Mobile Foresight » data retention

“Delete” – a new thought-provoking book about the Net and Information Policy

Jonas Lind — Thu, 26 Nov 2009 23:21:42 +0000

What will happen to society and the individual if everything is remembered forever and nothing is forgotten? This thought-provoking question is addressed by Viktor Mayer-Schönberger (information policy professor, National University of Singapore) in the book “Delete: The Virtue of Forgetting in the Digital Age” (Princeton Univ. Press 2009). His pessimistic answer is that:

“Perfect, comprehensive digital memory denies human beings the ability to grow, to change, and to evolve over time. That is deeply worrying.”

His argument is similar to that of the privacy advocates’, though he approaches it from a new angle. In a world with perfect retrievable memories people can be haunted and destroyed by something from their past or from their private lives at any time. What is innocent information today can be incriminating evidence in an uncertain future with another government, a changed cultural value system, or if the person moves on to a new phase in his or her life.

In such a world people would self-censor, refrain from expressing their opinions, and be fearful about sharing their thoughts, words and photo albums with their friends.

Mayer-Schönberger illustrates this concept with a story about the student teacher Stacy Snyder. Snyder had passed all her exams and had earned all her credits but was refused her teaching certificate because she had put an innocent costume party photo of herself on her MySpace page with the caption “drunken pirate”. Snyder offered to remove the picture but to no avail.

The 25 year old student teacher who had her future ruined by a MySpace picture

An additional example is the Canadian psychotherapist Andrew Feldmar who was permanently barred from entering the US when a customs officer did a Google search and found an article he wrote in an academic journal ten years ago where he mentioned that he had used LSD around 1965. As Schönberger points out, what happened 40 years ago has nothing to do with Feldmar’s life or the person he is today.

There are numerous other examples of people who have had their lives shattered because something from their private sphere or their distant past resurfaced on the internet and was taken out of context.

Another of Mayer-Schönberger’s arguments is that a perfect memory is a curse, not a blessing. Rare medical cases where people are unable to forget (and therefore remember exactly what happened every day of their lives) show that these people become overwhelmed with trivial details and have difficulty making normal everyday decisions.

The book is a first attempt to address this issue. The author’s idea is to formulate a framework for how to shift the default mode in the information society back to slowly forgetting (the natural human state for millennia), instead of remembering. The methods he identifies could focus either on the power aspects or on bringing the time aspects back into the equation. He identifies six methods for managing the problem:

Digital Abstinence (stay away from the Net, or at least don’t put everything about yourself on Facebook)

Privacy Rights (these are the rights to request that information be removed from corporate and public databases, websites, etc.)

Privacy DRM (the idea of tagging pieces of digital information with limitations such as date for deletion, noindex instructions for search engines, restrictions for who can access this information, etc.)

Cognitive Adjustment (learn to devalue old information and understand that it is less relevant and credible)

Full Contextualization (keep all information, but by including the context of single pieces of information the risks of misinterpretation will be minimized)

Information Ecology (laws for record keeping and compulsory deletion of old database records)

When Mayer-Schönberger discusses the methods he points out that privacy rights is a useless tool since individuals almost never actively request that their information be removed or take their claims to court. Information Ecology rules are more efficient as they protect all information. However, the data retention laws that were initiated after 9/11 move in the opposite direction.

The author proposes that the default in the digital world should be changed to slowly forgetting instead of remembering. Perhaps one should receive a prompt for when one wants an item to expire every time a document is saved or something is put on the internet. This would serve as an important reminder about the temporal nature of information.

I must commend Mayer-Schönberger for his insightful and thought-provoking arguments. I support his program for mandated expiry dates of old database records held by large organizations and possibly prompting for expiry dates when you save a document, etc. However, I am not convinced that his program for institutionalized forgetting will solve the problem.

To some extent I think he is barking up the wrong tree. Instead of proposing an elaborate system for forgetting in the digital world, the problem would be significantly reduced in a more relaxed and trusting culture.

The first problem is that we live in a society driven by the logic of the tabloids, rife with hysterical moral panics. Background checks and diligence create a self-reinforcing process, where the mindset of the trash media feeds into the mainstream corporate environment. If you devote significant resources to uncovering incriminating information you will most likely find something minor. To justify the costs of the investigation it is much easier to disregard the context and act on the information rather than be lenient. This pro-panic bias feeds itself. If a major company or government agency rejects a qualified candidate for a senior role because of some 15 year old nude pictures it sets the tone and other organisations will follow their lead.

The second problem is that moral panics feed into the legislative process, which results in disproportionate laws. If lawmakers could deliver a professional, rational and proportional legal system many of the problems addressed by Mayer-Schönberger would disappear on their own. For example, the statue of limitation rules for minor crimes would make it moot if someone used drugs more than 10 years ago. Policies for the “morality” of teachers should be handled by professional managers, not by politicians and political appointees with a need to pump themselves up and show toughness against alleged “immorality”.

The third problem is that information is power. As long as incriminating material can be a bargaining chip that can give you a hold on your enemies there will be incentives to hoard information. Even if the full program for forgetting were implemented, bad faith information hoarders would ignore it. But this problem would dissolve by itself if society was more relaxed. The more bans and restrictions that are not respected, the more hypocrisy there is in a society, and the more room for blackmail.

My personal belief is that the tidal wave of digital information is stronger than any program for forgetting. The problems brought up by Mayer-Schönberger might very well lead to a repressive, paranoid, self-censoring society, where people are afraid of surveillance, backstabbing, and attacks in the same way as in the former Soviet Union. (I find this negative development less likely outside of the US and the UK. In France, for example, infidelity by leading politicians is a non-issue.)

But even in the US/UK, it is possible to envision a positive development, driven by the forces of demography as one generation is replaced by the next. Over time the Facebook generation will grow up and their new life on the Net will initially clash with the value system of the older generation. For example, the teenage practice of sending sexual text messages or pictures via the mobile phone (sexting) is widespread (20-25% according to surveys). In the next 10-15 years there will be a number of scandals in which hard working, bright career lawyers are denied partnership because a raunchy nude picture that was taken when they were a teenager resurfaced during a background check. A number of aspiring public figures will have their lives destroyed when the tabloids realize how easy it is to uncover damning material by paying hard cash.

I believe that the public guardians of “morality” will eventually lose this battle in the same way as the prohibitionists lost their battle to keep alcohol illegal. In 2030 most people under 40 will have been to a costume party, played with a camera in the bedroom during their teen years, or have a friend who took pictures of them drinking alcohol in their dorm room even though they were under 21. At some point, the sympathies will shift from the zealots to the “culprits” as the new generation gets fed up with the older generation’s hypocritical moral panics. Recruiters will eventually realize that a ten year old Facebook picture in which the candidate is drunk and surrounded by friends does not disqualify him. Rather, it can be seen as an indication of social skills. In 2030 the newly appointed prosecutor will be forgiven for any ten year old “scandal” that has resurfaced about his dorm room shenanigans. If society is flooded with “scandalous” material about almost everyone, eventually no one will have the energy to care or be upset by it. Ergo, the material will be forgotten. (As a bonus we will have a more relaxed society with discredited tabloids and fewer moral panics.)

More information can be found in his book, in a video from his seminar at Harvard, from CBC and NPR radio interviews with transcripts. Blogs about Mayer-Schönberger’s ideas are Reputationdefender, Harvard Berkman Center, Princeton University Press, Only Dead Fish, Reuters Great Debate, and the Daily Kos.

A privacy backlash on its way: telcos will be in center of the storm

Jonas Lind — Sun, 30 Aug 2009 14:22:31 +0000

After 9/11 it was inevitable that the trade-off between civil liberties and security would shift in favor of security. The thinking of this period can neatly be summarized in a quote by Tony Blair who said something like “if there is a new terrorist attack, people will not ask why we infringed on civil liberties but why we didn’t do more to prevent this from happening”.

