, it will be important for Canadian courts to be mindful of the potential effects that propranolol and similar drugs could have on a witness’s testimony.

Another legal issue arising from the use of these agents is the extent of informed consent that would be required when prescribing these memory dampening drugs. After experiencing a traumatic event, individuals will likely be rushed to the emergency room in order to be treated for both mental and physical distress. Upon reaching the emergency room, a tending physician may recommend the treatment of propranolol in order to help minimize the chances of developing PTSD in the future. Despite being informed of the potential risks and uncertainties associated with these agents, it is questionable whether individuals taking these drugs would be in a legitimate position to give their informed consent because 1) their decision making skills would be significantly compromised as they are in times of distress [10], and 2) they would not know the potential role these dampened memories would have played in their future lives and identities.

Some Final Thoughts

Currently, memory dampening agents are not available to the general public. The quickly advancing field of neuroscience, however, may be able to provide new, more specific, and safer agents to help dampen the painful memories associated with traumatic events. In the near future, some of these newer technologies could be potent enough to allow for memory deletion to occur. Recently, the drug, U0126 (not yet available in humans), was able to selectively delete a particular fear-induced memory in rats. [11] Perhaps these memory deleting agents will become available for use in humans.

In conclusion, it will be necessary for the courts and the government to be informed of all of these new pharmacological developments so that they will be in a legitimate position to weigh both the legal and social implications of using these interventions in the future.

Some Final Final Thoughts

By the time I get around to writing an autobiography, I could have gone through some experiences that may have tempted me to take one of these memory dampening agents and artificially blunt some of my memories.
Maybe it’s just me, but if I do decide to write an autobiography, I want to be able to look back and remember both the good and bad times; the times I’ve laughed and sobbed. I want to be confident that the memories I’m recalling and writing about are genuine and that my memories aren’t pharmaceutically modified in any way, shape, or form.

[1] D.P. McAdams, “The Psychology of Life Stories” (2001) 5:2 Review of General Psychology 100-122
[2] Farah, M. J., Illes, J., Cook-Deegan, R., Gardner, H., Kandel, E., King, P., Parens, E., Sahakian, B., & Wolpe, P. R. (2004). Neurocognitive enhancement: what can we do and what should we do? Nat Rev Neurosci, 5(5), 421-425
[3] Vasterling, J. J., Brewin, C. R. (2005). Neuropsychology of PTSD. New York: Guilford Press.
[4] Bernsten, D., Willert, M., Rubin, D.C. (2005). Splintered memories or vivid landmarks? Qualities and organization of traumatic memories with and without PTSD. Applied Cognitive Psychology, 17, 675-693.
[5] McGaugh, J. L. (2006). Make mild moments memorable: add a little arousal. Trends Cogn Sci, 10(8),
345-347.
[6] Brunet, A., Orr, S. P., Tremblay, J., Robertson, K., Nader, K., & Pitman, R. K. (2007). Effect of post-retrieval
propranolol on psychophysiologic responding during subsequent script-driven traumatic imagery in post-traumatic
stress disorder. J Psychiatr Res. (in press).
[7] Frcka, G., & Lader, M. (1988). Psychotropic effects of repeated doses of enalapril, propranolol and
atenolol in normal subjects. Br J Clin Pharmacol, 25(1), 67-73.
[8] Blumenthal, J. A., Madden, D. J., Krantz, D. S., Light, K. C., McKee, D. C., Ekelund, L. G., & Simon, J.
(1988). Short-term behavioral effects of beta-adrenergic medications in men with mild hypertension. Clin
Pharmacol Ther, 43(4), 429-435.
[9] Pitman, R. K., Sanders, K. M., Zusman, R. M., Healy, A. R., Cheema, F., Lasko, N. B., Cahill, L., & Orr, S. P.
(2002). Pilot study of secondary prevention of posttraumatic stress disorder with propranolol. Biol Psychiatry, 51(2), 189-192.
[10] Hammond, K. R. (2000). Judgments under stress. New York: Oxford University Press.
[11] Doyere, V., Debiec, J., Monfils, M. H., Schafe, G. E., & LeDoux, J. E. (2007). Synapse-specific reconsolidation
of distinct fear memories in the lateral amygdala. Nat Neurosci, 10(4), 414-416.

| Comments (5) |

Intimate Invasions: How Far Will Internet Users Push the Realm of Acceptability? or Have You Been Facebook Stalked Yet?

posted by:Kayleigh Platz // 11:59 PM // October 09, 2007 // ID TRAIL MIX

trailmixbanner.gif

I recently, for the first time in my life, set up my own wireless router in order to connect my laptop, as well as my roommate’s, to the Internet. This was not a user-friendly experience, and my stress level was heightened by my need to safeguard my wireless signal from outside intruders. I was creating a code of identity for my actions through my computer network: I had to name my signal and trust that it will safeguard my IP address which is now, through my actions online, an extension of my self and identity.

By giving a name to my Internet network, I was sending a secure signal of my own personal identity out into cyberspace. This is a name that anyone in my physical world close enough to pick up on my Internet signal will be able to see. The Internet, as a social system, is a lot less anonymous than many people seem to still think; whether consciously or unconsciously, we are constantly sending out signals of our identity online. From postings on a blog to a wireless network name, our physical life-based identities seep out to the cyber world.

It’s an alarming trend to notice how oblivious people are to their cyber identities, and how careless they are with cyber information that can have a massive affect in their physical world. The online psyche is now a permanent aspect of most people’s lives.

With such a plugged in world, people live and communicate endlessly via online routes. However, like an unguarded Internet signal, many people leave themselves open to cyberintrusions that endanger both their cyberidentites and their physical life identities. Two women have recently been in the news for such open intrusions into their private lives through seemingly safe online channels. Neither Jessica Coen, nor Allyson Stokke intended to victimize themselves through innocent online actions, yet both had their identities and privacy victimized and destroyed through the very avenues they left open to the cyberworld.

Jessica Coen is an online blogger who is now deputy online editor for Vanity Fair magazine. In a previous job, however, she was a popular blogger on the snarky Manhattan-based gossip website, gawker.com [I]. Coen wrote aggressive observations about people’s looks, loves and lives in New York City through the online medium. Coen wrote to receive a reaction, which she received in hordes. Emails, phone calls, letters in the mail, false email accounts set-up under her identity were just some of the reactions she caused from her caustic writing. All were, of course, anonymous. All were invasions of her privacy. None of which would have been so easily acted upon in the physical world. What was a wake-up call to Coen and her lifestyle should be a wakeup call to us all. Just because the anonymity of online actions makes it easier for many people to do or act in ways they are not comfortable in the physical world, does not mean the actions do not have an affect in the physical world. Voyeuristic tendencies have increased in popularity of negative online actions. The Internet has increased many people’s freedom of expression, both positive and negative. In this “me” generation, where the staged reality show, “The Hills,” is a hit, men and women not only feel that it is alright to comment and act as they desire in the online world, but seemingly get approval of their actions through physical world reactions such as media social relations. In today’s world, it is just as common to end a relationship through online or cellular means as it is in a physical world situation.

It is interesting to note that Coen is still active online. She is currently working online and still maintains a blog. A quick search on Facebook brings up a profile that appears to be hers as well. While Coen has been awakened to the threats that are online regarding her own privacy, as well as the malleableness of her identity in the online arena, she has continued to safely traverse the online realm as well as educate other women about both her experiences and her suggestions.

Allison Stokke is young woman with a similar story [II]. However, Stokke’s online privacy invasion began innocently with a sports blogger posting a picture of the young track and field athlete on his website. Rapidly, Stokke received an overwhelming amount of friend requests on her Facebook profile, and YouTube montages made in her honour. More online and even real-life harassment followed in the wake of that one posted picture. Today it is very easy to still find pictures of Stokke online, but not her physical cyber self. Stokke, as an individual, has all but disappeared online due to her experiences.

Online voyeurism has, I dare say, become more dangerous today than in the early days of the Internet when adults were arrested for meeting minors they had met online. You see, online voyeurism has gone beyond something that both appals and frightens us as it was in the past: online voyeurism has gone mainstream. While neither Coen nor Stokke were physically harmed by their attacks, not all individuals have been so lucky. Indeed, the separation between people’s physical world actions and their cyberworld actions is becoming more apparent by the more vicious people become online. Indeed, many people feel comfortable acting out online in ways they would never do in the physical world. As the cyberworld becomes more “real” in our daily lives, our ethics and responsibilities online must be reassessed. The separation of self and ethics must cease to exist. Verbally tearing into someone online may be exhilarating, but has “real life” affects on people’s lives. We need to keep in mind the humanist aspects of the online world. To continue to be wired we must keep it real.

In short, we must redefine the real to fit our new dimensions of our world. What is the real experience? How do we feel the real in cyberworld? How do we let the cyberworld fully compliment the physical world? Finally, how far do we let the two worlds go?

[I]I See Jessica Coen, Online Bullies Back Off. Glamour Magazine. Oct. 2007: 227-228.
[II] See Rebecca Webber, Give This Girl Her Life Back! Glamour Magazine. Sept. 2007: 80.


Kayleigh Platz is a Master’s student in Public Issues Anthropology at the University of Waterloo, Ontario, Canada. Kayleigh’s interests range from on-line communication and social networks, the cyberworld culture, on-line voyeurism, tactical media, and Harry Potter. Kayleigh’s main research focuses on online social networks and user identities. Kayleigh will be speaking at the Student "I" conference at the University of Ottawa on October 25th.

| Comments (1) |

Wikisurveillance: a genealogy of cooperative watching in the West

posted by:Michael Arntfield // 11:59 PM // October 02, 2007 // ID TRAIL MIX

trailmixbanner.gif

As the duly elected Liberal government currently serving the Province of Ontario stands poised to infuse one of the largest revenue collection and fine levying agencies in the Western hemisphere—the Ontario Provincial Police—with $2 million (Can) to fund the operation of a state-of-the-art spy plane ostensibly required to identify “racers” or “stunt” drivers using the King’s Highways (Cockburn & Greenberg 2007), all while police in Britain continue to append audio-video recording equipment, or “Bobbie-Cams,” to the helmets of their patrol officers in the vein of Paul Verhoeven’s dystopic 1987 film Robocop (Satter 2007), one is prompted to take a look back at the corpus of police surveillance devices suborned by modernity, that have in aggregate given way for what might be called the golden age of voyeurism.

The mechanical metamorphosis from Althusser’s (1971) Ideological State Apparatus, into the more palpable “technical apparatus” (Ellul 1964: 101) of the police as we know them today, has been achieved in large part through a process of technological determinism, or the means by which human culture and history are simultaneously rendered and reified by our machines. In other words, the ubiquity of those police surveillance and reporting tools that have pervaded urban life for well over a century, has in turn propagated a mimetic response in occidental consumer culture whereby the general public is increasingly enamored by the “democratization of surveillance” (Staples 2000: 155) made possible by portable, affordable, and elegant devices that, through their egalitarian accessibility, make “coercion embedded, cooperative, and subtle, and therefore not experienced as coercion at all” (Ericson & Haggerty 1997: 7). As public and private interests ultimately converge through a phenomenon I call wikisurveillance, the denizens of this self-supervising panoptic state cooperatively pen the requiem for once valued tenets of privacy through the normalization, even fetishization, of corporate and private data mining, cell phone videography, security camera ubiquity, home “monitoring” systems, the proliferation of spy stores, and systemic Facebook cultism.

As such, I define wikisurveillance as the manner in which the community at large has been seduced by, or at the very least summarily acceded to, the idea of watching, recording, reporting, and even the expectation, or exhibitionism, of being watched, as the new de facto social contract for the post-industrial age. Ergo, the computing neologism “wiki” is an appropriate prefix to denote and describe this present Zeitgeist of freelance information brokering in which we presently live, as not unlike any open-source wiki-based text that is publicly inclusive, accessible, modifiable, and even corruptible in its design, the commercial surveillance technologies that define the new historicism of Western media have fostered an age of consensual spying and reporting perhaps best described as the Vichy state of late-capitalism. As conventional law enforcement’s monopoly on surveillance has consequently been muscled out by a veritable coup d’état spearheaded by free unlimited video messaging, Dateline hidden camera specials, and “how’s my driving?” bumper stickers, we must to some extent acquiesce to the troubling truism that Orwell was wrong: that “[t]here is no Big Brother…we are him” (Staples 2000: 153).

From the discreet distribution of “Constable keys” in the early 20th century to select citizens who could then access locked police signal-boxes and secretly report on the activities of their neighbors, illegal or otherwise, through to the efforts of the Ontario Green Ribbon Task Force in the early 1990s to have affluent commuters armed with what were then nascent and comparatively costly cell-phones report on the movements and identifiers of any vehicle similar to that believed to have been driven by serial killer Paul Bernardo, to modern AMBER-Alerts that function under this same basic pretense, and ultimately to the use of virtual communities like You Tube to solve crimes as serious as murder in some instances (Quintino 2006), there is indeed a long standing confederacy between hegemony and communications technology—even a co-constitutive evolution—which is being increasingly co-opted by private citizens and private enterprise as the state’s observational authority is deregulated.

As Western law enforcement continues to increasingly assert itself through largely privately owned and definitively for-profit entities whose loyalty remains to its capital interests in earnest, the “technical apparatus” of the police is diffused amongst an untrained, unaccountable, and largely anonymous civilian populace who mimic the police methodology by not only buying the compatible hardware, but also buying-in to the associated mindset that all human activities have an inherent intelligence-gathering value.

Whether it be the regular use of clandestine listening devices in Dunkin’ Donuts stores throughout the US (Staples 2000), or the Argus Digital Doorman maintaining and potentially selling off a facial recognition database containing the images of all visitors traveling to and fro any subscribing condominium or apartment building, we see that wikisurveillance allows the Western narrative on both privacy and paranoia to be scribed by a cabal of agents provocateurs who, in working for purely commercial interests, transform the thin blue line into a proverbial Maginot Line of strategic technical installations that expedite the erosion of human agency in not only the management, but also the manufacturing, of law and order.

Wikisurveillance has shown us that the rise of the dreaded police state in the West will not come with the terrifying, sweeping reforms of some new radical and totalitarian government that somehow seizes power, nor from under the boot of some fascist despot, but rather, with the efforts taken in the here and now largely to protect actuarial assets. While police agencies are generally subject to public oversight and accountability, and to archival audits and the eventual de-classification or disclosure of some information, where, when, and how the fragments of unregulated and individually mined data presently floating around will ultimately be used becomes the nagging query written into the code of wikisurvillance. As all human activities become increasingly part of a permanent and quantifiable record that is in large part privately owned and maintained, the Monday morning quarterbacking of historical surveillance data will consequently ensure that “[a] crime can always be found” (Solove 2007: 5) amongst the assorted images, as the floating definition of deviance ensures that crime becomes the last truly renewable Western resource.

Michael Arntfield is a PhD candidate at the Faculty of Information & Media Studies, University of Western Ontario.

BIBLIOGRPAHY

Adlam, Robert C.A. (1981) “The Police Personality.” In: Pope, David W. & Weiner, Norman L. (eds) Modern Policing. pp. 152-162. London: Croom Helm Ltd.

Chu, Jim (2001) Law Enforcement Information Technology: A Managerial, Operational and Practitioner Guide. USA: CRC Press

Cockburn, Neco & Greenberg, Lee (2007) “Ont. to Impose $10,000 Fines for Street Racing.” National Post on-line, Aug 15, 2007. Electronic document: http://www.canada.com/nationalpost/news/story.html?id=6b7d070b-7d48-466c-96db-586d2a5f6def&k=10512. Retrieved Aug 16, 2007

Dandeker, Christopher (1990) Surveillance, Power and Modernity: Bureaucracy and Discipline from 1700 to the Present Day. Cambridge: Polity Press

Ellul, Jacques (1964) The Technological Society. New York: Knopf

Ericson, Richard V. & Haggerty, Kevin, D (1997) Policing the Risk Society. Toronto: University of Toronto Press

Lind, Laura (2007, August 18) “Hysteria Lane” The National Post, Toronto Weekend Magazine, p.14

Mann, Steve (1998) “’Reflectionism' and 'Diffusionism': New Tactics for Deconstructing the Video Surveillance Superhighway,” Leonardo, 31(2): 93-102.

Manning, Peter K. (1992) “Information Technologies and the Police” In Tonry, Michael & Morris, Norval (eds) Modern Policing. pp. 349-398. Chicago: University of Chicago Press

Marx, Leo (1964) The Machine in the Garden: The Pastoral Idea in America. New York: Oxford University Press

Maxcer, Chris (2007, March 6) “Cops Nab Crooks Using YouTube” Tech News World.com. Electronic document: http://www.technewsworld.com/story/56108.html
Retrieved July 10/07

Morgan, Rod & Newburn, Tim (1997) The Future of Policing. Oxford: Oxford University Press

North, Dick (1978) The Lost Patrol. Anchorage: Alaska Northwest Publishing Co.

ODMP (2006) Officer Down Memorial Page. Fallen officer directory. Electronic document: http://www.odmp.org/agency.php?agencyid=2758. Retrieved June 14/06

Packer, Jeremy (2002) “Mobile Communications and Governing the Mobile: CBs and Truckers,” Communication Review, 5(1) pp. 39-58

Phillips, Alberta (2005, March 17) “After Club Fire Police Comments Still Smolder” Statesman.com. Electronic document: http://www.statesman.com/opinion/content/editorial/stories/03/17phillips_edit.html. Retrieved May 2/06

Quintino, Anne-Marie (2006, December 15) “Police Discovering Power of YouTube” Globe and Mail.com. Electronic document: http://www.theglobeandmail.com/servlet/story/RTGAM.20061215.gtcopsyoutube1215/BNStory/Technology/home. Retrieved July 17/07

Richardson, Mark (2005) On the Beat: 150 Years of Policing in London Ontario. Canada: Aylmer Express Ltd.

Rubinstein, Jonathan (1973) City Police. USA: Hill & Wang

Satter, Raphael G. (2007, July 13) “Britain’s surveillance to new levels with video cameras strapped to police helmets.” CBC Newsworld. Electronic document: http://www.cbc.ca/cp/world/070713/w071347A.html. Retrieved July 14/07

Seltzer, Mark (1992) Bodies & Machines. New York: Routledge

Smith, Merritt Roe (1994) “Technological Determinism in American Culture.” In Smith, Merritt Roe & Marx, Leo (eds) Does Technology Drive History? The Dilemma of Technological Determinism. pp. 1-36. Cambridge, Mass: MIT Press

Solove, Daniel J. (2007) “I’ve Got Nothing to Hide and Other Misunderstandings of Privacy,” The San Diego Law Review (44), pp. 1-23

Staples, William G. (2000) Everyday Surveillance: Vigilance and Visibility in Postmodern Life. Lanham, MD: Rowman & Littlefield

Stewart, Robert W. (1994) The Police Signal Box: A 100 Year History. Glasgow: University of Strathclyde. Electronic document: http://www.eee.strath.ac.uk/r.w.stewart/boxes.pdf. Retrieved April 25/06

Vanderburg, Willem H. (2000) The Labyrinth of Technology. Toronto: University of Toronto Press

Wade, John (1829) A Treatise on the Police and Crimes of the Metropolis. London: Longman, Rees, Orme, Brown & Green

| Comments (0) |

A Canadian Privacy Heritage Minute: Surveillance, Discipline, and Nursing Education

posted by:James Wishart // 11:59 PM // September 25, 2007 // ID TRAIL MIX

trailmixbanner.gif

In this particular historical moment of fetishized “security” and state-sponsored surveillance carried out “for our own good,” it is tempting for some of us to think that we are reaching some low point in the history of privacy, where new technologies already allow the deployment of an Orwellian omniscience by states and corporations. This may indeed be so, but some research I did some years ago on the history of nursing education (of all things) has inclined me (a privacy advocacy neophyte) to wonder if the drive for total surveillance is neither novel nor dependent upon new technologies. In the spirit of Heritage Canada’s iconic television spots, I offer my own “Privacy Heritage Minute,” with all the skeletal theoretical framework, carefully-selected facts and simplistic moral that such an approach implies.

Prior to the 1950s, most Canadian nurses (who were predominantly young, white, unmarried women) were trained through an apprenticeship system, learning their craft by working for three years unpaid on hospital wards. This training was extremely arduous and strictly regimented, and was overseen by a limited number of paid nurse overseers and by senior nurse apprentices. The vast bulk of nursing labour in hospitals was completed by students, who lived on the hospital campus and seldom left the site until their training was complete.

Beginning in the late 19th century, it was understood that moral rectitude (read virginity) and feminine deference (read unquestioning obedience) were key characteristics of the ideal nurse. In part this was because prevailing models of health contained an unmistakably moral component (as arguably they still do – see the rhetoric around obesity, heart disease, HIV, etc.). Likewise hospitals, which were in competition for the dollars of wealthy patients and donors, used the image of the physically and morally clean (female) student nurse as advertising to convince the well-to-do of the safety and efficacy of institutional health care. [1]

Hospitals posted extensive lists of rules intended to ensure the proper behaviour of their student nurses. Obedience was far too important to be entrusted simply to sets of rules, however. As was explained in one nurses’ orientation manual, each individual would be “carefully watched to ensure strict obedience.” Surveillance, embodied in the policies, procedures, and the very architecture of the training school and Nurses’ Home, provided the disciplinary backbone for nursing training. Michel Foucault described similar developments with respect to 18th-century reform schools and prisons in Discipline and Punish: “We have here a sketch of an institution ... in which three procedures are integrated into a single mechanism: teaching proper, the acquisition of knowledge by the very practice of the pedagogical activity, and a reciprocal, hierarchised observation.”

Surveillance of student nurses began from the moment they applied to their training. Candidates underwent gynecological screening tests, which allowed hospital management to determine whether the candidates showed signs of sexually transmitted diseases, previous pregnancy, or loss of virginity. Applicants who showed evidence of such indiscretions were likely to be rejected as “not suitable to become a nurse.” This managerial anxiety over sexuality permeated the apprenticeship program. Of particular concern in these all-female spaces was homosexuality, a “vice” that dared not speak its name but that nevertheless attracted careful scrutiny by managers and hospital trustees. As one former nurse explained to me,

A rule was posted that ‘only one may bathe at a time’. We didn’t have time to wait in the mornings, so we often shared showers and tubs. The bathrooms were patrolled [by matrons] and so if a matronly voice said ‘is there only one of you in the tub,’ our rule was that only the one in the middle would call out ‘Yes, miss!’. I realized later that they were scared stiff of lesbianism.

In some residences, bath doors were designed like the swinging doors of saloons with spaces above and below, a technology of observation noted by Foucault at Paris-Duverney's Ecole Militaire. [2]

Surveillance was also trained upon the movements of apprentice nurses in their leisure time and private spaces. Purpose-built Nurses’ Homes were designed along panoptic principles, situating the Matron’s quarters adjacent to the main exit, an arrangement that gave the impression that the foyer was under constant supervision. Anyone entering or exiting the residence was required to sign a log, and bedrooms were checked for absent (or extra) bodies every evening. Strict curfews were enforced with the threat of dismissal, and reinforced with the possibility of character assassination for young women seen “out on the town” after curfew. In this latter area, the hospital enlisted the aid of the surrounding community as observers and judges of nurses’ conduct, and upright citizens regularly informed managers of suspected infractions by students.

On the hospital wards, surveillance took its shape via the ideology of scientific management. By the 1910’s, hospital managers had joined the cult of efficiency, and strongly believed that minute regulation of workers’ time and motion would lead to increased production and lower costs, concepts which fit awkwardly into the provision of health care but which nevertheless persist in hospital management to this day. [3] To this end, nurses were monitored carefully as they learned nursing tasks in a deskilled [4], routinized manner, with harsh discipline as the reward for lapses of technique or behaviour. A fundamental goal of this system was that students would internalize the observing eye, and like Jeremy Bentham’s panopticized prisoners, govern their behaviour according to the priorities of the institution.

Although there were obvious functional reasons for hospitals to maintain strict control over their unpaid labour force, the diligence with which such controls were implemented cannot be explained without attention to the larger discursive webs in which hospitals and nurses were caught. Rapid urbanisation and economic change in Canada, with the attendant increases in single women's urban employment and public visibility, fostered in the imaginations of civic leaders the spectre of the 'woman adrift', the young working girl living in unsupervised residences in an urban environment, untended by patriarchal authority. Promoting women's chaperoned boarding houses, the Toronto Star-Weekly prodaimed in 1917: "It would seem to be but our duty, from an economic as well as a humanitarian stand-point, to see that [the working girl] lives under conditions which tend to make her more efficient, as well as a worthy citizen. It is not too much to say that the future of our country lies in the hands of these girls.” This disingenuous language reflects (in part) anxieties about “degeneracy” that brought us such historical highlights as eugenic sterilization and the Chinese head tax. Regulation of the young female student nurses was thereby elevated to the level of a patriotic duty. Hospitals as major Canadian institutions bought into this wholesale, boasting that their system of discipline and training worked to produce “the best type of Canadian womanhood.”

With the future of the nation apparently at stake, there was little or no concern expressed about the privacy or autonomy of student nurses. [5] No privacy laws governed the surveillance of these young women – there were compelling moral, economic, political, medical, and other reasons to watch them, and so they were watched.

Without overstating the case, I wonder whether this Heritage Minute tells us a couple of things about reasonable expectations of privacy. To me it says that where fear and prejudice coalesce into social panic, surveillance is a ready tool for the identification and punishment of deviance, and privacy rights will be among the first in a long line of casualties. It also implies that surveillance technology takes the form of whatever is at hand. Hospitals used architectural techniques, documents, holes in walls, and human eyes to watch nurses, and socialized their students to watch themselves and each other. So although resisting the development of new methods of surveillance is important, it’s maybe just as important to keep our eyes on the core reasons why our privacy comes under constant assault. The longevity of the hospital system of nursing training suggests that where serious abrogations of privacy rights have apparent social or economic utility, or where they support the societal status quo, they may persist invisibly or unremarkably for decades.

Thank you. This has been a Canadian Privacy Heritage Minute brought to you by the idTrail.


[1] Even until the 1920’s, most hospital health care was “charitable,” reserved for persons who could not afford home visits by doctors and nurses. Hospitals had poor reputations as charnel-houses until they became the centralized repositories of expensive medical technologies like X-Rays, antiseptic operating theatres, and professional nursing care. This is a long story, for which there is not room here.
[2] Discipline and Punish (NY: Random House Vintage Books, 1979) at 172-173.
[3] Recently some RFID manufacturers and hospital administrators have proposed that increased efficiency could be achieved by attaching RFID tags to the bodies of hospital workers and patients, thus facilitating a constant surveillance of their motions through real-time monitoring from a central site.
[4] The “skill” level of the tasks taught to nurses is the subject of a healthy historical debate which has the “professional” status of nursing at stake in its outcome.
[5] Student nurses themselves expressed such concerns, and acted on them in important and effective ways, but that is a story for another time.

| Comments (1) |

The Wrong Kind of Privacy

posted by:Julie Shugarman // 11:59 PM // September 18, 2007 // ID TRAIL MIX

trailmixbanner.gif

I recently received news that my friend Kelly was found dead in her single room occupancy [1] hotel in Vancouver, several days after she had died. [2]

I knew Kelly as a great force working to improve the lives of street level sex workers in Vancouver’s Downtown Eastside (DTES). Feeling far away and alone in my grief, I googled her to see whether anything had been written about her death. To my surprise, I found a handful of references to her (full name included) as a participant in a free heroin trial program, and identifying her as a woman living out of a shopping cart in Canada’s poorest postal code. I was frustrated and angry that this one-dimensional sketch of Kelly, involving incredibly private details about her life, was so accessible. My first instinct was to wonder whether she had consented to having her name published in these articles. But then a different, and rather more pressing set of questions struck me.

Why, when so few people took notice of her daily existence and suffering, when she was allowed to die almost invisibly – was it possible for me to access information about her health, [3] her poverty and her homelessness on the World Wide Web? I couldn’t shake the idea that Kelly had too much of the wrong kind of privacy.

Kelly didn’t need the state to be kept “out”. [4] She needed the state and society more broadly to be let “in”, to actively participate in her existence by recognizing her humanity and not remaining indifferent to her poverty. The privacy she needed is that which comes from access to private property and adequate housing. The privacy she needed was that which would have enabled her to develop her identity and sense of self outside of the apathetic public scrutiny that happens on the street where the privileged are indifferent voyeurs of suffering.

What is privacy, anyways?
I write this with the qualification that it is not entirely clear to me what privacy is. I am puzzled about what it means for something to be “private”, what it means for someone, or some identifiable group, to have a right or an interest in “privacy”, or what exactly happens when this peculiar thing known as “privacy” is lost.

Warren and Brandeis famously quoted Judge Cooley’s definition, describing privacy as a right “to be let alone”. [5] Westin is most frequently attributed with informing us that privacy is about a right to control information about ourselves. [6] Judith Jarvis Thompson said privacy is a reductive concept that essentially consists of clustered property rights and rights to ones own person. [7] Ruth Gavison and Anita Allen have identified privacy as a limitation of access to individuals. [8] Richard Bloustein outlined privacy as integral to human dignity. [9] Jeffrey Reiman offered a notion of privacy as critical for personhood formation. [10] Many other wise theorists have offered still more accounts of privacy, more attempts to define what remains, in many senses, opaque.

Legally, the concept of privacy has largely developed in the context of rights of the individual accused as against the state. The Supreme Court of Canada has ruled that privacy is an instrumental right – integral to the realization of fundamental entitlements such as liberty, security of the person, and equality. [11] Section 8 Charter jurisprudence instructs that there is a distinction to be drawn between public and private space – fostering the notion that we are, at least in some ways, entitled to less privacy in public. [12]

So what’s the problem?
Almost all of this theorizing and analysis seems to take for granted that everyone has access to private space. It assumes a means to limit or control access to oneself. It further assumes that while privacy may not be a fundamental right in and of itself, it is an intrinsic aspect of human life that must be vigilantly protected from theft by the state, the corporate world, or other actors. The reality is that this access and these means are far from universal and that sometimes state intervention and support is necessary in order to foster privacy and/or the ends that privacy aims to achieve (like dignity, autonomous decision-making, the ability to exercise even constrained ‘choice’ with respect to decisions of a private nature, etc.). [13]

The notion of an obligation on the state to protect vulnerable people, even from activities that occur in otherwise private settings, is not new. Largely as a result of feminist activism, the idea of a man’s home as his impenetrable castle – a sacrosanct space that should be fiercely guarded from the hands of the law no matter what occurs within – has been challenged and discredited. It is not okay for the state to remain passive when a person is beaten-up or raped by her spouse. The legacy, however, of the historical role of privacy in protecting male domination of women in the marital home is significant and enduring. Martha Nussbaum, for example, warns: “anyone who takes up the weapon of privacy in the cause of women’s equality must be aware that it is a double edged weapon, long used to defend the killers of women.” [14]

Suspect of privacy, and at the risk of being perceived as taking it up as a “weapon”, I am becoming increasingly interested in arguments that call on the state to facilitate the privacy of historically marginalized groups - like women living and working on the streets. If the law has deemed it inappropriate for the state to ignore abuses suffered by women in their homes, it should not be permissible for the law –and for individuals more generally- to ignore the poverty of women working and living on Canada’s streets. It is their poverty that forces them into public space, and robs them of the privileges of privacy.

Elisabeth Paton-Simpson has pointed out that, “contrary to a widely held assumption in privacy law, reasonable people do not intend to waive all rights to privacy by appearing in public places.” [15] However, Paton-Simpson does not discuss the reality that many Canadians do not have the option to choose whether to appear in public or whether to leave the relative security of their homes – because they have no homes. [16] Unlike the people Paton-Simpson discusses, homeless and precariously housed Canadians have no option to “trust” that they will not be made objects of media excesses and advances in surveillance technology. [17] And yet, while they are infinitely accessible and have no adequate private space within which to develop – they are simultaneously scorned, ignored, and turned into ghosts counted only in studies and statistics. [18]

Final thoughts
Privacy comes in degrees. [19] A person or group of people can conceivably have too much privacy – or not enough. Indeed, without regular access to private property or the capacity to ensure that personal information is not made publicly available, a person’s existence can be completely lived in the presence of others.

It is understandable why legal and philosophical concern about privacy has been focused on protecting against loss of privacy. I think, however, that we need to refocus our attention on whether in some cases positive action is required to facilitate privacy and the goods associated with it (like dignity, security of the person, and liberty). We need to begin addressing the role of the state, the corporate world, and communities in facilitating conditions conducive to the “privacy” that continues to be erroneously assumed as the starting point for all.

Many of my friend Kelly’s daily rituals, no matter how intimate, were performed in “public” – they were accessible to all who passed by, and yet the three-dimensionality of her life and eventually her death remain invisible to most. We are repulsed, we simply don’t give a damn, or we actively disengage and explain-away our responsibility to pay attention, to do something, and to not let people who are in need of assistance alone. Perhaps until we learn better when it is okay to look away, we should take a positive obligation to facilitate privacy as our starting point – so that women do not go missing or die unnoticed.


[1] Single room occupancy (SRO) residential hotel units represent the most basic shelter provided for low-income individuals living in Vancouver’s Downtown Eastside (DTES). The people who live in SRO buildings are low-income singles at high risk of homelessness.
[2] This is not her real name.
[3] I am writing from a perspective that treats drug use as a health issue.
[4] This is intended as a reference to privacy as involving an entitlement to keep the antagonistic state out of the lives of individuals.
[5] Samuel Warren and Louis Brandeis, “The Right to Privacy” (1890) 4 Harv.L.Rev. 193. at p. 195.
[6] Alan F. Westin, Privacy and Freedom (New York: Atheneum, 1967) at p. 7.
[7] Judith Jarvis Thomson, “The Right to Privacy” (1975) 4 Philosophy and Public Affairs 295-314
[8] Ruth Gavison, “Privacy and the Limits of Law,” (1980) 89 Yale Law Journal at p. 428; Anita Allen, Uneasy Access (New Jersey: Rowman and Littlefield, 1988).
[9] Bloustein, E.J., “Privacy as an aspect of human dignity: An answer to Dean Prosser,” (1964) 39 N.Y.U. L. Rev. 963. It is worth noting that Bloustein is referencing “dignity” in what some might call the liberty sense, and not the equality sense. He writes of privacy as dignity offending by explaining: “an intrusion of our privacy threatens our liberty as individuals to do as we will, just as an assault, a battery or imprisonment of our person does.” at p. 1002.
[10] Jeffrey Reiman “Privacy, Intimacy, and Personhood” (1976) 6 Philosophy and Public Affairs at p. 26
[11] See for example: R. v. Dyment, [1988] 2 S.C.R. 417 at paras. 17, 21-22; R v. O’Conner [1995] 4 S.C.R. 411 at paras. 110-113, 115; R. v. Mills, [1999] S.C.J. No. 68 at 91.
[12] Section 8 of the Charter provides that “[e]veryone has the right to be secure against unreasonable search and seizure.” In R. v. Silveira, [1995] 2 S.C.R. 297, at para. 140, Cory J, found: “[t]here is no place on earth where persons can have a greater expectation of privacy than within their 'dwelling-house'”. See also: R. v. Tessling, [2004] S.C.J. No. 63, in which the SCC indicated that expectations of privacy are less reasonable when one moves outside of the sphere of the home, at para 22.
[13] On privacy’s functional role in facilitating dignity, integrity and autonomy see: R. v. Mills, [1999] S.C.J. No. 68 at para 81.
[14] Martha Nussbaum, “What’s Privacy Got to Do With It: A Comparative Approach to the Feminist Critique” in Women and the United States Constitution: History, Interpretation, and Practice ed. Sibyl A. Schwarzenbach and Patricia Smith (New York: Columbia University Press, 2003) at 164.
[15] Elizabeth Paton-Simpson, “Privacy and the Reasonable Paranoid: The Protection of Privacy in Public Places,” (Summer, 2000) 50 Univ. of Toronto L.J. 305.
[16] Canada has no official data on homelessness – an omission which has attracted critique from the United Nations Committee on Economic, Social and Cultural Rights. For a somewhat dated discussion of this, see: Patricia Begin, Lyne Casavant, Nancy Miller Chenier, & Jean Dupuis, “Homelessness,” Political and Social Affairs Division, Parliamentary Research Branch, 1999. Online: http://dsp-psd.pwgsc.gc.ca/Collection-R/LoPBdP/modules/prb99-1-homelessness/index-e.htm
[17] Elizabeth Paton-Simpson, supra note 15: “To the extent that they have any choice in the matter, [reasonable people] generally refuse to be governed by suspicion and paranoia, preferring to trust that their privacy will be respected. They leave the relative security of their homes in order to survive and participate in society, and their experience and expectation is that public places do afford varying degrees of privacy.”
[18] In using the term “ghosts,” I am mindful of Jeffrey Reiman’s theory that there would be no person, or moral agent, to whom moral rights could be ascribed if it weren’t for the boundary drawing, person creating, “social rituals” we call privacy. According to Reiman, privacy “protects the individual’s interest in becoming, being, and remaining a person”: Jeffrey Reiman, supra note 10 at p. 25, 43-44. Charles Fried has similarly made the point that privacy is integral “to regarding ourselves as the objects of love, trust and affection” to understanding ourselves “as persons among persons”: Charles Fried, “Privacy” (1967-68), 77 Yale L.J. 475, at p. 477-78.
[19] I am not speaking here about what courts sometime refer to as “degrees of privacy” in the Charter s. 8 context - as dependent on the type of search (the degree of rights, for example, yielded by a search of a person, as opposed to a search of a person’s home or vehicle). See, for example, Roback v. Chiang, [2003] B.C.J. No. 3127 at para 14.

| Comments (0) |

For Better, For Worse, or Until I Decide to Spy on You

posted by:Dina Mashayekhi // 11:59 PM // September 11, 2007 // ID TRAIL MIX

trailmixbanner.gif

Being recently married, I still haven’t quite adjusted to the idea that you can’t change certain traits in your spouse. For example, my other half tends to view cell phones as a leash, and he regularly “forgets” to call me when he’s going to be late, or going out after class or work. As a result, I end up panicking, thinking he has been in a terrible accident and is unconscious somewhere, and I promptly begin my routine of repeatedly calling his cellphone (which is usually off or at the bottom of his bag on silent mode). By the time he finally gets to the phone and sees 18 missed-calls from me, I’m usually anxiety ridden and he calls me laughing, telling me I’m crazy, and that he’s on his way home. This conversation is usually followed by certain expletives and ends with my threat that I’m going to implant him with a GPS tracking device.

Of course, when I raised this idea, I was completely joking. For the sake of fantasy, my ideal device would be a microchip and to my knowledge, the Verichip doesn’t operate as a GPS device for commercial use (yet). Such a use would also run contrary to my convictions as a privacy advocate, but at times, I feel as though my sanity is at stake. I decided to inquire further into the practical aspects of my GPS threat (after all, there’s no point in a threat without any substance), and to examine the idea of spousal surveillance in general. [i]

The Newly Married or Soon-to-be-Married

I first looked to an online forum that is geared towards wedding planning and is frequented by brides-to-be and newer brides. I visited this forum quite a bit back in the wedding-planning days. I posted a simple 3-question poll. My questions weren’t intended to examine the moral implications of surveillance; rather, I was just trying to get a basic overview of what people would do.

My first question was “Have you ever used any type of surveillance on your spouse?” Out of 154 responses, 10 people (0.6%) answered Yes, with the remaining 144 (93%) answering No. The types of surveillance, whether electronic or not, were not specified. My second question was “Have you ever read your spouse’s email without him knowing?” Of 155 replies, 92 (59%) answered Yes and 63 (40%) answered No. A few people, however, chose to comment on this question stating that they have their spouse’s implicit consent to check their email. Finally, my third question was “If given the opportunity, would you use GPS tracking or an RFID chip to track your spouse?” Out of 155 replies, 21 (13%) answered yes, and 134 (86%) answered No. Some people who chose “Yes” commented that they only chose “Yes” because they would want the option in case of an emergency situation and not because of a lack of trust. Others confirmed that they would not want to so much “track” their spouse, but would want to be able to “find” them when necessary. And, of course, some users pointed out if you got to the point where you needed to resort to tracking your spouse, your relationship was in serious trouble. One user relayed a story of a past relationship where reading her boyfriend’s emails, and trying to find out what he was doing, confirmed that he was cheating on her.

From this small poll I learned that (a) I’m not the only one who has little fantasies about wanting to know where her spouse is and (b) More spouses than I’d expected have read their partner’s emails.

Marriage, Surveillance, and Privacy

This lead to my next finding -- a major target audience of surveillance software, surveillance devices and GPS products is married spouses. As I was searching for various products, it seems that they were geared towards tracking and catching that “wayward” spouse. More often that not, website visitors were invited to catch their “cheating wife” in the act. I actually did not find one product marketed towards safety for worriers (my initial purpose). I was impressed by the array of technologies available, saddened by the distrust existing in marriages, and concerned by the lawfulness of many of these technologies.

In her article “Spy vs. Spouse: Regulating Surveillance Software on Shared Marital Computers”, [ii] Camille Calman raises arguments in favour of the regulation of surveillance software on shared computers between spouses as a basis of bringing consistency to the law of communications privacy and reinforcing the social perception of marriage as a partnership of autonomous individuals characterized by mutual trust. Calman examines laws governing the protection of information and the concept of the reasonable expectation of privacy. She reasons that the use of surveillance technology for “spying on a spouse cannot be justified by the rationale that spouses have a lower expectation of privacy within marriage than they do with outsiders.” She traces the lack of recognized privacy rights between spouses to the lack of legal rights given to women upon marriage until the nineteenth century. Married women were, after all, considered to be subordinate to their husbands and the couple was seen as a single legal entity. She explains:

Changes in privacy law and in social constructs of marriage converge in the area of communications privacy. One of the most important aspects of personal autonomy is freedom to communicate with other persons. The law does not require married couples to tell each other everything; such a requirement could not be practically enforced. Entry into marriage does not entail signing away the right to communicate privately with persons outside the marital relationship. Some writers have described spheres or zones of privacy, with an innermost zone open to no one, and the next zone open only to spouses, close friends, and relatives. Even within those inner spheres, the law does—and should recognize a right of personal privacy.
Certainly individuals within a marriage have far more access to each other’s private information than strangers would. Spouses can behave in many ways that are intrusive but not legally actionable: They can read letters or e-mails or credit card bills that their spouses have already opened; they can eavesdrop on live conversations; they can rummage through filing cabinets; they can read diaries. But the use of electronic devices to spy at times and in places where live eavesdropping is impossible—to eavesdrop in a way that evades the likelihood of detection— seems to cross a line.
A person’s right to privacy is not absolute and must be weighed against countervailing rights and social interests. Clearly the expectation of privacy is lower within a marriage than in other less intimate relationships. Some reasonable expectation of privacy remains, however, and spousal spying by surveillance software violates that expectation. [iii]

While it is true that spouses have access to aspects of each other’s lives, which are essentially off-limits to others, it doesn’t seem that this grants one spouse an unencumbered right to spy on the other.

