Technology, Thoughts & Trinkets

Touring the digital through type

Agenda Denial and UK Privacy Advocacy

stopFunding, technical and political savvy, human resources, and time. These are just a few of the challenges standing before privacy advocates who want to make their case to the public, legislators, and regulators. When looking at the landscape there are regularly cases where advocates are more successful than expected or markedly less than anticipated; that advocates stopped BT from permanently deploying Phorm’s Webwise advertising system was impressive, whereas the failures to limit transfers of European airline passenger data to the US were somewhat surprising.[1] While there are regular analyses of how privacy advocates might get the issue of the day onto governmental agendas there is seemingly less time spent on how opponents resist advocates’ efforts. This post constitutes an early attempt to work through some of the politics of agenda-setting related to deep packet inspection and privacy for my dissertation project. Comments are welcome.

To be more specific, in this post I want to think about how items are kept off the agenda. Why are they kept off, who engages in the opposition(s), and what are some of the tactics employed? In responding to these questions I will significantly rely on theory from R. W. Cobb’s and M. H. Ross’ Cultural Strategies of Agenda Denial, linked with work by other prominent scholars and advocates. My goal is to evaluate whether the strategies that Cobb and Ross write about apply to the issues championed by privacy advocates in the UK who oppose the deployment of the Webwise advertising system. I won’t be working through the technical or political backstory of Phorm in this post and will be assuming that readers have at least a moderate familiarity with the backstory of Phorm – if you’re unfamiliar with it, I’d suggest a quick detour to the wikipedia page devoted to the company.

Before initiators and opponents actually start fighting about the agenda, issues must first be identified. Not all problems are deemed significant enough to warrant attention and others are seen as outside of the agenda-holder’s purview. How then do initiators, such as privacy advocates, successfully present issues and get them on the agenda?

Getting to the Agenda 101

A policy initiator has to successfully define their issue-of-interest to get it onto the agenda. Initiators must “connect a problem to cultural assumptions about threats, risk, and humans’ ability to control their physical and social environments” (Cobb and Ross 1997: 5). This often entails a three-step process:

  1. A name must be given to the problem that resonates with the public. As an example: Deep Packet Inspection (DPI) is an illegitimate surveillance system that breaks the law and intrudes on personal privacy.
  2. Having named the problem, a culprit must be shown as responsible for unfair treatment experienced by victims. In the UK, Phorm and BT are shown as mutually complicit in deploying a DPI-based advertising system, in secret and in contravention of wiretapping laws. Such surveillance offends citizens’ communicative dignities.
  3. After naming the problem and blaming a party for the problem, initiators of a new policy must make arguments to attract support. These arguments should be framed to let members of the public impose their own meaning on the advocates’ message. Further, the arguments should reveal the social significance of the problem, appeal to the temporal relevance of the issue, frame the problem in non-technical language, and reveal the problem as categorically unique.

Per Cohen, Marsh, and Olsen (1972: 2), there are four separate policy ‘streams’ that policy initiators need to link together to get their issue onto the agenda; problems, solutions, participants, and choice opportunities. Kingdon (2002) compresses this set of windows, proposing that there are three ‘families’ of processes in federal agenda-setting processes: problems, policies, and politics. The success of the UK groups, then, has been dependent on framing their issue as a problem with a policy solution while linking with policy participants. Such participants must be able to affect the issue and willing to enact change. When analyzing policy windows it is critical to attend to the situational politics around prospective participants in the policy subsystem. If the situation prevents actors from acting then policy initiators may be unable to align policy windows and advance their issue to the governmental agenda. Effectively, even if privacy advocates frame their issue and identify a solution, the politics of the day may jeopardize attempts to put the issue on the government’s agenda.

Opposing Policy Initiators

How, exactly, are politics framed in a way that precludes actors from acting or policy windows from aligning? In Western democracies there are three typical choice-types available to those opposing advocates:

  1. Low-cost strategies stressing non-recognition of the advocate position;
  2. Medium-cost strategies attacking the advocates’ proposed policy;
  3. Medium-cost strategies symbolically placating advocates [2]

I’ll consider the strategies in turn, in relation to BT-Phorm and UK privacy advocates. I’ll conclude the post by proposing a series of research questions that stem from the EU ultimately stepping in and placing Phorm on its agenda despite UK regulatory bodies’ unwillingness to take up Phorm as an actionable agenda item.

