Regulating technologies for the future

Posted: June 4th, 2017 | Author: | Filed under: education, governance, human rights, politics, privacy, technology, thoughts | No Comments »
There is going to be some sort of regulation of the new technologies, sooner or later. Governments are getting involved and it is not necessarily a bad thing. Libertarian-minded people might not agree with this, but in the deployment phase of any techno-economic paradigm (as illustrated by Carlota Perez) governments are going to have to step in to guarantee the success of the deployment for all.
In the previous TEP, this was “The New Deal”, Marshall Plan and the development of global institutions. This resulted in the post-War Golden Age in the US and Western Europe, with the social safety net and a strong middle class. The one before (The Belle Epoque) was more of a Gilded Age, which benefited only a few.
The ICT TEP, which we are in the middle of, is going to be the greatest of those so far, because for the first time to paradigm shift is more or less global, impacting billions of people at once.
  • We need regulation to ensure that new technologies reach all people of the world and not benefit just the few (enacting strong net neutrality rules for example).
  • We need smart regulation to prevent tech monopolies from abusing their position.
  • We need rules that provide public oversight and participation.
  • We need to make sure that new technologies are not going to be used for unethical and immoral ends.
  • We need to make sure that there are strong privacy rules protect the individual, their freedom and autonomy.
  • We need to make sure that technology does not allow totalitarian and extremist propaganda to isolate individuals and destroy solidarity, trust and social cohesion that is more necessary that ever in an interconnected and interdependent world.
  • We also need to change our existing regulations to fit with the new world, in all levels of governance. Otherwise we are sailing the oceans with outdated maps (as Seyla Benhabib so well compared the lack of guidance that international law gives us in a new era of cosmopolitanism). This requires creativity and imagination, an open mind.
However, there are also those that want to step in and regulate in ways that work against those goals. There are those who want regulation to go the other way: expanding and legalising mass-surveillance, ban strong encryption, protect monopolistic technologies, prevent or limit access to technologies by poorer countries or help to deny the voice and participation for minorities and women.
The fight is not for or against regulation: not having rules is not a sustainable option. The fight is about what kind of rules we will have; whether there will be those that protect human dignity, freedom and rights, advance solidarity and mutual respect and understanding; or those that divide and threaten, limit freedoms and rights.

On self-driving cars: the biggest challenge is not technological

Posted: October 24th, 2016 | Author: | Filed under: privacy, technology, thoughts | No Comments »

For self-driving cars (or any new technology) to be a success you basically need three things: technological feasibility, social acceptability and economic profitability. So even if something is technologically possible, it might not get adapted because of the two other factors. Self-driving cars offer huge, transformational benefits for individuals and the society so it makes sense to look into how this could happen.

Technological feasibility seems to be the easiest to solve. The technology that makes self-driving cars safer than human-driven cars is mostly there already or getting there very soon. All of the big car manufacturers, Tesla, Google/Alphabet and Uber seem to be dedicating a lot of resources into advancing self-driving capabilities so the engineering is there.

Social acceptability (which depends on culture, history, values) for self-driving cars is also being slowly worked on. Uber and other ride-sharing services are changing perceptions of personal transport, but more needs to be done. Expect heavy incentives in the beginning and a global marketing campaign, which makes it cool not to own a car (or to have it drive others while you do not need it), highlighting for example the cost of owning a car to the environment. It could also focus on the convenience not owning a car brings (i.e. no need for finding a parking spot or worry about maintenance). The mindset shift is already happening, for example I am already looking at buying and owning a car as something quaint and old-fashioned (but I am an early adopter for tech anyway).

Those who do drive are slowly conditioned into giving up control. Tesla is getting drivers used to the coming new reality with the autopilot feature, others are also using advanced cruise control technologies. In some cities like Paris you also have car-sharing services, which also serve to detach you from the need of owning a car.

For economic profitability the state has a role on the development by subsidising costs, by regulations, by taxes, by limiting access to the crowded city space. For example, city centres could be made accessible only to self-driving cars. Owning a personal car could be made an expensive luxury by hiking taxes on cars. Liability and insurance needs a proper legal framework.

