Tuesday, 20 December 2011

Facebook's new timeline: privacy worries explained - it's all about choice & control (or lack thereof)

Since writing about Facebook Timeline some, having read my earlier post explaining Timeline, have asked me whether there really is a privacy concern, or whether people just need to get used to the fact the information they chose to share is out there.

This is a legitimate challenge.  The question gets to the nub of what privacy in a digital world means to people, and indeed what is meant by sharing, especially when sharing is amongst friends.

A key plank of privacy is providing users with clarity on how their personal stuff will be used, choice, and ease of control over information they choose to publish.

Facebook doesn't bill itself primarily as a publishing platform.  It sells itself as a social network and, as such, encourages candid disclosure amongst friends.  Yet the Facebook timeline makes your digital exhaust - stretching back years - easily visible and searchable without providing all the tools necessary to bulk-manage older posts. 

Privacy concerns about Timeline aren't about public versus "private", the new feature doesn't alter the privacy settings of old posts - although many people are now using tighter privacy settings than they were when they first joined Facebook. 

The issue is, literally, amongst friends.

Most of us have added a lot of new friends over the years.  Old posts were written with a different audience in mind and we perhaps don't want to have e.g. updates from years ago relating to a previous partner flaunted in front of our new love.

Friday, 16 December 2011

Facebook's new timeline - laying out your past, and there's no going back from this privacy minefield

You might want to think very carefully before upgrading to Facebook's new timeline.

It brings additional visibility to older posts, sometimes from many years ago.

No problem, you might think.  But you better be sure, for once users sign up to the new timeline it's a one-way street. Facebook gives you 7 days to manage old posts before they become visible, and we found no way of delaying or stopping this process; but you can, of course, speed it up.

UPDATE: privacy worries explained - it's all about choice & control.

One thread on Facebook's Help Centre has (at the time of writing) 380 responses to a request to turn the feature off, many pleading for an answer.

Timeline "preview" - you have 7 days to sort your past.
On the surface the new feature doesn't sound too problematic. It provides a neat way of scrolling back through a user's older posts. It doesn't alter the privacy settings of those posts, and in some respects the information's already 'out there', so there's no problem, right?

Not quite. The Timeline feature brings your past to the present. Facebook automatically selects a collection of pictures and updates from each year and presents them as "highlights". One click and I'm back to 2007 and a selection of pictures before I got married.

It's up to the user to manage what's shown - if you have the time to do this. Before you know it, your digital exhaust stretching back many years is easily browsable and visible to friends - and possibly everyone, depending on your privacy settings.

Thursday, 15 December 2011

The difference between privacy and "personal data"


It's not what you choose to read, it's where you choose to read it...

Notable from the "privacy" debate around media ethics is the number of times I hear people say, "this information is private" when they actually mean personal.  From judges to MPs, lawyers, celebrities and journalists conflate the two issues.

Privacy is about choice; finding a private space where you're free to act unobserved.  Privacy is critical to personal and social development.

Private spaces are necessary to learn and practice without the threat of humiliation or outside criticism.  Without such spaces our entire lives would be open to outside scrutiny, making life oppressive for all but a lucky outgoing few able to withstand the pressure of constant monitoring.

Private spaces are also incredibly important to the formation of social and family bonds.

"Personal data" is commonly defined in legislation marking out certain classes of information that are deemed to be confidential.  Such classes typically include political views, religion and sexual preference and are specified in laws such as the UK Data Protection Act.


Tuesday, 13 December 2011

The privacy outlook 2011->2012 part 1: key themes

This is part 1 of a 3-part series

After a lot of time looking at the great digital copyright challenge and a brief foray into 4G mobile data"adult" content blocking and social media injunctions I spent the last week firmly back on digital privacy. A greater challenge even than copyright, and with perhaps greater significance.

Two seminars in 6 days and a lot of meetings and web chats later some key themes are emerging:
  1. The "can't do that because of privacy" argument is losing any sway it once had. Governments now hold aloft useful services reliant on private data that people willingly use - Foursqare, Facebook, Amazon recommends - to attempt to discredit arguments like "it's my data, you can't have it."  Don't shout all at once, I know such a rebuttal is flawed; I'm just explaining the situation as I see it.  As a speaker said at a recent privacy seminar, government policy is not driven by proven fact and rational argument but by the headlines in the Daily Mail.  A valid political argument is one that washes with the public.
     
  2. Enforcement of do's and don'ts through the law is a pipe dream.  Data is everywhere, we have a massively distributed problem; and the problem is relatively knew, technology - and the markets - in many respects needs time to catch up with themselves.  Many data protection laws and regulations are nothing more than best practice - in reality prosecutions are expensive, time consuming and data regulators have relatively low capability, are under-resourced, have limited power and as a consequence are of little deterrent.  (If they had more power there'd be a risk of encroachment into free speech and free press territories!) Regulation needs to aim at a enforcing a few high level principles - setting the red lines on the harm spectrum - and leave the rest to technology and the markets to solve.
     
