Free flows of information [about someone else]
After the fuss surrounding PRISM last month, I was bemused to find the historical pages of the July 2013 issues of IEEE Computer reporting that, thirty-two years ago, "worldwide protectionist legislation is threatening the free flow of information across borders". This lament is attributed to W. Michael Blumenthal in the July 1981 issue of the same magazine (p. 115), who was then the chairman of the Burroughs Corporation (now part of Unisys).
How things change! I thought. In 1981, Blumenthal feared that governments might enact legislation preventing the free use of private data. In 2013, computer enthusiasts fear that governments themselves might be making free use of private data.
Reading the original article in its entirety, I realised that the two attitudes probably aren't as contradictory as they first seemed. I take Blumenthal to be referring to computer companies' ability to use data as they please, while modern critics of PRISM are referring to the government's ability to use data as it pleases. The two sentences in the previous paragraph are perfectly consistent when interpreted in the light of self-interest: the computer industry would like to do as it pleases with whatever data it can collect, while it has nothing to gain from law enforcement agencies' use of similar data. For law enforcement agencies, it's the other way around.
I think just about all credible systems of ethics, justice and law try to resolve this problem by demanding some variant of the Golden Rule: treat others as you would have them treat you. Or, that everyone is equal before the law. In a privacy context, I may not have anything immediate to gain from someone else's use of data, but it would be irrational (or at least egomaniacal) for me to deny someone else use of data in a way that I believe I'm entitled to do myself. If I think beyond my immediate self-interest, I see that I do have an interest in allowing other people to make use of data insofar as it provides a moral basis for my right to use data in the same way.
Computer companies and law enforcement agencies, though, differ markedly from individuals and from each other. Law enforcement agencies do plenty of things that would be regarded as vigilantism if I did them myself, and I have no conceivable need to sell customer information since I'm not an ad-supported business. Yet I appreciate enforcement of the rule of law and (sometimes) ad-supported services, so it's not so simple to say that I should treat them as I would have them treat me. So perhaps we need something a little more nuanced.
I was recently introduced to the work of John Rawls, who proposed that a "just" system of laws is one that would be agreed to by people with no knowledge of what social position they were going to be born into. I wonder if computer companies, law enforcement agencies and the rest of us could learn from similarly pondering how we would establish rules for the sharing of data without any knowledge of the industry in which we were to be engaged?
One industry's red tape and another industry's system
The Australian (30 January 2013, p. 3) reported Tim Berners-Lee's recent visit to Australia under the headline "Inventor against net regulation". The article itself specifies that Berners-Lee, among many others things, had actually spoken against regulation by the United Nations in particular, and doesn't specify whether he had any thoughts on who, if anyone, should regulate it.
Anti-regulation pronouncements like that implied by the article's title never fail to have me rolling my eyes at the naïveté of commentators whose primary criterion for regulation appears to be that it should be short. Of course no one would dispute that regulation ought to be constructed in as concise and straightforward a manner as possible in order to achieve its goal. But contemptuous references to "red tape" and the like frequently seem to me to conceal a lack of appreciation for the goal of regulation as well as the speaker's arrogance about his or her own perspective relative to that of others.
I suspect that phrasing regulatory arguments in terms of choosing whether to regulate or not is missing the point. Regulators must choose which interests to protect, and to what degree. In the context of the data-collection matters to which Berners-Lee apparently referred, for example, regulators must determine the degree which to protect the interests of private citizens by restraining the behaviour of data-collecting entities like Internet companies and government departments, and the degree to which protect the interests of data collectors by allowing them to collect and use data as they please. To say that there is some celestial state of nature with which regulators should not interfere is at best incoherent, and at worst lazy capitulation to the interests of the most powerful.
Of course technology companies would prefer that regulators favour their interests, as The Register lampoons in a recent article on Google's opinion of government data collection. Technology enthusiasts, for whom the computer industry is of unique importance, happily tag along with demands that Internet service providers be free from regulation (such as the recent SOPA legislation in the US) that might protect the interests of other industries or of governments — except, of course, when the same service providers want to do something that would impinge on the enthusiasts' own interests, such as harvest their personal data or cap the amount that they can download for their monthly service fee.
I don't envy the job of regulators. I don't imagine they receive many thank-you letters from regulatees, expressing gratitude for the legislation to which the regulatees are subject. Perhaps a regulator in the mould of Dilbert's Wally would welcome the demand to do as little as possible, but who'd want Wally on their staff?
Hackers? In this day and age?
The (Australian) ABC's news web site recently featured a radio discussion between two unidentified persons regarding anonymous publication of material on the Internet. I'm not familiar with the story that sparked the discussion, but the conversation caught my attention for two reasons. Firstly, one of the participants referred several times to classical computer hacker attitudes that I had thought had vanished, or at least been seriously marginalised, by the popularisation of the Internet. Secondly, the other participant noted that certain "rights" supposed to exist by such hackers (in this case, anonymity and taking any file available for download) do not actually exist in law.
My graduate certificate in communications had me studying a lecture that, in part, presented the romantic ideal of computer hackers as freedom-loving individuals bent on understanding, using and, if necessary, subverting computer technology for some greater purpose. I gather that many of the students were not particularly impressed with this portrayal, possibly because they identified "hackers" with virus-writers, identity thieves and spammers. While I don't think either the lecture or the original users of the word "hacker" intended it to mean "computer criminal", I also think it's very naïve to equate freedom with the power to use technology in whatever way one is capable of doing.
My own response to the lecture described the hacker mentality as a "might-makes-right philosophy that equates freedom with one's technological power exercise it". Inspired by a related observation in David Brin's The Transparent Society, I postulated that competitions of technological power would, in fact, be won by well-resourced organisations rather than a few lone hackers.
Sure, classical hackers have won the occasional battle like reverse-engineering the Content Scrambling System for DVDs or jailbreaking iPods. But I'm pretty sure that Google, Apple, Microsoft and the rest ultimately have a far mightier influence over our electronic devices than Jon Lech Johansen, Richard Stallman or even Linus Torvalds. Meanwhile, the public's image of a "hacker" is largely informed by the kind of lawless computer whizzes they encounter most often: spammers, phishers, data thieves and authors of malware.
The law recognises this, and curtails rights like freedom of action and freedom of speech where, in the view of the law-makers, one person's exercise of those freedoms would interfere with someone else's freedom or well-being. So my freedom and ability to write e-mail software, for example, does not entail the right to e-mail fraudulent advertisements for Viagra to every e-mail address I can download.
Perhaps an honest-to-God cyberlibertarian would say that I should have the right to send whatever e-mail I like to whomever I like. But would he or she appreciate the same activity from Google, say, who possesses vastly greater reserves of information and software development skill than I?