It also depends on whether there is finance to create the system, and how is it going to be organised. These are going to be the trickiest things to manage, I think. It will come with an overall shift from owning to renting/sharing (from buying goods to buying everything as a service), which is more efficient and environmentally friendly. There needs also to be strong protection on privacy so that you do not feel that your comings and goings can be tracked by the government or by corporations.

The mass-market car was the key product of the cheap oil, mass-production, waste of resources era, which is getting replaced by the information age. I can imagine that there will be perhaps three or four major self-driving car service providers that compete against each other (like mobile phone companies do) on quality, coverage, availability, but also on the strength of privacy protection.

The self-driving car system might be integrated within the business models of car manufacturers, which could be crowdfunded. I am not sure what the Tesla network is going to be like, but it could be that as a self-driving Tesla owner you could allow your car to be used for transporting others and in return you can use other people’s cars. So in a sense you will not buy a car, but a membership of a self-driving car sharing service. Alternatively, it could be that a car manufacturer operates a bunch of self-driving cars centrally.

The organisational models need to be made sensible, and easy and seamless to use so that they could be also operated by people who do not use smartphones or who use cash. Customer service is key so there needs to be support staff available for any issues as well as in order to make sure the system works for everyone.

Initially, people will not give up their personal cars, but will use them less and less for everyday travel, because self-driving cars are cheaper, more convenient and can get to places where other cars cannot. Eventually, the average person will do the math and consider that they might rent a car for that luxury experience of driving your own car somewhere. There might be specialised services for this, so you could for example book a car that you never got to drive before just for fun which will be delivered at your doorstep and which you will return after the ride. After a while this will be an entertainment activity for a minority (like riding a horse, a boat or an airplane) so the majority of people will never learn how to drive a car.

P.S. My first, and so far only, ride in a self-driving car took place nearly four years ago in early 2013 at Abu Dhabi’s Masdar City. Even though it was a short ride, it was quite an amazing feeling to sit into a car, press a button an be driven without any guides or drivers. Here is a photo:

img_2138


The End of Mass Surveillance?

Posted: October 21st, 2015 | Author: | Filed under: human rights, politics, privacy, technology, thoughts | No Comments »

Mass surveillance, introduced hastily under the pretence of guaranteeing security, is hopefully seeing the beginning of its end in many countries. A perfect example of technological step forward that was made because we could, but actually should not have, mass surveillance was set back only after several protracted legal battles in Europe. It was also an attempt by some to fundamentally reconfigure the relationship between the state and the individual (because without privacy there can be no constitutional democracy, no free elections, no freedom of speech, no human dignity).

The Court of Justice of the European Union (CJEU) showed in several decisions that privacy as a fundamental right is here to stay. The Court started with the quite unprecedented nullification of the Data Retention Directive (Joined Cases C-293/12 and C‑594/12 Digital Rights Ireland) in April 2014:

As regards the necessity for the retention of data required by Directive 2006/24, it must be held that the fight against serious crime, in particular against organised crime and terrorism, is indeed of the utmost importance in order to ensure public security and its effectiveness may depend to a great extent on the use of modern investigation techniques. However, such an objective of general interest, however fundamental it may be, does not, in itself, justify a retention measure such as that established by Directive 2006/24 being considered to be necessary for the purpose of that fight.

As for the question of whether the interference caused by Directive 2006/24 is limited to what is strictly necessary, it should be observed that, in accordance with Article 3 read in conjunction with Article 5(1) of that directive, the directive requires the retention of all traffic data concerning fixed telephony, mobile telephony, Internet access, Internet e-mail and Internet telephony. It therefore applies to all means of electronic communication, the use of which is very widespread and of growing importance in people’s everyday lives. Furthermore, in accordance with Article 3 of Directive 2006/24, the directive covers all subscribers and registered users. It therefore entails an interference with the fundamental rights of practically the entire European population.

It then continued just one month later to establish a strong pro-privacy stance in the Google Spain decision (C-131/12) in which it established “the right to be forgotten” and forced Google to remove certain search results if people legitimately request it.

The latest blow to mass surveillance came earlier this month, when the CJEU declared the EU-US Safe Harbor arrangement void in the Schrems case (C-362/14). Safe Harbor had been used by many US corporations to process the personal data of EU citizens as the US itself lacks as strong privacy laws as the EU requires (which are the toughest in the world). The case, which was brought by Austrian student and privacy activist Maximilian Schrems against the Irish data protection body for their reluctance to take on Facebook resulted in the CJEU stepping in an declaring the whole Safe Harbor arrangement invalid [1].