  3. Privacy is still a debate driven by fear.  Not just the odious McMullen with "privacy is for paedos" (perhaps belying McMullen's own fear of the privacy brigade) but fear by citizens not understanding the privacy implications of their actions, whipped up into a frenzy only when the Daily Mail tells them to be angry; and fear within corporations afraid of a privacy backlash - a rare but devastating event.  Corporations and government officials trying to do the right thing are walking afraid, whilst the general public is at risk of walking blindly into traps, willingly disclosing too much personal data.  Meanwhile private organisations who either don't give a hoot or justify their behaviour using their own moral code continue to make money out of profiling the population.
     
  4. Transparency is crucial.  More crucial perhaps than any other data protection principle, regulation or law.  But companies and governments don't want to be transparent, mainly because of (3) above, but also because of (1) - they don't want to be told they "can't" do something; and, (2) - being transparent about what they're doing makes them an easy target for the under-resourced regulator.
I'll be exploring around these themes in two follow-up posts.

Monday, 12 December 2011

Solution for GCHQ '_Can you crack it' cyber challenge

Okay, the GCHQ cyber challenge canyoucrackit.co.uk has just closed seems to have re-opened... Is it on a loop? Anyhow, here's the solution.  We can report that the challenge, described in the Telegraph as 'fiendishly difficult', is... fiendishly difficult!

Here's a 30-minute video to guide you through, there are actually 3 stages - see below for more info. Best watched full screen HD (and even then, apologies some of the screen text is not fully readable and apologies again for occasional bumbling):



The stages

Stage 1: combine the machine code instructions displayed on the website with additional bytes encoded in a comment field of the PNG image.  The bytes in the comment field are base64 encoded.  Create an executable wrapper and execute the routine (I did this on a virtual machine just in case there was any malware inside).  Search the stack and find a URL which retrieves stage 2 from the canyoucrackit.co.uk website.

Open Digital files for stage 1:
 - 'C' wrapper to make an executable (compiles using gcc on a 32-bit linux machine)
 - (roughly) disassembled assembler for the routine provided by the challenge website

Stage 2: write a software implementation of a CPU (a virtual machine) and execute the provided software on the virtual machine you've just written.  The routine decrypts part of the provided memory and results in another URL which retrieves stage 3 from the challenge site.

Here's a copy of the starting point (.js) (in case it doesn't work not the challenge has closed) and our solution (.js).  Or a web page which will run our solution.

Stage 3: use the Linux 'strings' command and a good disassembler (I used PE Explorer) to work out what the executable does.  Turns out you don't need to actually run it.  Find a mystery string which looks like an encrypted word and hunt 3 mystery 4-byte words, 1 from stage 1 and 2 from stage 2.  Plug them all together and use the resultant URL to retrieve a keyword from the challenge website.


Put the keyword into the front page of canyoucrackit.co.uk and apply for your job at GCHQ!


Here's the disassembled stage 3 executable "keygen.exe"

@JamesFirth

Tuesday, 6 December 2011

Balance on lobbying - the view of a lobbyist

Whether I like it or not, I spend a lot of my time lobbying Government and Parliament.  I started doing this about 2 years ago because (i) the government seemed to be making a complete hash of IT and internet policy; and, (ii) the loudest voice heard by government was from vested commercial interests who could afford to pay full-time lobbyists and hire specialist lobby firms - few people were providing a counter-view from small businesses or the online community.

To my surprise the world of lobbying isn't as closed as some make out.  Many parliamentarians especially go out of their way to bring outside knowledge into parliament, and all seem to thrive on interacting with "ordinary voters" with a well-thought-out perspective.

But of course there's the inevitable vapour shields.  MPs are wary about politically-motivated attacks and misinformation, Government has a formidable barrier to protect itself from the "noise" of discontented citizens.  If it was as easy as walking up to the Cabinet Office to register one's discontent in person with the Minister, the queue would stretch from Downing Street to Aberdeen I'm sure!

It shouldn't come down to who you know, but of course Ministers, MPs, policy advisers and senior civil servants are just people with friends, family and a long queue of people with vested interests itching to get a message to them.  The most powerful arguments come from people with whom those in power have an existing relationship; people they've got to know.

You need to know a little bit about someone to understand where they're coming from; what motivates them, and why they're making the demands they're making.

Essentially, there's nothing wrong with the idea of lobbying.  If a government isolated itself fully behind official channels, and those channels are anything less than perfect at gauging opinion, that government will become ill-informed and deficient.

Government needs a balanced mix of contact with the public, industry and other bodies such as libraries and educational establishments.  Yes, big libraries, universities and charities have lobbyists too!

The problem comes about when money starts to tip the balance, corrupting the system.  When people have no moral qualms about pushing the interests of the highest bidder, whoever that might be.

Monday, 5 December 2011

New round of ministerial meetings on digital copyright enforcement partially opened-up

Update: read a report from the meeting here.

Open Digital has been invited to attend a new round of ministerial meetings on digital copyright enforcement, hosted by Ed Vaizey at the Department for Media, Culture and Sport.