However, almost a decade after 9/11 the Zeitgeist has shifted once again and there are strong signals that privacy and civil liberties are on their way to becoming major political issues. The government machinery moves slowly and it takes years before a policy shift is implemented and new security measures start to affect people’s daily lives. In the name of national security, measures such as interception of Internet traffic and retention of traffic records (phone calls, SMS etc.) are now rolled out across Europe and the US while the memory of 9/11 is fading.

This backlash against the increasingly intrusive post 9/11 surveillance state is most strongly felt among the Net generation. What adds fuel to the fire is that the Net generation fears that these new instruments will be handed over to the copyright lobby to chase MP3 music file sharers. The file sharers don’t view what they’re doing as a serious criminal offense. This is a generation that lives a growing part of their social and private life on the Net. They feel strongly about even the slightest possibility of interception of private messages by secretive government agencies. Recent scandals when confidential government data bases have been compromised by human error does not exactly add to the confidence.

The privacy backlash has already triggered significant protests in some countries. In Sweden, controversies during 2008 around a new surveillance law that would give the military intelligence agency FRA the right to intercept all internet traffic that passes the Swedish border created parliamentary chaos, street protests, and dominated headline media for months until the government partly retreated.

The campaign against the “FRA-law” is a case study for how an impending privacy backlash can develop in other countries. It was successfully initiated by the Swedish blogosphere and drew supporters from wide areas of society. In the European Parliament elections in June 2009 this controversy helped the Swedish Pirate Party to gain 7.1 percent of the votes and win seats in Brussels. (The Pirate Party should not only be viewed as the political arm of music and software pirates. The issue of privacy and civil liberties was much more important for most voters than file sharing.)

In the campaign against the FRA-law, the file sharers suspected that increased surveillance would be used to gather evidence against them. Closet gay people feared that such information would somehow leak. The same applied to those who communicated with opposition groups in repressive countries. People who wanted to keep their porn habits private or cheated on their partner had their own reasons. Environmental and left-wing activists took issue with the suspicion that the secret brotherhood of spooks are too cozy with the arms industry, big government or big companies such as the GMO-industry. Celebrities feared that the tabloids would pay enough to corrupt civil servants in the surveillance agencies. Civil rights activists opposed it by principle.

More surveillance laws are in the works and new protests have the potential to explode in the headlines in more countries. In Germany street protests with upwards of 8,000 people have taken place under the banner “Freedom Not Fear”. Another country that comes to mind is the UK, which has already gone a long way towards the surveillance state.

Security agencies and the police are given new rights to install spyware on people’s computers and there are plans to track and record people’s movement via their mobile phone positioning. Customs officers in the US and UK already have the right to inspect and copy all content on a passenger’s laptop, MP3 player and mobile phone in their “fight against terrorism”. At the same time, the legal restrictions on methods that are enacted to fight terrorism have been relaxed and they can sometimes be used without a court order or grounds for suspicion.

The EU Directive of Traffic Data Retention requires that operators keep records of their users’ traffic for up to two years (though not the content) for law enforcement agencies. Another EU Directive (IPRED) gives copyright holders the right to request file sharers IP-addresses from ISPs.

A new international antipiracy treaty, ACTA has stirred up controversy over a proposal to explicitly allow customs officers to perform random searches of laptops and MP3 players. The secrecy surrounding the ACTA negotiations of course adds to the controversy.

In addition there are EU proposals championed by France to ban users from Net access as a punishment for file sharing. The ban is planned to be an administrative decision by the operators/IPR holders without the means of appeal by the court system. It was rejected by the EU Parliament in April 2008 and rejected again during the vote for the Telecom Directive in October. In 2009, it was reintroduced a third time in the EU Parliament by the Medina report. After a tumultuous vote in May 2009 where the EU Parliament refused to accept the Telecom package (due to this controversy) the entire Telecom package was sent back to the EU Council of Ministers for compromise negotiations.