Apple, Google, Facebook, Microsoft and a lot of others have all been impacted and have made alternative arrangements. Many of them have come out in the support of stronger privacy rights. Microsoft Chief Legal Counsel Brad Smith writes:

But privacy rights cannot endure if they change every time data moves from one location to another. Individuals should not lose their fundamental rights simply because their personal information crosses a border. While never stated quite this directly, this principle underlies every aspect of the European Court’s decision, and it makes sense.

Add to this the daily reality that personal data is often moved not by individuals, but by companies and governments. Typically, individuals are not even aware of where their information is being moved or stored. It is untenable to expect people to rely on a notion of privacy protection that changes every time someone else moves their information around. No fundamental right can rest on such a shaky foundation.[2]

Apple CEO Tim Cook has explained their approach to privacy:

We do think that people want us to help them keep their lives private. We see that privacy is a fundamental human right that people have. We are going to do everything that we can to help maintain that trust. …

Our view on this comes from a values point of view, not from a commercial interest point of view. Our values are that we do think that people have a right to privacy. And that our customers are not our products. We don’t collect a lot of your data and understand every detail about your life. That’s just not the business that we are in.[3]

Cook’s mentioning that “our customers are not our products” is a dig against Alphabet (formerly known as Google) and, of course, Facebook, which are the companies that have built a huge business by enticing a big part of the world’s population to trust them with their private data. Those companies are the ones with the most to lose from the resurrection of the right to privacy. Facebook is already grasping at straws by claiming somehow that better privacy protections endanger the security of users[4]. Google has in the past tried to undermine the privacy concerns against it by riding the freedom of information horse, but has recently also started to take things more seriously as it understands that its business model is threatened. Google’s SVP Rachel Whetstone even offered a rare mea culpa early this year at a speech in Bavaria:

Finally, let me turn to privacy. I want to start by making clear Google hasn’t always got this right. It’s not just about the errors we have made–with products like Buzz or the mistaken collection of WiFi data–but about our attitude too. These have been lessons learned the hard way. But as our swift implementation of the Right to be Forgotten has shown, they are indeed lessons we have learned. [5]

There are plenty of politicians, (security) officials, companies and others who took the decision to ignore the right to privacy and contributed to the creation and utilisation of mass surveillance which has resulted in probably the most large-scale infringement of human rights so far in history. Meanwhile this cost has had no significant benefits: it has not made anyone safer or prevented crimes and even if it did manage to prevent some in the future, it would not be close to the worth the cost to our values, democracy, society and economy.

While it may have seemed to some (including Estonian president and chief tech evangelist Toomas Hendrik Ilves [6]) that so-called Little Sister (i.e. private businesses) is more dangerous to privacy than Big Brother, then now they have been proven wrong. Preserving privacy in the digital age is as much in the interests of tech companies as it is for the consumers and it is still the governments that we should be most worried about. The fight will continue, but in more balanced way because there is more awareness of the cost of mass surveillance. There are a number of court cases pending and there are stronger and stronger voices globally that something has to be done in order to guarantee better privacy protections for everyone.

Thankfully there are those who have dared to start this fight against great pressures. Edward Snowden of course, along with Glenn Greenwald, the Guardian and others deserve thanks from all of humanity for what they did at great personal cost. But we also should be very thankful to the judges who have done their job and used their powers for good. They have proven themselves as the last bastions of rule of law, democracy and human rights (even of our political leaders terribly failed us) and saved us from immediate privacy dystopia. We should all thank them and the people and organisations who brought the cases and continue to do so. They are heroes who have helped and continue to help to nudge humankind to a better future.

Post scriptum: My own small contribution to the fight against mass surveillance was the application I submitted to the Chancellor of Justice (the only independent constitutional rights watchdog) in Estonia to check whether mass telecommunications data retention is unconstitutional (as this was introduced resulting from the now invalid data retention directive). After long deliberations, the Chancellor sadly did not think that data retention is necessarily illegal, but nevertheless considered that privacy safeguards need to be strengthened and requested that the Ministry of Justice conduct a comprehensive analysis of the legislation. See her opinion here (in Estonian).