This time the attendee list will be wider, bringing representatives from across the industry.  The first meeting is scheduled for this Wednesday, 7th December, and will feature representatives from:
  • Featured Artists Coalition
  • Google
  • EMI Music UK & Ireland
  • BPI (British Phonographic Industries)
  • Publisher's Association
  • Warner Music
  • Music Publisher's Association
  • Yahoo!
  • Ofcom
  • UKIE (UK Interactive Entertainment)
  • ISPA (Internet Service Providers Association)
  • PRS (Performing Rights Society)
  • Talk Talk
  • Open Digital Policy Organisation
  • Open Rights Group
  • Universal Music
  • Beggars Group
  • UK Music
  • Premier League
  • BSkyB
  • MPAA (Motion Picture Association of America)
  • Virgin Media
  • Sony Music
  • IAB (Internet Advertising Bureau)
  • Consumer Focus
  • Officials from the DCMS
We welcome the Minister taking the significant step of widening the invite list for meetings previously held behind closed doors.

Whilst we appreciate there is still some way to go to bring this discussion fully into the public arena - where it ultimately needs to be - both the Open Rights Group and Open Digital made it clear that our attendance was on condition that:
"discussions can be open and on the record" and we "would not want to find that elements of the discussion or papers at the meeting were deemed to be confidential."
A member of Ed Vaizey's office replied:
"Thanks for your emails - I completely understand.
 We look forward to seeing you on the 7th." 
We are therefore in a position to openly report on the meeting, bringing some scrutiny to a closed process.

If the scope of such meetings enters the territory of new legislation we will be the first people to suggest that such meetings be open to full public scrutiny in the form of a parliamentary [draft bill] committee and a public consultation.  Public policy should not be forged in private.

Friday, 2 December 2011

The GCHQ Cyber Challenge: hqDTK7b8K2rvw

UPDATE 11th Dec (11:59!): Solution here on the Open Digital Blog

.We used a few spare hours in the office yesterday and today to have a go at the GCHQ cyber challenge _Can you crack it? 

Using a combination of Linux and Windows machines, a bit of JavaScript knowledge and 25 years' programming experience we got to stage 2 of 3.   We hope to bring you the full low down of how to solve it if we get there, however we don't want to spoil the fun for those still doing it so we won't say anything until the competition closes, bar this: hqDTK7b8K2rvw  - just to prove we got to where we did, when we did!

Hope to have the full explanation for you a week on Monday!

UPDATE 4th Dec: Just cracked it!

Wednesday, 30 November 2011

Fiscal stimulus? £100m of public money for broadband where it's least needed

The following was first posted on slightlyrightofcentre.com:

Yesterday the Chancellor announced £100m of extra money (or at least I assume it's new money) for broadband investment in UK cities.

Of those, Cardiff, Edinburgh, Belfast and London have already been identified. 6 More cities will follow.

Here's a map from July showing areas with best broadband coverage (light grey) and those with the worst (red). The map is from Ofcom, via ISPReview.  (Click to enlarge).


You shouldn't have to ask your old geography teacher to identify the four capitals receiving some of the £100m.

I'll give you a clue, they're all painted grey or light grey, indicating they already have better than 70% availability of "superfast" broadband (roughly faster than 20Mbps actual line speed download, essentially access to BT infinity service).

The red areas have less than 30% availability.  They will share £20m of funding.  Yes, pretty much the rest of rural Britain will share 1/5th of the money set aside for cities.

The business case: tipping the investment equation, or lining BT's pockets?

The reason I'm so angry about yesterday's announcement is that it doesn't, from a policy position, make much sense.  Yes, I understand innovation isn't a zero-sum game.  Spearheads are needed in order to advance; and we all end up benefiting - even the rural notspots.  If all we knew possible was 56kbps dial-up we'd still be left with 56kbps dial-up.

But parts of Britain still are on 56kbps dial-up, and we face a challenge because large telcos don't see a business case for investing in faster broadband outside of the more densely populated towns and cities.

Monday, 28 November 2011

Press abuses and the failure of the Social Contract

The following text will form a short paper on the subject.  Comments will be incorporated where appropriate. 

Undoubtedly a lot - most, in fact - of the press behaviour being uncovered in the ongoing Leveson Inquiry is abhorrent.  Nothing I say below is intended to justify in my attempt to explain and understand.

It's not that many of the practices and methods employed to monitor celebrities' and sports stars' every moves would be unwarranted if, for example, investigating serious corruption in politics or a police force.

Whilst phone and computer hacking are both clearly illegal (I'm yet to decide how I'd feel if a very serious high-level corruption scandal was unearthed using such techniques) I certainly wouldn't be worried if journalists or private investigators tailed contacts in public, or used covert recording, in pursuit of a story of genuine public interest.

However we're not talking about investigating high level corruption; we're talking about singers, writers, footballers and comedians.

Whilst many of the press methods and practices used to keep tabs on celebrities are not illegal, they are clearly unethical and anti-social when applied indiscriminately in search of dirt on, or to deliberately blacken the name of, someone in the public eye.


Forgetting for a moment about the clearly illegal behaviour, the conundrum of press regulation is to keep press behaviour towards the green end of the spectrum without unduly shackling the press.

And, if the press do need shackling, how to we prevent the manacles of regulation being abused by state or corporate interests to hide stories of legitimate public concern?

Essentially, who will be the arbiters of public interest?

