The UK is in a bit of a bad row. According the BBC news site, today the Speaker of the Commons has stepped down, there is an Irish child abuse report coming due, and violence is rife in a failing prison. What hasn’t made BBC headlines, is that the Prime Minister’s office has made it clear that it will not look into British ISPs’ business arrangements with Phorm. After noting that the government is interested in shielding citizens’ privacy, the Prime Minister’s office notes,
ICO is an independent body, and it would not be appropriate for the Government to second guess its decisions. However, ICO has been clear that it will be monitoring closely all progress on this issue, and in particular any future use of Phorm’s technology. They will ensure that any such future use is done in a lawful, appropriate and transparent manner, and that consumers’ rights are fully protected (Source).
The Prime Minister’s office is unwilling to ‘second guess’ the ICO, and instead refers petitioners (there were about 21,000) to the ICO’s public statement about Phorm. In that publication (dated April 8, 2009), the ICO stated that that:
Indeed, Phorm assert that their system has been designed specifically to allow the appropriate targeting of adverts whilst rigorously protecting the privacy of web users. They clearly recognise the need to address the concerns raised by a number of individuals and organisations including the Open Rights Group (Source).
[Note: this is an early draft of the second section of a paper I’m working on titled ‘Who Gives a Tweet about Privacy’ and builds from an earlier posted section titled ‘Privacy, Dignity, Copyright and Twitter‘ Other sections will follow as I draft them.]
Towards a Statutory Notion of Privacy
Whereas Warren and Brandeis explicitly built a tort claim to privacy (and can be read as implicitly laying the groundwork for a right to privacy), theorists such as Alan Westin attempt to justify a claim to privacy that would operate as the bedrock for a right to privacy. Spiros Simitis recognizes this claim, but argues that privacy should be read as both an individual and a social issue. The question that arises is whether or not these writers’ respective understandings of privacy capture the normative expectations of speaking in a public space, such as Twitter; do their understandings of intrusion/data capture recognize the complexities of speaking in public spaces and provide a reasonable expectation of privacy that reflects people’s interests to keep private some, but not all, of the discussions they have in public?
I owe this (more nuanced reflection) of yesterday’s note on the role of ‘professional’ versus ‘amateur’ news, again, to my colleague Tim Smith. After reading my post yesterday, he replied:
nice piece Chris! I have a follow up question.
is investigative journalism on the net in the spaces Simon characterized as amateur. I am thinking of reports like a Bob Woodward breaking of Watergate. A Seymour Hersh breaking of Abu Ghraib. This type of investigative reporting.
Do you see the type of investigative journalism (on political matters) coming from blogs and internet media? If not, could it come from there? It certainly requires a system of professional training (gathering and putting together information not necessarily available on the internet), resources and social capital (contacts).
Re-reading what I’d posted, I can see that these are questions that needed to be asked and responded to. Below is my response to Tim.
Privacy. Privacy, Privacy, Privacy.
Google is persistently in the limelight for it’s ‘invasions’ of personal privacy. I’ve made references to Google and privacy in a variety of blog posts, but whenever I think about Google my mind returns to a comment from Peter Fleischer, the chief privacy officer for Google. In a post in 2007, he wrote (in his personal blog) that:
. . . privacy is about more than legal compliance, it’s fundamentally about user trust. Be transparent with your users about your privacy practices. If your users don’t trust you, you’re out of business (Source)
Perhaps naively, I think that this statement is accurate – look at the nightmares that Facebook, NebuAd, and Phorm (to name a few) all have when they ‘invade’ customers’ privacy without being fully transparent about what, and why, they are engaging in their practices. What’s more, as soon as you establish an ‘it’s our way, or no way’ approach, you immediate establish a hostile environment between you and your users. In business, your users are your lifeblood; alienate them only if you really like polishing your resume.
Deep Packet Inspection is being deploying by an increasing number of operators for a host of purposes, including content analysis, flow analysis, network management (broadly stated), network management as integrated with policy management, and behavioural advertising (to name a few). While BT, in the UK, has openly admitted to working with Phorm to bring behavioral advertising to its consumers, it now appears as though network owners are going to be analyzing Internet traffic from mobiles, as well as desktop and notebook computers.
The Guardian is reporting that in a recent GSMA trial to collect information of where mobile users’ are browsing, that “the UK’s five networks – 3, O2, Orange, T-Mobile and Vodafone – used deep packet inspection technology to collect data covering about half the UK’s entire mobile web traffic” (Source). There is no indication that this is presently being associated with customers’ geolocation, but this does suggest that DPI is gaining increasing acceptance in the UK as a means of tracking what people are doing. Apparently the weak regulatory responses in the UK are spurring companies to deploy DPI before they are left behind the rest of the pack.
has recently put out a good piece, titled Online Ad Targeting: From ‘Maximize’ to ‘Optimize’. In it, Troiano effective notes that online advertisers aren’t making much money by bombarding their customers with irrelevant ads, and the attempts to use deep packet inspection technologies as NebuAd and Phorm strike potential customers as ‘creepy’. He suggests that advertisers adopt three principles:
- User control: Users should own and control their personal information. Period. It sounds like a novel idea, but when people have control over their own personal information and can choose to share it or not share it with whomever they want, that will make them feel all warm and fuzzy inside.
- Transparency: Offering an opt-out option is not enough. Any online entity that tracks or collects user data of any kind should be straightforward and alert users to its practices. It’s not wrong to target ads, but it is wrong to collect users’ personally identifiable information without their permission. If companies adhere to this level of transparency, the need for potentially stifling congressional control is significantly lessened.
- Trust: Offering users a high level of control over their information and requiring a high level of transparency from online publishers and retailers will result in mutual trust. Users will share certain information about themselves in return for something they want and companies will promise not to use their information in inappropriate ways. Building this kind of trust is not easy, but when achieved it will create a mutually beneficial relationship.
This makes sense to companies for two reasons: