Democracy

Computer network operations and ‘rule-with-law’ in Australia

/ Christopher Parsons

‘Cyberman’ by Christian Cable (CC BY-NC 2.0) at https://flic.kr/p/3JuvWv

Last month a paper that I wrote with Adam Molnar and Erik Zouave was published by Internet Policy Review. The article, “Computer network operations and ‘rule-with-law’ in Australia,” explores how the Australian government is authorized to engage in Computer Network Operations (CNOs). CNOs refer to government intrusion and/or interference with network information communications infrastructures for the purposes of law enforcement and national security operations.

The crux of our argument is that Australian government agencies are relatively unconstrained in how they can use CNOs. This has come about because of overly permissive, and often outdated, legislative language concerning technology that has been leveraged in newer legislation that expands on the lawful activities which government agencies can conduct. Australian citizens are often assured that existing oversight or review bodies — vis a vis legislative assemblies or dedicated surveillance or intelligence committees — are sufficient to safeguard citizens’ rights. We argue that the laws, as currently written, compel review and oversight bodies to purely evaluate the lawfulness of CNO-related activities. This means that, so long as government agencies do not radically act beyond their already permissive legislative mandates, their oversight and review bodies will assert that their expansive activities are lawful regardless of the intrusive nature of the activities in question.

While the growing capabilities of government agencies’ lawful activities, and limitations of their review and oversight bodies, have commonalities across liberal democratic nations, Australia is in a particularly novel position. Unlike its closest allies, such as Canada, the United States, New Zealand, or the United Kingdom, Australia does not have a formal bill of rights or a regional judicial body to adjudicate on human rights. As we write, “[g]iven that government agencies possess lawful authority to conduct unbounded CNO operations and can seek relatively unbounded warrants instead of those with closely circumscribed limits, the rule of law has become distorted and replaced with rule of law [sic]”.

Ultimately, CNOs represent a significant transformation and growth of the state’s authority to intrude and affect digital information. That these activities can operate under a veil of exceptional secrecy and threaten the security of information systems raises questions about whether the state has been appropriately restrained in exercising its sovereign powers domestically and abroad: these powers have the capability to extend domestic investigations into the computers of persons around the globe, to facilitate intelligence operations that target individuals and millions of persons alike, and to damage critical infrastructure and computer records. As such, CNOs necessarily raise critical questions about the necessity and appropriateness of state activities, while also showcasing the state’s lack of accountability to the population is is charged with serving.

Read the “Computer network operations and ‘rule-with-law’ in Australia” at Internet Policy Review.

The Governance of Telecommunications Surveillance

/ Christopher Parsons

Last week I released a new report, The Governance of Telecommunications Surveillance: How Opaque and Unaccountable Practices and Policies Threaten Canadians, through the Telecommunications Transparency Project. The Project is associated with the Citizen Lab, an interdisciplinary laboratory based at the Munk School of Global Affairs, University of Toronto, and the report was funded through the Canadian Internet Registration Authorities’s .CA Community Investment Program.

The report examines how contemporary telecommunications surveillance is governed in Canada. In it, we ask how much telecommunications surveillance is occurring in Canada, what actors are enabling the surveillance, to what degree those actors disclose their involvement in (and the magnitude of) surveillance, and what degree of oversight is given to the federal governments’ surveillance practices. We conclude that serious failures in transparency and accountability indicate that corporations are failing to manage Canadians’ personal information responsibly and that government irresponsibility surrounding accountability strains its credibility and aggravates citizens’ cynicism about the political process. In aggregate, these failings endanger both the development of Canada’s digital economy and aggravate the democratic deficit between citizens and their governments.

Continue reading

Twitter and Privacy in Social Context

/ Christopher Parsons

antitwitter

[Note: this is an early draft of the third section of a paper I’m working on titled ‘Who Gives a Tweet about Privacy’ and builds from an earlier posted sections titled ‘Privacy, Dignity, Copyright and Twitter‘ and ‘Twitter and Statutory Notions of Privacy‘. The final sections will be posted as I draft them.]