Further reading:

  1. Behind the European Privacy Ruling That’s Confounding Silicon Valley, New York Times, 9 October 2015.
  2. Smith, Brad. The collapse of the US-EU Safe Harbor: Solving the new privacy Rubik’s Cube, Microsoft on the Issues, 20 October 2015.
  3. Apple CEO Tim Cook: ‘Privacy Is A Fundamental Human Right’, Interview on NPR, 1 October 2015.
  4. Facebook Goes On Privacy Offensive in Europe, WSJ, 13 October 2015.
  5. Whetstone, Rachel. Privacy, security, surveillance: getting it right is important, Google Europe blog, 13 February 2015.
  6. President Ilves: we should worry about the “little sister” instead of the “big brother”

Thoughts on the Delfi vs Estonia case

Posted: June 16th, 2015 | Author: | Filed under: human rights, law, privacy | No Comments »

Today, the Grand Chamber judgment of the ECtHR case Delfi vs Estonia was delivered. The case has an important impact in the balancing of mainly two human rights: freedom of expression and the right to private and family life (to a lesser extent also freedom from discrimination, which is not so well protected under ECtHR). It found that Estonia had not infringed Article 10 (freedom of expression) when it fined Delfi for allowing the publication of user-generated comments, which incited hatred against an individual businessman.

The court makes an important distinction that the liability for user-generated content does not apply to:

“fora on the Internet where third-party comments can be disseminated, for example an Internet discussion forum or a bulletin board where users can freely set out their ideas on any topics without the discussion being channelled by any input from the forum’s manager; or a social media platform where the platform provider does not offer any content and where the content provider may be a private person running the website or a blog as a hobby” (para. 116)

It only applies for large commercially run portals which creates its own content and asks people to comment on it. This seems to be a way to distinguish between a news portal and social media platforms like YouTube, Twitter or Facebook, although that is not entirely clear.

On other points as well, the Grand Chamber followed the previous decision, but perhaps gave a bit more context and reasoning. On anonymity the Court basically said that it is important, but not all-important because of the reach and speed of information dissemination on the Internet. It referred to the CJEU Google Spain case as an example of the renewed importance of privacy in the digital age. The Grand Chamber seems to have struck somewhat of a balance: if you are a large corporation that earns money on infringement of privacy of individuals (like Google or Delfi), then you cannot use freedom of expression to excuse your intrusions and have to set up sufficient safeguards against it.

In a way there is a larger point to be made: we need rule of law and courts to protect us also from the impact technology to human rights. The ECtHR in its decision is trying to rebalance the right to privacy against freedom of expression in a new context, but surely we are still very much in the beginning of the road.

Read:

Delfi vs Estonia Grand Chamber judgment

My 2013 analysis of the Delfi vs Estonia ECHR judgment 


Kant and Facebook

Posted: January 28th, 2015 | Author: | Filed under: governance, human rights, law, politics, privacy, schoolwork, technology, thoughts | No Comments »

This essay was originally written as a final assignment for the State and Governance class I took this Fall.

This essay aims to consider the concept of the autonomous individual and its role in the political philosophy of Immanuel Kant. This applicability of the concept to a world that is changing due to social media is then analysed in parallel with other pressures. Finally, possibilities to uphold individual autonomy in this new context are explored briefly.

Kant’s autonomous individual

Kant believed strongly in the rationality and morality of an individual. In order to be moral one needs to be able to make choices, which is where individual autonomy comes in. If an individual makes a moral choice, only then she can be praised for it (Berlin 1971). Berlin puts it:

“If I choose to do what I do, not because I am free to choose between them, but because I am conditioned to do so, by whatever it may be – by education, by my passions, by the behaviour of my body, by the pressure upon me of my society, by any kind of force, whether the external forces of nature or the forces of nurture or education or, as I say, my own emotions – if I am in fact conditioned, if I am simply an object in nature like stones and animals, who cannot help acting as they do, so that some men are generous because they cannot help being generous and others are mean because they cannot help being mean, how then can praise and blame be rationally used?” (Berlin 1971)

This central tenet of Kant’s political philosophy distinguishes human beings from other animals and objects. Kant believed that human beings as autonomous individuals are able to tell right from wrong, if the time comes for such a decision. The autonomous individual is, in turn, an important cornerstone for Kant’s political philosophy.