This question of how to regulate is irrelevant if we can work out why the Social Contract failed.  Why did it take so long for any other organisation or institution pick up on the antisocial behaviour of the tabloid press and allow public contempt and market forces to act together to moderate it, thereby working to keep the behaviour of the press in the green zone of the Harm Spectrum?

Note: the press abuses scandal was, eventually, uncovered by sections of the press.

Thursday, 24 November 2011

Abigail Harrison joins the Open Digital Policy Advisory Council

Abigail Harrison,
Managing Director, thebluedoor
I'm extremely pleased to welcome Abigail Harrison to the Open Digital Policy Advisory Council.   Our Advisory Council guides all our policy work at Open Digital.  Abigail brings a wealth of understanding of digital marketing and public relations, augmenting our existing policy team.

She has worked in PR and social media for 18 years, working for some of the biggest agencies, delivering award winning results for leading global brands.

As one of the key players in the digital and social media sector, Abigail founded DigitalSurrey, which regularly draws stand-out sector speakers from global technology and media firms such as Google, IBM, CSC, Ogilvy, Microsoft and the BBC, selling-out every month (although, in the spirit of open knowledge sharing, all events are free to attend).

Abigail has been involved in the organisation of major social media events such as Twestival, TweetCamp and Social Media Week, all of which attract some of the leading movers and shakers in the global social media sector and has also been nominated as the Institute of Directors' South East Director of the year, 2011.






Friday, 4 November 2011

The US regulatory view: ODPO gets lunch with FCC Commissioner Robert McDowell

It was a surprise for a fledgling policy group to get an invite to lunch with a senior US regulator.

The Federal Communications Commission is the US version of Ofcom - on steroids! There are over 1,500 television stations, compared to the UK's handful, plus a host of radio, telephony and data services.  Spectrum allocation and competition questions arising from spectral scarcity (there isn't enough resource to meet the market demand, and the resource available needs to be carefully managed) form a big part of the FCC's job.

Oh, and they regulate taste and decency on broadcast TV channels.
"Most US residents think of the 38th Super Bowl when you mention the FCC, but dealing with incidents like Janet Jackson's wardrobe malfunction is such a small part of my job it's hardly worth a mention."
Commissioner McDowell's approach to regulation seems firmly aligned with our view at Open Digital: regulation is blunt and costly, always has unintended consequences, and should only be enacted when evidence of consumer harm or market abuse can be established.

We joined Big Brother Watch, Policy Exchange, COADEC and representatives from the Tax Payers Alliance for a 2-hour discussion over lunch, where the Commissioner asked as many questions about EU and UK communications policy as we did about US policy.

Although not strictly in the FCC remit, privacy and the EU "cookie directive" featured prominently, with most participants hailing the law which forces all websites using cookies to request permission to store cookie data as misguided and a somewhat extreme example of regulate first, ask for market evidence later.

"Usually the market sorts itself out," said McDowell, referring to a separate problem - one of market dominance in the telecommunications sector, exemplified by Apple and the early exclusive contracts when the iPhone first launched.

Friday, 28 October 2011

We don't need *a* Public Data Corporation, we need a plurality of competing Public Data Corporations

Yesterday we submitted evidence (pdf) to the Government's consultation Data Policy for a Public Data Corporation.

Update 15-Dec-11: We welcome the government's announcement today at an RSA/2020 open data round table where Cabinet Office Minister Frances Maude said "we're moving away from a model where government tries to gain in the short term by extracting value from public data, and moving towards long term benefits [to the UK economy]."  Open Digital understands the plans for a Public Data Corporation have been replaced with a Public Data Office, and it's not just a change in name.

Although the Cabinet Office consultation asked some specific questions about its policy of creating a Public Data Corporation - a central agency to facilitate release of public data sets - including questions about what services the corporation should be allowed to charge for, I decided to argue for not one Public Data Corporation but a plurality of competing Public Data Corporations.

The idea from government seems to be (phase 1) create a Public Data Corporation; (phase 3) profit.  The government seems to think direct returns can be made either by floating the Public Data Corporation and/or charging for access to certain data sets and passing-on some of the charges to the originating departments.

Our submission outlines many of the secondary benefits to free and open public data.  It will keep the barrier to data innovation low; tinkervation - tinkering with data sets despite there being no apparent business model to do so, will only happen if data is free and open.  The UK economy will benefit if UK businesses profit from open data, and the public will still benefit through a range social, democratic and educational uses of data in cases where no taxable revenue is created.

I then argue that the idea behind an investment-led approach to public data is flawed, mainly because we don't know enough about (a) how much of the data held will be used - that's the job of data innovators; and, (b) how online content will be funded in future. The online ad sector is booming, with stacks of cash being spent, but this isn't - as yet - trickling down to online publishers.

Tuesday, 25 October 2011

Behind the headlines: libel committee report, anonymous comments & corporate defamation

Reposted from SlightlyRightofCentre.com:

Some reports are hard to summarise in a headline, and some headlines haven't done the report from the Joint Committee on the Draft Defamation Bill much justice.