The Law and Spousal Surveillance

As far as I know, laws governing communications privacy do not make exemptions for spouses or family members. Section 184(1) of the Criminal Code [iv] makes it an offence to intercept a private communication except in limited enumerated circumstances.

184. (1) Every one who, by means of any electro-magnetic, acoustic, mechanical or other device, wilfully intercepts a private communication is guilty of an indictable offence and liable to imprisonment for a term not exceeding five years.

It is clear then, that this law would prohibit one spouse from surreptitiously recording the telephone conversations of the others. A spouse would fall under “every one”. Additionally, the Canada Post Corportion Act [v]prohibits the opening of mail by anyone other than the addressee:

48. Every person commits an offence who, except where expressly authorized by or under this Act, the Customs Act or the Proceeds of Crime (Money Laundering) and Terrorist Financing Act, knowingly opens, keeps, secretes, delays or detains, or permits to be opened, kept, secreted, delayed or detained, any mail bag or mail or any receptacle or device authorized by the Corporation for the posting of mail.

Again, “every person” would include a spouse. It is understood that this applies to postal mail only; however, it raises the questions as to why the same guarantees of privacy aren’t afforded to electronic mail. There are clear laws prohibiting wiretapping, opening postal mail addressed to somebody else, and regulating electronic surveillance in certain situations; however, the law appears to turn a blind eye to spousal spying and the technologies used therein.

In the United States, the laws governing communication privacy similarly refer to “whoever” opens the mail or “any” unauthorized person recording telephone calls. American jurisprudence is ripe with examples of spouses attempting to use electronic surveillance to the detriment of the other. Calman points to two cases in the 1970s where federal appellate courts carved out a marital exemption. In Simpson v. Simpson [vi], the Fifth Circuit held that although the “naked language” of the Wiretap Act seemed to prohibit all wiretapping, Congress could not have intended to intrude into the marital relationship. The court also did not wish to interfere with the interspousal tort immunity that then existed in a majority of states.

The Second Circuit reached a similar result in Anonymous v. Anonymous [vii], in which a husband recorded his wife’s telephone conversations with their eight-year-old daughter, hoping to use the tapes in a custody fight. While holding that Congress had not meant to create a blanket exemption for all spousal wiretapping, the court declined to apply the Wiretap Act. It held that this was a domestic conflict, which did not involve the privacy rights of anyone outside the family, and which would be better handled by state courts. Both decisions have been widely criticized and Simpson was overruled in 2003 in Glazner v. Glazner [viii], explicitly on grounds that the plain language of the statute precluded the spousal exemption.

One notable case comes from New Jersey. In M.G. v. J.C. [ix] a husband surreptitiously recorded his wife’s telephone conversations in the marital home. The conversations disclosed that the wife was having a non-heterosexual affair. The husband confronted the wife and threatened to use the tapes in a custody battle, as well as disclosing the tapes to friends and family. As a direct result, the wife suffered extreme emotional distress and required extensive psychological care. The husband went one step further and played the tapes for the wife’s sister and offered to play them for other family members and friends. The wife sued for damages and obtained $10,000.00 in compensatory damages and in consideration of the husband’s willful and wanton disregard of the wife’s right to privacy, he was assessed $50,000.00 in punitive damages. In Florida, an appellate court affirmed the trial court’s refusal to admit evidence obtain by a wife using the Spector surveillance software. The Court ruled that by installing the Spector spyware on her husband’s computer, and reading the logs, the wife had in fact broken the Florida wiretapping law, which says that anyone who intentionally intercepts any electronic communication without appropriate authority commits a criminal act. [x]

Canadian jurisprudence does not appear to have considered spousal surveillance to the same extent as American case law. A case from the early 1990s, Seddon v. Seddon [xi], considered surreptitious recordings, which were obtained by a voice activated device. The court was faced with an application to vary interim custody and the 20 hours of recordings were supposed to demonstrate the mother’s shortcomings when dealing with her children. The court refused to vary custody and deferred the issue of admitting the recordings to the trial judge. The trial judge did not admit the recordings but did not explain his reasons. [xii]

The dearth of Canadian case law and statutory protections for individuals in a marriage may become problematic as technologies become increasingly affordable. In some cases, these technologies are directly breaking the law [xiii], while in others, they occupy a grey area. Although divorce laws are applied on a “no fault” basis, the product of surreptitious surveillance and recordings could readily be used in custody cases when determining the best interests of the children. The surveillance and recordings could also be used by one spouse against the other in order to leverage a more favourable property settlement where the recordings could be damaging/embarassing. In the absolute worst cases, these technologies can be used by abusive spouses to further their ability to control and terrorize their partners. [xiv]

Conclusion

In the end, I decided that it would probably be healthier for my relationship to hold off on the GPS and to try to communicate the virtues of calling when you’re not coming home and keeping your cellphone turned on. Spouses are in a legally vulnerable position. The mutual trust and respect that forms the basis of these relationships can easily be exploited by one spouse in a climate where there are few repercussions.

Dina is a 2005 graduate of the University of Ottawa Common Law Program and a former student member of the idtrail project. She is currently pracitising labour and employment law in Ottawa and has a special interest in employee privacy issues.

[i] For those who don’t know me, I wouldn’t ever plant a GPS device on my husband. My postulation remains in jest.
[ii] (2005) 105 Colum. L. Rev. 2097.
[iii] Ibid. at 2113-14.
[iv] R.S., 1985, c. C-46, s. 184.
[v] R.S., 1985, c. C-10, s. 48.
[vi] 490 F.2d 803 (5th Cir. 1974).
[vii] 558 F.2d 677 (2d Cir. 1977).
[viii] 347 F.3d 1212 (11th Cir. 2003).
[ix] 254 N.J. Super 470 (Ch. Div. 1991).
[x] O’Brien v. O’Brien, 899 So. 2d 1133 (Fla. Dist. Ct. App. 2005).
[xi] 1993 CanLII 2597 (BC S.C.).
[xii] 1994 CanLII 3335 (BC S.C.).
[xiii] See http://www.usdoj.gov/criminal/cybercrime/perezIndict.htm “Creator and Four Users of Loverspy Spyware Program Indicted”.
[xiv] See http://redtape.msnbc.com/2007/08/leah-lived-for-.html “High-Tech Abuse Worse Than Ever”.

| Comments (2) |

Cash(less) on the Road

posted by:Byron Thom // 11:59 PM // September 04, 2007 // ID TRAIL MIX

trailmixbanner.gif

Credit cards and databases/data-mining/data aggregation. How does the database nation get affected by a cashless society?

I recently had the opportunity to dwell upon the loss of anonymity as we continue the path to cashless-ness. It was on one of those west coast road trips that seem like the perfect way to cap off a summer.

Driving to South Bay

This August, a couple of friends and I drove down to the Bay Area of California from Vancouver to visit with friends working there. An interesting exercise we got caught up in was to see how difficult it would be to “stay off the radar”. Although we realized that giving out personal information itself is not dangerous, but rather simply provides a possibility for misuse, the recent discourse on domestic spying and the Patriot Act in the US got us to think deeper about sharing our spending habits with US businesses and the US government.

Like any good conspiracy theorist, travel begins by taking large wads of cash out from under the mattress - or a Canadian bank, if your mattress is rather thin. Minimizing our use of credit cards was the obvious step. This was also facilitated (others say caused) by the midsummer drop in the Canadian dollar and our desire not to be gouged by Visa’s exchange/conversion rate. [1]

So we used cash, and lots of it. All of our food, hotel rooms, and activities were anonymous transactions. When we stopped for gas, we prepaid the attendant in $20s. As Canadians, we had never seen so many green bills. Because realistically, although not quite to the level of a wheelbarrow or a duffel bag, carrying enough money for three guys on an 11 day trip is a significant task in itself and more than a little inane.

For the most part, our experiment was successful. Although frustrated by the inefficiency of their monotone bills, our system seemed to work as cash equalled anonymity in most situations encountered. But one time it didn’t was when we came up against the dreaded loyalty card.

Safeway and the Loyalty Card

Loyalty cards are a common occurrence in today's consumer driven world. It seems like everything from airline tickets to cups of coffee have a mode of tracking your purchases and collecting detailed information regarding your personal shopping habits. [2]

But loyalty systems also seem to “work”. The collection of points almost seems like a North American sport. Canadians seem to do anything for their points. [3] And sometimes using the loyalty system is almost forced upon you.

While at the local Safeway trying to buy some supplies in California, we encountered an insidious ploy to force shoppers to self-identify. It has always been part of the loyalty system to offer discounts to those who sign onto the system; discounts of 5% to 10% are not uncommon. But at this particular Safeway, oranges were over $1/lb cheaper for those showing a Safeway card. 1$/lb or more than 30%!

With this kind of price differential, how can you resist? How can you compare the intangible benefit of remaining anonymous with the prospect of saving money on fresh fruit? Although I knew about the privacy implications and why Safeway was operating in such a manner, my biggest concern wasn't about data mining but rather me not having an American Safeway account to be able to take advantage of this offer!

Luckily, or scary depending upon your point of view, the Safeway databases in the United States and Canada are linked and my Canadian account worked just fine. And on top of that, I didn't even need my physical card. Supplying my phone number was enough for the clerk to identify me by name and recite my home address. I'm sure in some way it is useful for Safeway to know that while on vacation in California I enjoy oranges, bananas and croissants for breakfast.

But data collection can go far beyond that. Demographic shopping information is big business in today's always-on marketing environment. Companies like Choicepoint and Acxiom aggregate and sell personal information to government and businesses on everything from health and insurance records to consumer purchasing information. [4] The US government even claims that these aggregators fill a necessary role in the “war on terror” by allowing the government to search for specific purchasing trends and monitor suspicious activity. [5] Vast databases are being filled and very few seem to mind that there are numerous instances of databases being hacked or leaked due to shoddy security practices and inadequate protections.

Adam Greenfield says in his book Everyware that

We may have to accept that privacy as we have understood it may become a thing of the past: that we will be presented the option of trading away access to the most intimate details of our lives in return for increased convenience, and that many of us will accept this possibility.

But, seriously? Identity or oranges. The red pill or the blue. They were good oranges.

Final Thoughts

The beauty of technology is its ability to make life easier. A GPS system and a cell phone were lifelines in trying to navigate the complicated mass of streets and highways of California's Bay Area. But, there are always trade-offs. Simson Garfinkel's Database Nation [7] draws a picture of a frightening dystopia where identifiers such as credit and debit cards, cell phones and surveillance records link to vast databases of personal information that can track you from dawn to dusk and from birth to grave. It is already a reality. There are billions to be made. [8]

But, it doesn’t have to be this way. Besides better laws to control the transfer of personal information, there are electronic alternatives to large wads of money. Electronic e-cash or smartcard systems are making the rounds. They can be programmed with privacy in mind.

An example of an effective privacy respecting system is the Octopus Card system implemented in Hong Kong. The Octopus Card, in one of its selectable iterations, allows its users to anonymously access the transit system in addition to purchasing items from a wide variety of stores. All this is done with a contactless RFID embedded in the card that boasts a 95% penetration rate. [9]

By not requiring any information to purchase, the Octopus Card has many of the same privacy benefits as cash. But not all implementations of this ubiquitous technology are so benign. [10] When done without sufficiently respecting privacy concerns, electronic cash is an effective form of surveillance allowing marketers to tie purchase and travel history to other demographic information.

Even more effective is comprehensive legislation protecting consumer privacy. But it's difficult for legislatures to keep up with advancing technology. Safeguards need to be put in place where the convenience and benefit of a cashless system benefits consumers and is not a tool for marketers and data aggregators. Without that framework, and the penalties to compel adherence, corporations will continue with policies that are in their best interests, in an environment where the majority of consumers are unaware and uninterested in personal data protection.

By the end of our trip, a little bit sunburned and a little bit poorer with cash supplies depleted, we broke down and resorted to credit. We were pretty good, though. Over an 11 day trip and 4000km, 10 days went by without using credit – although there were numerous instances where we had to self-identify. The fact of the matter is that credit is just too easy, and that's how they like it.

[1] Joe Paraskevas, “Credit Cards No Bargain Abroad” Winnipeg Free Press (August 22, 2007) http://www.winnipegfreepress.com/local/story/4025999p-4637816c.html
[2] CBC Marketplace, “Loyalty cards: Getting to know you” (October 24, 2004) http://www.cbc.ca/consumers/market/files/services/privacy/loyalty.html
[3] ACNielsen, “Loyalty Program Participation Rate on the Rise According to new ACNielsen Study” (September 16, 2005) http://www.acnielsen.ca/news/20050916.shtml
[4] EPIC, Choicepoint, online: http://www.epic.org/privacy/choicepoint/
[5] Richard Behar. “Never Heard of Acxiom?” (February 23, 2004) http://money.cnn.com/magazines/fortune/fortune_archive/2004/02/23/362182/index.htm
[6] Greenfield, Adam. Everyware: The Dawning Age of Ubiquitous Computing, (Berkeley: Peachpit Press, 2006).
[7] Garfinkel, Simson. Database Nation: The Death of Privacy in the 21st Century, (Cambridge: O’Reilly, 2000).
[8] Choicepoint alone reported revenue of $1.05 billion in 2006. See Google Finance, online: http://finance.google.com/finance?q=NYSE%3ACPS
[9] Opening Remarks by Mr. Alfred Ng, Assistant Government Chief Information Officer, at the NFC Conference 2007 of the ICT Expo (April 17, 2007) http://www.ogcio.gov.hk/eng/pubpress/esp070417.htm
[10] The Oyster Card in London is used to track customer transit movements. See Aaron Scullion. “Smart Cards Track Commuters” (September 25, 2003) http://news.bbc.co.uk/1/hi/technology/3121652.stm

| Comments (0) |

Existing and Emerging Privacy-based Limits In Litigation and Electronic Discovery

posted by:Alex Cameron // 11:59 PM // August 28, 2007 // ID TRAIL MIX

trailmixbanner.gif

Privacy law is increasingly important in litigation in Canada. Contemporary litigants routinely file requests for access to their personal information under PIPEDA and its provincial counterparts. Such requests can give a party a partial head-start on litigation discovery, or aid a party in rooting out information held by an opponent or potential opponent.

That said, with some possible room for improvement (at least in the case of PIPEDA), [1] data protection law in Canada takes a relatively hands-off approach when it comes to legal proceedings. Parties in legal proceedings are generally required to disclose information in accordance with long-standing litigation rules and are largely exempted from restrictions that might otherwise be applicable under data protection laws in other contexts. Yet, this does not mean that privacy considerations are not relevant or applicable to discovery in legal proceedings. This short article identifies some existing and emerging privacy-based limits in litigation discovery at the intersection between privacy interests and the need for full disclosure in litigation.

I. The Implied Undertaking Rule

As a starting point, it is important to note that privacy protections are built into discovery at a fundamental level. Information obtained through discovery is generally subject to an implied undertaking of confidentiality. This prohibits parties from using or disclosing information obtained during discovery for purposes outside of the litigation. The implied undertaking rule is based on a recognition by Canadian courts of the general right of privacy that a person has with respect to his or her own documents. [2] Many Canadian decisions cite the English text Discovery by Matthews & Malek for the principle behind the rule:

The primary rationale for the imposition of the implied undertaking is the protection of privacy. Discovery is an invasion of the right of the individual to keep his own documents to himself. It is a matter of public interest to safeguard that right. The purpose of the undertaking is to protect, so far as is consistent with the proper conduct of the action, the confidentiality of a party’s documents. [3]

A party may apply for relief from the implied undertaking rule where a party's interest in using information outweighs the privacy interest protected or where the document is otherwise available. However, the courts do not take the principle of privacy behind the rule lightly, as such applications for relief are frequently denied, for example, on the basis that it would be “an unwarranted intrusion on [the party’s] privacy rights”. [5]

Privacy has similarly been invoked as a limitation in defining what is and is not reasonable in discovery. For example, in Fraser v. Houston, the court declined to order production of the plaintiff’s financial documents on the basis of privacy concerns, despite concluding that the documents had “at least marginal probative value” to an allegation of economic duress:

I am satisfied that this line of questioning, […] could result in a detailed exploration of a man’s state of wealth or state of non-wealth as the case may be, and that that is a major invasion into a man's privacy which is generally only allowed in matters of execution on judgments that are not paid and perhaps, in some other circumstances. However, in the present case I am of the view that to allow an exploration of the nature that is requested by the defendants has a potential prejudicial effect upon Mr. Fraser's privacy which well outweighs any apparent probative value that there may be. [6]

Information potentially subject to disclosure in legal proceedings could be held directly by a party to the litigation or by a third party, such as an Internet service provider (ISP). In each of these categories, discussed in turn below, courts have balanced privacy considerations against the interests of full disclosure in litigation.

II. Information Held by a Party

A. Motions for Production

In Park v. Mullin, [7] a party applied for discovery of its opponent’s computer. Relying on earlier Supreme Court of Canada jurisprudence, Dorgan J. expressly drew on privacy considerations in refusing to order disclosure:

That the issue of privacy is a robust and real issue should be taken into account on an application such as this. In [A.M. v. Ryan, 1997 CanLII 403 (S.C.C.)], McLachlin J. commented on a party’s privacy interests in the context of an application for third party clinical records under Rule 26(11). […]:
... I accept that a litigant must accept such intrusions upon her privacy as are necessary to enable the judge or jury to get to the truth and render a just verdict. But I do not accept that by claiming such damages as the law allows, a litigant grants her opponent a licence to delve into private aspects of her life which need not be probed for the proper disposition of the litigation.
In my view, similar privacy concerns should be considered in a determination under Rule 26(10) where the order sought is so broad it has the potential to unnecessarily “delve into private aspects” of the opposing party’s life. [8]

Privacy also played an integral role in the leading case Desgagne v. Yuen [9], where the Court balanced the relevance of the information sought against other considerations, including privacy. The plaintiff had been injured in an accident, and the defendant sought production of her hard drive, Palm Pilot, video game unit, and photographs (both electronic and hard copies) taken since the accident. The plaintiff argued that the information was relevant since it would shed light on the defendant’s post-accident cognitive abilities and quality of life. Myers J. refused to order production of the plaintiff’s photographs because of privacy considerations:

In my opinion, the vacation photographs (and other photographs relating to the plaintiff’s family, friends and hobbies) sought have limited - if any - probative value on this matter. Production of these photographs, however, is invasive of the plaintiff’s personal life, because the photographs are largely of moments spent with her family and friends. The limited probative value considered against the invasiveness of production leads me to conclude that production of the photographs should not be ordered. [10]

Access to the plaintiff’s video game unit, Palm Pilot, and Internet Browsing history were also denied on the basis of their probative value being outweighed by the plaintiff’s privacy interest and the invasiveness of ordering their production. Similar reasoning was applied in Goldman, Sachs & Co. v. Sessions, [11] Ireland v Low [12], and Baldwin Janzen Insurance Services (2004) Ltd. v. Janzen. [13]

B. Motions for Preservation

In the context of preserving evidence for discovery, ex parte orders for the seizure of evidence (such as Anton Piller orders) allow litigation opponents access to documents that may contain personal or confidential information. Although such orders relate to the preservation of evidence, they form part of the overall process of document discovery. Given the invasiveness of such orders, privacy considerations can play an important role in Anton Piller cases. Courts urged taking a cautionary approach to Anton Piller orders as early as 1981. In the words of Browne-Wilkinson J. (as he then was) in Thermax Ltd v. Schott Industrial Glass Ltd: [14]

As time goes on and the granting of Anton Pillar [sic] orders becomes more and more frequent, there is a tendency to forget how serious an intervention they are in the privacy and rights of defendants. One is also inclined to forget the stringency of the requirements as laid down by the Court of Appeal. [15]

In Harris Scientific Products Ltd. v. Araujo, [16] the Court found that an Anton Piller order had been improperly obtained and improperly executed. The plaintiff had misrepresented a material fact in its application for the order, and the court found numerous and serious breaches of the order’s execution by the plaintiff. Two of the more serious breaches included the seizure of material subject to solicitor-client privilege and the seizure of an audio cassette that clearly had no relation to the proceedings (“a state-assisted major invasion of Mr. Araujo’s privacy on an unrelated matter”) [17]. When considering the quantum of damages to be awarded, the court reiterated how seriously such breaches of privacy are taken:

Damages for trespass resulting from a defective Anton Piller order should not be so low as to condone the wrongdoing; the use of state powers to breach an individual’s privacy must be jealously guarded. Even where the target of the order has suffered no, or little, in the way of pecuniary damage, the level of damages awarded can be more than nominal and can reflect mental distress. [18]

Finally, in CIBC World Markets v. Genuity Capital Markets, [19] an order in the nature of an Anton Piller order was made for full preservation of “computers, Blackberries and other types of similar electronic devices of every nature and kind” including all devices “owned or used by others including spouses, children or other relatives”. [20] An order for a seizure of this magnitude obviously has a broad privacy impact. However, the order provided that a technical consultant would perform the imaging and indexing of information and that the imaged drives and information would not initially be shared with the plaintiffs. [21] The court addressed the matters of relevance and confidentiality in a subsequent order, holding that if there were confidential or irrelevant documents contained in the devices imaged, then the defendants could apply to have the full index of documents sealed and one made public that only contained relevant material. [22]

IV. Information Held by a Non-Party

Privacy also plays an important role in contouring limits to discovery from non-parties in litigation. A great deal of personal information is held by non-parties such as ISPs and banks; it is increasingly sought out by parties in litigation.

In BMG v. Doe, [23] the Federal Court of Appeal considered an appeal by music providers who were seeking disclosure of the identities of customers alleged to have infringed copyrights by sharing music on peer-to-peer networks. Sexton JA, for the court, held that plaintiffs must conduct their initial investigations in a way that minimized privacy invasion; failure to do so could justify a court refusing to order ISPs to identify potential defendant customers as requested by the plaintiffs:

If private information irrelevant to the copyright issues is extracted, and disclosure of the user’s identity is made, the recipient of the information may then be in possession of highly confidential information about the user. If this information is unrelated to copyright infringement, this would be an unjustified intrusion into the rights of the user and might well amount to a breach of PIPEDA by the ISPs, leaving them open to prosecution. Thus in situations where the plaintiffs have failed in their investigation to limit the acquisition of information to the copyright infringement issues, a court might well be justified in declining to grant an order for disclosure of the user's identity. [24]

In other similar cases of discovery from non-parties, courts have relied on privacy as one of the key considerations factoring into whether production should be granted. For example, in Irwin Toy Ltd. v. Doe, [25] Wilkins J. provided the following view of privacy considerations: “some degree of privacy or confidentiality with respect to the identity of the internet protocol address of the originator of a message has significant safety value and is in keeping with what should be perceived as being good public policy.” [26] Although the court ordered the ISP to disclose the identity of the targeted ISP customer, it required the plaintiffs to meet a privacy-informed threshold test before disclosure would be granted.

Finally, discovery limits based on privacy considerations may also be developed after the fact, in the form of sanctions for wrongful behaviour. Where ex parte orders for evidence seizure (such as Anton Piller orders) are obtained or executed improperly in a way that has an impact on privacy, the courts may step in. This may result in the removal of the offending party’s counsel, or possibly even a stay of proceedings. For example, Grenzservice Speditions Ges.m.b.H. v. Jans [27] concerned an order in the nature of an Anton Piller order. The Court found that the plaintiff’s solicitor allowed flagrant abuses of privacy in the execution of that order, including questioning of the occupants of the home and videotaping of the proceedings surrounding the search. Because of the egregious nature of the infringement on the individual’s right to privacy, Huddart J. (as she then was) disqualified the plaintiff's counsel from further involvement in the case, in order to “assure the defendants and members of the public, all of whom are potential subjects of search and seizure orders, that their rights will be protected.” [28]

Conclusions

This article has briefly reviewed some of the rules and jurisprudence at the intersection between privacy and litigation discovery. Although data protection legislation has an impact on discovery, it generally leaves established litigation rules untouched. However, as seen in the cases reviewed here, there are a number of existing and emerging privacy-based limits on discovery in litigation. Conflicts between the need for full disclosure in litigation and privacy interests will certainly arise more frequently in light of the increasing prominence of electronic discovery and the increasing role that electronic devices play in the creation, processing and storage of personal information.


[1] Statutory Review of the Personal Information protection and Electronic Documents Act (PIPEDA), Fourth Report of the Standing Committee on Access to Information, Privacy and Ethics, Tom Wappel, MP, Chairman, May 2007, 39th Parliament, 1st Session, online: Standing Committee on Access to Information, Privacy and Ethics
(Recommendation 9: “The Committee recommends that PIPEDA be amended to create an exception to the consent requirement for information legally available to a party to a legal proceeding, in a manner similar to the provisions of the Alberta and British Columbia Personal Information Protection Acts.”)
[2] See Lac d'Amiante du Québec Ltée v. 2858-0702 Québec Inc., 2001 SCC 51 (CanLII) at para. 61.
[3] Paul Matthews and Hodge M. Malek, Discovery (London: Sweet & Maxwell, 1992) at 253, cited in Goodman v. Rossi, [1995] O.J. No. 1906 (C.A.) (QL) at para. 29. See also Tanner v. Clark, 2003 CanLII 41640 (ON C.A.); Royal Bank of Canada v. Bacon (1999), 218 N.B.R. (2d) 98 (Q.B.); Vitapharm Canada Ltd. v. F. Hoffmann-La Roche Ltd., [2002] O.J. No. 1400 (S.C.) (QL).
[4] Letourneau v. Clearbrook Iron Works Ltd., 2003 FC 949 (CanLII) at para. 5.
[5] Kunz v. Kunz Estate, 2004 SKQB 410 (CanLII) at para. 17. See also Letourneau v. Clearbrook Iron Works Ltd., ibid.; L. H. v. Caughell, [1996] O.J. No. 3331 (Ont. Gen. Div.); Sezerman v. Youle, 1996 CanLII 5610 (NS C.A.).
[6] Fraser v. Houston, 1997 CanLII 3227 (BC S.C.) at para. 21.
[7] Park v. Mullin, 2005 BCSC 1813 (CanLII).
[8] Ibid. at para 21.
[9] Desgagne v. Yuen, 2006 BCSC 955 (CanLII).
[10] Ibid. at para. 49.
[11] Goldman, Sachs & Co. v. Sessions, 2000 BCSC 67 (CanLII).
[12] Ireland v Low, 2006 BCSC 393 (CanLII).
[13] Baldwin Janzen Insurance Services (2004) Ltd. v. Janzen, 2006 BCSC 554 (CanLII).
[14] Thermax Ltd v. Schott Industrial Glass Ltd, [1981] F.S.R. 289 (Ch. D.).
[15] Ibid. at 294.
[16] Harris Scientific Products Ltd. v. Araujo, 2005 ABQB 603 (CanLII).
[17] Ibid. at para. 103.
[18] Ibid. at para. 105.
[19] CIBC World Markets Inc. v. Genuity Capital Markets, 2005 CanLII 3944 (ON S.C.).
[20] Ibid. at para. 3.
[21] Persons connected to the defendants were entitled to review the information in order to assess whether to advance claims of privilege.
[22] CIBC World Markets v. Genuity Capital Markets, 2006 CanLII 11908 at para. 5.
[23] BMG Canada Inc. v. Doe, 2005 FCA 193 (CanLII).
[24] Ibid. at para. 44.
[25] Irwin Toy Ltd. v. Doe, [2000] O.J. No. 3318 (S.C.) (QL).
[26] Ibid. at para. 11.
[27] Grenzservice Speditions Ges.m.b.H. v. Jans 1995 CanLII 2507 (BC S.C.).
[28] Ibid. at para. 116.

| Comments (0) |

Blogging While Female, Online Inequality and the Law

posted by:Louisa Garib // 11:59 PM // August 21, 2007 // ID TRAIL MIX

trailmixbanner.gif

“Those who worry about the perils women face behind closed doors in the real world will also find analogous perils facing women in cyberspace. Rape, sexual harassment, prying, eavesdropping, emotional injury, and accidents happen in cyberspace and as a consequence of interaction that commences in cyberspace.”

- Anita Allen, “Gender and Privacy” (2000) 52 Stan. L Rev. at 1184.

In 2006, the University of Maryland’s Clark School of Engineering released a study assessing the threat of attacks associated with the chat medium IRC (Internet Relay Chat). The authors observed that users with female identifiers were “far more likely” to receive malicious private messages and slightly more likely to receive files and links. [1] Users with ambiguous names were less likely to receive malicious private messages than female users, but more likely to receive them than male users. [2] The results of the study indicated that the attacks came from human chat-users who selected their targets, rather than automated scripts programmed to send attacks to everyone on the channel.

The findings of this study highlight the realities that many women face when they are online. From the early days of cyberspace, women who identify as female are frequently subject to hostility and harassment in gendered and sexually threatening terms. [3] These actions typically stem from anonymous users.

Recent news articles from around the world have chronicled the latest spate of online misogyny. [4] Not only have the women bloggers in these cases been personally threatened, their images distorted and disseminated, in some cases their blogs and websites have also been subject to denial of service (DoS) attacks. Feminists [5] and women who blog about contentious political or social issues are not the only women who are singled out for abuse. Similar patterns of violent threats have also been directed toward women who blog about the daily life of a single mother, [6] computer programming, [7] and a variety of ordinary interests on sites with a female following, but no feminist content or agenda.

The effects of repeated online harassment has profound consequences for women’s equality online and in the real world. Online threats and attacks can have had a chilling effect on women’s expression. [8] Some women may either stop participating in open online forums, unless under the cloak of anonymity or pseudonymity, or self-censor their speech, rather than risk being the subject of violent threats or DoS attacks. These choices reduce a woman’s online identity to being the invisible woman, or a quieter, edited version of herself. Fortunately, women actively continue to blog and participate in cyber-life in the face of threats and harassment, with the support of both women and men in online communities.

Women’s retreat from the Internet can also have an economic impact on those seeking entry into technology-based labour markets. One prominent technology blogger observed: “If women aren’t willing to show up for networking events [because of harassment], either offline or online, then they’re never going to be included in the industry.” [9] Women’s absence from the creative process also has implications for equality in terms of influencing what kinds of technology are made, and what societal interests those innovations ultimately serve. [10]

To date, the law has provided a limited response to harms directed against women online. Traditional torts such as defamation are available, but are difficult to pursue against multiple, anonymous individuals who could be anywhere in the world. In light of the uncertainly in Canadian case law, [11] a claim for invasion of privacy would be very challenging to make in the absence of an appellate level decision recognizing the right to privacy. An action for intentional or negligent infliction of emotional distress may also be possible, although plaintiffs must meet stringent standards to succeed. [12] Complainants may have difficulty overcoming the view that in the absence of physical contact, no real harm can be inflicted in the virtual world, particularly within the context of fantasy/gaming environments.

Without a more complete and critical examination of actions that target women in cyberspace, there is the danger of reinforcing substantive inequality by dismissing the individual and social harm experienced as an “natural” part of online life. Although tort actions represent some avenues for redress, they are individual, private law remedies that do not speak to the public nature of harms against women. While criminal sanctions for assault, obscenity, hate speech and uttering threats are possible, they would only apply if actions could be proved to fall within Criminal Code [13] definitions and precedents. It should not be forgotten that women continue to face difficulties with the law in seeking protection from, and compensation for violence, harassment, discrimination and exploitation experienced in the real world. [14]

Given the market drive for more intense and realistic sensory experiences in the virtual world, it is not far-fetched to foresee online acts that more closely reflect conventional legal and social notions of physical and sexual violence in the future. [15] As “[t]he courts will increasingly be confronted with issues that are ‘lying in wait’ as virtual worlds expand,” [16] so too will feminists, lawyers, and policy makers be faced with opportunities to think about how to expand the law in favour of greater equality.

[1] Robert Meyer and Michel Cukier, “Assessing the Attack Threat due to IRC Channels,” (2006) University of Maryland School of Engineering, at 5-6 http://www.enre.umd.edu/content/rmeyer-assessing.pdf
[2] Ibid.
[3] See Rebecca K. Lee, “Romantic and Electronic Stalking in a College Context,” (1998) 4 WM. & Mary J. Women & L. 373 at 404, 405-6 which discusses sexual harassment from e-mail messages, in chat rooms, and Usenet newsgroups. A well-known account of sexualized threats towards female and androgynous virtual personas and the emotional harm experienced by the real-life participants is in Julian Dibbell’s, “A Rape in Cyberspace,” My Tiny Life (1998), ch. 1 http://www.juliandibbell.com/texts/bungle.html.
[4] Jessica Valenti, “How the web became a sexists’ paradise” The UK Guardian (April 6, 2007) http://www.guardian.co.uk/g2/story/0,,2051394,00.html; Anna Greer, “Misogyny bares its teeth on Internet,” Sydney Morning Herald (August 21, 2007) http://www.smh.com.au/news/opinion/misogyny-bares-its-teeth-on-internet/2007/08/20/1187462171087.html;
Ellen Nakashima, “Sexual Threats Stifle Some Female Bloggers,” Washington Post (April 30, 2007)
http://www.washingtonpost.com/wp-dyn/content/article/2007/04/29/AR2007042901555_pf.html
[5] See Posts on “Greatest Hits: The Public Woman” and “What do we do about Online Harassment?” on Feministe http://feministe.powweb.com/blog/archives/2007/08/09/what-do-we-do-about-online-harassment/?s=online+harassment&submit=Search
[6] Ellen Nakashima, Washington Post, supra note 4.
[7] BBC News, “Blog Death Threat Sparks Debate” (27 March 2007) http://news.bbc.co.uk/1/hi/technology/6499095.stm
[8] Deborah Fallows, “How Women and Men Use the Internet,” Pew Internet & American Life Project (December 28, 2005), at 14 <http://www.pewinternet.org/pdfs/PIP_Women_and_Men_online.pdf>. The report states.” “The proportion of internet users who have participated in online chats and discussion groups dropped from 28% in 2000 to as low as 17% in 2005, entirely because of women’s fall off in participation. The drop off occurred during the last few years coincided with increased awareness of and sensitivity to worrisome behavior in chat rooms.”
[9] Nakashima, Washington Post, supra note 4.
[10] For an study on women, technology and power see Judy Wacjman, Technofeminism (Polity Press: Cambridge, UK, 2004).
[11] Recently, lower courts in Ontario have found that complaints are free make a case for invasion of privacy: Somwar v. McDonald’s Restaurant of Canada Ltd., [2006] O.J. No. 64 (Ont. S.C.J.) and Re: Shred-Tech Corp. v. Viveen [2006] O.J. No. 4893. However, the Ontario Court of Appeal has explicitly found that there is no right to privacy in Euteneier v. Lee, [2000] O.J. No. 4533 (SCJ); rev’d [2003] O.J. No. 4239 (SCJ, Div Ct); rev’d (2005) 77 O.R. (2d) 621 (CA) at para 22.
[12] Jennifer McPhee, “New and Novel Torts for Problems in Cyberspace,” Law Times (30 July-August 6 2007) at 13.
[13] Criminal Code ( R.S., 1985, c. C-46 )
[14] Just two examples are: Jane Doe, The Story of Jane Doe: A Book About Rape (Random House: Toronto, 2003) and Patricia Monture-Angus, Thunder in my Soul: A Mohawk Woman Speaks. (Halifax: Fernwood Publishing, 1995). For an analysis of the limitations of the Supreme Court’s privacy analysis in obscenity, hate propaganda and child pornography cases, see Jane Bailey, Privacy as a Social Value - ID Trail Mix: http://www.anonequity.org/weblog/archives/2007/04/privacy_as_a_social_value_by_j.php
[15] Lydia Dotto, “Real lawsuits set to materialize from virtual worlds; Harm, theft in online gaming may land players in the courts: Precedents few, but Vancouver lawyer thinks cases coming” Toronto Star (2 May 2005) at D 04 (ProQuest).
[16] Ibid.

| Comments (0) |

PETS are Dead; Long Live PETs!

posted by:A Privacy Advocate // 11:59 PM // August 14, 2007 // ID TRAIL MIX

trailmixbanner.gif

In this Google Era of unlimited information creation and availability, it is becoming an increasingly quixotic task to advocate for limits on collecting, use, disclosure and retention of personally-identifiable information ("PII"), or for meaningful direct roles for individuals to play regarding the disposition of their PII "out there" in the Netw0rked Cloud. Information has become the currency of the Modern Era, and there is no going back to practical obscurity. Regarding personal privacy, the basic choices seem to be engagement or abstinence, so overwhelming are the imperatives of the Information Age, so unstoppable the technologies that promise new services, conveniences and efficiencies. Privacy, as we knew it, is dying.

Privacy advocates are starting to play the role of reactive luddites: suspicious of motives, they criticize, they raise alarm bells; they oppose big IT projects like data-mining and profiling, electronic health records and national ID cards; and they incite others to join in their concerns and opposition. Privacy advocates tend to react to information privacy excesses by seeking stronger oversight and enforcement controls, and calling for better education and awareness. Some are more proactive, however, and seek to encourage the development and adoption of
privacy-enhancing technologies (PETs). If information and communication technologies (ICTs) are partly the cause of the information privacy problem, the thinking goes, then perhaps ICTs should also be part of the privacy solution.

In May the European Commission endorsed the development and deployment of PETs(1), in order to help “ensure that certain breaches of data protection rules, resulting in invasions of fundamental rights including privacy, could be avoided because they would become technologically more difficult to carry out.” The UK Information Commissioner issued similar guidance on PETs in November 2006(2). Other international and European authorities have released studies and reports discussing and supporting PETs in recent years. (see references and links below)

PETs as a Personal Tool/Application

Are PETs the answer to information privacy concerns? A closer look at the European and UK communiqués suggests otherwise - for all their timeliness and prominence, they reflect thinking about PETs that is becoming outdated. The reports cite, as examples of PETs, technologies such personal encryption tools for files and communications, cookie cutters, anonymous proxies and P3P (a privacy negotiation protocol). Not a single new privacy-enhancing technology category here in seven years. Other web pages dedicated to promoting PETs list more technologies, such as password managers, file scrubbers, and firewalls, but otherwise don’t appear to have significantly new categories of tools.(3,4).

The general intent off the PETs endorsements seem clear and laudable enough: publicize and promote technologies that place more controls into the hands of individuals over the disclosure and use of their personal information and online activities. PETs should directly enable information self-determination. Empowered by PETs, online users can mitigate the privacy risks arising from the observability, identifiability, linkability of their online personal data and behaviours by others.

Unfortunately, few of the privacy-enhancing tools cited by advocates have enjoyed widespread public adoption or viability (unless installed and activated by default on users’ computers, e.g. SSL and Windows firewalls). The reasons are several and varied: PETs are too complicated, too unreliable, untrusted, expensive or simply not feasible to use. The threat model they respond to, and benefits they offer, are not always clear or measurable to users. PETs may interfere with normal operation of computer applications and communications, for example, they can render web pages non-functional. In the case of P3P, a privacy negotiation protocol, viable user-agents were simply never developed (except for a. modest but largely incomprehensible cookie implementation in IE6 and IE7). PETs simply haven't taken off in the marketplace, and the bottom-line reason seems to be that there are few incentives for organizations to develop them and make them available. (Where there has been a congruence of interests between users and organizations, some PETs have thrived, for example, SSL for encrypted secure web traffic and e-commerce. Perhaps the same is happening for anti-spam and anti-phishing tools, since deployment of these technologies helps to promote confidence and trust in online transactions.)

Perhaps the underlying difficulty may be a conceptualization of PETs as a technology, tool or application exclusively for use by individuals, complete in itself, expressed perhaps in its purest form by David Chaum’s digital cash Stefan Brands' private credentials. As brilliant as those ideas are, they have had limited deployment and viability to date. It seems that, to be viable, PETs must be also meet specific, recognizable needs of organizations. Secure Socket Layer (SSL) is a good example, responding as it did to well-understood problems of interception, surveillance and consumer trust online. SSL succeeded because organizations had a mutual interest in seeing that it was baked into the cake of all browsers and its use largely transparent to user.

Meanwhile, technology marches on. Many PETs weren't very practical to use. Sure you can surf anonymously, if don't mind a little latency and the need to tweak or disable browser functionality. But as soon as you want to carry out an online transaction, sign on to a site, make a purchase, or otherwise become engaged online in a sustained way, you had to identify yourself, provide a credit card, login credential, registration form, mailing address, etc. Privacy suffered from the 100th window syndrome: your house, just like your privacy, could be Fort Knox secure but all it took was to leave one window open and the security (privacy) was compromised. Privacy required too much knowledge and effort and responsibility on the part of the individuals to sustain in an ongoing way. Online privacy was just too much work.

And, anyway, the benefits of online privacy tended to pale in the face of immediate gratification needs, and greater conveniences, personalization, efficiency, and essential connectedness afforded by consent and trust. The privacy emphasis slides inexorably towards holding others accountable for the personal information they must inevitably collect about us, not PETs. The only effective privacy option for most people in the online world is disengagement and abstinence.

PETs as a Security Technology

Certain consumer PETs have thrived, such as SSL, firewalls, anti-virus/anti-spyware tools, secure authentication tools. Perhaps anti-phishing tools and whole disk encryption will follow –if incorporated and activated by default into users’ hardware/software. But note: these are all largely information security tools. PETs have tended to become equated with information security. Safeguards are certainly an important components of privacy. We may not be able to stifle the global information explosion, but with appropriate deployment of PETs we can help ensure that our data stays where it belongs, is not accessed inappropriately, tampered with, or otherwise subject to breaches of confidentiality, integrity and availability.

Personal security tools like firewalls, virus/spyware detection, encryption are available to individuals. To the extent that PETs have been adopted by organizations public and private, rather than users, they have been security technologies. Legal and regulatory compliance for managing sensitive information in accountable ways, and for notifying individuals of data breaches, as well as the desire to build brand and promote consumer trust, have helped drive innovation and growth in the data security technology products market. Organizations, both public and private, today are deploying information security technologies throughout their operations, from web SSL to encrypted backup tapes to data ingress and egress filtering, to strong authentication and access controls, to privacy policy enforcement tools such as intrusion detection/prevention systems, transaction logging and audit trails, and so forth. When it comes to organizational PET deployments in practice, security is the name of the game.

But are these technologies really PETs? They may be technologies that are deployed with the end-user in mind - it is their data after all, but they don't really involve the user in a meaningful way in the life-cycle management of the information. The security measures listed above are put in place mainly to protect the interests of the organization. Of course, some organizations do go further and put in place technologies that help express important principles of fair information practices, such as technologies that promote openness and accountability in organizational practices, that capture user consent and preferences, and which allow to clients a measure of direct access and correction rights to the data and preferences stored about them - but this is still the exception rather than the norm..

PETs as Data Minimization Tools

More critically, security-enhancing and access/accountability technologies controls really miss out on the final ingredient of a true PET: data minimization. Information privacy is nothing if not about data minimization. The best way to ensure data privacy is not to disclose, use or retain the data at all. The minimization impulse is well captured by the fair information practices that require purposes to be specified and limited, and which seek to place limits on all data collected, used, disclosed and retained pursuant to those purposes. But such limitations run contrary to the impulses of most information-intensive organizations today, which is to collect and stockpile as much data as possible (and then to secure it as best as possible) because it may be useful later. More data, not less, is the trend. Why voluntarily limit a potential competitive advantage?