Simitis recognizes privacy as an issue concerning all of society. As a consequence, his position on the topic is differentiated from those of Westin, Warren, and Brandeis by asserting that privacy is essential for establishing and maintaining constitutional infrastructures. In this section, we take up the ‘social’ element of privacy, exploring it in more depth and to consider its role in establishing citizen-solidarity. In addition, we consider privacy as a contextualized norm that attaches different expectations of privacy to particular situations and encounters. While social-contextual accounts establish reasonable expectations to privacy in public, our hopefulness surrounding these accounts wears thin because the selected scholars exhibit an under theorized conceptualization of how socio-contextual norms are established. Effectively, without an account of how socio-contextual norms are developed in pluralistic environments we are left with little understanding of how to read privacy norms in public spaces like Twitter. Thus, while understanding privacy as contextual integrity does establish reasonable expectations (note the plural) of privacy, the multiplicity of such instantiations renders such understandings of limited usefulness for juridical application in contemporary pluralistic nation-states. Continue reading

Twitter and Statutory Notions of Privacy

/ Christopher Parsons

protectionpersonaldataright[Note: this is an early draft of the second section of a paper I’m working on titled ‘Who Gives a Tweet about Privacy’ and builds from an earlier posted section titled ‘Privacy, Dignity, Copyright and Twitter‘ Other sections will follow as I draft them.]

Towards a Statutory Notion of Privacy

Whereas Warren and Brandeis explicitly built a tort claim to privacy (and can be read as implicitly laying the groundwork for a right to privacy), theorists such as Alan Westin attempt to justify a claim to privacy that would operate as the bedrock for a right to privacy. Spiros Simitis recognizes this claim, but argues that privacy should be read as both an individual and a social issue. The question that arises is whether or not these writers’ respective understandings of privacy capture the normative expectations of speaking in a public space, such as Twitter; do their understandings of intrusion/data capture recognize the complexities of speaking in public spaces and provide a reasonable expectation of privacy that reflects people’s interests to keep private some, but not all, of the discussions they have in public?

Continue reading

EU: Judicial Review Central to Telecom Disconnects

/ Christopher Parsons

elpalaciodejusticiaI’m perhaps a bit idealistic, but I think that there are clear contemporary demonstrations of democracy ‘working’. Today’s example comes to us from Europe, where the European Parliament has voted to restore a graduated response to copyright infringement that pertains to when and how individuals can be disconnected from the Internet. Disconnecting individuals from the ‘net, given its important role in citizens’ daily lives, can only be done with judicial oversight; copyright holders and ISPs alone cannot conspire to remove file sharers. This suggests that any three-strike policy in the EU will require judicial oversight, and threatens to radically reform how the copyright industry can influence ISPs.

What might this mean for North America? If policy learning occurs, will we see imports of an EU-style law on this matter? Do we want our policy actors to adopt an EU-model, which could be used to implement a three-strike rule that just includes judicial review at the third strike? In Canada, with the tariffs that we pay, there are already permissible conditions for file sharing – do we really want to see strong American or WIPO copyright legally enforced on our soil?

Continue reading

Three-Strike Copyright

/ Christopher Parsons

To fully function as a student in today’s Western democracies means having access access to the Internet. In some cases this means students use Content Management Systems (CMSs) such as Drupal, Blackboard, or wikis (to name a few examples) to submit homework and participate in collaborate group assignments. CMSs are great because teachers can monitor the effectiveness of student’s group contributions and retain timestamps of when the student has turned in their work. Thus, when Sally doesn’t turn in her homework for a few weeks, and ‘clearly’ isn’t working with her group in the school-sanctioned CMS, the teacher can call home and talk with Sally’s parents about Sally’s poor performance.

At least, that’s the theory.

Three-Strike Copyright and Some Numbers

I’m not going to spend time talking about the digital divide (save to note that it’s real, and it penalises students in underprivileged environments by preventing them from acting as an equal in the digitized classroom), nor am I going to talk about the inherent privacy and security issues that arise as soon as teacher use digital management systems. No, I want to turn our attention across the Atlantic to Britain, where the British parliament will soon be considering legislation that would implement a three-strike copyright enforcement policy. France is in the process of implementing a similar law (with the expectation that it will be in place by summer 2008), which will turn ISPs into data police. Under these policies if a user (read: household) is caught infringing on copyright three times (they get two warnings) they can lose access to the ‘net following the third infringement.

Continue reading