This autonomy is not mere right to make choice and decisions, but it is the possibility to make choices without influence of others, without social conditioning. It places value in the individual uniqueness of each person and her dignity. In this way human beings can make moral judgments that are also rational. This also means that human beings are capable of self-government and is the basis behind the formation of constitutions and democratic constitutional republics.

Autonomy and freedom are not the same. Autonomy is a state in which a person can be in whereas freedom can refer to specific actions: it can even mean a choice to reduce one’s personal freedom (Feinberg 1982):

“Where manipulative techniques are used to open a person’s options with his voluntary consent, there is an enlargement of freedom and no violation of autonomy; hence, this is the least troublesome category. A harder case is that in which a person consents to behavior control which closes some options irrevocably for the sake of a good he has come to value more than his freedom. Respect for autonomy requires noninterference with such choices provided they are genuinely voluntary and fully informed. On the other hand, manipulation of a person without his consent in order to close his options restricts freedom and violates autonomy too. This third category is the most obviously impermissible kind of case. The most troublesome and controversial kind of case, in contrast, is that in which a person is manipulated without his consent for the benign purpose of enlarging his future freedom of choice, but even here, the doctrine of personal sovereignty requires that a person’s moral right to govern himself within his sovereign domain be given precedence even over his future defacto freedom.” (Feinberg 1982).

The loss of autonomy has a much more profound impact on an individual than the (temporary) loss of freedom. In the Kantian sense, individual autonomy is an ideal state.

Kant’s political philosophy is the basis of liberal democracy and the current organisation of the world into states as political entities. We live in a Kantian world, with the concept of the Rechtstaat, a constitutional state which is constrained by human rights and the underlying principles of which stem from the moral values and consent of its citizens.

Focusing on the individual, Kant believed in a republican political order and not in direct democracy. He stated: “… that of democracy is, properly speaking, necessarily a despotism, because it establishes an executive power in which “all” decide for or even against one who does not agree; that is, “all,” who are not quite all, decide, and this is a contradiction of the general will with itself and with freedom” (Kant 1795). Thus Kant sided with the individual always, and not with the will of the majority, which he saw as despotism. This is an important distinction that highlights how important Kant considered individual human beings and their autonomy.

Indeed, individual autonomy is a necessary building block from which the Rechtstaat can be built. Autonomous individuals who have an innate understanding of morality choose to associate themselves with others in a political entity in which they agree to be bound by a constitution that reflects those basic moral values. In this state that is based on the principle of Rechtstaat, those individuals retain autonomy and are protected against misuse of power. Other states, which are constructed in the same way, are co-existing peacefully with each other in a global setting.

The Kantian concept of individual autonomy is very much present in John Stuart Mill’s philosphophy, in which he claims it to be “one of the elements of well-being” (Mill 1859). This has been further advanced by Rawls, who considers individual consent essential for his theory of justice (Christman 2014).

Web 2.0

We live in a ICT-centric techno-economic paradigm (Perez 2009). The most powerful technology in this era is the World Wide Web that is changing our society and our behaviour. The Internet was initially text-based and mostly one-way communication in which information was made available on various websites for individual users. Although Web 2.0 is a buzzword that is difficult to define, it is commonly used to denote innovations in websites, including the use of new technologies such as AJAX, social components such as user profiles, friend links and like buttons, user-generated content in different formats (text, video, photos) that also invite comments and ratings (Cormode and Krishnamurthy 2008). The social aspects of Web 2.0 include:

  • users as entities in the website system, with individualised profiles that includes information about the user that may be added by the user or other users;
  • formation of connections between those users, either individual connections between “friends” or membership of common groups or subscription to information shared by other users (“following”);
  • the possibility to add text, photo, video or other content to the site and to content published by other users, with some control of privacy and sharing
  • other social features including public APIs that allow third party content to bed fed to other sites or embedded in the site in question, as well as real-time chat features. (Cormode and Krishnamurthy 2008).