Apart from being a legal requirement, arguments for data minimization should be compelling, beginning with fewer cost and liabilities associated with maintaining and securing the data against leaks and misuse, or with bad decisions based upon old, stale and inaccurate data, as well as reputation and brand issue (faced with growing public concerns about excessive data collection, use and retention, major search engines and transportation agencies alike are now adopting more limited data usage policies and practices, but off course these policy-level decisions not PETs).

The problem is that there are few benchmarks against with to judge whether data minimization is being observed via use of technologies. How much less is enough to qualify as a PET? Is a networked, real-time passenger/terrorist screening program that flashes only a red, yellow or green light to the front line border security personnel a PET because the program design minimized unnecessary transmission and display of sensitive passenger PII? Similarly, is an information technology that automatically aggregates data after analysis, or which mines data and computes assessments on individuals for decision-making, or which is capable of delivering targeted bbut pseudonymous ads, a true PET because the actual personal information used in the process was minimized so not to be revealed to a human being? If a specific technology’s purpose for collecting, using, disclosing, and retaining customer or citizen data is sharply limited to "providing better services" and "for security purposes" then can these technology properly be considered PETs?!

PETs as expressing the Fair Information Principles (FIPs)

PETs minimize data, but not all technologies that minimize data are PETs. Data minimization is a necessary but insufficient requirement to become a PET. Enhanced information security is a necessary but insufficient requirement to become a PET. User empowerment is a necessary but insufficient requirement to become a PET. Together, all these impulses are expressed in the ten principles of (CSA) fair information practices, all of which must be substantially satisfied, within a defined context, in order for a given technology to be judged a PET worthy of the name, and of public support and adoption:

To enable user empowerment, we find the (CSA) fair information practices of:
1. Accountability; 2. Informed Consent; 3. Openness; 4. Access; and 5. Challenging Compliance. These principles and practices should be substantially operationalized by PETs.

To enable data minimization, we find the CSA fair information principles requiring 1. Identifying Purposes; 2. Limiting Collection; and 3. Limiting Use, Disclosure, and Retention.

Finally, the CSA Privacy Code calls for Security (Safeguards() appropriate to the sensitivity off the information.

[Comment: The CSA principle ‘Accuracy’ can fit under all three categories, since it implies a right for users to inspect and correct errors, as well as an obligation upon organizations to discard stale and/or inaccurate data, as well as a security obligation to assure integrity of data against unauthorized tampering and modification.]

A more comprehensive approach to defining and using PETs is required - one that clearly accommodates the interests and rights of individuals in a substantial way, yet which can be adopted or at least accommodated by organizations with whom individuals must inevitably deal. This requires a more systemic, process-oriented, life-cycle, and architectural approach to engineering privacy into information technologies and systems.

PETs as we know them are effectively dead, reduced to a niche market for paranoids and criminals, claimed by some security products (e.g., two-factor authentication dongles) or else deployed by organizations as a public relations exercise to assuage specific customer fears and to build brand confidence (e.g. banks' anti-phishing tools, web seals).

PETs as Information Architecture?

The future of PETs is architecture, not applications. Large-scale IT-intensive transformations are underway across public and private sector organizations, from real-time passenger screening programs and background/fraud checking, to the creation of networked electronic health records and eGovernment portals, to national identity systems for use across physical and logical domains. What is needed is a comprehensive, systematic process of ensuring that PETs are full enabled and embedded into the design and operation of these complex data systems. If code is law, as Lawrence Lessig posited, then systems architecture will be the rightful domain for privacy technologies to flourish in the current Google era.

The time has come to speak of privacy-enabling technologies and systems that help create favorable conditions for privacy-enhancing technologies to flourish and to express the three essential privacy impulses: user empowerment, data minimization, and enhanced security. Objective and auditable standards are essential preconditions.

Examples abound: Privacy-embedded "Laws of Identity" can enable privacy-enhanced identity systems and technologies to emerge; as is the development of 'smart' data that carries with it enforceable conditions of its use, in a manner similar to digital rights management technologies. Another example are intelligent software agents that can negotiate and express the preferences –and take action on behalf of- of individuals with respect to the disposition of their personal data held by others. Yet another promising development are new and innovative technologies that enable secure but pseudonymous user authentication and access to remote resources. These and other new information technologies may be the true future of PETs in the Google Era of petabytes squared, and worthy of public support and encouragement.

Recap

So, to summarize: the essential messages of this think piece are:
* PETs are attracting renewed interest and support, after several years of neglect and failure
* PETs are an essential ingredient for protecting and promoting privacy in the Information Age (along with regulation and awareness/education), but their conception and execution in practice is highly variable and still rooted in last-century thinking.
* True PETs should incorporate into information technologies ALL of the principles of fair information practices, rather than any subset of them.
* In today's Information Age, true PETs must be comprehensive, and involve all actors and processes. Evaluating PETs will increasingly be a function of whole systems and information architectures, not standalone products.
* It may be more useful to think of privacy-enabling technologies and architectures, which enable and make possible specific PETs.


Endnotes:

(1) European Commission Supports PETs
Promoting Data Protection by Privacy Enhancing Technologies (2 May 2007)
http://ec.europa.eu/information_society/newsroom/cf/itemlongdetail.cfm?item_id=3402
Background Memo (2 May 2007): http://europa.eu/rapid/pressReleasesAction.do?reference=MEMO/07/159&format=HTML&aged=0&language=EN&guiLanguage=en

(2) Office of the UK Information Commissioner
Data Protection Technical Guidance Note: Privacy enhancing technologies (Nov 2006)
www.ico.gov.uk/upload/documents/library/data_protection/detailed_specialist_guides/privacy_enhancing_technologies.pdf

(3) Center for Democracy and Technology
Page on Privacy Enhancing Technologies
www.cdt.org/privacy/pet/

(4) EPIC Online Guide to Practical Privacy Tools
www.epic.org/privacy/tools.html


Other Useful Resources:

Dutch Ministry of the Interior and Kingdom Relations, the Netherlands
—Privacy-Enhancing Technologies. White paper for decision-makers (December 2004)
www.dutchdpa.nl/downloads_overig/PET_whitebook.pdf

OECD Directorate For Science, Technology And Industry
—Committee For Information, Computer And Communications Policy
Inventory Of Privacy-Enhancing Technologies (January 2002)
www.olis.oecd.org/olis/2001doc.nsf/LinkTo/dsti-iccp-reg(2001)1-final

Danish Ministry of Science, Technology and Innovation
—Privacy Enhancing Technologies
Report prepared by the META Group v1.1 (March 2005)
www.itst.dk/image.asp?page=image&objno=198999309

Office of the UK Information Commissioner
—Data protection best practice guidance (May 2002)
Report prepared by UMIST
www.hispec.org.uk/public_documents/BPDMay02.pdf

—Privacy enhancing technologies state of the art review (Feb 2002) www.hispec.org.uk/public_documents/7_1PETreview3.pdf

EU PRIME Project
—White paper v2 (June 2007)
https://www.prime-project.eu/prime_products/whitepaper/PRIME-Whitepaper-V2.pdf

Andreas Pfitzmann & Marit Hansen,
TU Dresden, Department of Computer Science, Institute For System Architecture
—Anonymity, Unlinkability, Undetectability, Unobservability, Pseudonymity, and Identity Management - A Consolidated Proposal for Terminology (Version v0.29 - July 2007)
http://dud.inf.tu-dresden.de/Anon_Terminology.shtml

EU FIDIS Project
—Identity and impact of privacy enhancing technologies (2006)
www.fidis.net/fileadmin/fidis/deliverables/fidis-wp13-del13.1.identity_and_impact_PET.pdf

Roger Clarke
—Introducing PITs and PETS Technologies: technologies affecting privacy (Feb 2001)
www.anu.edu.au/people/Roger.Clarke/DV/PITsPETs.html

Office of the Ontario Information and Privacy Commissioner & Dutch Registratierkamer
—Privacy-Enhancing Technologies: The Path to Anonymity (Volume I - August 1995)
www.ipc.on.ca/index.asp?layid=86&fid1=329

George Danzesis, University of Cambridge Computer Lab (Date Unknown)
—An Introduction to Privacy-Enhancing Technologies
www.isoc.ch/events/show/privacy/july2004/150704_Georges_Danezis_Isocgva-PETS.pdf

| Comments (0) |

Authentic[N]ation

posted by:Jeremy Hessing-Lewis. // 11:59 PM // August 07, 2007 // ID TRAIL MIX

trailmixbanner.gif

A short story on the ID Trail

**********

Incorrect username or password. Please try again.

He tried again.

**********

Incorrect username or password. Please try again.

He tried again.

Incorrect username or password. Your ID is now locked. Please proceed to the nearest SECURE ID Validation Center for formal authentication. The nearest location can be found using the GoogleFED Search Tool.

After sitting stunned for a couple moments, Ross began to appreciate the full gravity of the situation. His ID was frozen. Everything was frozen. He just couldn't remember his damn PIN and that was the end of it. No PIN. No renewal. No ID. No authentication. No anything.

Since the government had launched the Single Enhanced Certification Using Reviewed Examination [SECURE] initiative, he really hadn't thought too much about it. Aside from a couple of headlines describing massive budget overruns and the usual privacy geeks heralding the end of the world, the New Government had pushed everything through without much fanfare.

That was four years ago. Since Ross already had a passport, the conversion to SECURE ID was pretty painless. He vaguely remembered something to do with a strand of hair and that they didn't even give him a card or anything, just read him his reauthorization PIN, thanked him for his time, and took his passport.

Since the carbon rationing system came into place in 2012, Ross really hadn't traveled anywhere off-line. There was no way he was going to save up carbon credits just to take a damn flight to some 45° cesspool. Plus, Google Travel could put him anywhere in the world in two clicks. A couple weeks ago he made some sangria and hit-up all the top clubs in Spain. He even bought a t-shirt at one which arrived in the mail two days later. That's why the SECURE ID renewal caught him off guard – it just rarely came-up for someone in his position.

Ross was just trying to buy a new snowboard for his Third Life avatar when things went wrong. He was notified that the transaction could not be processed because his GoogleCash account had been frozen pending authorization of his SECURE ID. Like just about everything else on or off-line, his identity was always confirmed back to this single source. While his ID Keychain supported a Federated identity management system in which he currently had 47 profiles (male, female, and gecko), they were all meaningless without reference to the master ID.

The SECURE system required multiple layers of redundancy. The PIN component would be required in addition to variable biometric authenticators. He had specifically written his 10 digit reauthentication PIN on a piece of paper and put it somewhere “safe.” So much for high-tech. That was four years ago and now, “safe” could be anywhere. The idea behind the routine expiry of SECURE IDs was to prevent identity theft from the deceased using stolen biometrics. Grave-robbing had been rampant for the first couple years of the program.

Ross grabbed his jacket and headed off to the SECURE ID Validation Center downtown knowing full well that he was as good as useless until he could authenticate himself.

>>>>>>>>>>>>>

The SECURE ID Validation Center was run by Veritas-SECURE, a public-private-partnership born of the New Deal 3.0. The idea was to exploit private-sector efficiencies while delivering top-notch public services. This P3 mantra had been something of an ongoing joke for years now but the government was unlikely to admit the error of its ways any time soon. Interestingly, the company that won the contract also ran the municipal waste disposal system. The critics couldn't stop talking about “synergies” and “leveraging technical expertise” when the winning bid was announced.

Ross arrived at the blue-glassed Veritas facility just after noon. He couldn't even buy lunch because the digital wallet in his phone had been deactivated when his SECURE ID was frozen. The day before, Ross had been mired in expense reports, cursing his multiple digital cash accounts associated with different profiles, devices, and credit sources.

Today, he had been thwarted by the keystone ID, the one that held everything else together and couldn’t be separated from his DNA.

The line for Formal Authentication zigzagged around two corners of the building against a cold marble wall. The only consolation was a nice big overhang covering the identity refugees from a light rain. He stepped into line behind a professional looking man with a brown leather briefcase and gray sports jacket.

Normally, he would've passed the time by watching movies on his iPod. Along with everything else, the DRM on his iPod was frozen pending authentication. The days of watching movies, or doing much of anything without authentication had evaporated long ago.

After a couple minutes of preliminary boredom, he tapped the gentleman with the briefcase on the shoulder asking with generalized ennui “Is this line even moving?”

“It depends how you define moving” the man replied, “if you're talking physics, then the answer is not for at least an hour. If you mean the decay of civil rights, then I guess you might say that we’re racing straight to the bottom.”

Somewhat surprised by the unprovoked disapproval, Ross was just happy to have a conversation to pass the time. He nodded his head enthusiastically. “This new ID system is only moderately infuriating though” he said. “I just hate these queues and the way they always try to make you feel like you're just another number.”

“Are you kidding? I would love nothing more than to be a number. Instead, I'm cursed with Jihad!” the man spat the final words.

Ross glanced up anxiously looking for the nearest Proxycam. Those things all had microphones and speakers these days and he was sure that the unit would ask the two of them to step out of line for questioning. Nothing happened.

The man quickly realized his error and extended his right hand saying. “I’m very sorry if I shocked you. My name is Jihad Azim, but everyone calls me Azi. I’m a university professor.”

Ross relaxed immediately, shaking the man’s hand as Azi continued “It’s just that my name brings me no end of grief. Jihad is actually a somewhat common name, but that sure isn't what you find with a Google search. The reason I'm stuck in this forsaken line is that they've red flagged my SECURE ID again! It happens every couple of weeks. I'm supposed to fly to Scottsdale for a conference tomorrow, but I'm pretty much grounded until I get this cleared up. The minions at the airport could neither confirm nor deny that the sky was blue, so I had to come down here. That's why I'd like nothing more than to be identified as a number. Then at least some fool with a grade 9 education wouldn't be fighting a holy war against my parents’ choice of name.”

“But couldn't you just change your name?” Ross asked, without giving it much thought.

“I could, but then I'd have a yellow flag on my ID noting that there'd been a change to my identity profile. That could be even worse. A colleague of mine has retinal implants and had to have her SECURE ID changed accordingly. Now she can't do anything without being questioned about the changes.” Azi said.

“I couldn't help but hear you two,” said a woman who had approached behind Ross and was pushing a stroller. “I know that this new system has been hard on some people, but you've gotta admit that this whole country is safer for it.”

Ross could see that this logic was going to make Azi angry, so he intervened first, questioning “But don't you think that sacrificing anonymity and privacy in the name of security is something of a false dichotomy?” Ross wasn’t entirely sure what he’d said, but he'd heard the line before and was satisfied that it sounded smart.

“Well, there might have been a better way.” She replied, “But I don't mind sacrificing a little privacy. I don't have anything to hide. And my daughter here, I'd gladly sacrifice my privacy for the security of my daughter. I can't bear to think of all those sickos out there. We’re here today for her first formal authentication so that they can confirm the samples they took at birth. Did you know that the SECURE ID is issued at birth now? I feel better knowing that she's already in the system.”

“You people are so out of it,” a new voice chimed in, “haven't you ever stopped to ask what an ID really is? It's not a number or name.” It was a young woman sitting crosslegged in front of Azi and wearing a pair of yoga jeans.

She continued “Identity doesn't come from some guy behind a computer representing the Government. Identity is how you tell the world who you are. My identity changes all the time. Like when I get a new job, or new friends, or a new hook-up. It seems like the older you get, the more attached you get to who you are. I don’t really care, for the last two weeks my avatar was a gecko.”

“No kidding.” Ross nostalgically remembered going through his gecko days.

The young woman cleared her throat and continued “The point is, you can't let The Man tell you who you are. It should be the other way around. We should control our identities.”

“So why are you here then?” the new mother retorted sarcastically. “Shouldn't you be busy launching DoS attacks against the ‘corporate agenda’ and all the complicit government agencies that hold it together?”

“I want to go volunteer at a monastery in New Burma, but The Man won't let me leave the country without a valid SECURE ID.”

Ross jumped-in noting “Hey, I was at a New Burmese monastery a couple weeks ago with Google Travel. Because of the time change, prayers don’t begin until four in the afternoon our time. Its perfect.”

The young woman was clearly not impressed. “No, like a REAL monastery with air and things you can touch.”

Ross had this debate all the time. “But…”

Azi was clearly not impressed by where this was going and interrupted “Well, I appreciate your helpful commentary. On the way to Scottsdale, maybe I’ll try ‘I am whoever I say I am and I choose to fly anonymously. If you absolutely must be provided with an ID, I happen to enjoy green tea, string theory, and the colour orange. Now please let me board the plane.”

As Azi was dismissing the young woman, a man in a gray suit neared Ross and stared blankly into the horizon of the queue. The man's pale face looked like he’d seen a ghost.

“Hey, so what's your story?” Ross couldn't help but ask.

“Ummm, I don’t know” the man replied.

“You don’t know? How can you not know?” Ross said.

“I just don’t know who I am anymore.” the man stuttered. “my identity has been stolen.”

The others gasped.

“Well, it's not that I don't know who I am, it’s just that the system has canceled my identity file as a result of concurrent use. There’s no way to verify that I am who I say I am because all my biometrics in have been compromised.”

The others remained silent. The SECURE ID system had been designed to be unbreakable. The authentication routine is so strong, and identity theft so difficult, that victim recovery remained nearly impossible. Everybody knew this. The only option was to create a new ID and start from scratch. The media labeled these victims “Born Agains.” Ross hadn't actually met one, but he’d read a couple blogs describing depressing encounters with these unfortunate souls. It was like being killed but leaving the body left to rot.

The young woman stood up, approached the identityless man, gave him a hug and gently requested: “Please, go in front of me.” The others tried not to make eye contact.

Out of sight and far down the line came a call for: “NEXT!” The line moved forward one meter.


Fin


Jeremy Hessing-Lewis is a law student at the University of Ottawa. He is writing a travel guide entitled “101 Must See Hikes in Google Maps” as well as his first novel “Things That are Square” (2009).

| Comments (2) |

Haste Makes Waste: Attending to the Possible Consequences of Genetic Testing

posted by:Kenna Miskelly // 11:59 PM // July 31, 2007 // ID TRAIL MIX

trailmixbanner.gif

Technological advances are making genetic testing and screening easier and more accessible. My concerns are that the ease and accessibility are masking the fact that these are not straightforward decisions that should be made quickly. Such decisions may include whether or not to terminate a pregnancy if your fetus has Down syndrome, whether to have prophylactic surgery if you test positive for breast cancer genes, whether to be tested for a late onset disease that may have no treatment or cure, and whether or not to submit to genome testing without knowing what the future will hold in terms of discrimination and possible privacy threats. The reasons for genetic testing have real world consequences that are often not spelled out before the testing takes place.

A recent article in the Globe and Mail discusses new recommendations that pregnant women over the age of 35, but under the age of 40, should no longer undergo routine amniocentesis. It has been standard practice that amniocentesis be available to women over the age of 35 because the probability of conceiving a child with a disability or genetic condition increases with maternal age. New non-invasive screening tests such as maternal blood tests and the nuchal translucency test (a detailed ultrasound taken at 11-13 weeks gestation that measures the fluid levels behind the fetus’s neck) can now indicate whether further testing is indicated or whether the risk of abnormalities is low. This development is very positive as amniocentesis is invasive and carries with it a risk of miscarriage.

However, the article states, “40 is the new 35 when it comes to being labelled a high-risk pregnancy.” [1] The implication here that is repeated several times throughout the article is that pregnant women who are over 35 no longer have the same risks associated with this maternal age; it seems that somehow their risks have decreased, which is not true.

As well the article quotes a physician stating,

“Even if you’re over 40, your risk may be that of a 20-year-old. Screening is making you different from your age.” [2]

Obviously the screening tests are a positive medical advance. Yet coupled with the misleading implication that risks have somehow decreased, what we see here is often the case: the language of genetic discoveries and genetic technologies seems to support a “wait and see” attitude – find out what the testing tells you, then decide what to do. It sometimes appears a bit like a lottery.

Francis Collins, direction of the National Human Genome Research Institute has mentioned that genetic technologies are much like new drugs – we must see what the general reactions are to them after they are first introduced. And many authors advocate that we should work to address concerns as they appear, as opposed to limiting technological advances with unnecessary policies. This is not to confuse the “wait and see” attitude of the researchers developing the technology with the “wait and see” attitude of the doctor performing the testing – they seem to be on a continuum.

Sonia Mateu Suter notes from her research as a genetic counsellor for prospective parents, “little emphasis is placed on the many emotional and psychological ramifications of undergoing such testing, leaving patients unprepared for certain choices and emotional reactions.” [3] She feels that this has “impoverished the informed consent process”. [4] Likewise, a “wait and see” attitude ultimately diminishes autonomy because we are not able to make choices we might have made if we had a comprehensive understanding of all the options and consequences.

Much is unclear as new technologies emerge. What we do know is that the vast majority of those individuals at risk for Huntington’s disease choose not to be tested for the HD gene. A child whose parent has had Huntington’s has a 50% chance of inheriting the gene and developing the disease. There are no cures or preventative measures. Yet at-risk individuals also have a 50% chance of not inheriting the gene and never developing Huntington’s disease. The choice not to be tested struck me as surprising until I read the stories of those at risk and those living with the knowledge that they are carriers. Some of the stories such as Katharine Moser’s (http://www.hdfoundation.org/news/NYTimes3-18-07.php) really put in perspective what it must be like to live with the end of your life before you. She had prepared herself with the requisite six months of counselling when she decided to be tested at age 23, yet admitted she never really believed the test result would be positive. Is it fair for certain people to live this way when no one’s future is certain?

Many would say that genetic testing for other conditions such as Alzheimer’s disease or Multiple Sclerosis, which may become reality in the near future, are not on par with testing for the HD gene. Likely such testing will be in terms of probabilities rather than certainties, such as the current testing for the breast cancer genes – a positive test translates into an increased risk for developing breast, uterine, and ovarian cancer but does not mean a woman will get any of these for certain. Nor does it mean that a woman without these genes is immune to these illnesses. Most likely this difference is part of the reason that intensive counselling is often not part of the testing process, though many acknowledge that the system would be improved if it were. Yet I wonder what the idea of an “increased risk” will mean to people and their families, especially for diseases with no known cure? What will the consequences be for them? Will it be easily accepted as a “probability” – something to think about or watch out for – or will they feel that the die is cast, and they cannot escape their fate? It seems that the outcome will be based on each situation and individual, which underlines the inappropriateness of the “wait and see” attitude.

As testing advances, home testing, where an individual sends a sample away and waits for results, may become more commonplace. Such scenarios have serious implications for privacy and ethics. I read a story of a man who did a home paternity test behind his wife’s back (this is actually encouraged on one paternity website as a way to gain initial information before proceeding with overt testing). The man confronted his wife with the test results that showed he was not the biological father of their children. She flew into a rage and told him he would never see the kids again. While he still has rights as a father, even if he is not a biological one, he now has to battle for these in court. He confessed that he had never fully thought through the consequence of a negative result and deeply regretted doing the test. He was unsure what relationship to have with his kids now, how to think of them, whether he was really their “daddy”. My point here is not to begin a commentary on paternal rights – I mean merely to highlight that this man felt he had acted without fully considering how the test results would affect him.

As genetic testing becomes easier and more commonplace concerns over emotions, psychological states and privacy concerns may be easily overlooked to the point that they are seen as unimportant. Yet to promote autonomous choices we must attend to genetic decision-making in context and encourage individuals to think about what test results will mean to them, their families, and their future. This is not to decry genetic testing; it is to open a dialogue about choices before decisions need to be made. Let’s not “wait and see” what the future holds if diminished autonomy becomes an accepted part of our medical system.

[1] Pearce, Tralee. 2007, July 10. Amniocentesis: New guidelines. 40 is the new 35 for test. Globe and Mail, L1 and L3; p.L1.
[2] Ibid, at p.L3.
[3] Mateu Suter, Sonia. 2002. The routinization of prenatal testing. American Journal of Law & Medicine, 28: 233-270; p.234.
[4] Ibid.

| Comments (0) |

Collision Course? Privacy, Genetic Technologies and Fast-tracking Electronic Medical Information

posted by:Marsha Hanen // 11:59 PM // July 24, 2007 // ID TRAIL MIX

trailmixbanner.gif

Andre Picard, writing in the Globe and Mail on June 14, made a poignant plea for speeding up the move to electronic health records for all Canadians. He says:

It’s not enough to create health records; it must be done right. That means including information on visits to physicians, hospital stays, prescription drugs, laboratory and radiology tests, immunization, allergies, family history and so on. It also means integrating all these records and making them compatible in every jurisdiction…

Picard points out that medical records should be accessible to all health professionals we consult, from the pharmacist close to home through the emergency room at the other end of the country. And then he adds, in parentheses: “With the requisite protection of privacy, of course.”

And there’s the rub. Just what is the requisite protection of privacy, and how should it be implemented? For example, in British Columbia a few years ago there was a huge, and quite public to-do about the contracting out of the Medical Services Plan databases to a U.S. company, and the need to protect the information from unwarranted access through the Patriot Act. The B.C. Privacy Commissioner, David Loukidelis, played a very visible role in helping to achieve a reasonable understanding of what would be appropriate in this case. But it turned out that, a year after contracting out the information collection and management to EDS Advanced Solutions, an employee of the company spent several months improperly and repeatedly surfing the files of sixty-four individuals, including the file of a woman whose ex-husband had claimed he could find out where she lived, despite her efforts to keep her location secret. And the source of that information, apparently, was to be the employee who had been doing the surfing. As it happened, none of this had anything to do with access through the Patriot Act.

EDS performed an audit that revealed “some unexplained accesses”, and then claimed there had been no privacy violations because they found no evidence that the information had actually been disclosed to anyone! Furthermore, it took nine months before the woman who had complained received notification about what had actually happened and what lay behind her ex-husband’s claims that he could find her. Various safeguards were subsequently put in place, but one can’t help wondering how much “snooping” of electronic health records might take place without being detected, especially considering the access that vast numbers of employees of pharmacies, hospitals and physicians’ offices would have to such information.

Meanwhile, British Columbia has embarked on a major effort to digitize all medical records, including providing electronic medical records technology to groups of doctor’s offices, much along the lines advocated by Picard. Indeed, B.C. plans to be a leader in Canada in this area of moving from paper records to electronic ones. It is clear that such a project could have the effect of improving medical care enormously by integrating records so that each physician or nurse or pharmacist with whom we interact has access to an overview of our medical histories and records. Advantages may include the fact that tests don’t need to be repeated endlessly, that many errors can be avoided, and that some diagnoses can be made without requiring patients to travel long distances. All good. But since many people are quite concerned about preserving their medical privacy, there is a remaining worry revolving around how we are to ensure the protection of that privacy within the system, and the related autonomy and dignity of patients.

So the first questions are about who needs to have access to all this information, and how we can ensure that access is not granted beyond those groups, except under carefully monitored conditions. Secondly, we need to devise ways to ensure that the information is never used to the detriment of patients, that patients are fully informed at all stages, and that they are involved to whatever degree they wish to be in all decisions about their testing, their results and their treatment. All of these are standard issues in designing good medical care plans – it is just that some of them are more likely to lead to problems when medical records are computerized and networked.

The situation becomes more complicated when we add the more recent developments in genetic and genomic technologies, which will, if they haven’t already, expand not just the amount of information available about individuals, but also the kind of information that is gathered. Individuals who agree to the collection of information are usually assured that their privacy will be protected by secure coding of the information and other means. But to what extent are these measures monitored, and how easy or difficult is it for the codes to be cracked? Even if the coding is secure now, it may well be easy to decipher with new information technology methods.

To be sure, not everyone worries about the privacy implications of these technologies. There has been much discussion surrounding the sequencing of individual genomes, two of the most recent highly publicized examples being J. Craig Venter, former president of the Celera Corporation and James D. Watson, one of the scientists who formulated the double helix model for DNA. And amidst the excitement about these developments the likelihood increases that certain genetic information pertaining to individuals will become part of their medical records and, in due course, so will their entire genomes. No doubt for some purposes this is all to the good in the sense that more information about an individual may well make it possible to provide better care.

But what if making this information available leads to refusal of treatment for people with certain “genetic diseases” or various other forms of discrimination such as denial of insurance or employment? Or what if the individual simply wishes to keep certain matters about his genetic make-up private? Or what if he does not wish to know that he is at risk for a disease such as Alzheimer’s, which manifests itself later in life? Or what if someone’s records are retained and used at a later time in a non-secure environment? We must also remember that genetic information about a given individual tells us quite a bit about his or her family, which may expose many people to having their genetic information widely known, whether or not they have consented to such exposure.

In discussions about information technology and medicine, one commonly heard complaint is that privacy advocates are holding up progress by making it difficult to implement the obviously necessary computerization and integration of medical records. On the other side, one might argue that the focus on technology in this area carries with it the danger that privacy considerations will be relegated to the sidelines and may even come to be seen as insignificant. Unfortunately, a consequence of failing to respect privacy is that the dignity and autonomy of individuals is likely to be impaired. In that case, we will all pay the price.

| Comments (3) |

"CITIZEN, PICK UP YOUR LITTER": CCTV evolves in Britain [1]

posted by:Meghan Murtha // 11:59 PM // July 17, 2007 // ID TRAIL MIX

trailmixbanner.gif

Planning to litter, hang around looking intimidating, or just generally be a public nuisance in England? Careful where you do it.

This past spring, Britain, already host to more video surveillance cameras than any other country in the world [2], rolled out a new crime prevention measure: ‘Talking CCTV’ (closed-circuit television). Government officials describe the new development as “enhanced CCTV cameras with speaker systems [that] allow workers in control rooms to speak directly to people on the street.” The ‘Talking CCTV’ initiative is just one component of the British Home Office’s Respect Action Plan a domestic program designed to tackle anti-social behaviour and its causes. [3]

What this means in practice is that when staff, operating from an unseen central control room, observe an individual engaged in anti-social behaviour they can publicly challenge the person using the speakers. At the moment the one-sided conversation is relatively unscripted, although workers are expected to be polite. The first time a member of the public is spoken to about her behaviour, she hears a polite request. If she complies, she is thanked. If not, she can expect to hear a command . If she fails to correct her behaviour, the anti-social individual may find surveillance footage of her alleged infraction splashed across the evening news.

While ‘Talking CCTV’ may be novel, video surveillance is nothing new in Britain. It is estimated that a person living and working in London is photographed an average of 300 times a day. [4] One commonly quoted figure is that there is one surveillance camera for every 14 people in Britain. [5] This year the government is spending half a million pounds to set up ‘Talking CCTV’ in twenty communities and it is likely that the program will be expanded in future funding cycles.

Critics of the program argue that the money spent adding speakers to existing surveillance cameras is being wasted. The human rights organization Liberty contends that 78% of the national crime prevention budget in the past decade has been spent on CCTV equipment without proper studies conducted to assess whether or not the expenditure is effective. The organization argues that spending the same percentage of the budget to increase the number of law enforcement officers on patrol would go a lot further to improving public safety. [6]

‘Talking CCTV’ supporters, on the other hand, cite statistics that would please any elected official. In Middlesbrough, where the pilot program took place, officials claim that the system adds an “additional layer of security”:

At the bottom end of the scale, we use the talking CCTV for littering offences, for which it's proven to be absolutely a 100% success. Middlesbrough's cleanliness has improved dramatically since the speakers were installed.' he said. 'As you move up the scale a bit on public order offences - like drunkenness or fighting - we're proving the speakers are coming into their own, and we're recording about 65% to 70% success rate for those kinds of offences.

But measured against what? In their 1999 study of CCTV in Britain, Clive Norris and Gary Armstrong demonstrated how government and law enforcement officials often present CCTV as a panacea without proving it provides the dramatic results attributed to it. Their review of the numbers suggested that, throughout the 1990s, publicly-quoted figures about the benefits of CCTV were often inaccurate or did not tell the whole story, yet they were used to convince taxpayers to buy into the surveillance system. [7] This is not to say that Middlesbrough is faking its numbers. It is quite likely that 100% of individuals exhibiting the anti-social behaviour of littering, who were publicly reprimanded when caught on camera, put their garbage in the bin as directed.

The ‘talking’ modification to the existing CCTV system is being sold to the public as a way to clean up the streets and create a safe, law-abiding community. The Home Secretary, John Reid, states that the new measure is aimed at “the tiny minority who make life a misery for the decent majority.” Safe, clean streets sound great but one academic has noted that public debate about CCTV tends to be shaped more by the government’s focus on how technology can improve law and order and far less on other, more complex, issues about the appropriateness of using the technology. [8]

Government employees now have a powerful tool to single out and shame an individual in public. The fact that “100%” of litterbugs in Middlesbrough obeyed the authoritative, disembodied voice ought not to be underestimated. They likely did so out of shame and embarrassment. Before signing on to such a program, it is worth noting that video surveillance operators, no matter how well-intentioned they may be, are human and they bring their very human biases to their jobs. Norris and Armstrong’s 1999 study showed that the workers watching the monitors disproportionately targeted males, youths, and black people as surveillance subjects. [9] Biases may change depending on the era and the community. The past few years, for example, has seen an aggressive crack-down on panhandling in Liverpool, along with laws designed to minimize youth loitering about urban shopping districts. [10]

Will youth people, the urban poor, and members of visible minority communities be disproportionately targeted by ‘Talking CCTV’? Officially, the answer is likely to be “no” but it has been observed that:

Unequal relations between rich/poor, men/women, gay/straight and young/old are precisely relations that have been managed and negotiated through state activities via combinations of welfare, moral education, and censure and exclusion from public space. For some who inhabit our cities, their identity, through the eyes of a surveillance camera, is constructed in wholly negative terms and without the presence of negotiation and choice that middle class consumers may enjoy. [11]

Public shaming of individuals engaged in so-called anti-social behaviour may result in British cities ‘designing away’ social problems as those who are targeted too often by authorities will find other spaces in which to spend their time. [12] The rest of the community may find itself enjoying litter-free streets and ‘Talking CCTV’ will be given credit. But it will all have happened without the benefit of serious public debate about whose behaviour is anti-social behaviour and why that makes people uncomfortable. Britain has been trying to rid itself of anti-social behaviour for a long time now and it seems unlikely that a few talking cameras will get to the root of the problem.

[1] http://www.forbes.com/2007/06/11/urban-surveillance-security-biz-21cities_cx_cd_0611futurecity.html
[2] Clive Norris et al., “The Growth of CCTV: a global perspective on the international diffusion of video surveillance in publicly accessible space.” Surveillance & Society 2:2/3 (2004).
[3] Anti-social behaviour has been seen as such a problem in Britain for the past few decades that the Crime and Disorder Act 1988 gave it a legal definition and criminalized it. That was followed by the Anti-Social Behaviour Act 2003. Legally defining the problem doesn’t appear to have helped much as the government continues to struggle with anti-social behaviour across Britain.
[4] Clive Norris and Gary Armstrong, The Maximum Surveillance Society: The Rise of CCTV (Oxford: Oxford University Press, 1999): 3. (Note that this was a 1999 study. While this continues to be the figure quoted it is possible the number has increased in the past eight years.)
[5] Clive Norris et al., “The Growth of CCTV”.
[6] Norris and Armstrong also quote the ‘78% of the budget’ figure in their 1999 work. It is unclear if this continues to be the expenditure or if Liberty is quoting their work. See Norris and Armstrong, The Maximum Surveillance Society: 54.
[7] Norris and Armstrong, The Maximum Surveillance Society, 60-7.
[8] William R. Webster, “The Diffusion, Regulation and Governance of Closed-Circuit Television in the UK,” Surveillance & Society 2:2/3 (2004): 237.
[9] Norris and Armstrong, The Maximum Surveillance Society: 109-10.
[10] Roy Coleman, “Reclaiming the Streets: Closed Circuit Television, Neoliberalism and the Mystification of Social Divisions in Liverpool, UK,” Surveillance & Society 2:2/3 (2004).
[11] Coleman, “Reclaiming the Streets”: 304.
[12] Bilge Yesil, “Watching Ourselves: Video surveillance, urban space and self-responsibilization,” Cultural Studies 20:4 (2006).

| Comments (0) |

Calibrating Public Access to Personal Information in Legal Databases: Anonymity and 6 Degrees of Google Clicking

posted by:Alana Maurushat // 11:59 PM // July 10, 2007 // ID TRAIL MIX

trailmixbanner.gif

Hi, I’m Alana. I’m a techno-luddite who confesses to rarely participating (well writing at least) in weblists, chatrooms or blogs. In the fall of 2006 I felt compelled, however, to respond to a posting in the closed list server, cyberprof. The posting in question concerned public access to personal information found in a legal database known as projectposner. Projectposner is a database developed by Tim Wu and Stuart Sierra containing many influential judgements of the late American Judge Richard A. Posner. One such judgment referred to a sexual harassment case where the plaintiff was fired for allegedly refusing to have sex with her boss. The plaintiff (who shall remain anonymous) requested the removal of her name (or the entire case) from a judgement found in projectposner. This request for removal triggered a long debate amongst cyberprof colleagues as to the scope of anonymity (and pseudonymity) with regards to online public access to court records.

Privacy was seen as important but absolute privacy was neither seen as desirable nor possible. Some argued that there was already an appropriate mechanism in place, namely a protective order to remove all references to a party’s name during the course of litigation. The ability to remain anonymous in court proceedings is at the discretion of the judge residing in the matter (at least it is in the United States). It was argued that protective orders are better made as a matter of public policy by judges rather than disclosure decisions done on an ad hoc (or post hoc) basis by individual website owners. Some further argued that there was no objectively significant invasion of privacy in the case at hand. There were references to star chambers, decreasing access to case reports, and the social utility of online searching.

Others, including myself, expressed concerns of the personal, psychological and social effects about public accessibility about sensitive personal information. We noted the lack of education with regards to accessibility of online judicial opinions and court files. We noted any legal obligations requiring website operations to edit and censor information. We even looked at psychological motivation to access and stalk former victims of sex crimes, as well as those of employers wishing to gain access to potential employees.

As lawyers we did a good job debating the legal and policy elements of the situation. As moral agents or ethicists we failed badly. We failed to consider those most vulnerable to the consequences of access to court records – women and children. We failed to consider the privacy invasion from a subjective perspective. And we failed to consider the consequences of 6 degrees of Google clicking.

This situation is not about appropriate court issued protective orders and the ability to access court records online. It is about the ability with a single “I feel lucky” click to have unfettered and unnecessary personal information outside of the scope of the original intended search. It is about using Google ethically (I like Googlethics). It is about what I call 6 degrees of Google clicking.

Similar to our dilemma, consider the following hypotheticals:

1) You are a university student taking a literature course from Professor Woolengala. You wish to see a list of some of her publications and you are, in general, a bit of a nosy parker. In short, you google your professor. The first result produced is a link to a legal database with a judgment where your professor was the victim of a sexual harassment suit which occurred 12 years ago. Within two clicks, you have retrieved and are reading this personal and sensitive information.
2) You are a partner at the law firm McQuarey Nightrum. You wish to hire a new associate. You ask your assistant to conduct a personal background check of all candidates. This includes a search on Google. Your Google search indicates that a candidate was a plaintiff in a workplace harassment suit, as well as a plaintiff in an insurance suit to obtain additional refunds for radiology treatment (3 clicks). Based on this information, you do not shortlist the candidate.

There is an appalling lack of education amongst Google users and website owners on the extent of google search-ability. There are only too many online privacy blunders illustrating this point. Sensitive information of corrupt Hong Kong police finding their way to subdirectories on the Internet (many linked to organized crime). Ongoing police investigations files in Japan again finding their way to subfiles on the Internet. All searchable through Google. All avoidable with the use of FTP protocol, or robot exclusion protocol which does not allow Google’s webspiders to retrieve information from a website – none of these protocols were used by professional IT security experts.

What if FTP or robot exclusion protocol had been used in projectposner? It would still be possible to retrieve the decision from the actual website but the judgment would not be searchable with Google. This would, theoretically, better limit the ability for those to find and use personal information in an unnecessary and unfettered matter (Google search/click for online legal databases, click on database selected, type in party name and click, click on judgment(s) – at least 4 degrees of Google clicking). For this reason, many free online legal databases such as those found in worldlii.org are not searchable with Google. Of course, this also hinders legitimate and efficient searching methods. Google is popular because it works well. There is a middle ground. The same robot text can be used to retrieve access to a website but not to a deeplink. In other words, you may be directed to projectposner but then have to perform an internal search once within the website. More beneficial, of course, would be in the ability to dissociate website ranking so that a result with personal information would not appear in the first page of results. These small technical specifications could have reduced some of the ethical (and legal) dilemmas of online access to court information, but they could not, of course, have avoided altogether many of the issues.

There is no quick answer to this issue but I for one, would like to see a policy of 6 degrees of Google clicking. In the game of 6 degrees people try to link actors to movies starring Kevin Spacey. The object of the game is to make the link with as minimal degrees as possible with a maximum link of 6. The reverse for online searching of personal information found in legal databases may be good policy. Requiring 6 degrees of Google clicking would provide a stronger incentive for those with genuine vested interest in obtaining personal information while reducing unnecessary and unfettered access.

I haven’t nearly begun to explore the many important and deserving ethical issues presented in accessing online information in legal databases. It is an act requiring fine calibration. I invite your input.

Alana Maurushat, B.A. (University of Calgary), B.C.L.(McGill), LL.B. (McGill), LL.M. with Concentration in Law and Technology (University of Ottawa), PhD Candidate (University of New South Wales). The author is Acting Academic Director of the Cyberspace Law and Policy Centre, sessional lecturer, and PhD candidate at the Faculty of Law at the University of New South Wales, Australia. Prior to moving to Sydney, she was an Assistant Professor and Deputy Director of the LLM in Information Technology and Intellectual Property at the University of Hong Kong’s Faculty of Law. She has taught in summer programs for the University of Santa Clara, Duke University, and has been invited to teach at the Université de Nantes this coming year. Her current research is focused on technical, ethical and legal dimensions of computer malware building on past research projects which addressed the impact of surveillance technologies on free expression and privacy. She currently teaches Advanced Legal Research.

| Comments (4) |

Home is Where the Heart is: Dignity, Privacy and Equality under the Charter

posted by:Daphne Gilbert // 11:59 PM // July 03, 2007 // ID TRAIL MIX

trailmixbanner.gif

A country’s constitution can be described as the mirror into the national soul. A constitution is a foundational instrument, reflective certainly of its country as it exists, but also aspirational in nature. In countries, like Canada, where the constitution protects individual rights and freedoms, citizens are empowered by the values that shape the legal guarantees. This is at least, the hope behind Canada’s Charter of Rights and Freedoms. What then to make of the fact that an interest or value in ‘privacy’ is not expressly protected by our constitution?

The question of the role privacy plays as a foundational constitutional value has been addressed by the Supreme Court of Canada on numerous occasions. It is well-settled law that sections 7 and 8 of our Charter do contain protections for some aspects of a privacy interest. What is less clear is whether a robust concept of privacy, and privacy-related interests, are adequately and wholly protected in Canada’s Charter. Given the constraints of the privacy protections recognized in sections 7 and 8, finding another home for privacy in the Charter might open up new potential. In my view, it would be both helpful and appropriate to consider privacy in the context of the section 15 equality guarantee.