To summarize, if the tipping point is reached in the public debate and the agenda changes from of fear terrorism to fear of an Orwellian 1984 society, the tabloids will have all this and a whole lot more to write about.

The telcos are put in the awkward position of being forced to be the agents of these measures. Many telcos have an interest in exploiting the rich high quality customer data they already control. However, if they compile and extract more for their data mining projects, there will be more information for the authorities to collect. If users fear that collected information can be used against them because the telcos are too submissive to government security agencies or the copyright lobby, the trust will be lost.

In the same way as Google has been lobbying for Net Neutrality, the telcos need to step up their lobbying efforts and do everything they can to counter this development. Challenging new laws in the courts together with making noise in the media would serve the purpose of reassuring customers that defending their privacy is paramount.

When the Bush administration in 2001 requested that the US telcos cooperate with the NSA on mass wiretapping, the small operator Qwest stood firm and demanded a court order. No such order was presented and when the scandal of illegal wiretapping broke a few years later, Qwest was considered a hero.

During the Swedish FRA controversy, all the Swedish telcos made a joint critical statement against the law. Hence, the wrath was not directed against them. The incumbent TeliaSonera have repeatedly stated that they will only give out information about their customers after a final court order (that is, in the supreme court).

Telcos also need to make sure that respecting customer privacy is a priority throughout the entire organization. They should be as obsessive about privacy as the banks. No more scandals with telcos that use their network for spying on journalists or their own employees that they suspect of leaking information to the press. If there are any unlawful backroom agreements with the spooks in the name of alleged “national security” these should be dismantled.

If the telcos are transparent about what they are forced to do my belief is that they can avoid being perceived as a part of the threatening surveillance machinery.

Data retention has been around for decades

Jonas Lind — Wed, 19 Aug 2009 22:54:38 +0000

Currently there is a heated debate in Sweden in which privacy advocates and civil rights activists are criticizing the EU directive about tele traffic data retention (Directive 2006/24/EC). The EU directive requires operators to store traffic information about every phone call that is made, every SMS, every website visited, etc. for a period of up to two years.

A fact that is unknown to most of the general public is that data retention has existed for decades in the billing system of Telia (Televerket). Ever since Televerket (the predecessor to Telia) installed mainframe computers in ancient times (in the 1970s?) for their invoicing it has been possible to extract traffic data from the systems. Televerket stored the information until they got paid. It was important for them to be able to prove that a call had been made if a customer challenged the invoice in court.

This has also been used by the police. In the mid 1990s (when I worked at Telia) I was told that the process looked like this: If the police got a court order and requested traffic data for a certain phone or phone call, Telia charged a consulting fee for manually extracting the information. The databases were not built for extracting information in this way and a typical fee would be between 2000 and 5000 Euros. And there was no guarantee that the information could be extracted.

The complicated procedure and the high costs put a natural cap to the extent of usage. This is a system I think most people would accept. The information is stored by the operators themselves and the systems are not designed for easy mass extraction.

If the police want to extract information they first need a court order and then they have to pay overpriced consulting hours for the operator’s technicians to perform the extraction. Even though the procedure is much cheaper today it takes time and costs money, which raises the bar for overusage and abuse.

In an ideal world I could accept tele data retention being used to combat serious crime. But that would require very strong measures against mission creep, a constitutional court that could enforce civil liberties, and respect for due process and the rule of law throughout the system. Unfortunately, reality is far from this ideal with rampant mission creep and more and more intrusive surveillance systems. Therefore I am against data retention.

An additional factor is that the build-out of the surveillance society is a threat to the growth of the tech sector. One example is Germany, where data retention has already made people wary of calling drug abuse helplines. Will consumers be afraid of using GPS in their mobiles if they suspect that they can be positioned in real-time? Will consumers have their mobiles turned off to avoid being positioned? Will people begin to feel a general uneasiness about electronic communication in general if they suspect that their most private messages will be stored and may be leaked from a secret unaccountable security bureaucracy?

This article has previously been published on my Swedish blog.