Low Cost Strategies

Opponents of policy initiators often hope that voices outside the halls of power will just go away if they’re ignored. Ignoring problems is meant to deflect advocates, though the tactic is less successful when opponents face highly motivated policy initiators. The case of Phorm serves as a good example. After trying to ignore complaints from the user community, BT eventually admitted that they had tested the Phorm advertising system. This disclosure was motivated both by technical analyses of the BT network, the leaking of internal BT documents discussing a trial of the Webwise system, and pressure exerted by privacy advocates.

The actual problems that users experienced, however, were isolated, and the number of people affected were limited; not all BT customers were unknowingly enrolled in the test and of those who were, not all suffered material degradations of their Internet service. On the basis of both points advocates were pushed aside; they weren’t advocating on the behalf of a large population, and within the trial population only a small number were materially affected by the advertising system. This technique of dismissing claims based on the population affected is formally referred to as “antipatterning”, and it sees opponents put pressure on advocates to demonstrate that their concerns extend beyond a small subset of individuals and that the problem is important enough to rise to the agenda.

Key to opponents’ low-cost strategies is a refusal to communicate with initiators. A traditional tactic is to use the legitimacy associated with communicating directly with another person as a bargaining chip; initiators must set aside certain facets of the problem, or the issue must be framed in an ‘appropriate’ way for the conversation to begin ‘in earnest’. This has the effect of conditioning the issue that advocates raise, coercing them to make the issue more amenable to the agenda that their opponents want the government to work with. The other advantage associated with not or minimally communicating with advocates is that the action forces advocates to expend precious resources to gain publicity and find allies. Both are needed for an advocate group to convince opponents and officials alike that the issue they are championing deserves to be placed on the agenda.

Middle-Cost: Attacking Advocates’ Proposed Policy

Where initiators are already regarded as highly legitimate (e.g. a well-known, financed, politically savvy privacy advocacy group) then opponents will focus their attacks on the groups’ proposed policy. Such attacks commonly revolve around disputing advocates’ facts or the logic of their arguments. When raising issues about the nature of a privately owned digital network this tactic is quickly used: How can advocates make the claims they are, given that they have never operated the massive network? Without logs (secret and proprietary corporate information) how can advocates support their worries?

In addition to challenging policy initiators based on factual and logical grounds, opponents can raise the spectre of costs: If advocates successfully place their issue on the agenda, the end-result could be higher costs for all users of a service. Alternately (and possibly more effectively), if advocates are successful then users might be denied some sort of a reward. In the case of many DPI-based advertising system users are promised additional security resulting from DPI analyses, reduced bills, and so forth. Given the ‘carrots’ associated with DPI, advocates must translate issues that the public often regards as ‘intellectual’ into ‘meat and potatoes’ problems – how does DPI affect the common citizen, in an embodied and direct manner, on a daily basis.[3]

When the advocates themselves lack a pre-existing legitimacy, or lack ‘protective credentials’ or positions (e.g. advanced degrees, employment in a field related to the issue, etc), opponents may work against the group itself and bypass a policy-based critique entirely. Such attacks are intended to reduce advocates’ credibility. Phorm arguably attempted this (too late!) when creating their ‘Stop Phoul Play’ website that sought to discredit privacy advocates. Phorm’s efforts fit nicely into Cobb’s and Ross’ expectations that the opponent would try and link policy initiators to negative stereotypes (as serial agitators and ‘privacy pirates’) but it is less clear to me that they sought to blame advocates for the problem itself.

Privacy advocates tend to frame issues so as to claim the high ground of the issue at hand, pointing to economic, physical, psychic, or other indignities resulting from the issues they are pushing onto the agenda. Per Cobb and Ross, opponents are driven to neutralize these claims and such attempts were evident in the Phorm saga. Opponents pointed to the use of ISP networks for the transport of copyrighted material, transport which opponents maintained raise costs of doing business and thus for providing consumers’ Internet service. On this basis, Phorm’s advertising was valuable in offsetting rising costs resulting from ‘piracy’ actions, actions Phorm associated with the privacy campaigners themselves.

Finally, outright deception is sometimes used in this middle-cost attack strategy. Deception can entail “lying, spreading rumors, or planting false stories in the media. Deception involves the dissemination of materials known to be inaccurate or of questionable veracity” (Cobb and Ross 1997: 33). Advocates in the UK experienced these kinds of actions by Phorm, including accusations that a lead advocate had been fined for tens of thousands of dollars for copyright infringement.