I stress here that I am proposing “another” and not a “new” home for constitutional recognition of privacy interests, because I agree that sections 7 and 8 offer important and necessary protections for certain privacy interests. These two sections are, however, limited in their scope. They appear in a part of the Charter labeled “Legal Rights”, a heading that has been interpreted as placing boundaries on the application of sections 7 and 8. In Gosselin v. Quebec (Attorney General), [1] a majority of the Supreme Court of Canada affirmed that the guarantees under the “Legal Rights” section of the Charter are triggered by state action involving the administration of justice. In most situations, the “Legal Rights” guarantees are triggered in the criminal law context, though these protections can be used in administrative contexts too (as they were, for example, in the case of New Brunswick (Minister of Health and Community Services) v. G.(J.) [2] , involving challenges to child protection processes). While Gosselin left open the question of whether an adjudicative context was required for “Legal Rights” to apply, the majority insisted that it was appropriate to restrict the applicability of the “Legal Rights” protections to the administration of justice. [3] In Gosselin, this meant the section 7 guarantee to life, liberty and security of the person was useless in challenging an inadequate welfare regime. If privacy protections are housed only in sections 7 and 8 of the Charter, the nature of the interests protected are necessarily limited. These limitations mean that only certain kinds of privacy interests are protected by the Charter, and that a “right” to privacy only comes into play in situations captured by section 7 and/or 8. In my view, this is an impoverished interpretation of what privacy could offer as a constitutional value.

Since the Canadian Charter does not recognize the same sort of “penumbral effects” as the Americans see in their Bill of Rights, we are required to locate our constitutional values within specific Charter guarantees. If there is potential for constitutional recognition of privacy outside of the “Legal Rights” context, privacy must find another resting place. In my view, section 15 offers significant hope and advantages as another home for privacy. Chief Justice McLachlin of the Supreme Court of Canada describes “equality” as perhaps the most difficult of the Charter rights to interpret and define, and indeed, section 15 has had a tumultuous history since it came into force in 1985. In the 1990s, the Court was particularly divided on the proper interpretive approach to section 15, until in 1999 the Court reached a tentative consensus on a “test” for equality violations in Law v. Canada (Minister of Employment and Immigration). [4] [Most section 15 scholars agree the Law test is problematic and that the Court has in any event fractured into differing views on equality rights in recent years, however, Law remains in theory and in practice at least, the prevailing structure for section 15.] In Law, the Supreme Court decided to make “human dignity” the central focus of the equality guarantee, explaining the purpose of section 15 as:

to prevent the violation of essential human dignity and freedom through the imposition of disadvantage, stereotyping, or political or social prejudice, and to promote a society in which all persons enjoy equal recognition at law as human beings or as members of Canadian society, equally capable and equally deserving of concern, respect and consideration. [5]

Section 15 claimants must show, as one of the three required steps in the Law test, that the legislative provision they contest violates or demeans their human dignity. [6] Justice Iacobucci, writing for the Court in Law, outlined his version “human dignity” in the equality context, intending his approach to be comprehensive but non-exhaustive:

What is human dignity? There can be different conceptions of what human dignity means… [T]he equality guarantee in s.15(1) is concerned with the realization of personal autonomy and self-determination. Human dignity means that an individual or group feels self-respect and self-worth. It is concerned with physical and psychological integrity and empowerment. Human dignity is harmed by unfair treatment premised upon personal traits or circumstances which do not relate to individual needs, capacities, or merits. It is enhanced by laws which are sensitive to the needs, capacities, and merits of different individuals, taking into account the context underlying their differences. Human dignity is harmed when individuals and groups are marginalized, ignored, or devalued, and is enhanced when laws recognize the full place of all individuals and groups within Canadian society. [7]

Connections between privacy and human dignity have long been acknowledged and explored by theorists [8] and the Supreme Court of Canada has declared, “a fair legal system requires respect at all times for the complainant’s personal dignity, and in particular his or her right to privacy, equality, and security of the person.” [9] It seems almost natural, then, that privacy should find a new home outside of the “Legal Rights” portion of the Charter, within human dignity, as it is understood and protected under section 15.

There are many benefits to interpreting section 15 to include a privacy interest, broadly captured by two significant features. First, protecting privacy as part of the Charter’s equality guarantee provides opportunities for a set of privacy-related claims that do not fall within the boundaries of the “Legal Rights” section to be brought forward. A claimant whose privacy interests have been violated outside of the Legal Rights context (meaning sections 7 and 8 are not triggered), may now have an avenue under section 15 to bring forward the claim, expanding the Charter’s spectrum of privacy protections. For example, in contexts including (dis)ability discrimination, social welfare or employment regimes, access and funding for abortion or contraceptive services, poverty and homelessness, government relationships with aboriginal peoples, as well as other pressing equality concerns, arguments around privacy interests might be helpful in unpacking and explaining the human dignity step of the Law framework.

Second, an understanding of privacy embedded within the Charter’s equality framework could open up more expansive possibilities for protecting a range of privacy interests beyond those that fall within sections 7 and 8. Section 8 has been interpreted as protecting three specific ‘classes’ of privacy interests: personal, territorial and informational privacy. Section 7’s protection for security of the person, which includes bodily integrity, includes decisional privacy interests. A number of theorists, however, including feminists Allen, Roberts, Gavison, McClain and others, have argued that a robust understanding of privacy includes more than simply protecting these manifestations of recognized privacy interests, and may include such features as positive obligations on the state to provide the conditions necessary for true private choice to be exercised. It is possible that interpreting privacy within section 15 could lead to the legal recognition of new or different ‘kinds’ of privacy, over and above those protected by sections 7 and 8.

Whatever the content of privacy is understood to include, there is general agreement in law and society that privacy is worth protecting, as a “core value of a civilized society,” [10] and as a requirement both of “inviolate personality” [11] and human dignity. Expanding the possibilities for protecting privacy by including it within the ambit of the section 15 equality guarantee is further and uniquely Canadian recognition of the foundational role that privacy plays in our society. Equality, and by necessity a constitutional right to equality, is at the heart of a compassionate democracy. While the Charter protects and advances many of our most cherished values, section 15 is at the heart of the Charter’s vision for Canada. Finding a home for a privacy interest in our understanding of human dignity, not only promotes a more fulsome understanding of the many facets of privacy as a core value, but also opens up new equality arguments for vulnerable and marginalized groups.

[1] 2002 SCC 84
[2] [1999] 3 S.C.R. 46.
[3] Then Justice Arbour took a different and radical approach to section 7, and would have removed it from the limitations of its placement in the “Legal Rights” section of the Charter. She left the Court soon after the Gosselin decision and her views have not gained traction at the Court so far.
[4] [1999] 1 S.C.R. 497.
[5] Ibid. at para. 59.
[6] The first two steps in the Law test are that the claimant establish that he or she is a member of one of the enumerated or analogous grounds listed in section 15 and that the impugned legislative provision imposes a burden or denies a benefit to the claimant on the basis of the ground.
[7] Ibid. at para. 53.
[8] A number of philosophers have connected privacy to human dignity, and explained the relationship between the two as harmonious and even symbiotic in nature. Edward J. Bloustein reasoned:

The man [or woman] who is compelled to live every minute of his [or her] life among others and whose every need, thought, desire, fancy or gratification is subject to public scrutiny, has been deprived of his [or her] individuality and human dignity. Such an individual merges with the mass. His [or her] opinions, being public, tend never to be different; his [or her] aspirations, being known, tend always to be conventionally accepted ones; his [or her] feelings, being openly exhibited, tend to lose their quality of unique personal warmth and become the feelings of every man [or woman]. Such a being, although sentient, is fungible; he [or she] is not an individual.

See: Edward J. Bloustein, “Privacy as an Aspect of Human Dignity: An Answer to Dean Prosser” in Schoeman, Ferdinand, eds. Philosophical Dimensions of Privacy: An Anthology, (Cambridge University Press, 1984 at page 188). See also: Jeffrey H. Reiman, “Privacy, Intimacy and Personhood” in Ibid, at page 305; Helen Nissenbaum, “Privacy as Contextual Integrity” (2004) 79 Wash. L. Rev. 119.
[9] R. v. O’Connor [1995] 4 SCR 411 at para 154.
[10] See Olmstead v. United States, 277 U.S. 438 (1928) (Brandeis J., dissenting).
[11] Warren & Brandeis, “The Right to Privacy” 4 Harv. L. Rev. 193, 194 (1890).

| Comments (1) |

Excuse me, are you a threat to aviation security? Canada’s no-fly list

posted by:Katie Black // 11:59 PM // June 26, 2007 // ID TRAIL MIX

trailmixbanner.gif

Picture this: you are traveling to an important conference in Ottawa, titled the Revealed “I”. While getting your boarding pass, the airline attendant asks for a piece of government-issued photo ID. You provide it and wait for him to smile and print your boarding card. He doesn’t smile. In fact, he looks concerned, makes a phone call and tells you to step aside. You are prohibited from boarding you flight because, in that moment, you were silently labeled “an immediate threat to civil aviation”. [1]

While this hypothetical will remain an incredulous story for most Canadians, it will realize for some over the course of the next year. [2] If your name, age and gender match that of an individual on Canada’s Specified Persons List, implemented on June 18th, 2007 as part of Transport Canada’s Passenger Protection Program, you might be barred from boarding an aircraft. Regulation [3] responsible for the program requires all airline carriers in Canada to screen passengers over the age of twelve [4] on domestic and international flights against those described on the List. Once a match is made, the airline carrier is obligated to contact the Minister of Transport or his authorized official and have him or her verify the individual’s identity and decide whether or not to permit boarding. If individuals find themselves on the list, they can have their case independently reviewed by applying to Transport Canada’s Office of Reconsideration (OoR). [5] If they remain unsatisfied, they can appeal the OoR decisions to the Federal Court, the Security Intelligence Review Committee, the Commission for Public Complaints against the RCMP or the Canadian Human Rights Commission.

While this program superficially appears to further Canada’s goal of increasing aviation security, many concerns have been raised regarding the impact of the program’s design and implementation on privacy and anonymity in Canada. This ID Trail Mix will briefly survey the main concerns raised by such public interest groups as the BC Civil Liberties Association (BCCLA) and the Council for American Islamic Relations (CAIR-Canada). It will explore: i) the potential inadequacy of the Passenger Protection Program in light of forgery techniques, ii) concerns regarding how the list is compiled, iii) the potential for violations of Canadians’ privacy rights through the sharing of personal information with foreign governments, iv) the possibility for mistaken inclusion on the list and v) the potential that Canada’s no-fly list could lead to the targeting and profiling of racialized groups.

Forged Documents

It remains unclear how the Passenger Protection Program will get around the practical problem of forged documents. With ID cards so easily forged, how does asking for one reduce the threat of on-board terror? Moreover, are terrorists or other threatening individuals likely to fly under their own name? Speaking to this concern in an interview with CBC News, Barry Prentice, Director of the Transport Institute at the University of Manitoba in Winnipeg, commented, “I don’t think it’s going to help one bit. What terrorist is going to travel with their own name and passport? These people are going to steal or create a forged passport and identification if they’re going to do anything, anyway”. [6]

Also pertaining to the program’s efficacy, in 2005, the Privacy Commissioner submitted the following question to Transport Canada: “what studies, if any, has the department carried out to demonstrate that advance passenger information will be useful in identifying high-risk travelers”? Transport Canada provided the following response on their website, “the Passenger Protect program proposes to use a watchlist to prevent specified individuals from boarding flights based on practical global experience and risk assessment rather than specific studies”. According to Allen Kagedan, Chief of Aviation Security Policy for Transport Canada, such lists are increasing air travel safety as, “they do work”. However, when asked by reporters, he could not cite any specific instances of when it worked. “The problem with giving examples” he said, “is that they defeat security and also, ironically, defeat the privacy rights of those individuals”. [7]

How is the list compiled?

Does notification of one’s inclusion on the Specified Persons List also defeat security? It may because the list is not available to the public. [8] People can only find out if they are on the no-fly list once they are prevented from boarding their flight. [9] The wording of the regulation [10] is such that anyone who i) poses a threat to aviation security, ii) could endanger the security of any aircraft or aerodrome, or iii) the safety of the public, passengers or crew members would be placed on the list by the Passenger Protect Advisory Group [11]. This will result in a “dynamic” list, according to Mr. Kagedan, as intelligence agencies must re-assess their “reliable and vetted” security information every 30 days. [12] While it is clear that this would likely include “an individual who has been involved in a terrorist group [or] has been convicted of one or more serious and life-threatening crimes against aviation security”, [13] it is unclear if it would also include such people as Andrew Speaker, the Atlanta lawyer, who was placed on the American no-fly list because he had a rare form of tuberculosis. In the Canadian context, would a communicable disease constitute a threat to aviation security?

Will Canada’s no-fly list be shared with foreign governments?

The extent to which the regulation allows Canada to share information contained on its no-fly list with foreign governments is also unclear. According to the Privacy Impact Assessment (PIA) Executive Summary of the Passenger Protection Program, “law enforcement and intelligence information on Specified Persons received from Canadian, or foreign or multilateral, law enforcement or security intelligence agencies” will be kept and gathered using the Passenger Protection Program. It will be used for the sole purpose of increasing transportation security. [14] Moreover, comments made by Brian Brant, who serves as Director of Security Policy for Transport Canada, during the Air India Inquiry presided over by former Supreme Court Justice Major, indicated that “names of Canadians on the forthcoming federal list could end up in the hands of foreign governments, whether or not Ottawa gives its official consent to sharing the information”. [15] While the list of names will only be initially released to commercial airlines, foreign governments could access the names without the consent of the Canadian government by going to the airlines. The lists could be accessed via the airlines that are based in the foreign country. “Should their national government require that information of them”, Brant testified at the inquiry, “that's up to them to decide what they want to do with that information. We recognize that possibility exists”. [16] As such information sharing, either voluntary or involuntary, between Canada and foreign governments is likely.

It wasn’t me: the possibility for mistaken inclusion on the list

While the new no-fly list may add the kind of excitement to one’s travel plans as experienced by Conservative MP John Williams - who was temporarily grounded because his name appeared on the American no-fly lists - it also means that many innocent people are going to be swept up in the list’s identity net. One need only look at how the American no-fly lists ballooned out of control. At one point, it contained more than 70, 000 names including those of civil libertarians, peace activists and most notably Senator Ted Kennedy. [17]

Although individuals who have been wrongfully identified on the Canadian list retain the right to reconsideration through the OoR process (see above), Canada’s Privacy Commissioner, Jennifer Stoddart, warned that the list could become “a nightmare for ordinary Canadians”. [18]

On the bright side of things, one retains a statistically smaller chance of being on Canada’s no-fly list than on America’s. This is because fewer than 1,000 names are thought to be on Transport Canada’s Specified Persons list at the moment. [19] Advocates for CAIR-Canada, however, argue that this statistical good news will disproportionately apply to non-racialized groups. CAIR-Canada fears that Canada’s no-fly list has the potential to lead to the targeting and profiling of Muslims and Arabs in Canada.

The chill sets in: fears of racial profiling

People within Canadian Muslim and Arab communities already report that they disproportionately experience the effects of social and technological changes aimed at ensuring “national security”. In Faisal Babha’s article, “The Chill Sets In: National Security and the Decline of Equality Rights in Canada”, he writes that in a post-9/11 era “ensuring ‘national security’ has become a euphemism for ethnic and religious profiling, and that the Anti-Terrorism Act (ATA) has become a guise for the systematic targeting and demonization of Muslims and Arabs”. [20] While hard data indicating that Muslims are being systematically profiled by government agencies is challenging to acquire, [21] it is clear that “Muslims and Arabs in Canada have been thrust involuntarily into the spotlight of the national consciousness”. [22] The effects of the no-fly list are likely to intensify that light as “Muslims are already subject to increased scrutiny at airports” [23] and “among Muslims, there’s a great similarity in names and it’s very easy for names to be the same or similar”. [24] While this will practically translate into Muslims and Arabs being disproportionately mistaken for those on the list, it might also have the corollary effect of generally increasing the sense of insecurity and incidents of discrimination experienced by these populations. [25] As Faisal Babha wrote, “profiling is a simplistic response to a complex problem; it involves highlighting a specific characteristic about a person, unrelated to that person’s actual deeds, and extrapolating to reach a presumptive conclusion about the person’s intentions and probable conduct”. [26]

While fears of racial profiling are being voiced in relation to racialzed members of society, Jennifer Stoddart phrased the same concern of the use of one’s identity more generally. As she sees it, the problem is that the list exemplifies “the increasingly intrusive use of your identity in order to make decisions about you as an individual, [decisions] that are pretty drastic… Every time we go to the airport, are we going to expect to be challenged?” [27]

[1] A threat to aviation security is explained in the section 4.72(2)b of the Aeronautics Act, as threat to “any aircraft or aerodrome or other aviation facility, or to the safety of the public, passengers or crew members”.
[2] According to section 4.72(3)(b)(i) of the Aeronautics Act, the Act that provides the Minister of Transportation with the statutory authority to create the new Passenger Protection Program as a “security measure”, the Minister must repeal the security measure before the day that is one year after the notice of the measure was published. Notice of the Identity Screening Regulation was published on April 26th, 2007.
[3] Section 3.2 of the Identity Screening Regulation outlines the screening protocol that airline carriers must follow. They are required to obtain either one piece of valid government-issued photo ID or two pieces of valid government-issued ID prior to boarding. The Identity Screening Regulation was created by the Department of Transport Infrastructure and Communities on April 26th, 2007, is under the statutory authority of the sections 4.71 and 4.9 Aeronautics Act which gives the governor in council the statutory authority to make regulation with respect to aviation security. The Public Safety Act, 2002, which received Royal Assent on May 6, 2004, made these changes to the Aeronautics Act as part of Canada's National Security Policy. The Identity Screening Regulation was registered by the Department of Transport Infrastructure and Communities in order to create the Passenger Protection Program.
[4] An exception to the identification requirement is currently being granted to children between the ages of 12 and 17. They only need to present one piece of government-issued ID until the mid-September.
[5] Transport Canada, Office of Reconsideration, available online: http://www.tc.gc.ca/reconsideration/menu.htm. [6] Barry Prentice, in an interview with CBC News reporters on Monday, June 18th, 2007. [CBC News, (Monday, June 18, 2007) Critics alarmed by Canada's no-fly list, online: http://www.cbc.ca/canada/story/2007/06/18/no-fly-list.html]
[7] Allen Kagedan in an interview with CBC reporters on Monday, June 18th, 2007. [CBC News, (Monday, June 18, 2007) Critics alarmed by Canada's no-fly list, online: http://www.cbc.ca/canada/story/2007/06/18/no-fly-list.html].
[8] During the question period on Monday, June 18th, 2007, Liberal MP Joseph Volpe demanded that the government release the names of those on the no-fly list. Meanwhile, NDP MP Joe Comartin proposed that while the government should not get ride of the list, it should at least set up an ombudsman to handle cases where innocent people find themselves on the list. [CBC News, (Monday, June 18, 2007) Critics alarmed by Canada's no-fly list, online: http://www.cbc.ca/canada/story/2007/06/18/no-fly-list.html]
[9] CBC News, (Monday, June 18, 2007) Critics alarmed by Canada's no-fly list, online: http://www.cbc.ca/canada/story/2007/06/18/no-fly-list.html.
[10] Section 50.(4)(b) of the Canadian Aviation Security Regulation of the Aeronautics Act.
[11] The advisory group, led by Transport Canada, is comprised of a senior officer from the Canadian Security Intelligence Service (CSIS), a senior officer of the Royal Canadian Mounted Police (RCMP) and a Transport Canada representative. Once on the list, membership is reevaluated every 30 days. [Transport Canada, (June 8th, 2007) Passenger Protects: Privacy Impact Assessment (PIA) Executive Summary, available online: < http://www.tc.gc.ca/vigilance/sep/passenger_protect/executive_summary.htm >]
[12] Allen Kagedan told CBC reporters on Monday, June 18th, 2007 from CBC News, (Monday, June 18, 2007) Critics alarmed by Canada's no-fly list, online: http://www.cbc.ca/canada/story/2007/06/18/no-fly-list.html.
[13] Cited by Transport Canada as possible instances where a person would be placed on the list in the article by CBC News, titled Critics alarmed by Canada's no-fly list.[CBC News, (Monday, June 18, 2007) Critics alarmed by Canada's no-fly list, online: http://www.cbc.ca/canada/story/2007/06/18/no-fly-list.html]
[14] Transport Canada, (June 8th, 2007) Privacy Impact Assessment (PIA) Executive Summary, available online: < http://www.tc.gc.ca/vigilance/sep/passenger_protect/executive_summary.htm>.
[15] CBC News, (June 5th, 2007) No-fly list could end up in foreign hands, Air India probe is told, available online: http://www.cbc.ca/cp/national/070605/n0605112A.html.
[16] CBC News, (June 5th, 2007) No-fly list could end up in foreign hands, Air India probe is told, available online: http://www.cbc.ca/cp/national/070605/n0605112A.html.
[17] CBC News, (June 5th, 2007) No-fly list could end up in foreign hands, Air India probe is told, available online: < http://www.cbc.ca/cp/national/070605/n0605112A.html >.
[18] CBC News, (June 13th, 2007) Privacy commissioner ordered to testify at Air India inquiry, available online: http://www.cbc.ca/canada/british-columbia/story/2007/06/13/airindia.html; Barry Prentice, Director of the Transport Institution at the University of Manitoba Winnipeg, told CBC reporters that some travelers are going to be wrongly identified as security risks under the Passenger Protection Program. [CBC News, (Monday, June 18, 2007) Critics alarmed by Canada's no-fly list, online: http://www.cbc.ca/canada/story/2007/06/18/no-fly-list.html]
[19] CBC News, (Monday, June 18, 2007) Critics alarmed by Canada's no-fly list, online: http://www.cbc.ca/canada/story/2007/06/18/no-fly-list.html.
[20] Faisal Babha, (2005) The Chill Sets In: National Security and the Decline of Equality Rights in Canada, 54 U.N.B.L.J. 191 at 192.
[21] A report by the International Civil Liberties Monitoring Group, In the Shadows of the Law: A report by the International Civil Liberties Monitoring Group (ICLMG)in response to Justice Canada’s 1st annual report on the application of the Anti-Terrorism Act (Bill C-36) (14th May, 2003); online: Development and Peace www.devp.org/pdf/shadow.pdf, argues that the ATA’s reporting process is too narrow in scope. Consequently, it does not accurately indicate and reflect the ATA’s effect on Muslims and Arabs, as well as other aboriginal rights and anti-globalization activists.
[22] Faisal Babha, (2005) The Chill Sets In: National Security and the Decline of Equality Rights in Canada, 54 U.N.B.L.J. 191 at 195.
[23] CBC News, (Monday, June 18, 2007) Critics alarmed by Canada's no-fly list, online: http://www.cbc.ca/canada/story/2007/06/18/no-fly-list.html.
[24] Larry Shaben, former Alberta MLA and current president of the Edmonton Council for Muslim Communities, cited in CBC News, (Monday, June 18, 2007) Critics alarmed by Canada's no-fly list, online: http://www.cbc.ca/canada/story/2007/06/18/no-fly-list.html.
[25] Canadian Arab Foundation, Arabs in Canada: Proudly Canadian and Marginalized, (Toronto: Canadian Arab Federation, 2002).
[26] Faisal Babha, (2005) The Chill Sets In: National Security and the Decline of Equality Rights in Canada, 54 U.N.B.L.J. 191 at 197.
[27] Don Butler, (June 8th, 2007) “No-fly list curbs privacy rights: commissioner ‘Quite a nightmare’ ahead for some; Stoddart urges updated privacy act”, The Ottawa Citizen.

| Comments (11) |

Who Needs Your Name?

posted by:Jason Millar. // 11:59 PM // June 19, 2007 // ID TRAIL MIX

trailmixbanner.gif

Every now and again I Google my own name. If you’ve never Googled your own name, try it. It’s a strange way to spend fifteen minutes—there’s not much to be found, in my case—but every time I do it something different pops up in the search results. Sometimes I check to see if a new piece of information associated with me has trumped the usual results, other times, and for reasons still not clear to myself, I simply want to make sure that my stuff is on the first page of hits.

I know there are other individuals out there who share my first and last names. I met one once. Recently, while undergoing a security check for some work I was doing, it wasn’t until I provided my fingerprints and middle name that I was eventually cleared. I can only surmise the existence of another Jason X Millar (maybe the one I once met) who is less trustworthy than myself according to those who know and care.

One thing I have noticed, I’ve been Googling my name for years, is that there are more and more pieces of information associated with various Jason Millars popping up in the results. Many of those pieces of information are associated with me. But there are other individuals named Jason Millar out there—artists, soccer players and a host of other random individuals with random interests and opinions have posted information about themselves. I can only imagine that anyone interested in compiling all of the stuff exclusively associated with me would have some fancy guesswork to perform in the filtering. This is because it isn’t at all clear which of the information belongs to a single Jason Millar.

The same problem occurs when trying to piece together random information collected about random individuals. When trying to aggregate it under a name, complications arise due to the problems associated with authenticating the data.

This assumes, of course, that someone would be interested in stitching together what are ostensibly disparate chunks of information into an aggregated whole that would describe various aspects of a single individual’s life in a more holistic manner. To be sure, one could imagine data mining projects that involve this type of aggregation, such as the kind that could be used for psychological profiling. But for a great many applications—perhaps profiling for marketing purposes—the kind of complete data mining that would involve stitching together information under the heading of a name, might not be as important as it first seems.

Stitching a person’s information together based on first and last names is complicated. Authentication can be a tricky business where privacy laws are in effect, and the fact that there are so many “Jason Millar”s in the search results makes one wonder how useful names really are to those who know and care to authenticate information as mine.

In fact the more I do these searches the more I’m convinced that, in the information age, traditional identifiers that tend to make us want to associate complete sets of information with a “me”, or “her”, or any “particular individual” in the first place, are becoming obsolete. The type of association that seeks an identifiable individual at the focal point of the relevant information may soon be replaced by newer means of association and identification, which will allow individuals to aggregate information about other individuals through the various proxies indirectly associated with them.

I can only imagine that my name, address, phone number and other personal information traditionally used as a starting point when aggregating information about me will cease to be of primary relevance to the vast majority of individuals interested in accessing me for, say, marketing purposes. In their places, sets of numbers uniquely associated with the things I wear and carry with me on a daily basis will provide a highly reliable, and oddly descriptive, means for identifying {me}.

Here’s why this is plausible…

Consider the fact that in the near future every item that rolls off of an assembly line will have an Electronic Product Code (EPC) associated with it, and often embedded in it. Simply put, an EPC is a unique number, or identifier, for every product; every shoe, can of pop, bag and watch will have one—Wal-Mart says so. EPCs will be readable by any compatible reader operated by anybody who owns it (or them), and they will be very cheap. Now consider the fact that every communication device already has a unique identifier associated with it; every cell phone, Wi-Fi device, laptop, Bluetooth device, PSP and Nintendo DS has some hardware identifier associated with it per the relevant communication protocol—international telecommunication standards say so. Our future includes visions of wirelessly (ad-hoc) networked municipalities in which individuals are perpetually connected by means of their portable communications devices.

Any one of those numbers can function as a proxy in identifying an individual, even though only one number would be relatively unreliable if the task were ensuring that the same individual is carrying it at any given time. But with these two pieces in place it is easy to imagine networks of EPC readers constantly logging the information associated with the products I carry, and computer networks constantly logging the presence of communications that my wireless devices are constantly transmitting by virtue of their perpetual connectedness.

Let’s focus on EPCs for a moment, and imagine that consumer profiling is the application of the day (though it could easily be employee profiling). Every day I get dressed and leave the house carrying various products with me. Every set of numbers that is read at a given time will represent the set of EPCs I am carrying. On any given day that set will be different, owing to various possible combinations that I might possess at the time. However, over time the complete set can be built up by whatever network is logging the EPCs given that EPCs will begin to associate themselves with one another in the database. For example, my shoes will form a common link between many of the shirts and pants I wear, such that my EPCs will allow complex inventories to be built about my possessions. After a given time, by reading a subset of EPCs, a relatively unintelligent system could be extremely confident which complete set of EPCs it was dealing with, meaning that any future subset that is read and associated by relatively few common EPCs could be deemed part of the same larger set. Of course, every reader is associated with a location, such that a smart network of readers would be able to track the movement of the EPCs through space.

If you add the known locations of wireless ad-hoc network routers into the mix, sets of EPCs moving through space can be associated with particular communications devices. This means that information flowing to and from those devices on privately owned networks could be associated with the sets of EPCs. Anonymous blog postings, emails etc. could all potentially be associated with the set of EPCs and wireless devices.

Anyone interested in understanding a set’s purchasing patterns, its certain eating habits, daily movements, etc. need not know anything about credit card transactions, names, phone numbers, addresses or any of the other traditional pieces of personal information deemed sensitive. In fact, the particular individual at the locus of the set of numbers simply disappears, replaced by the things that matter most to marketers: information about an inventory of products and a means of communicating with whoever is associated with them. Access to whatever is at the locus of buying power, or at the locus of influencing buying power, is all that counts in profiling for marketing.

Speculating about the kinds of information that can be gleaned about the sets in this kind of environment could run pages. The point I want to make is that there will be the ability to identify clouds of numbers that self-associate through the indirect association they have with the individuals carrying them. The other point is that aggregating the associated sets does not involve directly identifying the individuals carrying the items.

I am not a lawyer, but I have heard a lot of mention of emanations lately (search the ID Trail blog for “Tessling”). Given the sketch provided here the questions I would raise are these:

a) Are the emanations coming from an individual’s possessions personal information or not, especially where identifying the individual in the traditional sense becomes unnecessary?
b) Does an individual have a reasonable expectation of privacy with respect to these kinds of data?

It seems we should gather opinions before the readers hit the streets. I’ll let the lawyers comment.

| Comments (0) |

it’s different for girls: the importance of recognizing and incorporating equality in discussions of Internet speech

posted by:jennifer barrigar // 11:59 PM // June 12, 2007 // ID TRAIL MIX

trailmixbanner.gif

Kathy Sierra used to run her own blog, one that had attained No. 11 on the Technorati.com Top 100 list of blogs (as measured by the number of blogs that linked to her site). These days, however, when one logs on to Kathy Sierra’s blog Creating Passionate Users one is presented with a post from April 6, 2007 where she writes:

As for the future of this blog, I know I cannot just return to business as usual -- whatever absurd reasons have led to this much hatred for me (and for what I write here) will continue, so there is no reason to think the same things wouldn't happen again... and probably soon. That includes anything that raises (or maintains) my visibility, so I will not be doing speaking engagements--especially at public events.

Sierra first went public in March 2007 about threats she had received on her own and other sites that included: photos of her with a noose around her neck; photos of her with a muzzle over her mouth apparently smothering her; and violent and sexual messages that included her home address. She cancelled public appearances and has ceased blogging (at least for the time being).

Nor is this issue confined to the so-called blogosphere, as the recent controversy around AutoAdmit shows. (Anonymous) posters on AutoAdmit, which bills itself as “the most prestigious college discussion board in the world”, and an allegedly related web-based contest rating the “Most Appealing Women at Top Law Schools” featured photographs, personally identifiable information, sexually explicit and derogatory comments on a number of womyn. [1] Some of these womyn spoke to Ellen Nakashima of the Washington Post about the situation, alleging that the postings were not only personally but also professionally damaging.

As these incidents have garnered more attention, debates have primarily focused on the question of censorship versus free speech, with such attacks glossed over as an unfortunate side effect of (important) anonymous internet participation but ultimately unrepresentative of the majority of Internet readers/speakers. Where the issue of gender is put in the forefront, discussions have tended towards what Joan Walsh, writing at Salon.com, characterized as “…telling them to stop wearing such provocative outfits online, lest they get that they deserve.” Dahlia Lithwick, at Slate.com, suggests that discussions about the issue have too often been framed in terms of “are women tough enough?” or “are women playing victim.” Such approaches have the unfortunate effect of seeming to focus on gender, without ever truly examining the underlying equality implications of such actions.

Lithwick claims, in her article Fear of Blogging: why women shouldn’t apologize for being afraid of threats on the Web that “…the Internet has blurred the distinction between a new mom’s whimsical blog about the new baby and Malkin or Ann Althouse blogging about politics. The intent of these writers is totally different, but on the Internet, that difference evaporates.” Although Lithwick is arguing that not all womyn bloggers are public figures, in doing so she seems to accept that at least some bloggers are public in such a way that such attention(s) may not be entirely unexpected. In a similar vein, the operators of AutoAdmit commented in the Nakashima article in the Washington Post that “…some of the women who complain of being ridiculed on AutoAdmit invite attention by, for example, posting their photographs on other social networking sites, such as Facebook or MySpace.” In fact, it seems that the mere presence of a womyn in online spaces may be enough to attract unwanted attention -- a University of Maryland study of IRC chatrooms in 2006 found that female usernames received 25 times more threatening and sexually explicit messages than did those with male or ambiguously-gendered usernames – an average of 163 messages a day.

Existing remedies to these problems seem either non-existent or ineffective. A panel discussion [2], convened at Harvard University to discuss the issue of Internet Speech, focused extensively on the AutoAdmit issue. Much of the discussion revolved around what, if any, remedies might be available to the affected womyn and against whom they could be exerted. Various panelists suggested that the students might seek redress via: suits against the ISP and/or the website operators, from the individual posters themselves, from the individual universities under a claim that the posts constituted sexual harassment and the Universities had obligations under Title IX to take action against it, and through the medium of defamation or privacy torts.

The womyn affected have taken various forms of action already. Kathy Sierra reported her harassment to the police as well as going public about it online. Some of the womyn in the AutoAdmit conflict have hired Reputation Defender to try to address the issue. [3] Joan Walsh admits that pervasive misogyny on the Web has impacted her own voice, but still concludes that “[a]nd yet, mostly, women on the Web just have to ignore it. If you show it bothers you, you’ve given them pleasure.” A 2005 Pew Internet & American Life Project report suggests that other womyn have internalized this lesson and are simply avoiding participation – the report, entitled How Women and Men Use the Internet, shows that participation in chat and discussion groups dropped by 11% between 2000 and 2005 due to womyn choosing not to participate.

I am concerned about these remedies, concerned that womyn’s options seem to be to fight an isolated and individual battle, to just “deal with it” or to walk away, silenced. I am concerned that the remedies offered all seem to be focused on individual situations and harm. By focusing on individuals and individual remedies, we may lose sight of the larger issue.

Dahlia Lithwick’s article examined the differences between offline and online communication and argued that there are quantitative differences at work when it comes to these kinds of attacks and threats. She concludes:

No woman should have to choose between writing – either personally or professionally – and being told that her family will be raped. Sadly, that appears to be the current choice. But the important inquiry isn’t whether she should drop out or not. Nor is it whether she should stop whining or keep screaming. Those questions are personal and subjective, and the answers will be as different as the writers who consider them. The better questions are: Are these threats serious? Why do they feel so serious? How often do they result in something serious? And what might we do about it? Gender differences are only the beginning of the important discussions – not the end of them.”

With all respect to Ms. Lithwick, gender differences may only be the beginning of the discussions, but they are a beginning that has neither been fully explored nor fully weighted in these debates. Gendered, sexualized threats are inherently serious, not only because of the violence or danger of it, but because of their impact on equality.

Another Washington Post article from April 2007 suggests that:

As women gain visibility in the blogosphere, they are targets of sexual harassment and threats. Men are harassed too, and lack of civility is an abiding problem on the Web. But women, who make up about half the online community, are singled out in more starkly sexually threatening terms..

The problem with looking at this issue through individual lenses is that while individual redress (of some limited kind and in some limited cases) may be available, in doing so we leave in place the existing norms that created the situation in the first place. When womyn are being singled out more and being subjected to greater and more sexualized violent harassment, we must continue to explore this issue. Not, as so many writers have done of late, to ask “how should womyn respond” but rather to question “where does this come from and what are its overarching effects?” In examining this issue, we become aware that the online environment has become a new, broader environment for these things to emerge, be expressed, proliferate and to some degree become accepted.

I must confess – I have no answers. Many issues come up in this discussion – free speech, fear of censorship, the importance of anonymity, and the problem of whether we can or should regulate the Internet. As we seek to weigh all the issues and arrive at some understanding – ideally some solution – it is imperative that we not forget to add to the mix and weight appropriately our social commitment(s) to equality and the recognition of the communal benefits of equality. Any solution that is arrived at without taking this into account will hinder the transformative potential of these new spaces just as the current gendered, sexualized violence and harassment is now doing.

[1] On 1 March 2007, after several of the womyn had asked to be removed from the site, the individual running the “Most Appealing Women at Top Law Schools” contest turned the site over to AutoAdmit, which in turn shut down the site.
[2] A recording of the panel can be found at http://www.esnips.com/doc/9ed308e7-b94c-45c1-8568-4455eea1ec61/Apr_5_2007_Harvard_panel_on_AutoAdmit.
[3] Judging by their own site at http://www.reputationdefender.com/campaign_home.php, it seems that Reputation Defender has been markedly more successful at publicizing their name and positioning themselves as the defenders of the sexually harassed than in actually having the material removed.

| Comments (1) |

Are Biometrics Race-Neutral?

posted by:Shoshana Magnet // 11:59 PM // June 05, 2007 // ID TRAIL MIX

trailmixbanner[1].GIF

Biometrics regularly are described as technologies able to provide both "mechanical objectivity" [1] and race-neutrality. The suggestion is that biometrics can automate identity inspection and verification and that these technologies are able to replace the subjective eye of the inspector with the neutral eye of the scanner. In this way, biometric technologies are represented as able to circumvent racism: they are held up as bias-free technologies that will objectively and equally scan everyone's bodily identity. Frances Zelazny, the director of corporate communications for Visionics (a leading US manufacturer of biometrics systems) asserted that the corporation's newly patented iris scanning technology "is neutral to race and color, as it is based on facial features recognized by the software" (2002). In an online discussion on the use of iris scanners at the US-Canada border, one discussant claimed he would prefer "race-neutral" biometric technologies to racist customs border officials:

If I was a member of one of the oft-"profiled" minorities, I'd sign up for sure. Upside--you can walk right past the bonehead looking for the bomb under your shirt just because of your tan and beard. . . . In short, I'd rather leave it up to a device that can distinguish my iris from a terrorist's, than some bigoted lout who can't distinguish my skin, clothing or accent from same (Airport Starts Using Iris Screener, 2005).

Biometrics are central to the attempt to make suspect bodies newly visible. This is a complicated task, and one that is regularly tied to problematic assumptions around race, class and gender identity. It is not surprising therefore, that when biometric technologies are enlisted in this task they fail easily and often. What is most interesting about biometric malfunctions are the specific ways that they fail to work. Thus, as biometrics are deployed to make othered bodies visible, they regularly break down at the location of the intersection of the body's class, race, gender and dis/abled identity. In this way, biometrics fail precisely at the task that they have been set.

As biometric technologies are developed in a climate of increased anxiety concerning suspect bodies - stereotypes around "inscrutable" racialized bodies are technologized. For example, biometrics technologies significantly are unable to distinguish the individual bodies of people of colour. Research on the use of biometric fingerprint scanners has regularly found that it is difficult to fingerprint "Asian women . . . .[as they] had skin so fine it couldn't reliably be used to record or verify a fingerprint" (Sturgeon, 2004). Arguably, stereotypes concerning the inscrutability of orientalized bodies thus are codified in the biometric iris scanner.

These biometric failures result in part from the technological reliance on outdated and erroneous assumptions that race is biological. These assumptions partially can be noted from the titles of the studies that describe the biometric identification technologies. For example, one paper is titled "Facial Pose Estimation Based on the Mongolian Race's Feature Characteristic" (Li et al., 2004). Others titles include "Towards Race-Related Face Identification" (Yin et al, 2004) and "A Real Time Race Classification System" (Ou et al, 2005).

race classification.gif
This image is taken from A Real Time Race Classification System. Its caption in the original article reads: Two detected faces and the associated race estimates.

The suggestion that race is a stable biological entity that reliably yields common measurable characteristics is deeply problematic. Such conclusions are repeated in a number of articles that claim to classify "faces on the basis of high-level attributes, such as sex, 'race' and expression " (Lyons et al, 2000). Although the quotes around the word "race" would suggest that the authors acknowledge that race is not biological, they still proceed to train their computers to identify both gender and race as if it were so. This task is accomplished by scanning a facial image and then identifying the gender and race identity of the image, until the computer is claimed to be programmed to classify the faces itself. Unsurprisingly, error rates remain high. Neither gender nor race are stable categories that consistently may be identified by the human eye, let alone by computer imaging processes.

The assumptions concerning the dependence of biometric performance on racial and ethnic identity can also be noted in the locational differences in hypotheses around race and biometrics that are specific to each site of the study. In the US, biometric technologies have failed to distinguish "Asian" bodies. In the UK, biometric technologies have difficulty distinguishing "Black" bodies. In Japan, one study posited that it would be most difficult for biometrics to identify "non-Japanese" faces (Tanaka et al, 2004).

Nor do the failures of biometrics end with the errors that result from the codification of a biological understanding of race. Biometric technologies consistently are unable to identify those who deviate from the norm of young, able-bodied persons. In general, studies have shown that "one size fits all" biometric technologies do not work. For example, biometric facial recognition technology works poorly with elderly persons and failed more than half the time in identifying those who were disabled (Black Eye for ID Cards, 2005; Woolf et al, 2005). Other studies on biometric iris scanners have shown that the technologies are particularly bad at identifying those with visual impairments and those who are wheelchair users (Gomm, 2005).

Class is also a factor that affects the functioning of biometric technologies. Those persons with occupations within the categories "clerical, manual, [and] maintenance" are found to be difficult to biometrically fingerprint (UK Biometrics Working Group, 2001). Biometric iris scanners failed to work with very tall persons (Gomm, 2005) and biometric fingerprint scanners couldn't identify 20% of those who have non-normative fingers: "One out of five people failed the fingerprint test because the scanner was 'too small to scan a sufficient area of fingerprint from participants with large fingers'" (Black Eye for ID Cards, 2005). Many kinds of bodily breakdown give rise to biometric failure. "Worn down or sticky fingertips for fingerprints, medicine intake in iris identification (atropine), hoarseness in voice recognition, or a broken arm for signature" all gave rise to temporary biometric failures while "[w]ell-known permanent failures are, for example, cataracts, which makes retina identification impossible or [as we saw] rare skin diseases, which permanently destroy a fingerprint" (Bioidentification, 2007).

In addition to having technologized problematic notions around the comprehensibility of difference, biometrics are discursively deployed in ways that continued to target the specific demographics of suspect bodies. For example, biometric facial recognition technology requires Muslim women to completely remove their veils in order to receive new forms of id cards while older forms of identification such as the photos on driver's licenses only required their partial removal. In this way, biometric technologies are literally deployed to further the invasion by the state of the bodily privacy of Muslim women – an application that surely is not "race-neutral."