Headlines such as "Websites 'should carry libel risk for anonymous posts'" might leave the reader thinking the report is an attack on so-called anonymous culture. In fact the Guardiangoes further:
"MPs and peers recommended tackling the culture of anonymous online comments"
But the report is far more nuanced than can be summed up in any headline or single sentence. Whilst the report contains a couple of worrying paragraphs about encouraging moderation of online content and perpetuating the idea that "upstream" web service and internet service providers continue to carry some responsibility:
"... in line with our core principle that freedom of speech should be exercised with due regard to the protection of reputation." 
The report is far from an attack on anonymous comments, contains a lot of very encouraging points on a breadth of issues, and interestingly draws some parallels with privacy law (true allegations the claimant wants to remain private) and defamation (untrue allegations).

Tuesday, 11 October 2011

Statement on child safety & ISP web blocking of pornography

The following statement has been agreed by our Policy Advisory Council:
Open Digital welcomes ISPs offering more choice for consumers, allowing them to choose to block most adult content from being accessed over a customer's internet connection. However, we urge ISPs to warn parents not to rely on technical measures as the sole safeguard against children accessing potentially harmful content, as no filtering system is 100% effective.

We welcome ISPs working together with the government to improve the "digital literacy" of customers, many of whom are not aware of the wide range of online threats, including harmful content being accessed by their children.

We also call on ISPs to offer such blocks on a voluntary basis, so they can easily be switched on, but are not enabled by default. ISPs should provide full transparency of the websites blocked by their filters, providing website owners with a quick and effective mechanism to check if their websites are blocked, and a rapid resolution procedure for website owners who feel their websites are being unfairly blocked. We are aware of several high profile UK websites, including blogs, activist sites and at least one high street chain which have been inappropriately blocked by at least one mobile network operator as "adult content".

Unfair accidental blocking of commercial websites has the potential to cause serious financial damage and can prompt customers to turn off adult content blocking altogether, in order to access regular content, potentially leaving children at risk of accidental exposure.
The text was agreed by email vote, with 3 votes in favour, 1 non-response, the proposer abstaining and no votes against.

Friday, 7 October 2011

Social Media and Injunctions - our evidence to the Parliamentary Joint Committee on Privacy and Injunctions

It's a complex area - where does the balance lie between privacy and freedom of the press/freedom of expression? Do injunctions help enforce this balance? Are court injunctions even effective against social media or overseas news outlets?

Here's our evidence to the Parliamentary Joint Committee on Privacy and Injunctions (pdf).

Wednesday, 5 October 2011

Urgent crowd-source request: social media, privacy and super-injunctions

It has just come to my attention that the deadline for written evidence to the Joint Committee on Privacy and Injunctions is tomorrow, 6th October.

I would really like to capture the mood of the blogosphere, but with just 24 hours to create a submission I may have left it a bit late.

I'm wondering if the blogosphere can come to the rescue.  Tweet us - @open_digital - or submit your comments below (anonymous is fine) and we'll try and pull together as many views as possible into a single submission for the committee.

Note: please use the #anon hashtag on Twitter if you do not want us to include your Twitter ID in our submission, and post anonymously to the comments if you do not want us to include your Blogger ID.

Thanks,

James Firth

Tuesday, 4 October 2011

UK's delayed deployment of 4G fast mobile data to cost UK businesses £732m per year

Our first paper released today (pdf) shows British businesses will lose hundreds of millions of pounds a year because of the UK government’s delay in rolling out fast 4G mobile broadband.

With faster mobile data downloads, more than 37 million business hours a year could be saved. Those extra hours cost UK businesses £732 million a year.

Other countries, including the US, Germany, Sweden, Finland and Korea have already launched 4G fast mobile broadband, putting UK businesses at a commercial and technological disadvantage.

“Visitors to Britain will first notice London’s lack of 4G mobile data when they arrive for the Olympics next year,” says James Firth, report co-author and CEO of Open Digital. "In addition to the lost time through slow mobile data, UK businesses won’t be able to fully benefit from new cloud-based business tools until the UK has a nationwide reliable high speed mobile data network."

Ofcom, the UK regulatory authority tasked with allocating the necessary radio spectrum, does not anticipate the first commercial 4G services to come online before 2013, and nationwide roll-out won’t be complete before 2017.

Open Digital is calling on Ofcom to adopt more ambitious roll-out targets and for the government to acknowledge the massive benefit to the economy from 4G mobile data.

Our findings also put the cost to the UK economy from the recently announced delay of 3-6 months in holding the auction to allocate licenses necessary to run 4G services at £183m - £366m.

Thursday, 29 September 2011

Autonomy as a measure for societal harm from online behaviours

Debates about internet governance are not sustainable at the current level.  All too often we hear three sides of an argument, but are left with no rational framework to evaluate the relative merits of each point of view.

Invariably the viewpoints offered are:
  • Regulation is needed
  • Regulation is not needed
  • In an ideal world we should regulate, but the nature of the internet makes regulation impossible/impracticable
Whether the topic is privacy, free speech, protection of intellectual property rights, national security or freedom from oppression; assertions driven by fear or self interest rise to prominence above evidential findings or deep and thorough rational thinking.