Thus, in aggregate, we can see that BT and Phorm reacted as an opponent using mid-cost strategies meant to undermine the problem’s legitimacy as a potential agenda item, and that the opponents also sought to undermine the legitimacy of the advocates advancing the issue. These mid-cost attacks were supplemented with attempts to placate advocates, and arguably were successful in removing an influential policy initiator (Privacy International) from the (public) policy landscape.

Middle-Cost: Symbolically Placating Avocates

Symbolic placation typically involves opponents adopting “a language emphasizing mutual interests, and the zero-sum vocabulary associated with adversarial conflict is set aside” (Cobb and Ross 1997: 34). While placating advocates has the effect of legitimizing their issues, it does so in a manner that lets opponents retain control of how, why, and when the issue is actually raised to the agenda. Placation often entails establishing committees of some sort to study the problem and is more generally meant to defuse conflicts and weaken the momentum initiators have developed.

A particularly common tactic is to reach out and co-opt advocates’ actual or potential allies, offering jobs, positions, and other benefits to ‘work with’ the opponents. Privacy International arguably suffered this tactic. Phorm hired Simon Davies (director of Privacy International) to evaluate the Phorm Webwise system, and subsequently leveraged the fact that Davies was associated with the company to strategically limit Privacy Internationals’ influence. Specifically, the report produced by Davies maintained that the advertising system had to be opt-in and resolve questions around the legality of communications intrusion before it went live, but Phorm focused on the fact that Privacy International was working with the company and had positively evaluated the system. Somewhat surprisingly, and pleasantly, the absence of Privacy International didn’t let BT’s and Phorm’s activities continue unrestrained; other UK privacy campaigners jumped in to fill the void.

We have yet to see the tactic of postponement – where opponents agree with the validity of the grievance but identify reasons for why it will take time to resolve the issue – or a focus on past accomplishments and trustworthiness to justify the continuing existence (as opposed to resolution) of the issue. We may see both of these sooner rather than later, when the EU concludes their own investigations into Phorm and BT, and the UK government runs out of avenues to appeal the impending EU decision.

Complicating Politics

Much of the agenda-setting literature focuses on the federal level of analysis, investigating how issues become important on a national scale. Most of the BT-Phorm issue has revolved around agendas at the national level in the UK, but (somewhat) recently the EU has put Phorm on its own supranational agenda. This adds a level of complexity to the efforts of the privacy advocates seeking to shape deep packet inspection as an agenda item. Advocates sought to motivate the UK national agenda that opponents were deeply involved with, and were only moderately successful in putting their issue on the agenda. More specifically, while advocates successfully initiated political discourse about the technology the companies associated with the advertising system have successfully delayed or stifled regulatory action. Whether the regulator is subject to capture or not remains an open question, but in the face of external supranational oversight a national(ist) regulatory body may attempt to justify its behaviour to retain its own political legitimacy. The body may reframe the issue, away from advocates, focusing on a need to protect sovereign decision-making capability instead of actually regulating the DPI-based practices themselves. Thus, while advocates may find an ally in a supranational body, this body’s potency may shift the terms of political avoidance to the maintenance of political and decisional sovereignty.

To better understand and evaluate the impacts of shifting the issue to a supranational agenda in contravention of the attention paid to the issue on the national agenda, it is important to gain perspective on why, exactly, UK regulatory bodies have been so tardy in responding to the issue. These bodies have not been actively engaged in either of the medium-cost attack strategies, instead adopting a low-cost strategy of simply avoiding the issue. Does the transition to a supranational level of analysis shift how the UK body perceives DPI as an agenda item? Does it change the kinds of tactics that it considers (e.g. moving from avoidance to either symbolic placation or launching an attack on the legitimacy of the issue as a problem, or the legitimacy of either advocates or the EU commissioner)? Does the body seek to reframe the issue from one of privacy and law to one of political sovereignty? What, specifically, motivates the subsequent tactics, or does a system of continued avoidance persist despite the elevation of the issue?

These are the kinds of questions that I will be pursuing in the coming months as I conduct research for my dissertation; as/if I develop responses, I’ll be writing about them here.

Books Cited:

R. W. Cobb and M. H. Ross (eds.). (1997). Cultural Strategies of Agenda Denial. Lawrence, Kansas: University Press of Kansas.

M. D. Cohen, J. G. Marsh and P. P. Olsen. (1972). ‘A Garbage Can Model of Organizational Choice’, Administrative Science Quarterly. 17(1). 1:25.

J. W. Kingdon. (2002). Agendas, Alternatives, and Public Policies (Second Edition). New York: Longman.

Footnotes:

[1] For an excellent discussion and evaluation on how the transfer game was lost, read Abraham’s Protectors of Privacy.