The examples cited above demonstrate that the objectivity and race-neutrality of biometrics needs to be called into question.

[1] I take this phrase from Daston and Galison (1992).


References

(2005). "Airport Starts Using Iris Screener." Available at http://www.vivelecanada.ca/article.php/20050715193518919. April 27, 2007.

(2005). "Black Eye for ID Cards." Available at http://www.blink.org.uk/pdescription.asp?key=7477&grp=21&cat=99. April 27, 2007.

Bioidentification. (2007). "Biometrics: Frequently asked questions." Available at http://www.bromba.com/faq/biofaqe.htm. April 27, 2007.

Daston, L. and P. Gallison. 1992. "The image of objectivity." Representation 40, Fall.

Gomm, K. 2005. "U.K. agency: Iris recognition needs work". News.com, October 20.

Li, H., M. Zhou, et al. 2004. "Facial Pose Estimation Based on the Mongolian Race’s Feature Characteristic from a Monocular Image ". In S. Z. Li, Z. Sun, T. Tanet al (eds.) Advances in Biometric Person Authentication.

Lyons, M. J., J. Budynek, et al. 2000. Classifying Facial Attributes using a 2-D Gabor Wavelet Representation and Discriminant Analysis. Fourth IEEE International Conference on Automatic Face and Gesture Recognition, 2000. Proceedings, Grenoble, France.

Ou, Y., X. Wu, et al. 2005. A Real Time Race Classification System. Proceedings of the 2005 IEEE: International Conference on Information Acquisition, Hong Kong and Macau, China,.

Roy, S. "Biometrics: Security boon or busting privacy?" PC World.

Sturgeon, W. (2004). "Law & Policy Cheat Sheet: Biometrics." Available at http://management.silicon.com/government/0,39024677,39120120,00.htm. April 27, 2007.

Tanaka, K., K. Machida, et al. 2004. Comparison of racial effect in face identification systems based on Eigenface and GaborJet. SICE 2004 Annual Conference.

UK Biometrics Working Group. (2001). "Biometrics for Identification and Authentication - Advice on Product Selection." Available at http://www.idsysgroup.com/ftp/Biometrics%20Advice.pdf. April 27, 2007.

Woolf, M., F. Elliott, et al. 2005. "ID Card Scanning System Riddled with Errors ". The Independent, October 16.

Yin, L., J. Jia, et al. 2004. Towards Race-related Face Identification: Research on skin color transfer. Sixth IEEE International Conference on Automatic Face and Gesture Recognition.

| Comments (0) |

Privacy and Surveillance in Web 2.0: Unintended Consequences and the Rise of “Netaveillance”

posted by:Michael Zimmer // 11:44 AM // May 28, 2007 // ID TRAIL MIX

trailmixbanner.gif

This post is an attempt to collect and organize some thoughts on how the rise of so-called Web 2.0 technologies bear on privacy and surveillance studies. After presenting a few examples of unintended consequences of Web 2.0 that bear on privacy and surveillance, I will introduce the term “netaveillance,” which might provide a useful concept around which a more robust theory of surveillance about the Web 2.0 phenomena might be built.

The rhetoric surrounding the Web 2.0 movement presents certain cultural claims about media, identity, and technology. It suggests that everyone can and should use new Internet technologies to organize and share information, to interact within communities, and to express oneself. It promises to empower creativity, to democratize media production, and to celebrate the individual while also relishing the power of collaboration and social networks. Websites such as Flickr, Wikipedia, del.icio.us, MySpace, and YouTube are all part of this apparent second-generation Internet phenomenon, which has spurred a variety of new services and communities – and venture capitalist dollars.

This cartoon of a room full of people arguing at a cocktail party after someone mentioned the provocative theories of Marshall McLuhan reminds me of today’s emotional debates over the relative impact – and even the very existence – of Web 2.0. Many hail Web 2.0 as the “new wisdom of the web,” and “a new cultural force based on mass collaboration,” while others deride it as merely a marketing jingo, “amoral,” and even an extension of Marxist ideology.

This last notion, the relationship between Web 2.0 and Marxism, was suggested by Andrew Keen, one of the loudest provocateurs of the Web 2.0 ideology. Keen has received considerable criticism for making comparisons between the Web 2.0 meme and Marxism, but, between the vitriol, he does make some valid points about the utopianism and solipsism that seems to underlie much of the Web 2.0 discourse. In particular, he criticizes the fervent commitment to technological progress:

The ideology of the Web 2.0 movement was perfectly summarized at the Technology Education and Design (TED) show in Monterey, last year, when Kevin Kelly, Silicon Valley’s über-idealist and author of the Web 1.0 Internet utopia Ten Rules for The New Economy, said:

“Imagine Mozart before the technology of the piano. Imagine Van Gogh before the technology of affordable oil paints. Imagine Hitchcock before the technology of film. We have a moral obligation to develop technology.”

But where Kelly sees a moral obligation to develop technology, we should actually have–if we really care about Mozart, Van Gogh and Hitchcock–a moral obligation to question the development of technology. [emphasis added]

This moral obligation to question the development of technology compels Keen to identify some of the unintended consequences of the emergence of Web 2.0 infrastructures, including the flattening of culture, the overabundance of amateur authors and producers, and narcissism run wild.

As I begin to study the Web 2.0 meme from the perspective of privacy and surveillance theory, a different set of unintended consequences emerges, including shifts in the flow of personal information that might threaten personal privacy in ways much more damaging than Keen’s concern that content is now made and distributed by mere amateurs instead of honed professionals.

For example, Web 2.0 applications often rely on rich metadata to create value in information, such as the geotagging of images uploaded to Flickr. While it might be useful and fun to have locational data automatically associated with your images, considerable privacy concerns emerge as an externality. For instance, law enforcement officials can simply search for all photos online matching the location & timing of a certain political rally in order to broaden their ability to keep records of who was present. Or, combined with the development of facial recognition technologies with shared online photos, stalkers (or other annoying folks) might soon be able to search for a certain person’s face, and discover the GPS coordinates of the coffee shop they seem to be pictured in every Tuesday morning. Someone even developed a tool, FlickerInspector, to facilitate this kind of mining of the datastreams users leave behind on Flickr.

Of course, one doesn’t need a fancy application like FlickerInspector to reap the benefits of the new datastreams facilitated by Web 2.0 applications. Inherent in Web 2.0 evangelism is an overall faith in the network to be the processing platform: users are encouraged to put as much of their lives as possible online, to divulge and share their personal lives, their professional development, their favorite websites, their music, their friendships, their appointments, and even where they’ve connected to wi-fi. If you know a person’s “handle” on one Web 2.0 site (“michaelzimmer” at del.icio.us), you probably can find them on many more (Plazes, LibraryThing).

The prevalence of sharing so many details of one’s life through various Web 2.0 and social networking sites, and the relative ease of finding users across these services, leads to a second key externality: the rise of amateur data-mining. Fueled by the power and reach of Web search engines, it seems anyone can now engage in the kind of tracking and data-mining of user’s online activities that was once possibly only by the most powerful of computer systems.

An interesting case of amateur data mining made possible through Web 2.0 involves “Don, the camera thief.” The blog BoingBoing posted a story of a woman who lost her camera while on vacation, but was contacted by the family who happened to find it. Unfortunately – and oddly – the family who found it refused to return the camera because their child liked it so much. BoingBoing thought the actions by the finders of the camera were “shameful.” A few days after posting this, BoingBoing received an e-mail from someone who claimed his name was “Don Deveny,” purportedly a Canadian lawyer, who implied that the post was illegal and that BoingBoing was liable for making it. The folks at BoingBoing doubted the legitimacy of the email (the word “lawyer” was misspelled, for example), and decided to see what he could find out about “Don.”

They first contacted many of the law societies in Canada, none of whom had any record of a “Don Deveny” licensed to practice law in Canada. (by the way, it is illegal to pretend to be a lawyer). From their e-mail exchange, they were able to isolate the writer’s real e-mail address from the message headers, and through a Google search, located other pages that contain that address. That led them to a profile page for a user of the website called “Canada Kick A**” who shared the very same e-mail address. That profile page had a different person’s name (perhaps “Don’s” real name?), and also listed a location and profession for the user (he’s not a lawyer). It didn’t take much to figure out (or at least get a better clue) as to who this e-mailer was, and his profile page on a Web 2.0-inspired discussion board made it much easier.

Readers of BoingBoing did some amateur data mining of their own: a commenter at the original camera owner’s blog seemed to share many of the same sentiments of “Don,” along with many of the same spelling errors. This commenter used a different screen name, but when asked to identify himself, also said he was a lawyer. Another reader then discovered that a user with that same screen name recently bid on memory cards at eBay that would have been used in the stolen camera. More amateur data mining ensued, and discovered another user profile at a different discussion forum with the same user name and same “favorite sites” listed in the signature file. And this page included a photo of the user: Is this “Don” our camera thief?

Another example of the ease of amateur data mining with the help of Web 2.0 services is the outing of Lonelygirl15. Lonelygirl15 was the mysterious girl leaving video confessions on YouTube, garnering a huge following of devoted fans, yet know one knew who she was or if they were really just a kid’s video diary or perhaps a large hoax or advertising campaign. After some amateur data mining, the truth came out:
A reader was surfing an article on Lonelygirl15 at a random website when he came across a comment that linked to a private MySpace page that was allegedly that of the actress who plays Lonelygirl15. Since the profile was set to “private,” very little information one could glean from the page. However, when he queried Google for that particular MySpace user name, “jeessss426,” he was able to access Google’s cache from the page a few months ago when it was still public. A lot of the details of the girl’s background quickly emerged: She was an actress from a small city in New Zealand who had moved to Burbank recently to act. The name on the profile was “Jessica Rose.” When he happened to query Google image search for “Jessica Rose New Zealand” he was instantly rewarded with two cached thumbnail photos of Lonelygirl15, a.k.a. Jessica Rose, from a New Zealand talent agency that had since removed the full size versions. A search on Yahoo for “jeessss426” also turned up various pictures from her (probably forgotten) ImageShack photo sharing account. Lonelygirl15 was revealed.

Little effort was needed to link up the various e-mails, user names, personal data flows, and photos shared across blogs, discussion forums and other Web 2.0-style sites to track down “Don the camera thief” or “LoneyGirl15”. Moving more and more of our activities to Web 2.0 makes it harder to remain anonymous, and the myth of “security through obscurity” seems to be disappearing as various crumbs of our true identity are being scattered across the Web 2.0 landscape.

A final externality of Web 2.0 relates to a new form of informational voyeurism that these platforms enable. While Web 2.0 sites have enjoyed incredible growth and heavy viral participation, only a small fraction of overall users actually use the services to upload content – the vast majority just likes to lurk and watch. According to one report, only 0.16 percent of YouTube’s total traffic is made up of users who upload videos. Similarly, only 0.2 percent of Flickr’s regular users are there to upload photos. And slick new tools emerge daily to facilitate the surveillance and voyeurism of people’s daily activities. For example, “feeds” on Facebook allow users to be notified immediately when a friend updates their profile (changing their mood, their friend list, their relationship status, etc), dodgeball helps users find friends (and unknown friends of friends) within a 10 block radius of their present location, DiggSpy allows real-time monitoring of user’s activities on the popular news ranking site Digg, and Twitter has quickly emerged as the hottest new voyeuristic service, allowing users to share text snippets of their day-to-day activities, and monitor others’ streams of the mundane details of their lives (such as “a whole gang of women with dogs just walked past my window”).

What seems to be emerging is a new form of voyeuristic surveillance of people’s everyday lives, fueled by Web 2.0. This has been referred to varyingly as “peer-to-peer surveillance” or even as a new kind of “participatory panopticon.” Yet these terms – and the theories embedded within them – seem insufficient to fully grasp the significance of the emergence of this new voyeurism of the mundane. Surveillance, of course, implies the “watching over” of subjects from above, with an explicit power relationship between the watchers and those placed under its gaze. Trying to describe surveillance as “peer-to-peer” suggests a flattening of the power relationship that is counter to its very definition. Similarly, the notion of a “participatory panopticon” is at the same time redundant and contradictory. Foucault revealed how panoptic power becomes internalized by the subjects, thus, they necessarily “participate” in their own subjugation. Yet the top-down power relationship within the panoptic structure remains. The participation by the subjects does not make them equal with the watchers. Yet the informational voyeurism associated with Web 2.0 seems to imply a balance between the users: one shares their data streams in order to improve the overall worth of the network, coupled with the presumption that they’ll be able to observe and leverage others’ streams as well.

This notion resembles that of “equiveillance,” a state of equilibrium between the top-down power of surveillance, and the resistant bottom-up watching of sousveillance. Yet, this notion implies merely a balance in access to surveillance information, and is focused more on how to reach some kind of harmonious relationship with our rising surveillance society. With the informational voyeurism of Web 2.0, however, the goal isn’t to resist or come to terms with the power yielded by traditional surveillance, but rather to participate in a widespread and open sharing of the mundane details of one’s daily life. To give one’s peers a glimpse into one’s own personal universe. These snapshots of the minutia of people’s lives have been compared to the Japanese concept of “neta”, the tidbits of people’s lives that are shared with family and friends as a kind of social currency. The Japan Media Review (an affiliate of Annenberg’s Online Journalism Review) recently made an insightful connection between “neta” and Web 2.0 voyeurism:

In Japanese, "material" for news and stories is called "neta." The term has strong journalistic associations, but also gets used to describe material that can become the topic of conversation among friends or family: a new store seen on the way to work; a cousin who just dropped out of high school; a funny story heard on the radio. Camera phones provide a new tool for making these everyday neta not just verbally but also visually shareable.

As the mundane is elevated to a photographic object, the everyday is now the site of potential news and visual archiving. Sending camera-phone photos to major news outlets and moblogging are one end of a broad spectrum of everyday and mass photojournalism using camera phones. What counts as newsworthy, noteworthy and photo-worthy spans a broad spectrum from personally noteworthy moments that are never shared (a scene from an escalator) to intimately newsworthy moments to be shared with a spouse or lover (a new haircut, a child riding a bike). It also includes neta to be shared among family or peers (a friend captured in an embarrassing moment, a cute pet shot) and microcontent uploaded to blogs and online journals. The transformation of journalism through camera phones is as much about these everyday exchanges as it is about the latest headline.

Building on this Japanese concept of “neta,” I propose a new kind of “veillance” has emerged with Web 2.0 infrastructures: “netaveillance”. Netaveillance can be defined as the process of openly and purposefully providing an almost continual stream of the details of one’s daily life – the mundane, the profane, and the vain – through Web-based technologies, coupled with the ability to capture similar data streams from one’s peers. Netaveillance constitutes an emerging ecosystem of personal data flows – not the exceptional information meant to be protected from state or commercial surveillance, but the free and open sharing of the minutiae of our lives.

My conceptualization of netaveillance is, to be sure, in its most nascent of stages. Much work needs to be done to contemplate how it relates to existing theories of privacy and surveillance, how power relations between and among participants might still exist, how such data flows could be captured by state or commercial interests, and so on. Theorizing and understanding netaveillance is no small task, but it might provide a new language and framework from which to understand the informational voyeurism and related unintended consequences of the Web 2.0 phenomenon.

Whether you want to bring it up at a cocktail party is up to you.

Michael Zimmer is completing his Ph.D. in the Department of Culture and Communication at New York University, and will be a Fellow at the Information Society Project at Yale Law School. He is looking forward to developing his theory of netaveillance at the up-coming Surveillance Summer Seminar. He can be reached via his website, michaelzimmer.org.
| Comments (4) |

“All about us” – personal identity and identification systems

posted by:Jason Pridmore // 11:59 PM // May 22, 2007 // ID TRAIL MIX

trailmixbanner.gif

A few weeks ago I watched the 1950 movie “All About Eve.” It is a classic I am told, nominated for 14 academy awards and winner of the award for best picture. Mind you, in an age that emphasizes the role of experts, I do not claim to be a film critic, novice or otherwise, so I’ll leave it at that. I can say that I found the performances in the film to be compelling, something confirmed both by the DVD extras and a cursory web search which suggest this to be, in specific, Bettie Davis’ best performance. The film has its interesting plot twists and turns, clearly a film set against the backdrop of a bygone era, but with several themes that pervade into our lives today, namely the intricacies of social relationships, how much others know about us, and the potential for this knowledge to turn into manipulation.

In the film, the character “Eve” (whom we are to learn all about) sets out seemingly innocently to bathe in the glow of Davis’ character, the actress Margo Channing, but ultimately subverts this glow into her own personal limelight. The film begins at the end, as it were, with Eve Harrington receiving an award for an exceptional performance in a role we soon learn was taken from Channing. In the midst of this ceremony, a narrative voiceover mentions Eve directly:

Eve. Eve, the Golden Girl. The cover girl, the girl next door, the girl on the moon... Time has been good to Eve, Life goes where she goes – she's been profiled, covered, revealed, reported, what she eats and when and where, whom she knows and where she was and when and where she's going... ... Eve. You all know all about Eve... what can there be to know that you don't know?

Plenty, apparently, and the next hour and a half is a journey into the history of intricate relations between Eve, Margo and their group of friends. Despite the new found knowledge of Eve’s character in these relational histories, there is something to be said about Eve playing a part, following a scripted role. If in fact we had been able to read the accounts of her life mentioned in the voiceover, to see the profiles and her coverage in the media, we would know something about who she was and what she was like that the revelations of the remainder of the movie, however stark the contrast with mediated reports, would not have shown us. In the end, these would only augment to some extent our expectations of how Eve is to be understood.

I realise that by now I may have lost any number of you who have not seen nor care to see the film. But I use it here to suggest something about which I can claim at least some expertise – the relationship between our sense of identity and its inherent relationship to how we are identified by others. As Richard Jenkins (2000) points out, “we know who we are because, in the first place, others tell us.” Yet in our society, our understandings of self, our identity is increasingly related to how we exist under socially and technically created systems of identification that seemingly know “all about us.” To put it in the terms of the film, the way in which we are profiled, covered, revealed and reported affects our sense of who we are.

I wish I could say that my watching of classic film was inspired by a maturation of my entertainment tastes: an increasing desire to read classic literature and watch the great films of our age. I am afraid this would be less than honest. In fact, the motivation to watch this film was driven by my personal academic research. Andrew Smith and Leigh Sparks, British marketing researchers at the University of Nottingham and Stirling (respectively), entitled a 2004 article in the Journal of Marketing Management “All about Eve?” In the article they describe the purchasing habits of a woman they give the pseudonym “Eve.” Smith and Sparks were given access to two years worth of purchase data based on a particular retail store’s loyalty card program. With this data, they surmise the following things about Eve:

• She is overweight and very concerned about her appearance, especially her poor complexion
• She has long hair, usually wears contacts but wears glasses occasionally, and has numerous problems with her feet
• She has hay fever and struggles to overcome a common cold several times a year
• She has a boyfriend or partner she occasionally buys items for
• She is someone who plans holiday gifts and cards well in advance

These could be intimate details about a person’s life, and the authors readily admit to the fact that they could be wrong about any and all of these descriptions. However they (as am I) are reasonably sure that they know more than Eve herself would be comfortable with. They further recognize that without personally identifiable data or even aggregate sets of data that pertain to her (like geodemographic profiles), they know far less than what the retailer may in fact “know” about Eve.

What I want to suggest is that in a world in which, in the words of Zygmunt Bauman (1992), consumption has become the “cognitive and moral focus of life, the integrative bond of the society, and the focus of systematic management,” marketers do know much about us. In the midst of the increasingly desperate situation with Eve, Margo Channing states “so many people know me. I wish I did. I wish someone would tell me about me.” Ms. Channing can be assured that today marketers are keen to tell her exactly who she is. Based on her affinities with certain products, her past purchasing behaviours, the neighbourhood in which she lives, the relations she has with others, and far more information which is increasingly knowable, known and quantified, Channing could be situated as a consumer quite readily. We have become statistically significant sets of data (see Zwick and Dholakia 2004), something which affects both how we understand ourselves and how we are understood by consumer systems.

In many cases, we may be seen to “sort ourselves out” as Richard Burrows and Nicholas Gane’s recent article on geodemographics suggests (2006), specifically as a form of “commercial sociology” aids us in deciding the type of people we would like to live with – splitting up neighbourhoods into lifestyle clusters and reengineered class constituencies. On the other hand, loyalty programs, such as the ones Smith and Sparks discuss, are keen to use the data we have given over to “help us solve our problems.” These problems are of course indicative of who you are, your life stage, your income and career, your family, your personal appearance, your diet, etc. In return, they only ask and hope for more patronage, and of course, more data. How else would they be able to know who we are and meet our needs?

After several years of studying the means by which corporations monitor the current and potential customers and after several interviews with executives of loyalty programs, I am convinced that corporations know much about us. Ironically, though the film “All About Eve” suggests we will know all about her, it is the character Eve who in fact seems to know all about us. While we learn all about Eve’s rise to stardom, she does so by means of clever and subtle manipulation. I am reminded quite succinctly of the ways in which marketing practices remain covert and subtle. In one interview I conducted it was suggested to me that the loyalty program (read: data collection program) was meant to know all about you, not in a “big brother” like way, rather in a “best friend” sort of way – to target advertisements meant specifically for your situation, your context. This is never overt of course, both for fear of “getting it wrong” and for fear of appearing as a form of ominous surveillance, but these are clearly and specifically meant to connect with your personal life and I am convinced this has an affect on one’s self concept.

In the end, despite a concern for appearing ominous, it is consumer surveillance and it is ubiquitous. The personal knowledge surmised from the collection of consumer data may not always be right, but based on that information one may begin to experience life differently because of the way it serves to distribute certain resources and penalties (Jenkins 2000). Increasingly, our personal identity – our conception of self – is produced and reproduced in institutionalized contexts and as corporations gather and integrate more and more personal data, the potential for the expectations of this data to become lived out in the experiences of the lives to whom it correlates is high. While this may prove a particular advantage for upwardly mobile consumers, it likewise leaves a rather dismal future for those who may be seen as “collateral damage” for an economic system focused on particular types of consumers (Bauman 2007). Which is to say, knowing all about “us” applies to only a certain categories of people, like Eve, but even for her, what is known about her inevitably affects how she understands herself in the context of a society in which consumption is both a focus and a social bond…

Jason Pridmore is a Ph.D. Candidate in the Sociology Department at Queen's University.

References:

Bauman, Zygmunt. 1992. Intimations of Postmodernity. New York: Routledge.
—. 2007. “Collateral Casualties of Consumerism.” Journal of Consumer Culture 7 (1):25-56.
Burrows, Roger, and Nicholas Gane. 2006. “Geodemographics, Software and Class.”Sociology 40 (5):793-812.
Jenkins, Richard. 2000. “Categorization: Identity, Social Process and Epistemology.” Current Sociology 48 (3):7-25.
Smith, Andrew, and Leigh Sparks. 2004. “All about Eve?” Journal of Marketing Management 20 (3-4):363-385.
Zwick, Detlev, and Nikhilesh Dholakia. 2004. "Whose Identity Is It Anyway? Consumer Representation in the Age of Database Marketing." Journal of Macromarketing 24 (1):31-43.

| Comments (0) |

Is Anything Private in the Age of Internet Social Networking?

posted by:Robynn Arnold // 01:59 PM // May 15, 2007 // ID TRAIL MIX

trailmixbanner.gif

In recent weeks, the popular social networking website, facebook.com has found itself at the centre of much discussion. From government and employer bans on the use of the website in workplaces, to sanctions and expulsions against students and employees stemming from information posted on facebook accounts, it seems of late that the site has never been far from media attention. Ironically, this has all come at a time when I have faced increasing pressure from friends to finally get with the program and join the network, being that I am one of the few people I know not already connected. I admit that the above mentioned issues surrounding the website are not the reason I have yet to become a member – I am more simply concerned with the time that would be lost in my schedule to keeping up with this phenomena, having witnessed it firsthand with friends. However, being a virgin to the social networking game, its recent newsworthy attention does give me reason to pause before logging in and signing on, but not for the reasons most would think. In fact, it shocks me that what I see as the most concerning aspect of this new way of sharing and communicating seems to be somewhat flying under the radar, overshadowed by the predominant concerns surrounding lost productivity. The bigger picture that seems to be misplaced in the recent wave of attention is the more concerning issue of privacy, or lack thereof, surrounding information posted in such a forum.

Facebook started in 2004 by a sophomore student at Harvard University keen on bringing the idea of university paper ‘facebooks’ into the technological age. Since then the site has developed and grown tremendously. It now boasts more than 19 million registered users and is in the top ten most trafficked websites in the United States. But it is Canada that can currently lay claim to the title of the nation with the fastest growing membership to the site, estimated at representing 11% of users, up from 5% last year. Canadians, in fact surpass both the United Kingdom and the United States in rates of new membership. The site works by allowing registered users to essentially create a profile and link into numerous networks based on interests, geography, etc. Each member’s profile acts like a personalized website, and can include a list of friends, as well as showcase photos. The page also features a message board that each member can choose to make public. However, gaining access to a friend’s page that is not publicly available is as simple as placing a request that is yielded. After granting access to another user, all control over what the grantee can post is lost. It is easy to see how concerns over posting content and lost productivity of employee and student users has arisen, with members utilizing the site to post thoughts and keep up with relationships. But what of the matter of privacy in regards to information posted on member profiles?

There appear from first glance to be numerous issues surrounding anonymity and privacy with regards to social networking websites. The obvious ones that emanate with all web pages, such as data mining and information sharing with third parties are arguably possible and occurring. But the concerns that are specific to sites like facebook.com are conceivably more intrusive. For example, since a member who grants access to another user has no control over what that member posts on their message board, even personal information not divulged by the member could end up posted on their own page. Not to mention that such information is always possible as being posted on the other user’s page. Even in a private profile, this information becomes instantly accessible to all those having admission, and where the profile is public, the information automatically would be spread further. Another privacy concern surrounds ‘RSS feeds,’ which function to allow ongoing updates, capable of being posted from your Blackberry. Such minute details of daily life and location could prove dangerous in the hands of a stalker. While these are concerning enough issues, they lead to the broader question over who exactly may be interested in accessing your information. Colleges, universities and police have all utilized facebook in investigations, and recently it has been suggested that employers may be interested in looking up potential employee’s profiles as part of their hiring processes. For a site specifying itself as being available, “for your personal, noncommercial use only,” many users are naively being misled. Beyond the issue of maintaining control over and some semblance of privacy in the information posted, the notion of who should be examining posted information is important. While it is arguable that police and school intervention is a good thing, possibly solving crimes and stopping hateful or derogatory postings, should job appointments really be determined partially on the basis of what someone has posted on their facebook account?

The question to be answered then is how do we classify such social networking forums? Are they simply open public spaces where members lose any claim to their privacy and anonymity once becoming a user? Or, should such venues simply be seen as the modern version of private conversation with technology simply providing the global link, and thus off limits to those not knowingly in the circle? One thing is for sure, at the present rate of growth of over 1 million new users each week online social networking sites like facebook.com are not going away anytime soon. Simply avoiding such forums may not provide a feasible solution when trying to maintain modern relations. Perhaps then it is time to think hard about the privacy problems these forums raise and develop a strategy to handle these concerns without stunting access. I have managed to hold out joining until now, but the temptation to connect and reconnect with friends and acquaintances is increasingly tempting. With member friends already displaying my picture and information on their pages, can avoidance really be seen as a measure in maintaining my anonymity and privacy?

Robynn Arnold is an LL.M. Candidate at the Faculty of Law, University of Ottawa.
| Comments (0) |

You and Your Avatar: Having Second Life Thoughts on Anonymity and Identity

posted by:Bert-Jaap Koops // 11:59 PM // May 08, 2007 // ID TRAIL MIX

trailmixbanner.gif

My first thought was that a website called On the Identity Trail, with a research stream on Constitutional, Legal and Policy Aspects, would feature a lively debate on a right to anonymity. Yet a search on 'right to anonymity' on this website offers only one hit: a December 2003 piece announcing that lawyers in the ID Trail project will study a right to anonymity. Since then, the term as such does not recur, and the anonymity focus webpage - although covering a fascinating range of subjects - does not offer much for the reader who wants to know whether or not she has a right to anonymity.

This, of course, was only to be expected. A right to anonymity does not exist, has never existed, and will never exist. At some point, there will always be someone with a right to know your identity. In certain contexts, it is eminently possible that you remain anonymous, to your hairdresser, reader, or (sperm-donated) child, and you may even claim a certain right to this. But there is always a conflicting right to identification that may outweigh your claim to anonymity, for your hairdresser (if you leave without paying), for your reader (who feels slandered), for your child (looking for his father), and, ultimately, for the police (looking for a serial killer). If a right to anonymity were established as a generic right, it would be so relative as to become meaningless.

My second thought was that things may be different in cyberspace, that illusive but oh so attractive space where no-one knows you're a dog. Or in Second Life, where you can be a dog and where no-one knows who you really are. What is more, where you yourself may not know who you really are. Isn't Second Life - today's hyped epitome of cybercommunities and massive multi-player on-line role-playing games - a space where we can start from scratch and build a parallel universe where a right to anonymity is the most normal thing in the world? Where anonymity is available to anyone desiring some privacy, some fun, some room for weird statements that won't be held against her tomorrow?

If only life, even Second Life, were so simple. Ever since John Perry Barlow's Cyberspace Declaration of Independence and the subsequent tsunami of laws and regulations that refuted Barlow's rhetoric, centering on the one-liner "What holds off-line, also holds on-line" [1], we know that cyberspace and real space are inextricably intertwined. You and your avatar are two of a kind: they're different, but linked. You may want your avatar to be anonymous, or to have a famous avatar without anyone knowing it's really you who pushes the buttons, but how do your avatar friends, the avatar cops, the game providers, and the other players feel about that?

The evolution of virtual game spaces mirrors the evolution of the Internet: no sooner does it reach a wider audience, than it becomes commercialised, criminalised, regulated, normalised. The thrill of novelty disappears. Real life enters. In Second Life and its next-generation clones, avatars will use foul language, slander, commit vandalism, abuse children, rape dogs, offer drugs and crackz, discuss Al-Qaeda, launder money, and infringe trademarks. Politicians are shocked and will criminalise animal abuse in on-line games. Trademark holders will sue Internet and game providers to give the log-in data of infringing players. You yourself will want to know who assaulted your daughter's avatar and stole the dragon sword on which she spent half-a-year's pocket money. Registering the identity of game players will become routine practice, and at some point, there will always be someone with a right to know your identity.

This is a missed opportunity, since virtual spaces offer a unique occasion to experiment. In their second lives, people dare take risks they would never dream of taking in their first life. In particular, people can develop parts of their identity that they dare not develop in real life. How does it feel to be a boy? I never knew I had this tender streak in my character. How exciting to experiment with same-sex sex. How good it feels to tell this black guy that if he doesn't get out of the way, I'll chop up his ghettoblaster! As your avatar experiments, grows, and develops, in some way, you yourself grow and develop too.

This unique, identity-fostering potential of virtual space is at risk if anonymity is not a given in games. The risk of being recognised will prevent not a few experiments with roles and identities. Yet tragically, anonymity can not be a given in virtual space, because virtual space is never absolutely virtual. Real people live in virtual spaces, and real people can be hurt. If legal protection is taken seriously, absolute anonymity - of avatars and of players - is impossible. A virtual and strong right to anonymity is an attractive idea, but we must have second thoughts about this.

The bright side of this is that the resulting need for identity and identification in cyberspace raises a whole range of fascinating issues that beg to be researched. How do we identify the people behind the avatar, when millions of the world community are living in a single cyberworld, when multiple users share an avatar, and when the first people who can give identifying information - ISP's, game providers - are likely to be in foreign jurisdictions? Do people identify themselves with their avatar? Is someone's ipse identity (her sense of self) affected by the way her avatar is treated in virtual space, or by her being identified - by her idem identity (her sameness) - as the person behind the avatar [2]? Since most virtual games seem to decree that in case of conflicts, the law of California applies, do I want my identity to be governed by a law-maker who used to be a terminating cyborg? And while we are on the topic of cyborgs, when will avatars become semi-autonomous and remain active when you log out, thus acquiring some sort of identity of their own? When will they start talking back, asking you who you are, this guy that is playing around with them?

A right to anonymity is perhaps not such an interesting issue to research after all, not even in virtual spaces. At some point, there will always be someone with a right to know your identity. You yourself, for instance. Or your avatar.

Bert-Jaap Koops is Professor of Regulation & Technology at TILT - Tilburg Institute for Law, Technology, and Society, the Netherlands.

[1] M.H.M. Schellekens (2006), 'What Holds Off-Line, Also Holds On-Line?', in: B.J. Koops et al. (eds.), Starting Points for ICT Regulation. Deconstructing Prevalent Policy One-Liners, The Hague: TMC Asser Press, pp. 51-75.

[2] This is one of the many identity questions that will be addressed in the coming year by the EU FIDIS network.

| Comments (1) |

The Game Theory of Phishing

posted by:Jeremy Clark // 11:59 PM // May 01, 2007 // ID TRAIL MIX

trailmixbanner.gif

By all measures, the amount of internet fraud is rising. Morgan Keegan reports the number of new phishing sites increased in its order of magnitude from 4,367 in October 2005 to 37,444 in October 2006. And phishing is not the only source of online fraud, the number of victims of identity theft is growing as well.

In response to the escalation of phishing attacks, a plethora of anti-phishing tools have been unleashed—Firefox extensions, IE toolbars, and psychedelic colour-shifting borders for your browser, as well as, perhaps more sensibly, blacklists of known phishing sites including a list maintained by web titan Google. Of course, these tools only work in so far as users take the time to install them and learn how to use them. On the latter point, news on the usability of security front is equally despairing. A user study conducted by Rachna Dhamija (Harvard), J. D. Tygar (Berkley), and Marti Hearst (Berkley), presented last year at the Conference on Human Factors in Computer Science, had participants evaluate 20 websites—7 legitimate, 13 fraudulent—and differentiate between them. The best phishing site fooled over 90% of the participants, with many users reasoning that page’s nice layout and animated graphics were a sure sign of its legitimacy. Numerous other usability studies have examined the effectiveness of various anti-phishing technologies, and its typical to hear them described as unintuitive at best and unusable at worst (not to mention an eyesore).

All of this brings us to the magnificent architecture of some of Ottawa’s oldest banks. With their tall pillars, imposing lobbies, marble floors, and brass railings, bank architecture showcases impressive work by great architects like John M. Lyle. (Okay, pardon the non sequitur. I assure you I am going somewhere with this). What is perhaps most intriguing about bank architecture is the reason for the notable buildings. Why exactly were banks so impressive and what happened? There is an easy answer: the magnificent designs were a consequence of competition (an answer easy enough to be articulated in The Canadian Encyclopedia). The problem with this answer is that it does not adequately explain why bank buildings have become less and less impressive over the past century while there is still substantial competition, nor does it explain why there was not a similar architectural arms race in hardware stores, feed mills, or other competitive industries.

A better answer comes from the work of economist Michael Spencer on asymmetric information and signaling theory (for which he shared the 2001 Nobel prize). Before the days of governmental oversight and a banking oligopoly, there existed the threat that the new bank that opened up down the street might be a fraud with crooks planning to run off with your money. By building impressive buildings, legitimate banks sent a signal of quality to customers that fraudulent banks could not afford to send. An expensive building assured potential customers that the bank was planning on long-term establishment and was committed to high standards of service.

These types of scenarios are called signaling games in game theory. A basic signaling game has two participants, a sender and a receiver. The sender knows something about herself (called her type) that is not observable to the receiver. The sender’s objective is to signify her type in a signal that differentiates her from other senders of different types, and to provoke an appropriate response from the recipient. Examples of signals include the education level of a job applicant, a full-page advertisement in the New York Times, or the striking blue-green plumage of a peacock.

The problem of phishing and fraudulent websites is also a signaling game, where legitimate websites need to find the online equivalent of an impressive building to signal their type to users. The problem is that the most obvious parallel to the offline world—an impressive website—is completely inadequate. Whether or not the bank customers of lore worked out the game theory of their situation, the signal worked because customers naturally gravitated towards banks with nice buildings. Once the signal became common, most customers did not need an education campaign in how to differentiate between legitimate and fraudulent banks to make the correct choice. In other words, their ulterior motives led them to the right decision. As the user study mention above indicates, this natural instinct is still instilled in modern internet users. When presented with an impressive website with fancy graphics and a cutting edge layout, a significant proportion of users conclude that is a signal of its legitimacy. While designing the kind of full-featured websites banks commonly use does cost a small fortune, the problem lays in the fact that all this hard work can be copied effortlessly. Phishing is thus a twofold problem: (1) we do not have a good signal, and (2) the signal that users naturally look for is not good.

It may be possible to address the second through user education if only we could solve the first. One potential signal might be website seals offered by watchdog organizations like TRUSTe and BBBOnLine. Benjamin Edelman of Harvard empirically studied websites baring these seals. He found that while a BBBOnLine seal slightly increased the probability of the site being trustworthy (but not enough to be an adequate signal), a TRUSTe seal actually decreased the probability that is was trustworthy. That is to say, a site with no seal at all is more likely to be trustworthy than one with a TRUSTe seal. Thus the seal not only fails as an adequate signal, it actually results in adverse selection. In the same paper, presented last year at the Workshop on the Economics of Information Security, Edelman also found that search engine advertisements are more than twice as likely to be untrustworthy as the accompanying search results—another display of adverse selection.

Perhaps a more promising area of third party accreditation is through website certificate authorities. The largest certificate issuers are, respectively, Verisign, GeoTrust, Comodo, GoDaddy, and Entrust. Until recently, a certificate from any of these authorities evoked the same response in browsers—a padlock being displayed—despite the fact that the verification process varies radically from authority to authority. Recently, however, Microsoft has agreed to implement a new, tiered approach to displaying certificate indicators. In new versions of Internet Explorer, the address bar will display a red toolbar if the site is a suspected phishing site, yellow if the site has a traditional certificate, and green if it has an extended validation (EV) certificate (and as always, white for no certificate). Receiving an EV certificate requires an extensive investigation process that will likely catch any fraudulent attempts at certification.

EV certificates have the potential to be an adequate signal. However this is only half of the problem, as the other half is getting users to recognize the signal and act accordingly. Time will tell if the EV process is extensive enough to demarcate legitimate companies from fraudulent ones, and if users will adapt to recognizing and understanding the implications of the signal. In the meanwhile, economic game theory still dictates that one way a company can signal its legitimacy is by spending more money than a fraudulent one could afford. In my opinion, nothing would say quality like an SSL certificate that costs a million dollars, turns the IE address bar sparkling gold, and puts a dollar sign over the lock. Anyone want to help me start MilliSign?

| Comments (0) |

Privacy as a Social Value

posted by:Jane Bailey // 11:59 PM // April 24, 2007 // ID TRAIL MIX

trailmixbanner.gif

The Canadian case law on hate propaganda, obscenity and child pornography features numerous analyses and discussions on the right to privacy, almost exclusively in the context of the privacy claims of those accused of related offences. Shaped as they are by the contexts in which they are raised, these analyses tend to mirror the negative, individualistic, control-over-access-to-information paradigm that has dominated thinking on the issue for several centuries. Notwithstanding that the vast bulk of Canadian legal analysis focuses on the right of an individual accused against state intrusion on a “private” sphere of activity to the exclusion of consideration of the privacy-related rights of the targets of hate propaganda and obscenity, Canadian courts have recognized that child pornography intrudes upon the privacy-related interests of the individual children abused in its production. The failure to recognize that hate propaganda and obscenity trigger similar intrusions for the members of the groups they target does not necessarily mean that no such intrusions are in fact triggered. Instead, the failure to recognize the triggering of those privacy interests might be understood to be the result of the selection of an individualistic privacy paradigm that, by and large, is conceptually inadequate to capture the collective nature of the privacy-related harms that can be occasioned by all three of these forms of expression.

Individuals targeted directly within hate propaganda and obscenity could muster arguments to squeeze the related privacy intrusions they experience as a result of that targeting into the individualistic paradigm, as has been the case with the analysis of the privacy-related intrusions on the children abused in production of child pornography. In the case of hate propaganda, however, the typical modus operandi of hate purveyors avoids attacks on individuals, generally focusing on broad categories. In the case of obscenity, the individualistic control-over-information paradigm, combined with patriarchal presumptions that women can be assumed to have consented to sexual activity and abuse is likely to impose a preliminary threshold of proof of non-waiver. Re-making what are essentially collectively-based claims into individual claims for the purpose of fitting the paradigmatic mould is unlikely, however, to form the basis of a meaningful long-term strategy for equality-seeking groups and their members.

Just as the analyses of privacy in the contexts of abortion and the counseling records and sexual histories of complainants in sexual assault cases have tended to re-personalize political issues, undermine calls for affirmative state action and reinscribe gendered and raced notions of privacy, so too may privacy-based arguments by the direct targets of hate propaganda and obscenity crafted to fit the paradigm. The privacy-related harms of hate propaganda, obscenity and child pornography need also to be understood in the context of social inequalities that allow empowered narratives to constrain the autonomy of otherized individuals by limiting their opportunities for self-definition with presumed, imposed characteristics attributed to the equality-seeking groups with which individual targets are identified. The personal intrusion is integrally and intrinsically related to systemic, group-based power imbalances. Claims framed within the individualistic privacy paradigm are more likely to bury that dynamic than to make it understood. Without that recognition, the potential role for state action to address those imbalances – or at least a call for state action reflecting a conscious choice not to reinforce those imbalances is likely to be ignored.

Rather than trying to fit collectively-based harms into an individualistic paradigm, it may be preferable to re-think the paradigm to encompass collective, social considerations. The seeds for this idea were originally sown within aspects of work by authors such as Westin that were largely sidelined in the wake of an individualistic, libertarian drive against state intrusion. They have since been replanted in the work of authors such as Allen and Gavison who have advocated privacy as a producer of social goods such as better social contributions and relationships. However, the drive to articulate privacy as a social value can be found more directly in the work of authors such as Gandy, Regan and Cohen in the context of rising concern as to the broad-ranging privacy implications of digital data collection and use. As fragmented individual data collected for one purpose is aggregated and re-used in other contexts as the basis for labeling and making judgments affecting individuals’ lives with little or no opportunity for reciprocity, the adequacy of individualistic models that focus on control over access to information has increasingly come under scrutiny.

The push, in the context of digital data collection and use, for recognition of privacy as a public value, a common value and a collective value and the potentially invidious collective forms of discrimination to which its inobservance can give way offers both threats and opportunities for members of equality-seeking groups. To the extent that those accused of offences relating to hate propaganda, obscenity and child pornography would then be positioned to bootstrap their individualistic privacy argument with one premised on societal interests, the competing equality-based interests of the members of target groups may be undermined. On the other hand, thinking collectively about the value of privacy opens up the opportunity to better articulate a more group-based conception of the privacy violation occasioned by perpetuation of group-based stereotypes prevalent in hate propaganda, obscenity and child pornography. It suggests an opening to argue that privacy shouldn’t simply be conceived of as a producer of individualistic goods like free expression, freedom of conscience and liberty, but also the equally important, but too frequently unmentioned democratic right to substantive equality.