And by fear I'm not just talking about those who fear harm (personal, economic or national) may come through an open internet, but also those who fear the positive power of the internet will be ruined if regulation is enforced.

But can we even start to propose a model, a rational approach, to assessing harm, risk and benefit of digital technology and various regulatory approaches in such a complex domain?

Can we quantify harm from loss of privacy and balance against the benefits brought by linked and accessible data? Or set the perceived risks to political discourse from blocking and censorship against the perceived benefit from limiting access to harmful content?

Your first instinct may be to say "no!"  But if we don't explore new ways of understanding the problem domain we risk stalemate; debates lead by human instinct - great for so many of life's problems, but wholly inadequate for some complex, chaotic social problems when the answer sometimes proves to be counter-intuitive.

Wednesday, 28 September 2011

Eric Joyce MP appointed president of the Open Digital Policy Advisory Council

Open Digital PAC President,
Eric Joyce MP
We're extremely pleased to announce the formation of the Open Digital Policy Advisory Council with one of Parliament's most engaged digital policy specialists, Eric Joyce MP, as President of our advisory body.

Eric has been active on digital issues since his appointment to parliament in 2005, chairing the Digital Economy All Party Parliamentary Group before its recent merger with another parliamentary group. Eric is now the Digital Chair of the Parliament Internet, Communications and Technology Forum (PICTFOR) and he also sits on the All Party Privacy and Injunctions Parliamentary Committee, where he advises on social media.

Also appointed to the Council are Andrew Sharpe, an accomplished media lawyer, who will serve as our general counsel; and Dominique Lazanski, an internet industry expert with a keen focus on civil rights, who will act as our consumer representative.

Eric, Dominique and Andrew join our Open Digital CEO James Firth and Chairman Julian Ranger at Open Digital.  For full details and bios see here.

We're still on the look out for a research advisor with academic or professional research experience to get involved.  If you're interested, get in touch: contact@opendigital.org

There are also a limited number of sponsorship opportunities to help our Open Digital mission.  

Our aim is to build a self-funding, transparent and open organisation for the formation of digital policy; with the aim of promoting an open internet where market competition is fierce but fair, and the consumer voice is strong enough to ensure all our interests (privacy and other freedoms) are maintained. For more details see our charter.

We aim to fund our free-to-access analysis and research with an arms length consultancy, but to get there we need funding.  

Donor-stakeholders can purchase shares in Open Digital Policy Organisation Ltd.  All shareholders over a threshold 2.5% also get to vote on policy positions. We aim to provide a return on investment by growing the company into a self-funding organisation, but we acknowledge our business model is unproven,  therefore we offer a chance to help shape digital policy as an incentive, a donation that may well also yield returns.

There are also opportunities to commission or sponsor analysis and research.  We pledge to release all our work for free, under a Creative Commons license, as we believe in transparency for those attempting to influence government policy; however public release of commissioned research will be delayed by up to 12 months, giving your organisation exclusive access for a limited time.

From time to time some of our research may hit the headlines. There are opportunities to sponsor a paper and have your name associated with the paper and associated press release.

For more information please call 01252 560 426 or email contact@opendigital.org


Tuesday, 23 August 2011

CONSENT Project: research into online privacy and consent

If you have 15 minutes spare, a researcher from Queen's University would welcome input from readers of this blog as part of the CONSENT project - an EU-funded research project on social networking and information gathering.

To start the questionnaire, click here.

The project will look at the use of personal information, privacy, and giving consent online across Europe, and the findings will be made available to European policy makers and legal experts aimed at encouraging the strengthening of the legal protection of consumers and online users.

Whilst Open Digital generally views legislation as a solution of last resort, preferring instead to focus on consumer education of privacy risks in order to harness consumer-brand trust as a driver for improving corporate responsibility towards personal data, we welcome all research in this important area.

@JamesFirth

Tuesday, 26 July 2011

Will social media background checks be the catalyst for a consumer privacy backlash?

Studies show an overwhelming majority of people are ‘concerned’ about their online privacy [see here (pdf), and here], yet when I talk to technology companies large and small they tell me privacy awareness amongst the general public is patchy at best.

As social media background checks start to result in applicants being rejected for jobs simply because of pictures and comments posted on social websites, could we start to see a crippling privacy backlash that will prevent adoption of useful technology because of public fear and mistrust?

Personal data is a commodity that can be traded for ease of functionality (ie reconnect with old friends, recommendations based on past interests) or for free or discounted services.  Additionally, there's the ability to post views and beliefs in an attempt to influence a wide audience.

There are three equations in play:
privacy vs utility
privacy vs price
privacy vs influence
Anecdotally; and also through adoption rates for social media, and store discount cards which track customers' every purchase; in the UK at least we're a nation happy to trade privacy for utility and price.

Or are we? When I talk to family and friends about blogging - an unmistakably public activity - under my real name; many are surprised, and some offer me hushed advice to be careful.