[2] There is a forth potential approach to opposing advocates, high-cost strategies that often rely on “electoral, economic, and legal threats, as well as economic sanctions or legal actions, arrest, imprisonment, and organized violence.” While such approaches are sometimes evidenced, they are exceptional and rare.

[3] Translating issues for the public may not always be successful, or a good use of resources for some privacy advocates. Where advocacy groups are resourced or experienced, or simply integrated into an existing policy community that is more receptive to their claims than the public, the groups may work within their policy group instead of trying to convince the public of the poignance of the issue. The choice made – to get mass support or work within an existing policy network and its subsystems – may relate to the characteristics of the advocacy group in question.

5 Comments

  1. I *love* agenda-denial theory. I’m a bit shocked to find that there’s a dearth of recent literature that follows up on Cobb and Ross’ (1997) edited volume. Kathryn Harrison wrote in 2002 if I’m not mistaken on agenda-denial in breast milk and dioxins, but it’s a topic that is rarely explored. Three of my students have written their final papers using agenda-denial as a theoretical framework. I just never thought it would apply to UK privacy policy!

    Good post, Chris. And I love the redesign. I may imitate it 🙂

    • There is additional work on agenda-denial, but not much (any?) that has focused on applying agenda-denial to the issues privacy advocates face. I’m thinking of exploring agenda-denial as it relates to the environmental movement to see if/where there are correlations; given the emphasis in the privacy community on ‘learning from the environmentalists’ it seems like a logical literature stream to catch up on. Any suggestions on what I should be paying attention to?

  2. Very intersted to read your thoughts, but I am curious to know whether you have discussed the Phorm affair with anyone who was involved?

    For example… “We have yet to see the tactic of postponement – where opponents agree with the validity of the grievance but identify reasons for why it will take time to resolve the issue”… you might be aware, the matter is the subject of a Crown Prosecution Service complaint which has taken almost 900 days to consider. Supposedly the CPS consider the matter is ‘very complex’. If that isn’t classified as postponement I’m not sure what is.

    Other unusual factors to consider might include the strict legitimacy of what BT/Phorm were doing (it wasn’t simply a dispute about policy it was a question of criminal misconduct and law enforcement).

    There is also the inherent ‘self destructive’ nature of what BT/Phorm were doing. If they had been successful, they would have undermined the privacy/security/integrity of all UK telecommunications… compelling users to adopt encryption. If internet users adopt encryption, BT/Phorm’s operating model fails (foiled by encryption), and the ability to conduct legitimate surveillance for law enforcement is compromised.

    Another reason why it failed was the harm to BT’s valuable corporate clients. By using nationwide industrial espionage to gather commercial intelligence from their own corporate clients, BT risked losing corporate accounts and/or facing large scale legal action for intellectual property theft.

    That all of this was being accomplished using software developed by a Russian spyware outfit, and tested covertly, was the icing on the cake.

    In essence then, BT/Phorm were the architects of their own destruction. We just helped them along the path to self destruction.

    My contact form is here.

    • Hi Pete,

      I’ve (informally) spoken with some that have been involved, but am waiting for an ethics approval process to finish up before I get started with more in depth interviews (otherwise I can’t use what I learn in my dissertation!).

      As for postponement, it was used in a particular sense – from what I understand the CPS hasn’t actually recognized that what was done was illegal, but is still investigating, no? If that’s the case, then postponement hasn’t yet occurred as no formal acknowledgement of the legitimacy of the complaint is recognized. If the legitimacy were recognized, and then there was a delaying of action on the basis of challenge in dealing with the problem, then there would be a case of postponement that met the framework of the agenda-setting literature.

      Once my ethics (eventually….) goes through I’ll likely want to get ahold of you and A. Hanff to talk about Phorm; they’ll be prominent in my discussion of DPI in the UK.

  3. I’d be pleased to chat with you.

    It strikes me there are a lot of conventional assumptions about conventional campaigning which aren’t necessarily true of the unconventional Phorm affair.

    Another example, the assumption that BT were trading communication as a bargaining chip..? That’s simply not the case.

    In fact, BT wanted no publicity associated with this episode at all, and no dialog. And still don’t. Try searching for BT Webwise on the btplc website, you’ll find no reference at all… apart from my unwelcome appearance their AGM in 2008 (when Ian Livingston declined to offer an explaination, and decided not to speak a word). BT customer forums were purged of any reference to the project (see for example).

Leave a Reply

Your email address will not be published.

*