‘Cyberman’ by Christian Cable (CC BY-NC 2.0) at https://flic.kr/p/3JuvWv
Last month a paper that I wrote with Adam Molnar and Erik Zouave was published by Internet Policy Review. The article, “Computer network operations and ‘rule-with-law’ in Australia,” explores how the Australian government is authorized to engage in Computer Network Operations (CNOs). CNOs refer to government intrusion and/or interference with network information communications infrastructures for the purposes of law enforcement and national security operations.
The crux of our argument is that Australian government agencies are relatively unconstrained in how they can use CNOs. This has come about because of overly permissive, and often outdated, legislative language concerning technology that has been leveraged in newer legislation that expands on the lawful activities which government agencies can conduct. Australian citizens are often assured that existing oversight or review bodies — vis a vis legislative assemblies or dedicated surveillance or intelligence committees — are sufficient to safeguard citizens’ rights. We argue that the laws, as currently written, compel review and oversight bodies to purely evaluate the lawfulness of CNO-related activities. This means that, so long as government agencies do not radically act beyond their already permissive legislative mandates, their oversight and review bodies will assert that their expansive activities are lawful regardless of the intrusive nature of the activities in question.
While the growing capabilities of government agencies’ lawful activities, and limitations of their review and oversight bodies, have commonalities across liberal democratic nations, Australia is in a particularly novel position. Unlike its closest allies, such as Canada, the United States, New Zealand, or the United Kingdom, Australia does not have a formal bill of rights or a regional judicial body to adjudicate on human rights. As we write, “[g]iven that government agencies possess lawful authority to conduct unbounded CNO operations and can seek relatively unbounded warrants instead of those with closely circumscribed limits, the rule of law has become distorted and replaced with rule of law [sic]”.
Ultimately, CNOs represent a significant transformation and growth of the state’s authority to intrude and affect digital information. That these activities can operate under a veil of exceptional secrecy and threaten the security of information systems raises questions about whether the state has been appropriately restrained in exercising its sovereign powers domestically and abroad: these powers have the capability to extend domestic investigations into the computers of persons around the globe, to facilitate intelligence operations that target individuals and millions of persons alike, and to damage critical infrastructure and computer records. As such, CNOs necessarily raise critical questions about the necessity and appropriateness of state activities, while also showcasing the state’s lack of accountability to the population is is charged with serving.
Read the “Computer network operations and ‘rule-with-law’ in Australia” at Internet Policy Review.
This is a full draft of the paper on Twitter and privacy that I’ve been developing over the past few weeks, entitled ‘Who Gives a ‘Tweet’ About Privacy?’ It uses academic privacy literature to examine Twitter and the notion of reasonable expectations of privacy in public, and is written to help nuance privacy discussions surrounding the discourse occuring on Twitter (and, implicitly, similar social networking and blogging sites). The paper focuses on concepts of privacy and, as such, avoids deep empirical analyses of how the term ‘privacy’ is used by particular members of the social networking environment. Further, the paper avoids delving into the web of legal cases that could be drawn on to inform this discussion. Instead, it is theoretically oriented around the following questions:
- Do Twitter’s users have reasonable expectations to privacy when tweeting, even though these tweets are the rough equivalent of making statements in public?
- If Twitter’s user base should hold expectations to privacy, what might condition these expectations?
The paper ultimately suggests that Daniel Solove’s taxonomy of privacy, most recently articulated in Understanding Privacy, offers the best framework to respond to these question. Users of Twitter do have reasonable expectations to privacy, but such expectations are conditioned by juridical understandings of what is and is not reasonable. In light of this, I conclude by noting that Solove’s use of law to recognize norms is contestable. Thus, while privacy theorists may adopt his method (a focus on privacy problems to categorize types of privacy infractions), they might profitably condition how and why privacy norms are established – court rulings and dissenting opinions may not be the best foundation upon which to rest our privacy claims – by turning to non-legal understandings of norm development, degeneration, and mutation.
Paper can be downloaded here.
I owe this (more nuanced reflection) of yesterday’s note on the role of ‘professional’ versus ‘amateur’ news, again, to my colleague Tim Smith. After reading my post yesterday, he replied:
nice piece Chris! I have a follow up question.
is investigative journalism on the net in the spaces Simon characterized as amateur. I am thinking of reports like a Bob Woodward breaking of Watergate. A Seymour Hersh breaking of Abu Ghraib. This type of investigative reporting.
Do you see the type of investigative journalism (on political matters) coming from blogs and internet media? If not, could it come from there? It certainly requires a system of professional training (gathering and putting together information not necessarily available on the internet), resources and social capital (contacts).
Re-reading what I’d posted, I can see that these are questions that needed to be asked and responded to. Below is my response to Tim.
I’ve recently been reading some of David Lyon’s work, and his idea of developing an ethic of voyeurism has managed to intrigue me. I don’t think that I necessarily agree with his position in its entirety, but I think that it’s an interesting position. This paper, entitled “Code-Bodies and Algorithmic Surveillance: Examining the impacts of encryption, rights of publicity, and code-specters,” is an effort to think through how voyeurism might be understood in the context of Deep Packet Inspection using the theoretical lenses of Kant and Derrida. This paper is certainly more ‘theoretical’ than the working paper that I’ve previously put together on DPI, but builds on that paper’s technical discussion of DPI to think about surveillance, voyeurism, and privacy.
As always, I welcome positive, negative, and ambivalent comments on the draft. Elements of it will be adopted for a paper that I’ll be presenting at a Critical Digital Studies workshop in a month or two – this is your chance to get me to reform positions to align with your own! *grin*