Friday, 8 July 2011

Open Digital's response to the 2nd BSkyB takeover consultation


The Open Digital Policy Organisation Limited,
Reeds Industrial Park
Reeds Road
Frensham
Surrey GU10 3BP


8th July 2011


Dear Secretary of State,

The Open Digital Policy Organisation reiterates the view of its CEO, James Firth, submitted to the first consultation on the 17th March 2011, and reproduced in full here: http://ejf.me/dB

In summary, issues of media plurality in the digital age cannot be considered without looking also at the internet; and, in particular, the privileged position an internet service provider (ISP) like Sky Broadband, owned and operated by BSkyB, holds in its ability to sway - or even restrict - the choice of online news sources available to its subscribers.

Such distortion can come through cross-promotion or price bundling of subscription news services, such as News International's Times Online service, with BSkyB services.  This may or may not unfairly distort the market for other online news providers, and we believe the proper way to assess this concern is for a full competition inquiry.

Distortion could also come through restrictive practices that break principles of so-called network neutrality - but Open Digital Policy believe this issue needs to be addressed separately; in a way that best ensures all ISPs see the market benefit of offering an open internet, and are prevented by law from employing anti-competitive practices in the management of their networks.

We also re-iterate James' concern about potential to distort the market for advertising crucial in supporting news organisations, and therefore critical to the plurality of the press in the UK. With a potential for bundled print, TV and internet advertising deals; again, we believe a Competition Commission inquiry would be the proper place to assess any impact on other news outlets should BSkyB and News International be in a combined position to offer cross-channel advertising deals.

James Firth

CEO, and on behalf of, Open Digital Policy Organisation Limited

Friday, 1 July 2011

John Stuart Mill and liberty, regulation and protection of privacy

In a talk in London on 29 July, Eric Schmidt, Executive Chairman of Google, argued against over-regulation. His premise was that yes the advancements that technology brings can bring with it, in the first flush of that technology, problems; however, those problems that public opinion finds important will most often be solved by technology or by a procedural response to it. In other words give time for the system to self-correct - and presumably only if self-correction does not come (especially after some heavy hinting from opinion and also authority) then regulate.

We must accept that defining what aspects of the web and the Internet to regulate by law and what to regulate by self regulation guided by opinion (on the basis that if you do harm to the customer as a business, eventually the customer will do harm to you) is a very difficult conundrum. What seems clear is that over-regulation is not the answer - but what is over- regulation you may ask?

Eric illustrated his point with a simple example: when telephones became commonplace there was a concern from users that switchboard operators could over-hear conversations and intrude on privacy. Of course they could, and it may well have been a reaction to impose laws on this and in so doing limit what actions could then be taken to replace/improve switchboard operation. Instead no laws were created and relatively shortly the electrical switch was invented which solved the problem without the need for new laws.

I am concerned with the issue of privacy with respect to the web - particularly the self-harm that can be incurred by over-sharing using sites and services which appear private, but are not so - see Clarity in Internet Privacy. However, I am also concerned that legislation in this area, particularly different legislation in different jurisdictions, will not help and will in fact hinder as the world wide web effectively becomes fragmented, and the positive benefits of the web get inhibited. Furthermore, undoubtedly legislation that is rushed may well inhibit further beneficial innovation.

It is important therefore to try and improve privacy through exercise of self control guided by public opinion, and through the application of new technology, and give time for this to occur, before rushing to consider legislation.

The well known philosopher John Stuart Mill summed up this issue well in his essay On Liberty:
"All that makes existence valuable to any one, depends on the enforcement of restraints upon the actions of other people. Some rules of conduct, therefore, must be imposed, by law in the first place, and by opinion on many things which are not fit subjects for the operation of law. 
What these rules should be, is the principal question in human affairs; but if we except a few of the most obvious cases, it is one of those which least progress has been made in resolving. 
No two ages, and scarcely any two countries, have decided it alike; and the decision of one age or country is a wonder to another."
Mill goes on to conclude:
"That principle is, that the sole end for which mankind are warranted, individually or collectively in interfering with the liberty of action of any of their number, is self-protection. That the only purpose for which power can be rightfully exercised over any member of a civilised community, against his will, is to prevent harm to others."
On the basis that the most egregious of privacy ills today is self-harm, it seems to be that awareness is our first step, followed by self-regulation, not governmental regulation.

Thursday, 30 June 2011

Google+ and privacy circles

I've been arguing too few people pay attention to what privacy actually means.  We bandy the word around in all kinds of contexts.

Is data loss a privacy breach, or a breach of trust?  We willingly handed-over our private data to a third party - a data loss is just part of the risk equation, right?

Is a kiss-and-tell a privacy issue, or a disregard of implied confidentiality?

What is absolutely certain is that the web introduces a whole new domain of privacy issues.  Some say the internet changes everything, but at Open Digital we prefer to look at the internet simply as a tool facilitating human interaction; and, as such, the internet just offers a new and efficient medium for channelling some antisocial behaviour patterns.

Almost all online privacy worries boil down to one simple question: what are the likely consequences of my action?

Thursday, 23 June 2011

Privacy, utility and clarity

Ask ten digital policy experts their view on internet privacy and you're highly unlikely to get a consensus. In fact you might not hear the same opinion expressed by any two.

It will take a great deal of time and research to understand the best approach to provide a balanced right to privacy in the age of data ubiquity whilst protecting core democratic values like free speech.