The parameters of a collectively-based privacy argument might work from accounts of authors such as Delgado, Crenshaw, Tsesis and MacKinnon on how hate propaganda, obscenity and child pornography can work to impose social constructions of inhumanity on targeted groups that are both externally reinforced and sometimes internalized in a way that undermines their abilities to self-define. To the extent that these effects lead individuals to choose to dissociate or to attempt dissociation from the groups so targeted, both the groups themselves and society as a whole stand to lose - our aspirations for diversity, plurality and mutual respect are undermined.

If hate, obscenity and child pornography are understood in this way, certain aspects of the current push for a social conception of privacy within the context of digital data collection might be usefully analogized. Simplistic data derived from these forms of “expression” are used to render social profiles of targeted groups that become a basis for imposed definitions not only on those groups, but their members as well. These socially constructed definitions then form the basis and justification for discriminatory action and treatment of individual members of those groups that can, in some cases, be internalized within their own processes of self-definition.

The fragments of identity misrepresented in hate propaganda, obscenity and child pornography are used to form the bases for social composites that intrude both upon the definition of self and the understanding of self in relation to group. The social constructions produced authorize privacy intrusions that both reflect and reinforce substantive inequality. For equality-seeking communities, privacy understood entirely as a producer of purely individualistic goods like free expression and liberty has to often been an empty proposition. Privacy understood as a social value and producer of collective goods like substantive equality seems like something worth talking about.

| Comments (0) |

A Self-narrative Approach to the Deeply Personal

posted by:David Matheson // 10:13 AM // April 17, 2007 // ID TRAIL MIX

trailmixbanner.gif

In less than a couple of weeks, I’ll be attending the Computers, Freedom, and Privacy Conference in Montreal to participate in a workshop presentation with other members of the project. The theme of the discussion is the reasonable expectation of privacy. This morning I’d like to give a snapshot of what I’ll be contributing.

Let me start off by noting what seem to be two very general conditions on the reasonable expectation of privacy in informational contexts. First, it seems obvious that in order for someone to have a reasonable expectation of privacy with respect to a piece of information, she can’t have voluntarily exposed it in a general manner. When I walk across the quad on my university’s campus in broad daylight during a busy term weekday, there’s an obvious sense in which I’m voluntarily exposing lots of information about myself: I know that if I walk across the quad, various people are likely to cast an occasional glance in my direction and thereby acquire visual information about my present appearance, location, activity, etc.; and I’m okay with that, so I walk. But no one would say that I have a reasonable expectation of privacy with respect to it, since I’ve voluntarily exposed it – made it known or at least easily knowable – to whomever happens to be in the area.

Second, in order for an individual to have a reasonable expectation of privacy with respect to a bit of information, it must be personal information of a certain sort about her. To say that information is personal is to say, at the very least, that it is about persons. The information that lightning is a rapid discharge of electrons, say, or that the average annual rainfall in Montevideo is 1100mm, is not personal because it’s not about persons – at all. Moreover personal information, in the usual sense, must be personal information about specific persons. Consider, for example, the following pieces of information, all of which are about persons: that Canada has a population of over 30 million, that all people have certain inalienable rights, and that recent polls show that a majority of Americans favor national anti-obesity programs. Despite being about persons, these bits of information are not about specific persons, and hence don’t count as pieces of personal information in the usual sense.

But not just any personal information counts. In order for an individual to have a reasonable expectation of privacy with respect to a bit of personal information, it must be personal information of the right sort. For consider the following examples of personal information about me: that I am self-identical (to borrow an example from earlier exchanges on this blog with Steven Davis), that it is logically impossible for me to be a circle, and that my rate of free-fall is the same as that of a small pebble. Even if we admit these as examples of personal information, because they are about specific individuals, no one would be inclined to say that they are of the right sort of personal information to be covered by the reasonable expectation of privacy. They can be rationally inferred about specific individuals merely on the basis of nonpersonal pieces of information such as logical or scientific laws.

Let’s call personal information of the right sort – of the sort with respect to which one can have a reasonable expectation of privacy – “deeply personal information.” Accordingly, we can say that in order for an individual to have a reasonable expectation of privacy with respect to a bit of information, she must not have voluntarily exposed it and it must be deeply personal information about her.

I want to resist the suggestion that deeply personal information is to be distinguished by means of its sensitivity. The basic idea of this suggestion is that deeply personal information is sensitive personal information, i.e. personal information that individuals don’t want widely known by others. Sensitivity in this sense, according to certain privacy theorists, might come in one of two basic forms. The personal information in question might be sensitive because the person it is specifically about does not want it widely known by others. It might also be sensitive because it is the sort of information that most members of her society don’t want widely known about themselves.

The reason I want to resist this suggestion is two-fold. First, consider the problem of hypersensitivity. This has to do with the fact that some people can be excessively sensitive about information, including personal information that is not deeply personal. Suppose, to illustrate, that for one bizarre reason or another I happen to be very sensitive about the information that I am self-identical, that it is logically impossible for me to be a circle, or that my rate of free-fall is the same as that of a small pebble. It’s quite silly of me to be sensitive about this sort of rationally inferable information, but, nonetheless, let's suppose, I am. And since it’s sensitive information specifically about me, it turns out to be deeply personal information on the sensitivity approach. But that seems wrong. Whether personal information about me is deeply personal in the relevant sense can’t surely depend simply on my sensitivities, which may stray quite wildly away from the realm of where they ought to be.

There’s also the problem of hyposensitivity. This arises because some people can be excessively insensitive about information, even deeply personal information about themselves. We all know that sort of person who opens up at the drop of a hat and shares all sorts of intimate details about themselves to anyone with open ears. Encountering that sort of person is disconcerting, because we want to say that they shouldn’t be sharing so much deeply personal information with us, total strangers.

Of course, an advocate of the sensitivity approach could agree with us here, and point out that the reason the information such a person shares is deeply personal is that it’s the sort of personal information that most members of their society don’t normally want widely known by others. It may not be sensitive personal information for them, but it is for most of their society, and so it is in fact deeply personal.

But it’s not too hard to think of cases in which even the sensitivities of most members of society are deficient. Suppose that the government, or even a large corporation – call it Big Brother – embarks on a propaganda campaign, for one bad reason or another, to convince most members of society not to be sensitive about the intimate details of their sexual and romantic lives, their medical statuses, their on-line activities, etc. Suppose further that the campaign is very successful. We get the result that virtually no one in society cares how widely such personal information about themselves is known by others. Does the very success of the propaganda campaign absolve Big Brother, who then goes on to get his hands on such details about many members of society, from the charge that he’s inappropriately gotten his epistemic hands on deeply personal information of many members of society? Surely not. The right thing to say of this sort of scenario seems to be that Big Brother has, wrongly and sadly, convinced most members of society not to care about large swaths of what remains their deeply personal information.

So if we don’t characterize the nature of deeply personal information along the lines of the sensitivity approach, what’s the alternative? It seems to me that one plausible alternative, at any rate, can be gleaned from paying careful attention to the language that the Supreme Court has employed in such well-known cases as R. v. Plant (1993) and R. v. Tessling (2004). Deeply personal information, the Court says, is what lies at the “biographical core” of personal information, and information whose disclosure may affect the “dignity, integrity, and autonomy” of the individual it is about.

This suggests two very important points about the nature of deeply personal information. First, deeply personal information has something to do with what might be described as the telling of a story about an individual’s life – that’s the “biographical” bit. Second, it also has to do with the individual’s telling her own story, for herself and on her own terms – with “dignity, integrity and autonomy.”

The narrative language of “biography” and the “telling of one’s own story” may be largely metaphorical, but I believe it captures a very familiar element of our day-to-day experience. We are all, everyday, telling stories about ourselves to others in the sense of revealing to (and concealing from) others different pieces of information about ourselves in different contexts. And the capacity to do so in accord with our own considered convictions about who should know what about us in which context is crucial, I think, to our dignity, integrity and autonomy as persons.

We can bring these points together into something like the following (call it) “self-narrative” approach to the nature of deeply personal information. On this approach, deeply personal information is personal information open access to which would seriously undermine the individual’s ability to tell her own unique story. (When I talk about “open access” here, I mean more or less unrestricted access for the public at large, i.e. access for pretty much any member of society who cares to learn the relevant information, regardless of whether the individual that the information is about has voluntarily exposed it.)

To evaluate the plausibility of the self-narrative approach, consider its application to cases already mentioned. The rationally inferable information that I am self-identical, that it is logically impossible for me to be a circle, or that my rate of free-fall is the same as that of a small pebble, despite being about a specific individual, is not deeply personal information. Does the self-narrative approach give us that result? It would seem so. It is very difficult to see how open access to any of these pieces of personal information about me would seriously undermine my ability to tell my own unique story. After all, none of these pieces of information could itself be used to distinguish me from others in any significant way. That it is logically impossible for me to be a circle is certainly about me in particular, but exactly the same sort of information can be known to apply to every other individual in society, simply by rational inference from non-personal information. That’s also true of the information that I am myself or that my rate of free-fall is the same as that of a small pebble. Everyone is self-identical. Everyone’s rate of free-fall is the same as that of a small pebble.

Recall now the Big Brother example. On the sensitivity approach, the very success of Big Brother’s campaign absolves him from the charge of wrongfully getting his epistemic hands on loads of deeply personal information about members of his society. But, as we noted, that seems wrong. On the self-narrative approach, however, we get a more intuitively sound verdict. Big Brother can properly be charged with inappropriately getting his hands on deeply personal information, because the mere success of his propaganda campaign – the mere fact that he’s convinced most members of society not to be sensitive about intimate details of their sexual and romantic lives, medical statuses, on-line activities, etc. – does not suffice to render those details non-deeply personal. Open access to such details would seriously undermine the ability of the individuals concerned to tell their own unique stories: where there is open access, individuals lack control over those details, which constitute precisely the sort of personal information whereby they could significantly distinguish themselves from others. And the fact that open access would seriously undermine their ability in this way remains regardless of whether they are sensitive about the details.

| Comments (0) |

Don't have an account. I'll use a shared one.

posted by:Stefan Popoveniuc // 11:59 PM // April 03, 2007 // ID TRAIL MIX

trailmixbanner.gif

It is generally believed that you have to take the extra step to protect your privacy: look for the SSL lock on your browser, shred your old bank statements, scan your computer for key loggers etc. Convenience and easy of use are often regarded as antagonists to security or privacy. I have recently come to discover a useful website that seems to contradict this paradigm.

Remember all those popular websites that force you to register just because you want to read the entire article, user comments or download some piece of free software? They all claim that the registration process is simple but you often find yourself entering your email address, gender, full or partial postal address, phone number and at the end they ask you to fill out a survey with how many hours you spend on the internet each month, what’s your income level, age, education and so on. But probably most important, you tend to set your password from the two-three passwords that you use on tens of websites. Clearly an exposure of what you consider to be private information.

www.bugmenot.com has a collection of public usernames and passwords for some of the most popular sites that require free registration for accessing their free content. Some of the popular websites are: www.nytimes.com www.washingtonpost.com www.imdb.com etc. A Firefox extension makes logging in to these websites a breeze: right click ->login with BugMeNot. Click-clack, you’re in.

Don’t get me wrong, customizing your account and leaving comments with your reserved username is always good, but most of the times you just want to read the end of article. And you simply don’t want to have yet another site know one of your “secret” passwords :)

*The author has absolutely not affiliation with BugMeNot.com, except for sharing the same Internet.

| Comments (0) |

Implanting Dignity: Considering the Use of RFID for Tracking Human Beings

posted by:Angela Long // 11:59 PM // March 27, 2007 // ID TRAIL MIX

trailmixbanner.gif

* This piece is a summary of the arguments contained in a longer paper that is currently a work-in-progress.

Debate is currently raging over the use of radio frequency identification devices (RFIDs) as a method of identification of unique entities. However, this debate has centered upon the general privacy concerns raised by the use of RFIDs. [1] While the privacy implications of RFID use are important, equally important are the unique implications of RFID related to human dignity. Concerns related to human dignity are especially relevant now, as implantable RFIDs have now been approved for medical use in the United States. [2] The VeriChip, an implantable RFID manufactured by Applied Digital Solutions, is being marketed to hospitals and doctors as a method of quickly identifying unconscious patients in the emergency room setting. They have also been used for and proposed for a variety of non-medical purposes, such as the tracking of English football players and migrant workers in the US. [3] In the non-implantable context, RFIDs are currently being used to monitor patient compliance in pharmaceutical trials, ie. to ensure that patients are taking their drugs properly. [4] This could easily be implemented in cases where patients with mental illnesses are subject to a community treatment order in order to ensure that drugs are being taken.

It seems likely, then, that the potential uses for implantable RFIDs will only increase in the future. Indeed, as the examples above illustrate, it appears that the use of RFIDs, both external and implantable, could shift from a voluntary and consensual model of use, to one that is neither voluntary nor consensual, which is of considerable concern to those concerned not only about privacy, but about ethics more generally. It is thus imperative to examine the ethical concerns; concerns about how we treat other human beings; surrounding the use of implantable RFIDs in more detail.

Many of the same privacy arguments made in the context of non-implantable RFIDs apply equally to implantable RFIDs. However, there is an additional factor within implantable RFIDs that raises our moral antennae; something more than just the typical informational privacy and anonymity concerns articulated by those writing on RFIDs generally; something that is unique to RFIDs that are implanted in human beings or otherwise used to track the actions and movements of human beings that has not yet been accounted for in the existing literature. [5] This additional factor in the implantable RFID context has been casually described as a concern for ‘human dignity’ in the popular media. Thomas C. Greene articulates it like this:

Unique RF identity chips and concealed RF readers everywhere: madmen have been complaining about this since the earliest days of radio. That’s how we knew they were madmen. Only an IT industry divorced from any sense of good taste and human dignity, in which technology becomes an end in itself, could strive to make the nightmares of the insane a common reality. And yet, here we are. [6]

And, as stated by Cédric Laurant, Policy Counsel at the Electronic Privacy Information Center:

Monitoring children with RFID tags is a very bad idea. It treats children like livestock or shipment pallets, thereby breaching their right to dignity and privacy they have as human beings. [7]

While this concern for ‘human dignity’ has been raised, it has not been explored in any philosophical or legal depth within the academic literature. As such, it remains, to some, mere rhetoric. Such an exploration, however, is necessary in order properly articulate the concerns that have been raised by these writers. It is also important to look at how such an analysis relates to, or even encompasses, our concerns about privacy and anonymity in the implantable RFID context, allowing for a new discourse on the myriad of concerns surrounding RFIDs that track the movements and actions of human beings. Such a discourse is important in the legal context, as human dignity, unlike privacy, has been continually recognized one of the underlying principles of the Canadian legal system, as enshrined by the Charter of Rights and Freedoms. By viewing the tracking of human activity through RFIDs as an infringement of human dignity, an argument against the legality of the use of RFIDs in these ways could be greatly bolstered through the infusion of one of the most fundamental values enshrined in Canadian law, and thus any legal argument against their use could be viewed as much stronger and likely more effective.

Human dignity is a concept that has longstanding meaning both within philosophy and within the law, most notably as the basis for modern human rights law, although it is not a particularly well-defined concept, as it often has very different meanings in different contexts. [8] Most recently, the concept of human dignity has received renewed attention in the field of bioethics, with experts striving to get to the root of the concept and to determine how it is being used by law and policy makers and to determine the ‘correct’ conception of the term. The most widely accepted theory of human dignity is that based on Kantian deontological philosophy, where it is viewed as the “essence of humanity” [9] that provides each human being with intrinsic worth by virtue of possessing a certain quality or qualities (usually agency or autonomy). Based upon possession of this quality, this intrinsic worth, all human beings are to be accorded respect and are to be treated as ends in themselves and not merely as a means to an end. However, the use of both implantable and external RFIDs to track the actions and movements of human beings clearly betray this imperative in using human beings to achieve ends unrelated to the well-being of the subject her/himself, ends that are usually related to the accumulation of information; information which may in fact be used against the person about whom it is collected.

Given that Canadian law aims to protect people from violations of their human dignity, at the very least from intrusion by the state under the Charter, any attempt by the state to use RFID in a non-consensual and non-voluntary manner may indeed be considered contrary to Canadian legal values and could run the risk of being declared of no force and effect under s. 52(1) of the Charter.

[1] See e.g. Katherine Albrecht & Liz McIntyre, Spychips: How Major Corporations and Government Plan to Track Your Every Move with RFID (Nashville: Nelson Current, 2005); Laura Hildner, “Defusing the Threat of RFID: Protecting Consumer Privacy Through Technology-Specific Legislation at the State Level” (2006) 41 Harv. Civil Rights-Civil Liberties L. Rev. 133.
[2] U.S. Department of Health and Human Services, Food and Drug Administration, 21 CFR Part 880 [Docket No. 2004N-0477] “Medical Devices; Classification of Implantable Radiofrequency Transponder System for Patient Identification and Health Information” (10 December 2004), online: <http://www.fda.gov/ohrms/dockets/98fr/04-27077.htm>. Although most apparently relevant to implantable RFIDs, human dignity concerns are also equally implicated in the external use of RFIDs where the specific use is to track the human beings to which they are linked. One example of such a use where human dignity concerns were raised is that in the case of Brittan Elementary School in Sutter, CA, where students were outfitted with RFID tags around their necks. Their movements inside the school were tracked by hand-held computers kept by the teachers. See e.g. Garry Boulard, “RFID: Promise or Peril?” State Legislatures (December, 2005) 22 at 22.
[3] With respect to tracking migrant workers in the US, see online: LiveScience <http://www.livescience.com/scienceoffiction/060531_rfid_chips.html>. It has also been suggested for use in soccer players to track their on field movements, see online: Manchester Evening News <http://www.manchestereveningnews.co.uk/news/s/217/217056_man_utd_plan_to_chip_players.html>.
[4] See online: Med-IC Digital Package <http://www.med-ic.biz/certiscan.shtml>.
[5] For example, while Dr. John Halamka discusses the privacy implications of the VeriChip, he appears to do so only within a strict informational privacy analysis, which in the context of something being implanted into the body, seems somewhat lacking. John Halamka, “Straight from the Shoulder” (2005) 353 New Engl. J. Med 331.
[6] Thomas C. Greene, “Feds Approve Human RFID Implants” The Register 14 October 2004, online: The Register <www.theregister.co.uk/2004/10/14/human_rfid_implants/>.
[7] Mark David, “Implantable RFID May Be Easy, But That Doesn’t Mean It’s Ethical”, online: Electronic Design <http://www.elecdesign.com/Articles/Index.cfm?AD=1&ArticleID=14794>.
[8] In the bioethical context, see e.g. James F. Childress, “Human Cloning and Human Dignity: The Report of the President’s Council on Bioethics” (2003) 33:3 Hastings Center Report 15 at 16 and Timothy Caulfield, “Human Cloning Laws, Human Dignity and the Poverty of Policy Making Dialogue” (2003) 4:3 BMC Medical Ethics 2.
[9] Deryck Beyleveld & Roger Brownsword, Human Dignity in Bioethics and BioLaw (Oxford: Oxford University Press, 2001) at 64.

| Comments (0) |

Where’s Waldo? Spotting the Terrorist using Data Broker Information

posted by:Louisa Garib // 11:59 PM // March 06, 2007 // ID TRAIL MIX

trailmixbanner.gif

In the fall of 2006, the Ottawa Citizen broke a leading news story based, in part, on work done by the Canadian Internet Policy and Public Interest Clinic, (CIPPIC). Pursuant to an access to information request, CIPPIC learned that the Royal Canadian Mounted Police (RCMP) had purchased consumer information from Canadian data brokers for law enforcement purposes. The information that the RCMP obtained from data brokers included individuals’ telephone numbers and addresses, as well as personal information available from public records (On the Data Trail: A Report on the Canadian Data Brokerage Industry, April 2006).

Commercial data brokers on both sides of the border collect personal information from various sources such as public registries, contest ballots, product warranty forms, newspaper and magazine subscriptions, travel bookings, charitable donation records and from companies that track credit-card use. In its coverage of the issue, the Ottawa Citizen reported that since September 2001, the RCMP has been buying and retaining this kind of personal information from data brokers, and in some instances may have forwarded that information to U.S. law enforcement.

Shortly after the story broke, the Canadian Association for Security and Intelligence Studies (CASIS) held its Annual Conference in Ottawa. At the conference, Canadian and U.S. policy officials, judges, academics, and defence analysts met to discuss intelligence gathering and surveillance in the current security environment. One of the conference panels debated the role and relevance of using “open sources” versus secret intelligence and information during law enforcement investigations. “Open source” information can be information freely available on the Internet, data contained in public records such as land title registries, or information collected and sold by the private sector. While the panel discussion focused on using information from press reports and websites, conference participants spoke of making “better” or more “effective use” of open sources, and the need for systems that could analyze open source information. Data brokers could certainly serve that purpose, by collecting, categorizing and conducting a preliminary assessment of open source information for law enforcement. By performing a “first cut” of massive amounts of information, the commercial data brokers can help the state to “spot the terrorist” or identify any other type of criminal.

Also in the fall of 2006, the Ontario Superior Court struck down the definition of “terrorist activity” in the federal Anti-terrorism Act, [S.C. 2001, c. 41] (ATA) in the case of R. v. Khawaja, [2006] O.J.No. 4245 (Ont. S.C.J.) (QL). The court found that the “motive clause” contained in the act infringed Mr. Khawaja’s rights to freedom of conscience and religion, and freedom of expression and association guaranteed by sections 2(a), (b) and (d) of the Canadian Charter of Rights and Freedoms.

The statutory definition linked terrorism to criminal activity motivated by religion, ideology or political belief. Judge Rutherford reasoned at para 58 that the “inevitable impact” of making motivation part of anti-terror investigations would be that a “shadow of suspicion and anger” would fall over certain groups in Canada, raising concerns about racial and ethnic profiling. In his decision, Justice Rutherford severed the invalid motive clause in the definition of terrorist activities from the rest of the anti-terrorism legislation; leaving the remainder of the provisions in force. To date, Mr. Khawaja has not proceeded to trial as there are aspects of his case that are currently before the courts.

While Khawaja, for now, stands as a bar to using motive as evidence of terrorist activity under the ATA, law enforcement’s potential use of personal information collected by data brokers raises the same concerns about racial profiling and creating groups of suspects that Justice Rutherford mentioned in his decision.

Information supplied by data brokers is unreliable. Brokers gather information from a variety of sources and have few incentives to determine and ensure the veracity of the information they collect and sell to law enforcement. Compounding this problem is the lack of transparency for consumers. It is virtually impossible for individuals to be aware of all of the organizations that have collected and retained their personal information over time. Consequently, consumers have minimal recourse to access, challenge and correct the myriad of what Professor Daniel Solove calls “digital dossiers” that often contain inaccurate personal information. The absence of recourse and access rights to ensure the reliability of information sold to law enforcement without consumers’ knowledge or consent also raises concerns about due process.

Nor is it clear what criteria law enforcement would use to assess the relevance, accuracy and reliability of information provided by commercial data brokers. What type of information is being purchased? How would the information interpreted and contextualized? What valid conclusions or predictions, if any, can be drawn from such information?

The inaccuracy or misinterpretation of information supplied by data brokers to law enforcement combined with the lack of transparency and oversight surrounding the use of that data can have dire consequences for targeted individuals and identifiable groups.

Identifying an individual as a security threat, terrorist, or terrorist sympathizer based on questionable information provided by data brokers can destroy a person’s livelihood, family life, reputation, and in some cases their physical security. Although it is not established that information from data brokers played a role in the “extraordinary rendition,” detention and torture of Canadian citizen Maher Arar, it is not difficult to contemplate the worst case scenario for an individual who is profiled according to information provided by data brokers based on what we know about Mr. Arar's terrifying ordeal. Identifying an entire group as suspect using information complied by data brokers could result in criminalization, stigmatization and marginalization, violating equality provisions as well as freedom of religion, thought, expression and association rights contained in the Charter.

Law enforcement’s potential practice of using information compiled by commercial data brokers isn’t only problematic for certain racialized groups or suspicious individuals; the practice implicates all of us. The private sector collects and uses personal information about nearly everyone. A criminal profile could be pieced together from various purchase records on any individual, based on the information complied by data brokers. That data could be used to establish a motive and identify individuals as suspects or potential suspects for any crime – including those not yet committed.

We could all, then, be profiled based on fragments of information about us that may be wrong, outdated, distorted, and removed from context. If information collected by the private sector is purchased and used by our government and law enforcement agencies without transparency, oversight and safeguards, it can be dangerously misinterpreted in ways that could prejudice people’s lives.

| Comments (0) |

Privacy as Modesty and the Uninterrogated Equality Rights of LE

posted by:Jane Bailey // 11:59 PM // February 27, 2007 // ID TRAIL MIX

trailmixbanner.gif

On August 25, 1995, LE, a 42-year-old single mother of two, attempted to pay for a cab with an invalid credit card. [1] The cab driver refused LE’s subsequent offer to pay with cash she had quickly arranged to borrow from another tenant in her building. Instead, the driver notified the police. After a CPIC search, the officer called to the scene found evidence of an outstanding warrant for failing to appear at trial relating to charges of obtaining credit by false pretences. In the 18 hours that followed, LE was strip searched, confined to a cell under video surveillance, denied a blanket despite the cold temperature in the cell (since apparently no blankets were available at the time), after which she was observed pretending to hang herself from the cell bars with her bra strap, forcibly stripped of her clothing after she refused to remove them, told not to position herself in the cell so as to escape video surveillance (which she refused to do) and ultimately handcuffed naked to the cell bars where she was visible to all those passing by for at least 20 minutes until blankets (ironically) were taped to the outside of the bars, according to the trial judge, “in order to give [her] some privacy” [para. 41].

LE’s civil action alleging, amongst other things, negligence, assault and breach of her ss. 7 and 12 Charter rights was dismissed. Almost as disturbing as the facts of the case itself, are the motifs of privacy’s gendered legacy present in the trial and Court of Appeal decisions. Even more fundamentally, what emerges from the case is a transparent example of what Lise Gotell has referred to as the “nothingness” of privacy as it is currently framed in law and the seeming futility of purely privacy-based claims for members of many equality-seeking communities [(2006) 43 Alta. L.R. 743].

The trial judge found that the authorities’ forcible removal of LE’s clothing was consistent with an established policy of removing the clothing of both male and female prisoners who have attempted suicide or who, as in LE’s case, have pretended to attempt suicide. The judge further found that the policy was reasonable and noted that LE was left “without the blankets protecting her modesty for a period not exceeding 20 minutes”[para. 42]. LE’s “modesty” is referred to four more times in the reasons of the Court of Appeal – generally in the context of the Court’s conclusion that the trial judge adequately considered LE’s privacy and dignity claims. As Anita Allen and Erin Mack have carefully demonstrated, the gendered legacy of privacy has frequently meant that privacy claims are afforded different content, depending upon the gender of the person asserting them [(1990) 10 N. Ill. U. Rev. 441]. The privacy of male claimants has typically been understood in the case law as necessary for independence and autonomy of choice, while for women “privacy” has too often been analysed as necessary for maintaining “modesty” – a term simply serving as code for a classed and raced analysis that saw women’s forced seclusion in the “privacy” of the home as the preferable means to protect their most highly prized possession – their “virtue”. To understand what happened to LE as primarily an affront to her “modesty” is to ignore both its impact on her status as a thinking, independent, autonomous human being, as well as the way in which that affront depended for its dehumanizing impact on the stereotypical shaming associated with public exposure of women’s bodies.

Apart from the unnamed, but gendered characterization of privacy in the judgments, the Court of Appeal’s perhaps most jarring line states: “[LE] properly conceded in oral argument before this court that there is no free-standing right to dignity or privacy under the Charter or at common law” [para. 63]. In the absence of a s. 8 claim relating to unreasonable search and seizure or a claim premised on some other specific statutory authority (like that provided, for example, to convicted sex offenders whose information or DNA is sought for inclusion in a government-run registry or databank), as far as the law is concerned, it seems women in the position of LE can really only talk about whether the conduct of authorities is consistent with Charter values – with privacy being one of them. Unless they can wedge their claims into one of these other pigeon-holes, they have no independent legal grounds for asserting a claim that being handcuffed naked to cell bars in full view of passersby, while also under video surveillance, constitutes a violation of their privacy. (And presumably, similarly, no independent basis for asserting a claim that a policy that automatically requires stripping prisoners of their clothing after they have attempted suicide or feigned such an attempt, violates the “right” to privacy – since no such independent right exists.) Interestingly, the Court of Appeal’s jarring statement was more recently relied upon by a court as the basis for striking out a privacy claim asserted by a Black woman lawyer in relation to alleged racist epithets by another lawyer [[2006] OJ No. 4134].

It is striking to so directly confront the idea that for Canadians privacy is little more than an interpretive principle for assessing the conduct of the authorities unless the claim arises in the context of a “search and seizure” or under a specific statute that adverts to a right of privacy, when so many of us (particularly in socially disadvantaged communities) are so regularly exposed to exercises of authority that have little or nothing to do with these situations. In the context of claims such as LE’s, where the gendered and raced legacy of privacy and dignity are so evident, I cannot help but revert again to the need for an understanding of privacy and dignity premised upon and framed within the “free-standing right” to substantive equality. Under that rubric, we might interrogate some different questions. While the policy of stripping all prisoners who attempt or feign an attempted suicide is facially written to apply equally to men and women, we must ask against persons of which race and gender is it statistically more likely to be applied? And how might such a policy’s meaning and effect be interpreted differently if it were considered in the context of gender and race inequality and the discriminatory sexualized stereotypes of Aboriginal and Black women that Gotell, and Allen and Mack have shown to be the basis for denying some women even the minimalist patriarchal protection of “modesty” historically afforded middle class white women? How are we to understand the meaning of privacy and dignity for those of us in equality-seeking communities unless the law is required to interrogate them in context?

It seems the best hope for privacy and dignity is equality.

[1] The following discussion is based on: LE v. Lee, [2000] O.J. No. 4533 (SCJ) ; rev’d [2003] O.J. No. 4239 (SCJ, Div Ct); rev’d (2005) 77 O.R. (2d) 621 (CA); leave to appeal refused, [2005] SCCA No. 516. Prior to dismissing LE’s application for leave to appeal, the SCC had dismissed a motion by Aboriginal Legal Services of Toronto, Inc. to intervene on the application for leave to appeal.

| Comments (0) |

Wherever You Go, There You Are: Inserting Privacy Into Our Everyday Space

posted by:Anne Uteck // 11:59 PM // February 20, 2007 // ID TRAIL MIX

trailmixbanner.gif

Note: this posting essentially represents snippets of my current research in progress.

Anyone familiar with J.K. Rowling’s world of Harry Potter cannot help but be struck by its devices of wizardry. These devices provide some idea of what it might mean to embody awareness in the physical world, precisely the shift we will experience as computational power moves beyond the desktop into everyday objects. Much of the charm from this popular series comes from the quirky magic objects that surround Harry and his friends. Rather than being solid and static, these objects embody initiative and activity - read surveillance capability. Take for example, the Pensieve which stores thoughts and memories for later retrieval: think cameras, chips and tags that capture ever-bigger parts of our experience, especially as they are integrated with devices that know our agenda, the places we visit and the people we are meeting with; or the Weasley’s clock - completely useless if you wanted to know the time, but able to pinpoint where each family member might be, work, school, home or even travelling, lost or in the hospital, and the Marauder’s Map having icons that represent people as they move around Hogwarts Castle: think geo-spatial technologies that bring the same feature to open spaces. Next generation magic or next generation technology? By whatever label, they prompt us to start thinking more about space, the space of our everyday lives, how it is being transformed and increasingly vulnerable to a new wave of technologies that make us more visible and more exposed. This, in turn, raises questions about spatial privacy, its nature and scope, and its viability for legal protection.

Emerging location, or geo-spatial technologies, such as Global Positioning Systems (GPS), Radio-Frequency-Identification (RFID) and advanced wireless devices are being introduced into all facets of everyday real life. This new wave of powerful technologies are finding their way into our homes, cars, cellular phones, identification documents and even into our clothing and bodies. Within the context of growing technological convergence, they have the unique ability to locate and track people and things anywhere, anytime and in real time. There is nothing new, nor necessarily sinister about wanting to locate people and objects and track their movement from one place to another. Clearly, there are some compelling advantages to such enhanced capability. For example, emergency services are better able to find accident victims, commercial organizations are able to improve the way they do business by fleet, product and employee tracking; parents may want to be sure their children are safe; and retailers, stadiums and other service-oriented facilities can adjust staffing levels and product inventory to best accommodate consumer patterns. For government intelligence and law enforcement, serving the public interest includes managing risk, which translates into increased security applications for monitoring people and things, especially given the shift towards a safety and security state. Overcoming many of the limitations inherent in the passive mainstream technologies, this generation of location-based technologies makes all of these things possible, automatically, remotely, accurately, continuously and in real time.

The obvious privacy and surveillance implications, however, are staggering and these concerns are rendered more pressing and more complex as the technologies are combined, integrated, connected, invisibly and remotely to networks, forming part of a wider movement towards a society characterized by ubiquitous computing (UBICOMP). In the ubiquitous networked society, computing devices are embedded in everyday objects and places with the potential for comprehensive monitoring and surveillance that is not contained by space or time, thus crossing both physical and social boundaries. This, in my view, is deeply problematic because the core privacy interests individuals have in sustaining personal, physical or even psychological space are potentially diminished, particularly over the long term as networked location technologies destabilize personal spheres and challenge our fundamental ideas about personal space and boundaries and the privacy expectations that go with them.

Canadian law, principally s.8 of the Charter, recognizes a reasonable expectation of spatial privacy, and purportedly its protection, at least in theory, extends to people. However, the parameters have been confined to ownership or at least, the physicality of the place. In other words, the territorial spectrum of protection has been narrowly constructed by the Supreme Court of Canada. On the current spatial assessment of privacy interests, you can point to barriers that are sustaining its protection. In most cases it is a tangible barrier that clearly delineates the boundary crossed triggering section 8. However, even where there has been no actual physical boundary crossed (trespassed), the intrusion has been assessed as an expectation of privacy in the place under surveillance. In other words, the context engaging section 8 protection is not what capacity the person is acting, but where physically the person is and a tangible boundary that can be identified as being crossed. As more of our lives in private places, personal spaces and movement across all spaces are potentially caught within a web of constant accessibility, the current spatial privacy construct does not take into account the nature of changing technologies, rendering irrelevant protections afforded by the traditional analysis because there is no tangible boundary crossed and the surveillance is capable of moving with people as they leave their homes and move from place to place. The current spatial privacy protection does not get at the core of what is ultimately objectionable: our desire to limit intrusions into our space, affairs, bodily sphere, attention paid to us, freedom from observation and of movement without the threat of being watched – visible and exposed. Thus, there is a need for a new conceptual apparatus for spatial privacy capable of sustaining legal protection for the entire array of privacy interests articulated by the Supreme Court of Canada.

Should we be concerned? Yes. Rhetoric and over-reaction? Perhaps. However, identifying the need for a renewed consideration of spatial privacy interests in response to location-based technologies is compounded by an on-going concern, namely, that the discourse on privacy and privacy protection has centered on assessing interests principally in informational terms. I would go so far as to suggest that the predominant theoretical, analytical and practical emphasis in policy, legal and scholarly discourse has been on the data protection model of informational privacy.

Spatial privacy interests have long been marginalized and largely overlooked in the context of technology and surveillance. While protecting information was a reasonable focus forty years ago when the primary concerns related to the growth of information technologies and the creation of large databases to store personal information, today the privacy implications of new technologies are not just about data processing or informational privacy interests. Moreover, data protection laws and constitutional analysis of informational privacy do not address the central threats to spatial privacy arising from location-based technologies. Aside from the nature and quality of information that may be gathered by the use of these technologies, their embeddededness everywhere in the physical world calls for a privacy assessment that more broadly considers people and their space. In fact, the language of data protection and focus on an informational analysis constrains a more robust discussion of privacy and risks collapsing spatial privacy interests into the informational paradigm. This is not to suggest that the baby be thrown out with the bathwater, but it does reinforce the need to construct a more effective means by which to bridge spatial, informational and personal privacy protection.

| Comments (0) |

i want you to want me: the effect of reputation systems in online dating sites

posted by:jennifer barrigar // 11:59 PM // February 13, 2007 // ID TRAIL MIX

trailmixbanner.gif

This piece is abstracted from a longer paper that is currently seeking publication venue.

By now it is almost trite to point out that the scale and breadth of the internet opens up the possibility of reaching large numbers of people quickly and easily, facilitating social and commercial matching on a scale hitherto unimaginable. At the same time, however, the internet is fraught with ambiguity. Text communications are denuded of gesture, tone and the million nuances that inform our interpretation of meaning. Even in visual arenas such as You Tube, recent events show conclusively that the lines between vlogging, fiction and commerce are fluid and difficult to discern. [1]

Reputation systems have been developed as a technological means to harness the potential of the Internet by making trust possible in online environments. This technology is used on many well-known sites. eBay’s feedback system, for instance, allows both the buyer and seller in a transaction rate each other, and the cumulative ratings are available for perusal by any eBay user attempting to determine whether to enter into a transaction with a particular individual. Amazon also uses a variation of a reputation system, allowing users of the site to submit their reviews of materials. A reviewer may rise to the rank of “top reviewer” based on feedback of other users, while all users come to understand that a reviewer’s status is predictive of the helpfulness of her review. Slashdot.org has a similarly dynamic reputation system in place, where site users submit and review news items as well as actively reviewing the contributions of others. Users of the site are able to modify their settings to show only top-rated items, and top-rated authors acquire “karma points” which increase the weight of their reviews and ratings. In each of these systems, the “reputation” of an individual is established by meeting the needs/expectations of other users, whether for trustworthy buyer/seller behaviour, reliable reviews, or a good eye for interesting and newsworthy items.

The use of reputation systems in online dating is somewhat less intuitive than its use in other arenas, because the “product” being judged is less clear. On eBay, the performance of a particular contract is rated. Although there is not originating contract in the Amazon sense, ratings of a particular reviewer are based on how well her product has met the desires/needs of the user. Slashdot.org’s reputation rankings are similarly performance-based, with status incrementally built through accurately representing and satisfying the desires of users of the site. Michele White has noted how “Amazon’s personalization options seem to allow spectators, who are depicted as active users, to write into the system and program it according to their desires.” [2] In the recent introduction of reputation systems to online dating sites we see even more clearly the encoding of desire and consequent regulation of performance.

The Manifesto for the Reputation Society claims that “when, in colloquial language, we speak of a person’s ‘good reputation’ we are implicitly claiming that the person fulfills many of his or her local society’s expectations of good social behavior – typically including qualities like honesty, reliability, ‘good moral character’, and competence.” [3]

As Lees recognizes, while ‘reputation’ for a man invokes social and cultural qualities, for a womyn ‘reputation’ has always denoted sexual behaviour. [4] This particularly gendered implication of ‘reputation’ in the arenas of sexuality and dating is further exacerbated by the context of the online dating environment. Although both men and womyn use online dating sites, research indicates that compared to Internet users in general, online daters are more likely to be male. [5] In addition, all users of these sites are products of our inherently sexist culture, which necessarily informs their responses to the world and to each other. Sexism exerts a constituting force on our identity, as it is “continually endorsed and celebrated by the dominant culture. The mass media, the daily press, pornographic magazines and videos all reinforce the objectification of women’s bodies and celebrate a form of macho, aggressive masculinity.” [6] Accordingly, I would argue that the standards encoded into the online dating system are inherently gendered.

A negative reputation, then, is the result of failure to conform to the group standards of the dominant culture. When users of these sites fail to perform and present the gendered identities expected of them, this transgression is seen as a failure in them to uphold expected moral codes, and reputation is thus formed and assigned within the system. Accordingly, if “those who defy the dominant position will incur a form of disapproval that will lead them to be less trusted, liked, and respected in the future” , [7] then s/he who seeks to avoid a bad reputation must necessarily come to both understand and perform the expectations of the dominant position.

Reputation is not simply about purchaser choice and assisting purchasers to make choices that will best satisfy their needs – indeed, it depends for its power on a resulting regulatory force. Looked at in its full social context, reputation functions as a form of surveillance and, “like surveillance, may induce people to police themselves.” [8] The normative effect of reputation systems in online dating environments leads to a situation where “the culturally constructed ways that women express their femininity (emotional, shy, weak and nurturant) and men express their masculinity (unemotional, aggressive, strong and potent) are deemed to be natural.” [9] As such, womyn subject to these expectations do not experience themselves as deviating from individual expectations, but rather as transgressing normative standards. Similarly, men who are “disappointed” in these transactions do not experience their expectations as problematic, but rather are encouraged by the reputation system to enforce conformity with expectations rather than re-consider the expectations.

This analysis suggests that reputation systems in online dating environments function as a form of self-regulating surveillance – they set the standards of expected gendered behaviour, they act to enforce adherence to those standards by stigmatizing those who fail to conform them, and they normativize those standards, resulting in internalization of the standards and self-policing of behaviour. Far from the transformative tool of cooperation that reputation systems purport to be, in this environment at least they act to perpetuate a particular gendered and sexualized inequality.

It might be suggested that this is an isolated and site-specific issue, relevant only to online dating. I note, however, that of late there have been suggestions that reputation systems move from their current site-specific assessment status to become anchored on the individual identity instead. This would create a mobility of reputation, where individuals could build an amalgamated reputation that would be accessible to any/all persons or organizations interested in entering into a relationship with a particular individual. Before we implement any kind of mobile reputation system (or even before we increase our reliance on existing reputation systems) we must recognize their regulating power and problematize what is being regulated in order to ensure that the enforcement of stereotyped norms of behaviour and performance does not become part of this matrix.

[1] For examples, see the recent “lonelygirl15” (http://www.nytimes.com/2006/09/13/technology/13lonely.html?ex=1315800000&en=7eae0c5f86be8939&ei=5090) and Sunsilk embedded ad (http://www.cbc.ca/arts/media/story/2007/02/04/bridezilla-campaign.html) controversies.
[2] Michele White, The Body and The Screen: Theories of Internet Spectatorship (Cambridge: MIT Press, 2006) at 24 [White 2006].
[3] Hassan Masum & Yi-Chang Zheng, “Manifesto for the Reputation Society” (2004) 9:7 First Monday, online: First Monday http://www.firstmonday.org/issues/issue9_7/masum/index.html at 4.
[4] Sue Lees, Ruling Passions: Sexual Violence, Reputation and the Law (UK: Open University Press, 1997) at 17.
[5] See for example Robert Brym & Rhonda Lenton, Love Online: A Report on Digital Dating in Canada, Toronto 6 February 2001; Canadians and Online Dating, Leger Marketing Report, 9 August 2004.
[6] Lees, supra note 2 at 48.
[7] Cass Sunstein, “Group Judgments: Statistical Means, Deliberation , and Information Markets” (2005) 80 N.Y.U.L. Rev. 962 at 986.
[8] Howard Rheingold, Smart MOBs: The Next Social Revolution (Cambridge: Perseus, 2003) at 126.
[9] Michele White, "On the Internet, Everybody Worries that You're a Dog: The Gender Expectations and Beauty Ideals of Online Personals and Text-Based Chat" in Mary Rose WIlliams & Phil Backlund, eds. Readings in Gender Communication (Wadworth, 2003) at 286.

| Comments (1) |

Contested Identities or Controversial Medium? Authentication and YouTube.com

posted by:Patrick Derby // 02:36 PM // February 06, 2007 // ID TRAIL MIX

trailmixbanner.gif

I step outside of my comfort zone, and my identity as a criminologist, to provide the following commentary on authentication and ‘new media’ technologies, specifically in the context the popular video sharing website YouTube.com. I call the text that follows a commentary, as the thoughts and ideas presented herein require further development. This being said, I look forward to your challenges and comments, so I can further develop this piece.