>> Skip straight to the video >>

John Hendel, writing in The Atlantic, forecast a US/Europe split; with Europe heading down the regulation route as it attempts to protect individual privacy - through concepts such as the right to be forgotten; whilst the UN Special Rapporteur Frank La Rue's report on internet freedoms (pdf) clearly favours free speech - as does the US, given the First Amendment right.

A case from 2009 serves as a good example of the general conflict, when a German law firm attempted to get the names of convicted murderers removed from a Wikipedia page.

Sunday, 19 June 2011

Open Digital Policy - the mission

James Firth, CEO
In a word it's about trust. The rapid pace of technological development over the last 30 years has left a generation of consumers baffled as to the risks and rewards of online engagement.

Open Digital Policy believes in the positive power of the internet; bringing convenience and new opportunities; as a global communications tool, to bridge cultural divides; as a citizen and consumer feedback channel, to hold governments and corporations to account; as a social platform to enrich lives; and, as an opportunity for all ethical businesses to innovate, compete and be rewarded.

The world wide web - the internet as we know it - is approaching 20 years old. The first UK national newspaper to publish online was the Electronic Telegraph edition of the Daily Telegraph, launched November 1994.  1994 was also the year Amazon.com was founded.  Yahoo! was founded a year later, and Google over 3 years after that - in September 1998.

I'll leave it to modern historians to argue over the exact year the commercial internet hit mainstream, but I'd argue it's only in the last 10 years as the internet started to impinge on so many aspects of our lives that the bulk of the population has become concerned about online trust. 

Similarly, through my policy work following various parliamentary committees and blogging (e.g on slightlyrightofcentre.com) it's absolutely clear that the government, police and other public authorities are only now starting to get to grips with the issues.

But technology continues to advance, as each development enables successive improvements; and new services, such as location tracking, facial recognition, cloud hosting and social profiling cause new worries for many consumers, governments and corporations e.g. data protection, privacy, online libel, harassment, etc.

Businesses of all sizes have a keen interest in policy direction.  Many want to capitalise, some want to protect existing business models in an era of change, others are concerned about data security and data protection in an increasingly complex area.

We believe the long term interests of all internet users are actually rather closely aligned.  Given open platforms, open networks, and regulation only where regulation is truly needed; consumers will reward businesses who act with their interests at heart, and similarly avoid corporations who persistently break consumer trust; whilst we the consumer continue to enjoy new and innovative products.

Similarly, governments that embrace openness and transparency will grow stronger through direct oversight by the people they represent.

The internet closes the feedback loop.  Whereas printing and broadcast electronic media were one to millions mass communication tools, the net provides a scalable two-way channel.

In fact it's a multi-way channel: businesses who fail to listen to their customers find those customers simply find ways to tell other consumers of their grievance.  Public relations today is less about controlling the message and more about building a relationship - with the public!

We believe self regulation provides the best, most stable and democratic means to solve many emerging issues in a dynamic environment like the internet - and the multi-way nature gives the consumer a strong-enough voice to make this feasible.

Self-regulation is agile and responsive; compared to a regulatory approach, where the speed of the legislative process coupled with the lack of specialist knowledge inside legislative bodies means that legislation is often out of date by the time it is enacted; and, whilst well-meaning, legislation often has unintended and undesirable consequences, e.g. stunting the pace of development.

Julian Ranger, Chaiman
- Read Julian's thoughts
Regulation should be a last resort; be evidence-led; and, focus on fixing the root cause of problems, rather than attempting to fix the symptoms.

In the next few months we will be launching the Open Digital Privacy FoundationUsing the principles outlined above we will work with industry, consumer groups and government departments to emphasise the benefit of an ethical approach to the collection and processing of personal data.

Privacy is not just about the data collected, it's about being able to easily understand what we're sharing, with whom, and judge the likely ramifications of sharing.  Verbose privacy policies don't offer clarity; and, worse, allow some companies to accurately state in small print that data is shared far and wide yet  project an image of being amongst friends when encouraging users to share.

Only when there is clarity in understanding will we each be able to act in a manner appropriate to the setting (public, private, amongst close family/friends etc).

I personally believe in this mission, but I also represent the interests of ethical businesses who understand their customers' interests are closely aligned with the future of their online business.

Open Digital Policy is not a charity, nor is it a non-profit.  We aim to fund open research in digital policy through commercial activities that are compatible with our founding charter.  We pledge to release all our research and policy documents for re-use under a creative commons license.

Our business model is perhaps analogous to companies developing open source software, who fund 'free' software through commercial consultancy, training and support contracts.

We offer consultancy, policy advice and training across a range of digital policy areas using a network of associates - all experts in their fields.  But we also pledge to spend half of our profit on education, advocacy or other community activity in support of the aims of Open Digital Policy Organisation in order to ensure our commercial activities support but never overtake our mission.

To get involved in any aspect of our new venture please email contact@opendigital.org, telephone 01252 560 426 or write to us:
Open Digital Policy Organisation Ltd
Reeds Industrial Park
Reeds Road
Frensham
Surrey GU10 3BP

James Firth

CEO, Open Digital Policy Organisation