Authenticity and the Authentication of Identity
I believe it is important to define how I understand and use the concepts of authenticity and authentication. In order to be authentic the object in question must be genuine and reliable or trustworthy. The authenticity of an object is often determined through a process for gaining confidence that the object is what it appears to be; this process is referred to as authentication, and such processes may vary in their formality. By no stretch is authentication new, nor does it emerge with the rise of a networked society. Whether it is ancient artefacts, video statements allegedly released by terrorist organizations, or individual identities, all undergo a process of authentication. As described by Stephan Brands, “[i]n communication and transaction settings, authentication is typically understood as the process of confirming a claimed identity” (Brands, 2005: 1, emphasis in original).

Stranger Society: Authenticity in the City and Virtual World
As I have indicated above, authentication is not new to social life. While individuals once lived their lives in the absence of anonymity, industrialization and the rise of the city significantly altered the dynamics of social living. The emergence of the city facilitated the growth of individualism, privacy, and anonymity, leading some to suggest that we have become a society of strangers (Lofland, 1973). The ‘stranger society’ thesis simply suggests that most of our interactions in everyday life occur with strangers who cannot vouch for our reputation based on first-hand personal knowledge. The unknown reputations / motives of others are a source of uncertainty and insecurity, and various institutions began using surveillance technologies, such as photo identification to authenticate valid clients.

In the early 1990s, we began to see the emergence of the World Wide Web. Early proponents of the internet promised an anonymous playground, impossible to regulate. However, the more popular the internet became, the more incentive dominant institutions had to establish themselves online. In less than a decade, the vast expansion of information technology made it possible to engage in urban social life without actually being present. Shopping and banking can now conveniently be done online from the comfort of home, while professional and personal relationships (local and global) may be mediated through the internet without any actual (physical) meeting. David Lyon (2001) refers to this declining requirement for co-presence in our day-to-day interactions as the disappearance of bodies.

As internet usage has become more mainstream, so too have new social fears, which have had an impact on settings that allow for online transactions and communications. These fears include, but are not limited to, fears of identity theft and cyber-predators. First, it was quickly realized that for the majority, the internet did not make good on its promises of privacy and anonymity. Most of our online interactions require that we divulge information about ourselves, which may later be pieced back together to reveal a better picture of our real identities. As most of us are aware by now, our personal information had been commodified, and may be used for both lawful and illicit purposes. Second, fears have emerged around the threat of cyber-predators, whether it is paedophiles, child pornography rings, or even callous men hunting vulnerable women to date for financial gain.

Not surprisingly, institutions have responded to these new fears, in an attempt protect the online economy, spawning an entire industry around online privacy protection, surveillance, and authentication. Parallel to the budding online security industry emerged an ethos of online responsibilization. While I will not go into any further detail on the subject, I will acknowledge (whether I agree with them or not) that great strides have been made by institutions to authenticate the identities of individual engaging in financial transactions online. What I would like to discuss in more detail for the remainder of my commentary is authentication that occurs in online communication settings.

Many of us have had the experience of establishing an email account of some sort. Whether we choose Yahoo or Hotmail as our email service provider, or whether we open an account on Blogspot or MySpace, the process is usually similar. Each of these typically requires the user to create a self-generated username and password, which is usually verified using some form of cryptographic technology. But again, as anyone who has created such an account is aware, the information we often provide to establish such accounts is rarely, if ever, accurate.

A quick cruise through the user profiles of YouTube members confirms that I am not alone in providing inaccurate profile information. Given the above, allow me to suggest that, unlike their counterparts responsible for transactional settings, the creators of online social and communication spaces are not preoccupied with authenticating the true identities of its users. Does authentication not occur in social spaces online? This is a question I began to explore within the confines of the YouTube community.

Video Sharing and the YouTube Community
For those who have been hiding under a shell, or simply have not been paying much attention to the media hype enjoyed by the video sharing website YouTube.com, this website had its official debut in November 2005, and by summer 2006 was the fastest growing website on the internet. In November 2006, the start-up was purchased by Google Inc. for a purported $1.65 billion US. In addition to sharing music videos and movie/television clips, the YouTube allows amateurs to post videos or share their experiences and/or opinions via vlogs. Consequently, YouTube has created several internet celebrities, several of whom have gone on to experience fame beyond the YouTube community. While some of these YouTube celebrities have achieved fame as a result of their film making talents, others have done so as a result of contested online identities.

This past week a viral video posted on YouTube entitled Bride Has Massive Hair Wig Out made national headlines after receiving over 2 million hits. The clip appears to be an amateur recording of a twenty-something woman chopping her hair off during a tantrum an hour before her wedding. Debate immediately emerged regarding the authenticity of the video. As it turns out, the clip was an initiative launched by hair product company Sunsilk Canada, and the individuals in the video are aspiring Canadian actresses.

Another contested YouTube identity was that of Bree, more popularly referred to by her username lonelygirl15. Lonelygirl15 debuted on YouTube in June 2006, as a coming of age story through which the audience shares in Bree’s life experiences. In addition to her video postings on YouTube, lonelgirl15 also established a MySpace site to facilitate communications with fans. Despite these efforts to make Bree’s identity as believable as possible, in just over one month, several fans began to question the authenticity of the lonelygirl15 video blogs, and by September it was revealed that Bree, a.k.a lonelygirl15, was actually an actress named Jessica Rose. The YouTube community was divided as several members responded to the lonelygirl15 controversy. While some YouTubers became upset when Bree’s true identity was revealed, others provided their support for the series’ creative efforts.

While I am not necessarily concerned with which side individuals took in this controversy, I am struck by how YouTubers, and even members of wider society (including popular media), have demanded authentication of the identities portrayed within this virtual social space. Whereas in online financial transactions authentication is top-down, from institutions to users, authentication in the context of the examples provided from YouTube, indicate that demands for authentication in communications settings are more likely to be lateral.

Further, after examining the user profile information of selective YouTube participants, I have also come to question whether the lonelygirl15 controversy is really about Bree’s contested identity, given that it is not uncommon for YouTubers to mask their real-life identities. Ironically, even some of those who have rebuked lonelygirl15 are not forthcoming with their true identities, often providing inaccurate user profile information. Rather than these controversies being about authentic identities, I believe the controversy is more rooted in the authentication of the medium used to present video clips such as the lonelygirl15 storyline (vlogging) or the wig out bride. While the traditional medium of movie and/or film may be understood as fictional, the vlogs and viral videos presented on YouTube, for the most part, are conceptualized as authentic. Surely the creators of lonelygirl15 and the executives at Sunsilk Canada have intentionally exploited the authenticity of the YouTube medium.

Recently, a reporter asked an advertising executive whether ‘net seed’ clips such as wig out bride are going to become the ‘new normal’ of advertising. If they are, and if the post-911 ‘new normal’ is any indication of the events to come, I conclude my commentary with the following questions: 1) Will YouTube.com become a virtual battleground? And 2) Will YouTubers become the foot soldiers in a ‘war on authenticity’?

References:

BRANDS, S. (2005) Authentication. Available online at: http://www.idtrail.org/files/Authentication_Brands.pdf

LOFLAND, L. (1973) A world of strangers: Order and action in urban public space. New York: Basic Books.

LYON, D. (2001) Surveillance society: Monitoring everyday life, Open University Press; Philadelphia.


Patrick Derby, MA Candidate, Department of Criminology, University of Ottawa.

| Comments (1) |

“Citizen Journalism” and Privacy

posted by:Teresa Scassa // 11:59 PM // January 30, 2007 // ID TRAIL MIX

trailmixbanner.gif

It is increasingly commonplace for video of events, captured by ordinary individuals, to make the news. With the ubiquity of camera phones, the likelihood that someone will be on hand to record incidents otherwise lost to the news media increases significantly. To give an illustration, in the first week of January, a Nova Scotia cabinet minister was forced to resign when the media broadcast images from a cell phone video which showed him leaving the scene of an accident. The video was captured by a witness to the accident.

Examples like this are only one variety of so-called citizen journalism, which can take many forms. In some cases, citizens capture video, or provide commentary on news stories to major media outlets which report and communicate these contributions alongside their professionally prepared content. In other instances, individuals or collectives become the news intermediaries by creating alternative web sites to disseminate news or information on the theme or topic of their choice. Individuals may also dispense with intermediaries entirely, and create their own blogs, or post video footage or verbal commentary on their own website or on a content-sharing forum such as YouTube. These phenomena have given rise to a lively debate about the very nature of journalism.

Citizen journalism raises interesting privacy issues. Online video footage, photographs and even written commentary can feel extremely invasive of one’s private sphere. This is particularly the case where one has no expectation that one’s activities are being recorded. Yet in Canada, for example, legislation such as the federal Personal Information Protection and Electronic Documents Act (PIPEDA), the Personal Information Protection Act (PIPA) in each of B.C. and Alberta, the B.C. Privacy Act, (to give a few examples), contain exceptions for information collected, used or disclosed for journalistic purposes. These exceptions from basic privacy norms recognize that the public interest in news events will tend to outweigh individual privacy interests.

What is news, then? And what is journalism? Is it anything that takes place that someone considers worth reporting or worth reading about? Or is news defined in terms of either who gathers it (journalists) or who reports it (established media). To a large extent, the legislated exceptions from privacy legislation mentioned above seem premised on a particular understanding of journalism – one that involves an executive editorial control that acts as a filter for inappropriate content, and that follows accepted norms for news reporting. Yet there is a push in some quarters to recognize ordinary citizens acting as news intermediaries as being engaged in journalism. (See, for example, the discussion by Michael Geist in “We are all Journalists Now”, http://www.michaelgeist.ca/index.php?option=com_content&task=view&id=1280)

Where citizens send their cell phone videos to news outlets to be broadcast as part of television news programs, the result can be characterized as traditional media outlets expanding the scope of sources on which they rely for news footage. The screening mechanisms, quality control, verification measures and so forth, presumably remain in effect. Thus it is likely that cell phone footage broadcast over television networks will benefit from journalism exceptions in privacy legislation.

The situation is less straightforward, however, when so-called citizen journalists avoid the intermediation of professional news outlets and offer their footage online by posting it on private, non-professional news sites, on content-sharing sites such as YouTube, or on their own personal websites. Absent the formal infrastructure, do their activities constitute journalism? To put it another way, do the exceptions protect an industry, or a particular kind of activity? And if it is the activity, then is there a basis for distinguishing between activity that merits the label ‘journalism’ and that which falls below the unarticulated standard? (And here again, a journalist might be defined in terms of the acceptance of their work by an established media industry). It is interesting to note that in a recent decision from the U.S. District Court of South Carolina, a judge, in considering whether a blogger’s comments were ‘journalism’ proposed a functional analysis “which examines the content of the material, not the format, to determine whether it is journalism.” (BidZirk, LLC v. Smith, April 10, 2006).

Of course, with a statute such as PIPEDA, which only applies to the collection, use or disclosure of personal information in the course of commercial activity, making one’s cell phone video footage freely available to all interested parties does not trigger the application of the Act in the first place. B.C’s PIPA does not apply to a person acting in a “personal capacity”, whatever that might mean. (If someone is not acting in a “personal capacity” when they post video footage of events online, then in what capacity are they acting? Is it necessarily journalistic?) It also does not apply where the collection, use or disclosure is for journalistic purposes “and for no other purpose” (Query: what is a journalistic purpose? Is it just to see something in print, or does it include a desire to right a wrong, see justice done, fight crime, fight pollution, etc.? If these goals are part of the purpose for posting footage, for example, then is this a journalistic purpose alone, or a journalistic purpose combined with some other purpose?) B.C.’s Privacy Act, which creates a cause of action for a violation of an individual’s privacy rights, provides that a publication of material does not violate privacy if “the matter published was of public interest”.

The wording of these various exceptions raises interesting questions about the scope and purpose of journalism exceptions in privacy legislation. Is the goal to allow an industry to continue to operate in its customary manner? Or do the exceptions serve a broader public interest objective? The B.C. Privacy Act (to use an example) focuses on the issue of the “public interest” in determining whether a publication is a violation of privacy rights. With cell phone footage posted online, therefore, the issue under might be whether disclosure of the footage served a “public interest”. One may wonder whether the choice by the drafters of such statutes as PIPEDA or PIPA to use “journalism” as the basis for the exception aims to capture more than simply the public interest. In other words, is it possible that those statutes focus on a more traditional concept of journalism which assumes the added protective layer of editorial choice and unwritten norms or conventions?

Some say citizen journalism will ultimately make politicians, police, public figures and corporations more accountable, as they can no longer assume that their conduct will remain largely insulated from public view. However, others raise concerns about the impact of some forms of citizen journalism on personal privacy. They note that the targets of such journalism may not just be public figures and institutions, but may be private citizens captured committing minor infractions in their course of their daily lives. For example, if municipal by-laws say that trash cannot be put on the curb until the morning of pick-up day to prevent animals from getting into the trash and making a nasty mess, does a person who puts their trash out the night before deserve to have their photograph posted on a website which denounces those who contribute to urban pollution? Perhaps they do. But the level of exposure may be more than is warranted by the public interest. It might expose that individual to a backlash that is out of proportion to the offence. It is also not particularly nuanced; it does not all for a consideration of the “other side”. Is there a difference between journalism and vigilanteism? In Oklahoma City, one man decided to post on his web site video footage of johns soliciting sex from prostitutes in his neighborhood in an effort to combat prostitution in his neighborhood. (http://showmenews.com/2006/Aug/20060817News023.asp) Is this citizen journalism or vigilanteism? Or a bit of both?

To side track for a moment, it is interesting to consider the debates that have arisen regarding the online publication of court decisions. The publication of court decisions has always been an important part of an open and transparent system of justice. However, the impact on individuals of the internet publication of sensitive personal information has required some modification of this general principle of openness. The Canadian Judicial Council (CJC) has developed a protocol for the drafting of reasons for judgment by judges which is intended to balance the principle of openness with the reasonable privacy interests of litigants. (http://www.cjc-ccm.gc.ca/article.asp?id=2814) Yet in the absence of a court-ordered publication ban, the CJC would only restrict the publication of personal information in court decisions in the most extreme circumstances:

. . . there may be exceptional cases where the presence of egregious or sensational facts justifies the omission of certain identifying information from reasons for judgment. However, such protection should only be resorted to where there may be harm to minor children or innocent third parties, or where the ends of justice may be subverted by disclosure or the information might be used for an improper purpose. (CJC, Recommended Protocol for the Use of Personal Information in Judgments, para 31)

Of course, the publication of judicial decisions is not citizen journalism. The motivation towards openness in the reporting of judicial decision-making is supported by both a strong sense of an underlying public interest that is being served, and confidence in a professional and accountable judiciary. To return again to the journalism exceptions in privacy legislation, perhaps it is a sense of the public interest served by the professional news media combined with a certain confidence (whether warranted or not) in the professionalism and accountability of the established news media that lies behind the legislated exceptions to privacy norms in the collection, use and disclosure of personal information. If this is the case, then citizen journalists should be wary.

Teresa Scassa is Associate Professor and Director of the Law and Technology Institute at the Dalhousie University Law School.
| Comments (0) |

When Less is More: Privacy, Security and Civil Liberties from Johannesburg to Washington

posted by:Jena McGill // 11:59 PM // January 23, 2007 // ID TRAIL MIX

trailmixbanner[1].GIF

Events deemed “national emergencies” have long provided justification for infringing civil liberties. In some instances, “security concerns” have led to the complete revocation of even basic rights, as was the case during the World War II internment of more than 22,000 Japanese Canadians on the basis of an alleged security “threat.” As we are well aware, “security” against the “terrorist emergency” has become the unofficial trump card of the post-9/11 world.

As a result of ballooning security issues and the threats that security “solutions” often pose to privacy interests and civil liberties, understanding the tension between privacy and security has grown both increasingly important and progressively more troublesome. In response to escalating levels of unwelcome surveillance and the scores of other unsolicited, privacy-invasive practices that pepper our day-to-day lives in the name of security, privacy advocates continue to call for appropriate limits on privacy-eroding laws and technologies that threaten to eat away at our privacy interests and civil liberties.

In the quest to define and promote these limits, one of the greatest challenges for the privacy community is answering the “how to” question when it comes to balancing privacy-related values with other, equally important but sometimes competing interests and rights. The privacy versus security contest is perhaps the most topical and certainly one of the most difficult tensions with which we must currently come to grips. The two ideals are often pitted against one other as rivals in an “either/or” dichotomy. An increase in security will necessarily come at a cost to our privacy and civil liberties – a cost that the privacy community generally deems too great to pay....or is it?

Earlier this month, news headlines hailed the success of a massive 350-camera surveillance system of closed circuit televisions installed throughout downtown Johannesburg, South Africa in 2001 [1]. Branded as one of the most dangerous cities in the world, Johannesburg credits the downtown cameras with drastically reducing the city’s crime rate - generous estimates cheer an 80% decrease in crime following the installation of the surveillance system. Prior to the introduction of downtown surveillance, Johannesburg’s high level of crime was blamed for stifling the social and economic life of the city, and virtually paralyzing its population. With crime now on the decline, Johannesburg officials anticipate that the city’s economic and social life will rebound and it will become a thriving metropolis and business centre. Extensive, privacy and anonymity-eroding surveillance has, ostensibly, saved the city.

Contrast Johannesburg with the latest round of U.S. law-making “in the name of national security.” The federal government is currently finalizing a plan to add to the FBI’s system of federal and state DNA databases the genetic codes of tens of thousands of illegal immigrants, captives in the “war on terrorism” and others accused but not convicted of federal offenses [2]. In most states, a person must be convicted of a crime before his or her DNA is added to the national system. The new plan, however, would apply to any U.S. citizen arrested under federal authority and to all non-U.S. persons who are detained for any reason at all. (The majority of the latter group will inevitably be illegal immigrants caught at the border or rounded up by law enforcement after entering the country.) This plan strikes a balance that has become typical of U.S.-policy making post 9/11: less privacy in the name of more security. Predictably, proponents allege that increasing the pool of DNA profiles available to law enforcement officials will assist in solving crimes and will make it easier to identify and track potential “terrorists.” Opponents of the plan, including the privacy community and the American Civil Liberties Union (ACLU), allege that mass seizures of biometric information are a gross violation of individual privacy and erode basic civil liberties.

The impetus behind both the Johannesburg surveillance system and the U.S.’ DNA collection plan is not dissimilar – to prevent crime and increase the efficiency of law enforcement [3]. In the latter example, as the ACLU points out, there is a very high risk that the collection and retention of DNA by government agencies will have a seriously detrimental impact upon individual privacy and civil liberties. The former case, however, is less certain. The privacy-invasive surveillance network appears to have impacted positively upon the rights of Johannesburg’s citizens by ensuring a higher degree of safety in the city’s downtown. Individuals are now able to participate in their communities and more fully enjoy their rights and freedoms. While the dialogue of the privacy community often focuses upon the negative effects that privacy-invasive technologies can have upon rights and liberties, the Johannesburg example asks us to consider how such technologies and practices may in fact work to further civil liberties and enhance the enjoyment of rights.

When we talk about privacy, it is always necessary to ask whose privacy is at stake and under what kinds of circumstances. These questions may yield very different answers depending on the context and the relative weight of privacy as against other relevant values and interests in a given situation. In the clash between privacy and other interests, and particularly when it comes to striking a balance between privacy and security, the North American privacy community often adopts a “more privacy equals more liberty” standpoint. We know, however, that this equation does not always hold true. Feminist scholars, for instance, have highlighted the ways in which privacy has been used as a shield to cover up the degradation and abuse of women and others in the private sphere. Too much privacy is not only possible, but can lead to deeply harmful outcomes.

The concern at the opposite end of the spectrum, of course, is that a right once ceded is eroded. Privacy infringements may be subject to a classic slippery slope argument – give away a little and you risk losing a lot. Are there bright line differences between gratuitous invasions of privacy and necessary sacrifices made in the name of some “greater good”? In the abstract, it is easy to agree that the concept of privacy is important and should be defended. The ways in which privacy’s theoretical importance translates into diverse real world situations is incredibly varied and at times conflicting. This makes privacy a necessarily qualified concept, and means that it is critical to contextualize its relative value within the larger spectrum of competing and complementary values that exist in a given situation.

The relative nature of privacy includes a number of considerations. Most would agree that while almost all societies appear to value privacy to a certain extent, there is a great deal of disparity in the ways in which privacy is sought and obtained, and in the levels of privacy to which a given culture or society aspires. A related inquiry is whether or not there are any aspects of life that are innately private and not just conventionally so. One of the ongoing difficulties in defining privacy and calculating its weight is that it is strongly relative and inevitably contingent on factors including economics, social norms and the technology available in a given socio-cultural domain.

There is perhaps a third dimension to the relative nature of privacy that depends upon basic human needs. The citizens of Johannesburg have, willingly or otherwise, sacrificed a great deal of their privacy and anonymity to the downtown surveillance system. Without surveillance, however, everyday activities carried an increased risk as a result of the city’s high crime rate. When basic needs, like physical safety, are not being met, as was the pre-surveillance situation in Johannesburg, privacy may be accorded less weight in balancing a society’s needs.

This idea resonates within the framework of Maslow’s Hierarchy of Needs and related schemes designed to explain human needs and desires. Such hierarchies propose that humans strive to meet successively higher psychological needs like esteem, respect and self-actualization only as their basic physiological needs, including physical safety, food and shelter, are satisfied. The basic concept is that the higher needs only come into focus once all the needs lower down in the pyramid are satisfied. Where does privacy fall in the Hierarchy of Needs? It is possible to argue that privacy is or should be located somewhere above basic physiological needs. When the necessaries of life are not fulfilled, privacy takes on a relatively diminished importance.

We spend a great deal of time thinking, talking and writing about how to define and defend this “thing” called privacy. One of the critiques often leveled against privacy is that its definition is subject to a patchwork of meanings, making it difficult to “pin down” and complicated to use and protect. At the end of the day, maybe this is not a critique at all, but recognition of privacy’s relative and multiple character and its different meanings, uses and levels of importance around the world. Johannesburg’s surveillance project reminds us that “less may sometimes mean more,” and that in our own privacy dialogue we must continually recall the context within which we live and work.

[1] CBC/Global News Bit, (January 6, 2007).
[2] See Richard Willing, “Detainee DNA may be put in Database” USA Today (January 19, 2007), online: http://www.usatoday.com/news/washington/2007-01-19-detainee-dna_x.htm.
[3] I acknowledge, but do not address here, the critical differences between the nature of the information being collected in Johannesburg and that proposed in the U.S. Capturing a video image via surveillance and collecting a genetic code through mandatory detainee DNA collection represent two distant points on a spectrum of invasive data collection practices, not least because of their differing potentials for misuse.

| Comments (1) |

Who is That Masked Woman? Masking and Unmasking in Public Places

posted by:Gary Marx // 11:59 PM // January 16, 2007 // ID TRAIL MIX

trailmixbanner.gif

In the Netherlands the government has proposed a public ban on covering the face with clothing such as the burqa, the Islamic head-to-toe robe. Similar restrictions have been suggested, and in specific contexts are in place, elsewhere in Europe. For Dutch leaders in a government facing re-election, the issue reflects contemporary religious and political conflicts, however miniscule the number of effected women. But the issue goes beyond current events to broader questions involving expectations about public behavior.

In modern societies the law is relatively clear about the rights others have with respect to the image an individual offers in “public”. Unlike some traditional societies in which the eyes must be averted or where veils are mandatory, in our culture appropriate looking is permitted (and can even be a sign of respect). In Canada and the United States what can be seen in public can also generally be photographically captured.

The presenting individual has rights as well. He or she can appear in ways that others may find offensive or provocative (whether sexually or stylistically). While the fashion police and the reticent may disparage such appearances, the real police have no criminal sanction to enforce. The enlightenment heritage protects the freedom to present the self as one chooses –I am free to be me and maybe even you. This contrasts markedly with societies where dress and body adornment are rigidly controlled and tied to social position.

In our society individuals are permitted and even encouraged to alter and disguise their “natural” appearance. They can wear baggy or padded clothes or those that accentuate muscles and curves. They can dress in age inappropriate ways and wear the cloths of the opposite sex. Cosmetic surgery, liposuction, botox, hair implants, elevator shoes, makeup and tinted contact lens are viewed by many persons as admirable forms of self-expression and self-help.

There are of course limits. The law in principle is clear about what must not be offered in public. The famous “naked man” of the University of California, Berkeley was arrested many times for what he failed to wear. In many jurisdictions women who breast feed in public places (or even in “private” places accessible to and visible to the “public”) may face arrest or exclusion.

The law and our expectations however are less clear and in conflict regarding what must be offered in public. When must the face be revealed?

It is well within the bounds of a pluralistic society to accept covering the face for legitimate purposes in public places, whether for religious reasons, anonymity in political communication, modesty or to hide disfigurement (e.g., the phantom of the opera). The acceptable link between form and function with respect to a mask on the ski slopes, the motorcycle helmet visor, the respirator or a mask for a costume party is clear. Society, or at least literature, might have been worse off if Zorro and the Lone Ranger lost their anonymity.

But what of settings in which a mask is worn for anti-social purposes, has unintended undesirable consequences or its link to religion is disputed? What happens when a valid religious justification conflicts with other important goals?

In the later 19th century a number of U.S. states passed anti-masking laws directed against the Klan. Consider as well prohibitions on wearing hooded sweatshirts in shopping malls or entering a bank while masked. The issue is not just that malls like banks are private places and hence freer to set their standards, but that as means of deterrence, accountability and identification there are strong grounds for prohibiting masking. In Denmark a series of bank and post-office robberies were carried out by a woman dubbed the “burka-robber”. In some jurisdictions there are additional penalties for wearing a mask when carrying a concealed weapon or in the commission of a crime.

The modern notion of a public sphere (whether a physical or cyber place) invites all citizens to participate regardless of social attributes. It implies legal rights of access, observation and expression. But it also involves more informal expectations of reciprocity in which individuals encounter each other as equals and are expected to behave within the bounds of civility (whether required legally or simply by manners). One aspect of this is being able to respond to the other by reading facial appearances and expressions.

The masking of the face brings a lack of reciprocity relative to those who present their faces (however adulterated). The masked person can see us, why can’t we see them? One way mirrors are not very appreciated in open societies. Paradoxically the covered face calls attention to itself and is in your face far more than the visible one. Beyond inhibiting interaction, the inability to see an individual’s face may engender fear and discomfort given the symbolism associated with the mask of the hangman and the criminal and the presumption that those who are hiding do indeed have something to hide.

But what is being hidden when a women covers her face and body? And why?
In Islam and Judaism covering the head is a sign of humility before God. Yet the burqa in being restricted to women goes far beyond this to issues of gender equality. Clerical supporters of the burqa suggest that it is a way of calming male passions, as well as an expression of modesty. Whether it has this impact (or the reverse given our fascination with what is hidden) is a question for empirical research. But even if it is factually correct, why not be consistent and consider female passions that may be aroused by viewing the unmasked male? In a less sexist and sexualized environment perhaps the need to mask the face would not be felt. Until then, gender equity would suggest the need to mask men as well as women. The mandatory masking of women, as was done under the Taliban, excludes them from full interaction in public settings. The dynamism and heterogeneity of the public sphere and the serendipitous encounter favored by urban theorists such as Jane Jacobs is lessened.

A number of European cases involve prohibiting teachers or students from masking their faces. Courts have ruled that the interaction that occurs in the classroom is inhibited when the face can not be seen. Similarly the broad vision required in driving a car may be impaired and a photo-id on a passport or driver’s license becomes moot.

Rather than legal prohibition, there may be indirect pressure against masking because of the secondary consequences it is presumed to have. For example in Amsterdam and Utrecht there are proposals to deny benefits to unemployed women who wear the burqa because it is seen to make them unemployable. An alternative of course would be anti-discrimination legislation in employment.

Opposition to masking based on its functional consequences is distinct from that based on implications for separating church and state or for the maintenance of order. In France for example the prohibition on head scarves and skull caps in schools reflects secularism and goals of equity and assimilation. In Germany their have been proposals to do an end run around the issue by requiring all students to wear uniforms. In some United States high schools there are prohibitions on clothes reflecting gang colors or those deemed to be too provocative.

Such cases reflect the inherent value conflicts between the individual and the community (or better between various communities) which need to be continually debated. Yet these self-presentation cases are not based on a concern with making the individual’s unique identity public. Indeed with respect to symbols of group affiliation, the situation is reversed –the individual seeks to advertise rather than hide an aspect of identity, while authorities seek to prohibit this.

Given the ubiquity and controversy over public surveillance and the move toward facial recognition technology, masking the face in public might even be seen as heroic resistance to the loss of public anonymity (let alone a way to resist disease). In one sense it is equivalent to using a paper shredder, pseudonyms, encryption and a floppy hat and sun glasses to protect privacy.

The issue may also be temporary as a result of the pace of innovation in the tools of identification. In a few decades it could even be seen as a quaint historical remnant of a backward age when identity was still determined by appearance and cards in the wallet, rather than by involuntary transmissions from implanted chips or distinctive scent.

But until then, it would be as wrong to categorically prohibit masks related to religious beliefs in public as it would be to require them. As with so many of our most contentious social issues the answer to masks should not be “never” or “always” but “it depends”.

What it ought to depend on is the context, motives, consequences and alternatives. In settings where the social costs can be significant or where an important community goal is subverted masking is undesirable. For benign activities such as walking on the street or visiting the library tolerance is required, although it is not cost free.

One would also hope that those who support masking are aware of the impact this may have on others and of the legitimate reasons for opposition to masking motivated not by religious intolerance, but by a different weighing of competing values.


--
Gary T. Marx is Professor Emeritus MIT (garymarx.net).

| Comments (1) |

SMELLS LIKE TEEN SPIRIT

posted by:Ian Kerr // 11:59 PM // January 09, 2007 // ID TRAIL MIX

trailmixbanner.gif

With the lights out its less dangerous
Here we are now
Entertain us
I feel stupid and contagious
Here we are now
Entertain us

Kurt Cobain


all is quiet on new years day. the pizza last night at colonnade was warm and comforting not unlike our nearby fireplace, where i now sit cross-legged with my laptop, well, on my lap. it occurs to me just lucky i am and how nice it was to spend a low key evening with family. (i have always thought of new years eve as a night that you have to kiss people you normally wouldn’t spit on…happy to have transcended that phase of life.)

rather than waking erin and newton, both of whom have an incredible ability to sleep easily and peacefully, i strangely find myself reflecting on the time that i spent last summer nosing around the caselaw on sniffer dogs.

at the time, i was preparing for an NJI conference, where my idtrail colleagues and i offered 150 judges a full day workshop on the reasonable expectation of privacy. we will be doing a funky-fied version of it again in montreal at CFP 2007, which is being organized this year by privacy guru and director of strategic policy and research at the office of the privacy commissioner of canada (and former idtrail research coordinator) stephanie perrin.

sniffer dogs look a lot like my dog — however, unlike newton, they are specially trained to “sniff-out” contraband such as illegal drugs or explosives.

i am not a criminal law specialist, nor do i claim any particular expertise in the law of search and seizure. but i do care a lot about it. it is the area of law most significant to the development of a crucial legal construct: the reasonable expectation of privacy.

the ‘reasonable expectation of privacy’ standard provides the benchmark for circumstances in which the state (and sometimes the private sector) is constitutionally permitted to interfere with an individual’s privacy interests. my own interest in the subject and part of the contribution that i had hoped to make at the NJI workshop stems from my deep concern that emerging surveillance technologies will be understood by courts to diminish our expectation of privacy; as i discuss in my NJI presentation, i think that this would be a dreadful, terrible mistake. an epic social disaster, really.

the crossroads for an exploration of the most recent sniffer dog cases, in my view, is a case that had nothing to do with sniffer dogs: a 2004 supreme court of canada decision called tessling.

at issue in tessling was the RCMP’s use of FLIR (forward looking infrared), a technology that captures the infrared portion of the electromagnetic spectrum. as the supreme court described it, it is a camera that takes pictures of heat instead of light. in tessling, the RCMP used an airborne FLIR system so that officers could measure from way-up-in-the-sky the heat emanating from a house occupied by a guy called walter tessling.

you see, the RCMP were suspicious that tessling had a grow-op in his house. but their sources were unreliable. the point of using airborne FLIR was to get better evidence — without trespassing on the property — so that an officer could appear before a judge and assert reasonable grounds to believe that tessling was growing pot in his house. (mere suspicion is not enough to get a search warrant.)

tessling’s lawyer argued that, without a warrant, the airborne use of FLIR to measure the heat coming off the walls of his house amounted to an illegal search and that the FLIR-evidence ought therefore be inadmissible in court.

the supreme court disagreed, stating at paragraph 63 of the decision that:

external patterns of heat distribution on the external surfaces of a house is not information in which the respondent had a reasonable expectation of privacy.

i could go on at some length about the decision and the legal framework used to determine that walter tessling did not have a reasonable expectation of privacy in the heat waves emanating from his house. but a discussion of the tessling decision or the legal framework it supports is not my current purpose. (if you are looking for that background, you should *most definitely* check out my friend and colleague jane bailey’s superb NJI presentation.)

since my focus is on sniffer dogs, tessling is relevant only insofar as its outcome seems to invite subsequent courts to consider adopting an extension of its logic — namely, in searches involving sniffer dogs, to ask:

whether external patterns of smell on the external surface of a knapsack is, or is not, information in which a person holds a reasonable expectation of privacy.

with the growing concern about various sorts of contraband, this is a burning question in canadian courts.

the answer to this question, i suggest, needs to be understood within the broader context of a recent and increasing trend in law enforcement — the adoption of ‘jetway’ programs (smell the irony in the ‘jetway’ nomenclature: this program is geared towards the surveillance of people who can ill-afford to travel by plane; it mostly takes place at bus terminals.)

jetway was developed in the US but has been used across canada for about 5 years. according to our courts, this program targets travelers said to look “out of the norm” in terms of their clothing, their behaviour, or their actions. once targeted, the abnormal-looking-individual is approached by a police officer along with a four-legged friend. the officer immediately shows police identification and engages the target in conversation, watching all the while for unusual behavior. the target is either discounted quickly and allowed to walk away, or is further engaged in a conversation that swiftly becomes more “personal and intrusive”. police describe these encounters as “strictly consensual”, claiming that the target is free at any time during the conversation to walk away. however, the police will often demand to see the target’s travel tickets and identification; sometimes this leads to a further ‘request’ that the target ‘consent’ to a baggage search. targeted persons usually capitulate. most don’t realize that they have any choice in the matter.

even if a target refuses to consent to a baggage search, the police dog does with its nose what the officer was not permitted to do with his or her hands and eyes: the pooch determines the contents in the bag and reacts in response to certain forms of contraband. permission or no permission, the sniffer dog sniffs.

funded to the tune of more than $500,000, canada’s federal jetway training course has been responsible for training hundreds of RCMP officers and enforcement officers from other agencies. similar provincial and municipal programs exist. approximately 5% of officers trained are reported to participate in it daily.

Q – do these sniffer dog programs constitute a ‘search’ of the sort that ought to invoke constitutional safeguards?

it turns out that canadian courts are all over the map on this…

(so much so that i am willing to supervise the PhD of anyone who can convince me that they could provide a theoretical account that reconciles the different decisions that the courts have rendered on the issue.)

consider the following sample of judicial pronouncements from across canada:

1. “The use of investigative tools and aides such as police dogs to detect contraband or explosives on public buses is not beyond the realms of reasonable expectations of the traveling public.
The dog sniff does not constitute a “search” within the purview of section 8 of the Charter. As there was no “search”, there could be no breach of [the target’s] right to be secure from unreasonable search or seizure.” [R. v. Gosse at para 28 and 40 (New Brunswick)]
2. “I find that the police conducted searches without the consent of [the targets] prior to their arrest by the use of the police dog. I reject the argument that [the dog] was simply used as an investigatory technique. It is clear from the evidence … that the dog was extremely reliable in detecting the odour of drugs emanating, as previously stated, either from drugs themselves, a recent presence of drugs, or items such as cash that have been in the presence of drugs or handled by persons who have themselves handled drugs. The sole purpose of the dog being at the bus depot that day was to assist the officers in locating drugs.” [R. v. Dinh at para 28 (Alberta)]
3. “In conclusion, I am of the opinion the [target] did not have a subjective expectation of privacy that could reasonably be supported. [The target] chose to travel by public transport which would provide no control or protection from others entering his immediate space. The use of dogs by police was known and he was aware of the effect of passing in close proximity of such a dog. The use of trained police dogs to detect the scent of contraband in public areas such as train, bus and airplane depots is a legitimate police investigatory tool and does not infringe on any legitimate privacy interest protected by section 8 of the Charter.” [R. v. McCarthy at para 36 (Nova Scotia)]
4. “I am not persuaded that the judgment of the Supreme Court of Canada in Tessling is supportive of the … position that a dog sniff is not a search. In Tessling, the house of the accused was specifically targeted as a result of information that the accused was involved in a marijuana grow operation. I see a significant difference between a plane flying over the exterior of a building (on the basis of information received) and the taking of pictures of heat patterns emanating from the building, and a trained police dog sniffing at the personal effects of [the targets] in a random police search.” [R. v. A. M. at para 47 (Ontario)]
5. “Justice Binnie in Tessling notes that FLIR imaging generates information about the home but section 8 protects people, not places. As I noted earlier, he emphasizes the fact that the information generated by FLIR imaging about the respondent does not touch on "a biographical core of personal information", nor does it "tend to reveal intimate details of his lifestyle".
Nor does the information that the dog’s actions supply.”
I conclude that [the target] did not have a reasonable expectation of privacy in the area surrounding his vehicle. The dog sniff did not constitute a search. [R. v. Davis at para 21-23 (British Columbia)]

if one were to start counting judicial noses in the dozen or so reported canadian decisions, almost half of them have held that the use of sniffer dogs without a warrant constitutes a search that infringes the section 8 Charter guarantee to be secure against unreasonable search and seizure. slightly more than half deny that the use of sniffer dogs constitutes a search — usually on the basis that people do not have a reasonable expectation of privacy in the smells that emanate from their personal effects.

part of the explanation for the apparent schizophrenia in the caselaw is that the reasonable expectation of privacy test requires a decision based on the ‘totality of the circumstances’. to be fair to the courts, the fact patterns for the above decisions range from dogs sniffing knapsacks at bus depots, to dogs sniffing rental cars on open roads, to dogs sniffing kids’ school lockers. it is not surprising that such different facts could lead to different judicial pronouncements regarding the reasonable expectation of privacy in at least some cases.

judicial inconsistencies aside, there are, in my view, several other troubling aspects to the jurisprudence.

for starters, i am uneasy about the pickwickian logic adopted by an overwhelming majority of our courts across canada. it goes roughly like this: if there is no reasonable expectation of privacy, then there was no search. in other words, if i do not have an expectation of privacy in the smells emanating from my backpack, then when three police officers show up at my law school and randomly comb the halls with their trusty german sheppard, sniffing for students with dope, this is not to be considered a police search.

to me, this smacks of humpty dumpty’s scornful response to alice in through the looking glass that, "When I use a word it means just what I choose it to mean – neither more nor less." if police and their dogs are on duty and doing their thing but are not ‘searching’, then what exactly are they doing?!

this approach to defining police searches is further problematized by the recent trend to understand and define privacy in terms of informational privacy. my concern, one shared by many of the participants at our NJI workshop, is that the informational privacy approach is excessively reductionist in nature. once police activities are understood as nothing more than ‘capturing heat emanating from the wall of a building’ or ‘intercepting chemical emissions oozing through a backpack’, it is no longer possible to appreciate the deep social significance of RCMP planes beaming infrared lights at our homes in the middle of the night or OPP police officers and their guard dogs randomly patrolling our high schools, city streets and bus stations. (thankfully, as indicated in quotation #4 above, this point was not lost on the Ontario Court of Appeal.)

i am also troubled by the fact that, practically speaking, it matters squat what the courts think about privacy or how they define a search. regardless of whether sniffer dogs are said to conduct searches or whether the court finds that a target has a reasonable expectation of privacy in escaping odours, the evidence gathered through jetway programs is, at the end of the day, almost always admitted in law courts. according to most courts, to exclude the evidence, would bring the administration of justice into disrepute.

by admitting evidence in spite of the fact that it was obtained through a privacy breach, and/or by failing to provide any alternative remedies in the case of such privacy breaches, the courts are relinquishing the strongest deterrent available to prevent police from orchestrating investigations that are designed to interfere with privacy. without deterrents or remedies, such investigatory techniques are sure to become standard practice. and once they are standard practice – you guessed it – it becomes unreasonable for us to expect the police to act otherwise. quotation #3 above demonstrates this point nicely: since the target must have known that police regularly use dogs to sniff out drugs, he could no longer reasonably expect privacy with regard to smells emanating from his personal effects.

here, the notion of ‘expectation’ is completely stripped of its previous normative commitments.

instead, we are forced, as herbert hart might have put it, to take an external perspective of our expectations of privacy. like holmes’ ‘bad man’, who has not internalized the law as a reason for behaving a certain way but only sees legal rules as mere predictions about what the courts will do in fact, the reasoning adopted in quotation #3 above and by many members of the canadian judiciary tends to reduce our privacy expectations to nothing more than predictions about how the police will in fact behave and what technologies the consider state of the art.

its no longer about how they ought to behave.

the discourse is no longer centered on democracy, rights, duties or even interests. it is about the state of the art and the current standards of practice. as such, the ‘reasonable expectations’ test becomes a strange kind of factual inquiry.

the reasoning in quotation #3 above perfectly illustrates the crucial problem with the ‘reasonable expectations’ standard stripped of its normative meaning. once an expectation is understood as nothing more than a prediction: if you want to change the standard, all you have to do is change the expectations. and if you want to change the expectations, all you have to do is change the standard.

it’s a circle that rolls round upon itself.

and once that ball is rolling, it doesn’t take long to snowball. although i am quite certain that this is not what justice binnie had intended, the post-tessling trend in courts across canada has been to reduce our understanding of police search activities to an impersonal, non-social, merely informational transaction in a way that tends to shrink our reasonable expectations of privacy.

i find this trend particularly disconcerting in light of concurrent surveillance programs in the private sector and in light of rapidly developing surveillance technologies.

in what has to be one of the most unnoticed ‘anti-piracy’ surveillance news stories in 2006, the motion picture association of america very recently sponsored a world tour of two sniffer dogs named ‘lucky’ and ‘flo’. this gorgeous pair of black labs can be seen in this video sniffing-out polycarbonates, a byproduct of CDs & DVDs. with demonstrations across north america, central america, europe and asia, the purpose of this tour is to convince customs agents and border authorities, worldwide, to use anti-piracy canine units at airports, seaports, and anywhere else that bootleg CDs & DVDs are being transported. (a special shout-out to JereMe for bringing this story to my attention)

clearly, this is absolute תעגושמ. but, I assure you, it is not fiction. far from it.

and in the same world where dogs are being trained to sniff-out DVDs in gym bags, technologists are perfecting new means of remote sniffing. from simple devices that detect, measure and analyze electricity consumption to gas chromatography and other advanced forms of machine olfaction that are used to detect, measure and analyze odours in the air that even dogs cannot.

to take one very primitive technological example, consider digital recording ammeters (DRA). DRA is a technology that is capable of measuring the flow of electricity and producing graphical representations of the cycle of electrical consumption that takes place within a residence. among other things, these graphs can be used to identify grow-ops which, as it turns out, produce a very particular pattern of electrical flow. [grow-ops tend to use 18 hours of light and 6 hours of darkness to grow the plants and then switch to 12 hours of light and 12 hours of darkness in order to simulate autumn, thus producing the buds, which are the saleable product from the marijuana plant.]

with DRA, the police no longer need the expensive infrared fly-overs used in tessling. they just need to hook-up one of these load profile devices to a nearby public utilities pole; DRA can determine with nearly 100% accuracy whether there is a grow-op (though the DRA cannot, with any degree certainty, determine what is being grown). of course, DRA could also be used to determine other activities going on inside a home.

canadian courts have considered whether the police’s use of DRA constitutes an unreasonable search. like the sniffer dog cases, these decisions are all over the map. in a slender majority of the cases that i have read (6 to 5), courts have applied a tessling type analysis to DRA. for example, this court, this court, this court and this court all held that use of the DRA device to monitor a home was not a search and it therefore did not interfere with the target’s reasonable expectation of privacy — even though the entire reason for using DRA was to surreptitiously determine the nature of a target’s activities inside of a dwelling without transgressing its physical boundaries.

in my view, DRA and other primitive technologies need to be understood in light of one of the most rapidly developing areas in the field of information and communications technology: sensor networks. through the use of wireless technologies consisting of spatially distributed autonomous sensor devices, we are developing an astonishing capability to monitor and meter personal, physical and environmental conditions at greater and greater distances.

and, practically anyone can use these devices for practically innumerable purposes!

it doesn’t require much imagination think beyond today’s prototypes. consider the ingenious feral robotic dogs. with a few clever hacks, commercially available toy dogs (such as the famous sony aibo) have been turned into robotic sniffer dogs — enabling citizens to ‘sniff-out’ corporate contaminants from remote distances. granted, this project (by the brilliant natalie jeremijenko) is a happy use of sensor networks. a form of counter-corporate sousveillance. but it is not hard to see that there will be other uses, less happy.

the stunning technological developments that are just around the corner should give us some pause when we think about the simplistic and reductionistic way that our courts are becoming more and more inclined to think about the sniffer dog cases in particular and the reasonable expectation of privacy in general.

okay. newton has come downstairs to sniff-out a second breakfast and i hear erin’s quiet footsteps, so i’ll end now with an allegory.

kurt cobain, the troubled soul behind the legendary grunge band, nirvana, set out in the early 1990s to write what he called, “the ultimate pop song”; a song that would bust-down the barricade between alternative and mainstream rock music and perhaps serve as an anthem for generation x; a song that he called smells like teen spirit.

according to pop folklore, the rocker subsequently described as the spokesman for (or, was it against?!) the coming generation of excessive consumption borrowed the song title from a line spray-painted on the wall of his bedroom by his pal kathleen hanna:

"KURT SMELLS LIKE TEEN SPIRIT"

as the story goes, since he and kathleen (lead singer of the riot grrrl punk band bikini kill) had recently spent late evenings talking about the politics of anarchy, the future of alternative music and the plagues of humanity, cobain took her graffiti message as a slogan expressing how he had captured the spirit of a generation through his music.

apparently, kurt cobain had no idea what he smelled like!!

comically or tragically (depending on one’s point of view), the paint sprawl had a less inspired meaning. it turns out that hanna’s words were to be taken literally. she simply meant to say that kurt smelled like Teen Spirit,™ the deodorant worn by tobi vail (kathleen hanna's bandmate and kurt's then pelvic affiliate). cobain had not heard of this colgate product, nor had he realized that his friends thought of him as branded by his soon-to-be-causual-ex-partner’s scent.

i suspect that none of us really know what we smell of, or who is smellin’ us.


{REFRAIN}

a denial, a denial, a denial, a denial, a denial,
a denial, a denial, a denial, a denial

ian kerr
new years day, 2007

| Comments (4) |

Some Thoughts on Camera Phones, Space and Gender

posted by:Rob Carey // 11:59 PM // December 12, 2006 // ID TRAIL MIX

trailmixbanner.gif

For some time, I have been interested in camera phones and their implications for the various concerns this project encompasses. I recently came across the following account by software entrepreneur Philippe Kahn, in which he explains that he invented the device in 1997 to share photographs of his newborn baby:

While Sonia [Kahn’s wife] was doing the real work, I had my digital camera and my cell-phone working together and able to pull email addresses from my laptop. It took a couple of trips to Radio Shack as well as all my sleep for 48 hours. Sophie, our baby, was doing really well and were were able to share picture-messages with friends and family around the world in real time. The eureka moment was when we received messages back from friends and family going: “How did you do this? Where did you get this device?” Within a few days Sonia and I realized that if we could turn a real cool demo into a fully scalable system that could serve millions of picture-mails in real-time we would be building a great business: cool, innovative, exciting and really useful to about everyone

Kahn situates the camera phone’s myth of origin within the most intimate of social units – the family. In so doing, he establishes a neat congruity between the camera phone and conventional snapshot photography. Bogardus (1981), for example, contrasts the intimate nature of family photographs with the worldly nature of other image-making media: “Instead of being a public form of communication, the snapshot - despite its ubiquity - has always been a private one” (p. 114). Similarly, Metz (1985) argues that photography's chief realm has largely been that of domesticity, viz. the picture that commemorates family observances. He claims that “the kinship between […] photography and privacy, remains alive and strong as a social myth, half true like all myths” (Metz, 1985, p. 82).

As of this writing, however, the camera phone is still sufficiently strange as to be unencumbered by similarly commonplace cultural habits or understandings. Kahn’s account makes clear that networked interactivity is integral to the camera phone’s essence; the camera phone is a protean device capable of a broad range of functions, including text-messaging, e-mail, Web browsing, music and video downloads, games and, of course, image capture. It is therefore difficult to think of it as a home- or family-centered medium in the quite same way that Metz and Bogardus thought of the conventional camera. Indeed, the camera phone is exemplary of the various portable wireless technologies that have altered the microsocial negotiations peculiar to what Goffman called the public order (that is, spaces characterized by face-to-face contact among strangers or the “merely acquainted” (1971, p. xi)).

Interestingly, however, some research suggests that everyday camera phone use corresponds closely to traditional snapshot photography, insofar as it involves sharing information with friends and family (Okabe, 2004; Kindberg, Spasojevic, Fleck & Sellen, 2004; Van House, Davis, Ames, Finn, & Viswanathan, 2005). But this raises an interesting question: if the camera phone is contiguous with conventional home photography, why would anyone actually need such a device when a stand-alone digital camera would suffice? Despite the various uses to which camera phones may be put, the instrument appears to confound even some constituents of the camera phone industry itself. For example, the Consumer Electronics Association (CEA) issued a document in 2004 entitled Click Creatively: Novel Uses for Your Camera Phone, in which eleven of the twelve novel uses could have been performed with a stand-alone camera. Only one – “Let your kids use your camera phone to capture and email a same-day photo to friends during a family vacation” – invoked the camera phone’s interactive capacities. The slightly desperate nature of the CEA’s enterprise is evident in the twelfth suggested use: “Recreate that perfectly presented restaurant meal at home by using your camera phone to take a photo of it next time you dig in!” One could argue that any technology whose prospects depend on a general wish to photograph about-to-be-eaten food is doomed. It would seem, to paraphrase Latour (1997), that the camera phone is a solution to a problem that has yet to be invented. Yet the CEA’s inability to define a distinct role for the camera phone illustrates a critical point: cultural habits surrounding new technologies often arise from concerted efforts to create an ethic of use that defines and directs the user’s engagement (Munir & Phillips, 2005).

Practices surrounding conventional photography, for example, were carefully influenced by interests with a commercial stake in the medium. During much of the twentieth century, for example, Kodak promulgated a vision of home and family to which photography was central (the so-called ‘Kodak moment’). Integral to these efforts was the conceptualization of specific subjectivities for whom the taking of family photographs amounted to a kind of moral imperative. Kodak’s advertising often imposed upon mothers, for instance, the obligation to act as camera-wielding archivists of their family’s history (West, 1999). Indeed, Kodak’s strong association of the female subject and ‘home’ articulated a doctrine of separate spatial spheres for men and women so durable as to be subtly – or not so subtly, depending on one’s reading – reproduced in Kahn’s anecdote. Equally durable, of course, are the various other social practices surrounding photography that Kodak and other concerns worked so hard to create. Today, it is absolutely unremarkable to commemorate notable moment’s in family life – graduations, weddings, holidays – by taking a photograph, even though this notion was once alien to most people (Munir & Philips, 2005).

It is the struggle to articulate a role for the camera phone in society that interests me. Accordingly, I would like to explore a particular effort to construct the camera phone as a distinctive device, one that is integral to everyday life in a way that conventional cameras (or mobile phones) are not. Specifically, I consider a television commercial depicting camera phone use by a young, white, heterosexual couple. (The commercial can be found here).

Entitled “Duty Calls,” the commercial opens with a shot of two feet clad in women’s dress shoes. Various other shoes are strewn across the floor. Subsequent scenes reveal that the feet belong to an otherwise conventionally dressed man in a shoe store. After several intervening shots, he uses a camera phone to take pictures of the shoes he is wearing. In the next scene, the viewer sees a pregnant woman sitting on a couch with her feet elevated, answering her phone. She holds the phone so that the photograph of the shoes appear where her own feet would be. The ad ends with the superimposed text: “here… phones become dressing rooms”.

In one sense, the commercial conceptualizes space and place in a way that undoes the strangeness of the camera phone. It constructs an ethic of use and a context in which the device makes sense: the woman’s use of the device may be viewed as a liberatory act, insofar as it allows her to experience aspects of the world that exist beyond the boundaries of her home. Yet a deeper reading reveals a curious ambivalence: although the camera phone appears to serve its users by configuring spatio-temporality as a customizable phenomenon, it also delineates a sharp, gendered distinction between domestic space and the wider world. Integral to this interpretation is the woman’s obvious subjectivity as a consumer.

In their historical investigation of gender and urban spaces, Bondi and Domash (1998) argue that the growth of a middle-class “culture of consumption” (p. 279) played a key role in reconfiguring the contours of contemporary cities. Prior to the nineteenth century, a middle-class woman’s ability to venture into the city was strictly regulated by considerations of propriety. For such women, socially sanctioned activities in the city included “caring and nurturing activities, such as visiting the sick or infirm” as well as excursions to cultural sites and churches (p. 270). Compared to freedom experienced by a man of comparable position, a woman’s experience of the city’s spaces was relatively constrained. With the rise of a consumer culture, however, a woman’s freedom of movement expanded to include the spheres encompassed by consumer activities. As Bondi and Domash point out, however:

[I]n terms of space, this development could be potentially disruptive, since it required women, the bearers of “feminine” values, to enter the masculine spaces of the city to act as consumers... [T]his potentially disruptive act was neutralized by the development in the nineteenth century of “femininized” consumer space within the city - if women had to be on the streets of the masculine city, then those streets and stores had to be designed as feminine (p. 280).

Thus, a middle-class woman’s identity as a consumer afforded her limited access to certain public spaces in the city – department stores and arcades, for example, which were shaped to accommodate her status as a consumer. A woman’s ability to experience the city’s public spaces was therefore contiguous with her subjectivity as a consumer.

I do not think it is too much of a stretch to identify at least some elements of the foregoing in "Duty Calls". It is arguable, then, that the commercial not only echoes Kahn's myth of origin, but reproduces a longstanding doctrine of separate spatial spheres for men and women. As Nicholson (1983) argues, such spatial separations are as much figurative as material:

The spatial division separating the inner sphere of the home from the outside world had […] a symbolic significance that did not correspond precisely with the spatial division [...] the separation is more adequately understood as a separation between two worlds governed by different norms and values (Nicholson, 1986, p. 43).

Although the doctrine is long-standing, its various historical iterations have proven supremely adaptable. Leslie (1993), for example, offers a compelling argument that the ‘new traditionalism’ evident in much advertising of the 1990s – in which women were situated in contexts strongly suggestive of traditional family values – represents a nostalgic anodyne against the anxieties arising from a radically new and unstable social landscape:

As a traditional sense of place has been eroded by the instantaneity of electronic culture and the proliferation of homogenized landscapes of consumption, it has been replaced by idealized images of community and place, such as the concept of ‘home’ as it was constructed in the 1950s (Leslie, 1993, p. 691).

Indeed, attempts by advertisers to (re)establish the domestic sphere as a primary locus of women’s identity corresponds to various economic and cultural turns, such as post-Fordism, that have altered taken-for-granted social arrangements, both in the home and in the workplace (Leslie, 1993). Concomitant with these shifts has been the exponential growth of information and communication technologies that promise more than ‘instantaneity’ – devices such as camera phones confer on their users the power to reconfigure the contours of their everyday environments so as to modify the experience of conventional spatio-temporal binaries – public/private, work/home, etc. Against this, Motorola seems to offer a deeply ambivalent vision which celebrates the liberatory potential of the new technology, while formulating an ethic of use that etches gendered spatial distinctions into the profound uncertainties of the wireless world.


References

Bogardus, R.F. 1981). Their "carte de visite to posterity": A family's snapshots as autobiography and art. Journal of American Culture 4: 114-133.

Bondi, L. & Domosh, M. (1998) On the contours of public space: a tale of three women. Antipode 30: 270-289.

Goffman, E. (1971) Relations in Public: Microstudies of the Public Order. New York: Basic Books.

Kindberg, T., Spasojevic, M., Fleck R., & Sellen, A. (2004). I saw this and thought of you: Some social uses of camera phones. CHI 2005, April 2–7, 2005. Retrieved June 6, 2006, from http://portal.acm.org/citation.cfm?id=1056962&dl=GUIDE&coll=GUIDE

Latour, B. (1997) Science In Action: How to Follow Scientists and Engineers through Society. Cambridge: Harvard University Press.

Leslie, D.A. (1993) Feminity, post-Fordism, and the 'new traditionalism.' Environment and Planning D: Society and Space 11: 689-708.

Metz, C. (1985). Photography and fetish. October 34: 81-91

Munir, K.A. & Phillips, N. (2005) The birth of the 'Kodak Moment': Institutional entrepreneurship and the adoption of new technologies. Organization Studies 26: 1665-1687.

Nicholson, L. (1986) Gender and History: The Limits of Social Theory in the Age of the Family. New York: Columbia University Press.

Okabe, D. (2004). Emergent social practices, situations and relations through everyday camera phone use. Retrieved June 9, 2006, from http://www.itofisher.com/mito/archives/okabe_seoul.pdf

Van House, N. A., Davis, M., Ames, M., Finn, M., & Viswanathan, V. (2005). The uses of personal networked digital imaging: An empirical study of cameraphone photos and sharing. Ext. Abstracts CHI 2005, ACM Press; pp. 1853-1856.

West, N. (1999) Kodak and the Lens of Nostalgia. Virginia: University of Virginia Press.

| Comments (1) |

Privacy vs. Equality: Reflections on Re-thinking the Dichotomy

posted by:Jane Bailey // 11:59 PM // December 05, 2006 // ID TRAIL MIX

trailmixbanner[1].GIF

The Supreme Court of Canada has interpreted “expression” very broadly for purposes of defining the extent of Charter protection for free expression. As a result, hate propaganda, obscenity and child pornography have all been found to qualify as Charter protected expression. The state has therefore been required to prove that the restrictions it imposes upon these forms of “expression” are justifiable in a free and democratic society.

Freedom of expression is perhaps most often characterized as an individual liberty – a right to express one’s beliefs free from state intervention. In the context of hate propaganda and obscenity, the overriding justification offered for state intrusion on an individual’s “expressive” freedom has been constitutional obligations relating to the more collective rights of equality and multiculturalism. Legislative restrictions on the individual Charter right to expression free from state intrusion have been found justifiable on the basis that hate propaganda and obscenity undermine the ability, respectively, of members of targeted minority groups and women to function and be respected as social equals. The concern is that the degrading and dehumanizing imagery and text of hate propaganda and obscenity may promote attitudes accepting of discrimination and violence against those groups and their members. Closely tied to this equality analysis is an analysis of the effects of hate propaganda and obscenity on the “dignity” of members of minority groups and women. While the privacy rights of those accused of offending state-imposed restrictions on hate propaganda and obscenity are explicitly considered, the privacy rights of target groups and their members are not. The analysis of the justification for restrictions on child pornography reveals a somewhat different emphasis – focusing more on its effect on the privacy and associated dignity rights of its immediate individual targets – the children abused in its production – rather than on broader social concerns as to the effect of its “message” on attitudes and behaviours toward children that serve to undermine the equality rights of that group and its members.

Why is it that the case law focuses explicitly on the privacy rights of the targets of child pornography, but never explicitly discusses the privacy rights of the targets of hate propaganda and obscenity? Perhaps the most obvious response is that, in fact, the privacy rights of target group members are simply not at play in the contexts of hate propaganda and obscenity. I would suggest that before jumping to that conclusion, we ought to more thoroughly expose and challenge assumptions about the nature of privacy and its relationship with equality underlying both that conclusion itself and much of the analysis in Canadian case law relating to hate propaganda, obscenity and child pornography.

One alternative response might be that recognition of certain privacy-related interests of the individual children victimized in child pornography, and the absence of any similar analysis in the context of hate propaganda and obscenity reflects a particular individualistic, negative liberty approach to privacy that unnecessarily pits privacy-related interests as oppositional to equality rights, in part by failing to give due weight to both the social and collective aspects of identity formation and their relationship with the broader social value of privacy. But is there any value-added in equality-seeking groups investing time and energy in attempts to re-imagine and re-articulate the by now entrenched vision of privacy as a fundamentally individualistic negative liberty?

As thinkers like Nussbaum have suggested, such efforts are not without their dangers, not the least of which is the risk of further inscribing privacy with values of little relevance to all but the most privileged members of equality-seeking groups. While the best legal hope for equality-seeking groups may well continue to be promoting understanding and acceptance of principles of substantive equality, in some instances both the collective interests of those groups as a whole and the related interests of their individual members may also be served by cultivating a more social or collective understanding of privacy and its ends.

| Comments (0) |

“A Man’s Home (Page) is His Castle”

posted by:Carlisle Adams // 11:59 PM // November 28, 2006 // ID TRAIL MIX

trailmixbanner.gif

Many of us have probably heard the saying “a man’s home is his castle”. (By way of parenthetical footnote, let me just mention that I could not find an elegant way to make this old adage gender-neutral: “an [(unspecified gender) entity]’s home is [(unspecified gender) possessive pronoun] castle”. Therefore, for the purposes of this article, I will just state up front that “man” and its variations should be taken to mean “man or woman” and their corresponding variations, and hope that this satisfies any sensitivities in this area.) This saying has been around for quite some time and most people, I think, would probably have some intuitive understanding of its meaning upon hearing or seeing it. However, given some of the new terminology with which we have become accustomed in our Internet age (particularly, “home page”), it may be interesting to explore whether this saying has any relevance in our digital virtual world.

Traditionally, a castle (the residence of a king) has been associated with at least four concepts: protection; identity; privacy; and control. With respect to “protection”, the castle provides a fortress, a stronghold, security from invaders of all kinds. “Identity” suggests ownership, permanence and, at least at some level, a way of authenticating oneself (“I am the king because I have the key to the drawbridge, or because the guard will let me in when I show up”). In terms of “privacy”, the castle is a means of keeping its inhabitants and their discussions away from prying eyes and ears, so that secrets are prevented from flowing out to the general public. The castle also gives a sense of “control” in that the king has ultimate authority over certain aspects of the domain (e.g., the power to decide content and activity within the walls).

When it is said that a man’s home is his castle, the analogy is clear: with his home, the man gets – or at least expects – a measure of protection, a sense of identity, some level of privacy, and a degree of control. So now, out of curiosity if nothing else, one can ask, when we say today that a man has a home page, is the analogy as clear, or is it stretched so thin as to be fragile and useless? Let’s consider the above four associations with the term “castle” to see how well they apply to our digital (rather than physical) homes.

Protection. When Bob sets up a Web server and creates on that server a home page for himself, does he have the security from invaders that a castle might provide? Even a superficial awareness of security issues with websites over the past few years will confirm that the answer is “no”: attackers break into websites every day all over the world to enter, change, or steal data. Well-known buffer overflow or SQL injection attacks are commonly used to break into websites to cause damage. If a website is expecting some user input (such as a username and password), the attacker may send far more data than the buffer allocated to receive this data can hold (a password of 10,000 characters, for example). This input data may “spill over” beyond the buffer into another area of memory. If the overflow area is a place where instructions are executed, and if the overflow characters are carefully constructed to be valid executable instructions, then this attacker will have succeeded in having arbitrary code of his choosing run on Bob’s machine. This is the essence of a buffer overflow attack. With SQL injections, the attack is similar in that data input by the user contains some extra, unexpected characters and these characters are treated as commands to the SQL database that sits behind Bob’s webpage.

If Bob has routines that do proper input data validation (e.g., make sure that the username that has been entered is really a username and is not longer than a specified value), he may be able to avoid some of these attacks, but it is not always easy to distinguish an attack script from valid data. Unfortunately, the conclusion is that unless he puts extensive effort into setting up particular safeguards, Bob’s home page gives him very little protection from the malicious entities that live outside his “virtual walls”.

Identity. Is Bob’s home page a valid mechanism for showing ownership and authenticating himself? The answer to this question is also negative. Webpage spoofing attacks are not very difficult to perform and can be fairly successful. Making an identical copy of an existing webpage is almost trivial (it is essentially a copy-and-paste operation to move every image, every piece of text, every logo, etc., from one webpage to another. The (slightly trickier) step is to get other people to go to the new site while thinking that they’re going to the old one. This can be accomplished using a technique called DNS cache poisoning. The Domain Name Server (DNS) is a machine that performs an important service on the Web: you give it a host name (such as bob.com) and it gives you back the IP address of that host machine (such as 192.12.567.30). This way, your computer can communicate with that machine using the Internet Protocol (IP). The data pair {bob.com, 192.12.567.30} is stored in the DNS cache (a fast portion of its memory). Cache poisoning is an attack in which that the attacker changes the data pair so that bob.com is instead associated with a different (i.e., the attacker’s) IP address in the DNS cache. Now everyone that wants to go to Bob’s machine will send bob.com to DNS, get back the attacker’s IP address, and then go to the attacker’s website, which has been made to look identical to Bob’s site. Thus, the attacker gets Bob’s customers (their money, or their personal data), and Bob has no way of knowing that this has occurred.

If Bob’s machine is a Web server, technologies such as SSL server authentication can help, but they provide no guarantee: users often do not check that the certificate of the site they have reached is the one they’re expecting, and often ignore warnings in pop-up windows even if they do check. In general, website spoofing means that Bob’s home page is not sufficient to prove ownership or to validate or authenticate Bob in any way.

Privacy. Does Bob’s home page give him a private place to store his personal and confidential information? At first glance, this seems like an odd question to even be asking: the Internet is a public space and Internet search engines (such as Google) will find a website once it exists (this is what they were invented to do). The idea of putting something on a website and expecting it to be private is a bit like building a house with glass walls and expecting that others will not see what goes on inside. However, it is possible to create private spaces within a website; typically, these are password-controlled areas (anyone with the password can view the page, and all others are redirected to another page telling them that they are not authorized to see the contents). But the problems with passwords as an authentication mechanism are extremely well-known and well-documented. Compounding this is the fact that the site owner usually wants a number of people to access these areas (friends, family, students in a course, etc.) and so will deliberately choose a password that will be easy for that group of people to remember. It may therefore be conjectured that the passwords used to protect these areas are probably even weaker than typical passwords, which are notoriously weak in many cases.

It is unlikely to be the case that Bob’s home page will be a safe place for his private data.

Control. Does Bob have authority over his home page? Does he have the power to decide content and activity? Again we see that the answer to this question is negative. Website defacement (in which a hacker changes the content or appearance of a target website, altering or inserting messages, pictures, or other data) shows that owners do not really have complete power over the content on their sites. Furthermore, session hijacking attacks (in which a hacker takes over an active session and begins interacting with the server as if he was the original client, or interacting with the client as if he was the original server), buffer overflow attacks, SQL injection attacks, and so on, demonstrate that the site owner may also have little power over the activities that take place on his site.

Integrity detection / protection mechanisms, intrusion detection / protection mechanisms, and good session management practices can all help but these are hard to do well and, again, unless Bob takes extensive efforts to defend his website, he will not have the control over content and activity that he might wish to have.


Where do we go from here?

OK, so home pages don’t really have any of the properties we might associate with homes. But “home” and “home page” are just names; what difference does any of this make? At this point, it may be tempting to pull out another old saying: What’s in a name? That which we call a rose by any other name would smell as sweet [1]. There may be much truth in this (after all, Shakespeare was right about a great many things!), but we need to exercise a little caution. The danger lies not in using two different names for the same thing, but rather in using the same name (or very similar names) for two different things: “home” and “home page”. All the security (i.e., protection, privacy, identity, and control) we associate with our home does not translate immediately to our home page. Although there are some similarities (locking the front door with a key is something like password-protecting the website), there are some major differences as well (for example, website spoofing: the attacker makes an exact replica of your house and fools your family and friends into going there when they want to visit you? Nothing in the real world (outside the “twilight zone” [2]) corresponds to this). Using essentially the same term (“home” and “home page”) could lead the unsuspecting user to think that similar behaviour – both precautions and activities – are appropriate, when in fact this is not the case.

I am not advocating that we should call home pages something else (it’s far too late for that sort of change, although “start page” might have been a good choice that is free of other associations). But I am suggesting that this could serve as a reminder to us that we need to be careful when naming things in our created virtual worlds. Choosing names that are familiar (so that people will more readily identify with the technology and feel comfortable using it) can have unintended consequences (including behaviour that is inappropriate because the technology is not as much like its real-world name-sake as the appellation might imply). Let this be a lesson to us: choosing names for concepts should not be taken lightly; we need to think through the connotations of the names we pick and consider whether this may lead to security or privacy problems down the road.

So, a man’s home (page) is his castle? Not really; not in the new Wild West of cyberspace…


References

[1] Romeo and Juliet, Act II, Scene 2.
[2] http://www.scifi.com/twilightzone/

| Comments (1) |

Agency and Anti-Social Networks

posted by:Ryan Bigge // 11:59 PM // November 21, 2006 // ID TRAIL MIX

trailmixbanner.gif

“A man opposed to inevitable change needn't invariably be called a Luddite. Another choice might be simply to describe him as slow in his processes.”
-- Francis Wolcott (Deadwood, Season 2, Episode Four)

Let me start with a strange but charming article in the Sunday New York Times, written by a 24-year-old market researcher named Theodora Stites. In “Someone to Watch Over Me (on a Google Map),” Stites details her multiple memberships in various online communities. She describes the safety and security of friendships made online due to the distancing effects of computer mediation and jokes about being unable to “log out of” awkward social situations in the physical world, thus prompting her to join Second Life.

Reading the article, I found myself taken aback -- not by the extent of her electronic immersion but by the amount of work (labour, as it were) her routine appeared to entail. As Stites writes, “Every morning, before I brush my teeth, I sign in to my Instant Messenger to let everyone know I'm awake. I check for new e-mail, messages or views, bulletins, invitations, friend requests, comments on my blog or mentions of me or my blog on my friends' blogs.” [i]

This sounds like a lot of effort. I would undoubtedly forget to brush my teeth. Clearly, the target demographic of 14-24 year olds who use MySpace have more free time than beleaguered, 30-something grad students. Although I have social networks in the dirt and flesh world, I do not see the utility of an online equivalent.

Of course, it’s hard not to sound like a young fogey when questioning the curious rituals of the younger generation. I’m reminded of novelist Nicholson Baker, who once published a lengthy, impassioned defense of the card catalog in the New Yorker back in 1994. Swimming against the technological tide is often unpopular, but it remains a useful intellectual exercise.

In a recent online interview with danah boyd, a PhD student at the Berkeley School of Information studying MySpace and MIT’s Henry Jenkins, social networking sites are described as vital resources for students entering primary and secondary schools. According to Jenkins, “The early discussion of the digital divide assumed that the most important concern was insuring access to information as if the web were simply a data bank. Its power comes through participation within its social networks.” [ii]

Jenkins raises important questions relating to the digital divide and making good on access. But when did joining MySpace or Facebook because a necessity, rather than an option? Did we skip a step? At what point does not being a member of a social network site become a liability? At what point does it become impossible to not be a member?

Journalism about social networking sites underscore this aspect of inevitability. In a recent New Yorker article by John Cassidy, Facebook co-founder Chris Hughes explains that, “If you don't have a Facebook profile, you don't have an online identity.” He went on to say that, “It doesn't mean that you are antisocial, or you are a bad person, but where are the traces of your existence in this college community? You don't exist---online, at least. That's why we get so many people to join up. You need to be on it.” [iii]

You need to be on it. Where does choice or agency reside in inevitable change? What if I want to decide for myself? Does that make me “slow in my processes?”

Although I’m aware of the irony inherent in the term (you’re reading this article online, after all), I believe that the neo-Luddite movement offers a useful method of reconsidering the importance of social networking sites. Neo-Luddite philosophy provides a small measure of critical distance from the object of study, along with foregrounding questions of technological determinism. In his recent book Against Technology, Steven E. Jones examines the myth of the Luddites, and how those who smashed looms in 1811 and 1812 continue to inspire and inform debates about technology almost 200 years later.

Incorporating a wide range of writers and thinkers, including William Blake, Mary Shelley, Bill Joy, Edward Tenner and Theodore Kaczynski, Jones investigates how the mythology of the Luddites has persevered and reconfigured itself over time. In its most basic iteration, Jones suggests that, “Many people who identify with the term ‘Luddite’ just want to reduce or control the technology that is all around us and to question its utility – to force us not to take technology for the water in which we swim.” [iv]

The problem for would be loom-smashers, according to Jones, is that “Modern (and now postmodern) technology is routinely understood as an autonomous, disembodied force operating behind any specific application, the effect of a system that is somehow much less material, more ubiquitous, than any mere ‘machinery.’” [v] My technological skepticism is not sufficient enough for me to consider acts of rage against the machinery, but I do think it worthwhile to consider the quality of water that we find ourselves swimming in.

Although not a neo-Luddite, Mark Andrejevic, in his examination of webcams, writes of the Digital Enclosure, a concept that is equally relevant when considering social networking sites. According to Andrejevic, “The de-differentiation of spaces of consumption and production achieved by new media serves as a form of spatial enclosure: a technology for enfolding previously unmonitored activities within the monitoring gaze of marketers.” [vi] I like to think of the digital enclosure as a more theoretically robust update of Rockwell’s 1980s hit “Somebody’s Watching Me.”

There is plenty to surveil. According to various studies, young people spend a significant amount of time using Facebook and MySpace. Cassidy points out that “Two-thirds of Facebook members log on at least once every twenty-four hours, and the typical user spends twenty minutes a day on the site.” [vii] Social networking sites might resemble play, but Andrejevic argues that “Consumers generate marketable commodities by submitting to comprehensive monitoring.” [viii] Which makes MySpace and Facebook participation a form of labour, even if it’s invisible to most users.

Andrejevic’s work helps explain why Rupert Murdoch’s News Corporation paid $580 million last year to purchase MySpace. For Andrejevic, the digital enclosure “promises to undo one of the constituent spatial divisions of capitalist modernity: that between sites of labor and leisure.” [ix] Which is to say that 24-year-old Theodora Stites is clearly working two jobs.

Of course, like any theoretical insight, the digital enclosure doesn’t explain everything. I would complement Andrejevic’s work with Angela McRobbie, who has studied how elements of the UK rave scene seeped into the logic of the cultural industries during the 1990s, creating an environment where “the club culture question of ‘are you on the guest list?’ is extended to recruitment and personnel, so that getting an interview for contract creative work depends on informal knowledge and contacts, often friendships.” [x] Without making it explicit, McRobbie is exploring Pierre Bourdieu’s concept of social and cultural capital – that is, the importance of who you know, not what you know. Bourdieu’s concept has been extended by Sarah Thornton (subcultural capital) and Paul Resnick, who created the term sociotechnical capital to describe “productive resources that inhere in patterns of social relations that are maintained with the support of information and communication technologies.” [xi]

Combining agency and sociotechnical capital forces the question: Is there any difference between those excluded from creating a robust social network and those who chose not to participate? How does a neo-Luddite (that is, a conscientious MySpace objector) differ from someone with social network failure? Or, to put it another way, is it possible to communicate intent through a lack of participation?

It appears as though social network sites now offer two polarized options: either the constant, self-generated surveillance of the type described by Stites or the self-negation (“You don’t exist”) that avoidance entails. In a marketplace built on unlimited choice, this lack of options is rather frustrating.

It almost makes you want to smash something …


About the author
Ryan Bigge is completing his Master’s thesis on the transgressive strategies of Vice magazine in the Joint Programme in Communication and Culture at Ryerson University. (rbigge [a] ryerson [dot] ca). His review essay, Making the Invisible Visible: The Neo-Conceptual Tentacles of Mark Lombardi, was published in the Fall 2005 issue of Left History. Ryan has a BA in history from Simon Fraser University.

Acknowledgments
Zach Devereaux, a doctoral candidate in the Communication and Culture program at Ryerson University, provided invaluable assistance and brainstorming for this paper. Thanks also to Dr. Greg Elmer, Dr. Edward Slopek and Dr. Jennifer Burwell.


[i] Stites, T. (Jul 9, 2006). Someone to Watch Over Me (on a Google Map). New York Times, pg. 9.8
[ii] Jenkins, H. and boyd, d. “Discussion: MySpace and Deleting Online Predators Act (DOPA)” at http://www.danah.org/papers/MySpaceDOPA.html accessed 28 August 2006.
[iii] Cassidy, J. (2006). Me media. New Yorker, 82(13), 50-59.
[iv] Jones, S. E. (2006). Against technology : From the luddites to neo-luddism. New York: Routledge. p. 231
[v] Jones, S. E. (2006). Against technology : From the luddites to neo-luddism. New York: Routledge. p. 174-175.
[vi] Cassidy, J. (2006). Me media. New Yorker, 82(13), 50-59. (Archived version lacks pagination.)
[vii] Cassidy, J. (2006). Me media. New Yorker, 82(13), 50-59. (Archived version lacks pagination.)
[viii] Andrejevic, M. (2004). Little Brother is Watching: The Webcam Subculture and the Digital Enclosure. MediaSpace: Place, scale, and culture in a media age. In Couldry N., McCarthy A. (Eds.), . New York: Routledge. (Book retrieved electronically)
[ix] (2004). Andrejevic, M. (2004). Little Brother is Watching: The Webcam Subculture and the Digital Enclosure. MediaSpace: Place, scale, and culture in a media age. In Couldry N., McCarthy A. (Eds.), . New York: Routledge. (Book retrieved electronically)
[x] McRobbie, A. (2002). Clubs to companies: Notes on the decline of political culture in speeded up creative worlds. Cultural Studies, 16(4), 516-531. [p. 523]
[xi] Resnick, P. (2005). Impersonal Sociotechnical Capital, ICTs, and Collective Action Among Strangers in Dutton, W. H. Transforming enterprise : The economic and social implications of information technology. Cambridge, Mass.: MIT Press. (p. 400).

| Comments (2) |

Data Security: Quit collecting it if you cannot protect it!

posted by:Jennifer Chandler // 11:59 PM // November 14, 2006 // ID TRAIL MIX

trailmixbanner.gif

We are busily inventing technologies to gather or create personal information “hand over fist.” Not only are we gathering personal information in more and more ways, but we are creating new personal information types.

In some cases, the new technology itself creates a new type of personal information to be gathered (e.g. the snapshot of our personal interests and curiosity that is contained in search engine query history – see Alex Cameron’s recent post). Other technologies enable the collection of personal information that exists independently of the technology (e.g. the various technologies to track physical location and movement, or to use physical attributes in biometrics – as described recently by Lorraine Kisselburgh and Krista Boa in their posts).

The creation of more and more stores of personal information exposes us to the risk of the misuse of that information in ways that harm our security and dignity. In the context of genetic information, consider the risks of genetic discrimination, or the controversy over “biocriminology,” [1] which has developed the idea of the individual “genetically at risk” of offending against the criminal law. Consider also the many uses to which information about one’s brain that is gathered through improved neuro-imaging techniques might be put. [2]

These new forms of personal data collection may solve some compelling social problems, but they will also expose us to risk. I set aside the full range of risks for the purposes of this blog post in order to focus on one in particular. There is ample evidence that we are better at creating stores of data than at securing them. The compromise of data security exposes the individual to the risk of impersonation as well as to the risk that a third party will use the information to draw conclusions about an individual contrary to that individual’s interests.

The impersonation risk is unfortunately now familiar – everyone knows about ID fraud and insurance companies are busily hawking ID theft insurance to protect us from some of the losses associated with it. Today, ID fraud capitalizes upon the most mundane and widespread of identification and authentication systems, including ID numbers, account numbers and passwords. However, the risk is clearly not restricted to these basic systems. Back in 2002, Tsutomu Matsumoto at the Yokohama National University demonstrated how to create “gummy fingers” using lifted fingerprints. These gummy fingers were alarmingly successful in fooling fingerprint readers. [3] All of this underscores the tremendous importance of protecting the security of stockpiles of personal data that can be used in ways to harm the interests and security of the individuals involved.

Our current legal system is woefully inadequate to deal with this problem. Breaches of data security occur so often [4] that they are becoming a bit of a yawn – a numbing effect that should be deplored. A recent Ponemon Institute survey reports that 81% of companies and governmental entities report having lost or misplaced one or more electronic storage devices such as laptops containing sensitive information within the last year. [5] Another 9% did not know if they had lost any such devices.

Although data custodians often seem to claim that the public relations costs of a major security breach are enough of a threat to encourage efforts to promote data security, the evidence makes me wonder if some additional encouragement would not be helpful. One of the key problems with data security is that a large part of the cost of a data security breach may be borne by persons or entities other than the organization responsible for protecting the data from being compromised. Under these circumstances, one would expect the organizations responsible to be inadequately interested in protecting the data.

One of the functions of tort law is to deter unreasonably risky behaviour. If careless data custodians could be held responsible for the damage to others flowing from breaches in the security of personal information under their control, they would be forced to internalize the very real costs of their carelessness.

There have now been a couple of dozen such lawsuits attempted in the United States and two class actions filed in Canada that raise a claim for damages based on the negligent failure to employ reasonable data security safeguards. The success rate so far is low.

One of the key problems facing plaintiffs in these suits is that a claim in negligence is based on a showing of actual harm. Courts will not treat an increased risk of harm as actual harm. This raises the question of how to characterize the insecurity that a data subject feels when his or her sensitive data has been carelessly exposed. Is the harm an anticipated one, namely eventual misuse by an ID fraudster? Or is the harm better understood as a present harm – the immediate creation of an insecurity that imposes emotional harm as well as financial harm (i.e., the cost of self-protective measures such as credit monitoring services, insurance, closing and re-opening accounts and changing credit card numbers). So far, the courts have held that actual harm occurs only once ID fraud happens.

It is clearly in the interests of the defendant data custodians that liability depend upon a showing of ID fraud because, it turns out, it is usually extremely difficult for a plaintiff to tie the eventual ID fraud to the breach of data security caused by the defendant. Because our personal information is so widely used and so poorly safeguarded by many data custodians, it becomes quite difficult to establish the necessary causal link between the ID fraud and the defendant data custodian. The data custodians are thus well-protected – no liability for a careless breach until ID fraud occurs, and no liability (usually) once ID fraud occurs because “who knows where the unknown fraudster got the data he or she used.”

The plaintiffs in these cases have also attempted another interesting argument in order to try to obtain compensation flowing from data security breaches. They point to the so-called “medical monitoring” cases in which some courts have permitted plaintiffs to recover the costs of medical monitoring after exposure to toxic chemicals (e.g. PCBs, asbestos, and drugs found to have harmful but latent side effects). The plaintiffs in the data security breach context argue that their predicament is analogous. They must bear present costs in order to monitor for the eventual crystallization of the risk into a concrete loss.

One might argue that the policy reasons for permitting recovery in the medical monitoring cases are not present in the data security breach cases. Indeed, the defendants in these cases often argue that human health is a more compelling interest than financial health and so relaxed liability rules that are justified in the medical context are not justified in the data security breach context. In my view, this argument is not as self-evidently correct as the defendants claim. The harmful effects of financial insecurity and fraudulent impersonation on human health and psychological well-being are well-known.

Perhaps the insecurity felt by a plaintiff whose sensitive personal data has been compromised ought to be understood as a present compensable harm in its own right in appropriate cases. When we look to the future and see the kinds of personal data that are being collected and/or created using novel technologies, the insecurity and vulnerability of the data subject takes on a new urgency. Given that choices are being made now about the development of these technologies and will be made soon about their deployment, it seems to me that there is no time like the present to ensure that the full costs of carelessness in the use of these technologies are internalized by those who seek to use them.

Until those who want to collect personal data can figure out how to keep it reasonably secure, they have no business collecting it.


[1] Nikolas Rose, “The Biology of Culpability: Pathological Identity and Crime Control in a Biological Culture,” (2000) 4(1) Theoretical Criminology 5-34.
[2] Committee on Science and Law, Association of the Bar of the City of New York, “Are your thoughts your own? “Neuroprivacy” and the legal implications of brain imaging,” (2005) <http://www.abcny.org/pdf/report/Neuroprivacy-revisions.pdf>.
[3] Robert Lemos, “This hacker’s got the gummy touch,” CNET News.com (16 May 2002) <http://news.com.com/2100-1001-915580.html>.
[4] See the list of major reported security breaches which is maintained at <http://www.privacyrights.org/ar/chrondatabreaches.htm>.
[5] Ponemon Institute, “U.S. Survey: Confidential Data at Risk,” (15 August 2006), sponsored by Vontu Inc., <http://www.vontu.com/uploadedFiles/global/Ponemon-Vontu_US_Survey-Data_at-Risk.pdf#search=%22ponemon%20vontu%22>.

|