The social and “sharing” features have enjoyed considerable success, with social media sites among the most popular on the web. At the time of writing of this paper, there were 1,35 billion daily Facebook users and 323 million daily users of twitter (out of a total of ca 3 billion internet users).  In the United States in January 2014, 74% of all internet users used social networking site of some kind whereas 89% of users aged 18-29 do.

The implications of Web 2.0 and its impact on the protection of privacy has divided experts. According to a recent report by Pew Research Center, experts remain divided over whether there will or will not be a global widely accepted privacy infrastructure in 2025 (Pew Research Center 2014). Those who were more sceptical believed that only a few can protect themselves against “dataveillance”, global agreements are difficult to reach and Internet of Things will make the situation a lot worse. Those who were more optimistic believed that there will be a more tiered approach to privacy and consumers will have new tools to self-manage privacy settings, that there will be a backlash against invasion of privacy. However, experts agreed that revealing personal information to the state and corporations is the new default and that people will adjust their norms to it.

Web 2.0 also has additional implications for democracy in addition to privacy issues, it is questioned whether the existing democratic systems are suitable for the constantly networked young people (Loader et al 2014). Loader reprints Russell Brand’s defence of non-voting:

“I’m not voting out of apathy, I’m not voting out of absolute indifference, and weariness and exhaustion from the lies, treachery, deceit of the political class that has been going on for generations and which has reached fever pitch where we have a disenfranchised, disillusioned, despondent underclass that are not being represented by that political system so voting for it is tacit complicity with that system. And that is not something I’m offering up.” (Loader et al 2014)

 Younger generations might consider representative democracy archaic and “uncool” and thus will be even more disillusioned and uninterested in the existing systems. Although efforts are being made to make voting cool for the connected generation (by introducing e-voting for example), this can have unintended consequences on the overall functioning of the democratic governance system and infringe on the basic safeguards that guarantee against fraud and abuse.

Autonomy and social media

Social media also changes our individual selves, because a person continues to have a singular identity that is the same in both online and offline world (Ess 2015). This means that what happens in social media has changes offline lives as well. In this context, Ess considers that in Western countries there is a shift away from the rational, individual and autonomous individual towards emotive and relational individual that increasingly defines herself through relationships she has with others. This is supported by the changing attitudes towards privacy and (intellectual) property that are no longer exclusive and individual, mainly due to the virtual abundance offered by the internet (Kostakis and Drechsler 2013). At the same time, in Eastern countries there is a shift from relational to a more individual emphasis, which means a kind of convergence in the middle.

The key factor in autonomy is individual privacy. The right to privacy became relevant with the advent of the first mass communication technologies, i.e. photographs in a newspaper (Warren and Brandeis 1890). As a consequence of abuses by totalitarian regimes that took advantage of technologies that allowed for infringement of privacy, a strong framework of laws has been in place that guarantees individual privacy, especially in Europe. In the current era right to privacy is seen by some as unimportant, but it would be more correct to note that the understanding and usage of the right to privacy has transformed. Research has shown a phenomenon that could be described as “partial publicity” or “public privacy” which essential means that privacy has become multilayered and that there are several shades of gray between total publicity and total individual privacy (Ess 2015). A new form of subactivism has been identified occurring in the social media space that “is not about political power in the strict sense, but about personal empowerment seen as the power of the subject to be the person that they want to be in accordance with his or her reflexively chosen moral and political standards.“ (Bakardijeva 2009).

As a consequence of the developments of social media, especially in the sense of loss/transformation of privacy, the Western understanding of self is moving away from individual sense of selfhood (that is essential for an autonomous and rational individual) towards a more relational sense of selfhood (Ess 2015).

The other impact that social media has, is the changes in communication. The (national) public sphere is weakened due to the fragmentation enabled by the web, which is dominated by commercial interests. There is a fragmented public sphere in which people are in their own social bubbles in which they engage in computer-mediated communication using non-neutral algorithms programmed to maximise profit or potentially used for something more sinister.

It is well known that Facebook and other social media sites exploit privacy for commercial gain. The business model relies on individuals using social media and reveal more to others, i.e. “if you are not paying for it, you are the product”.

Jürgen Habermas has stated in an interview with FT:

“The internet generates a centrifugal force, …[i]t releases an ­anarchic wave of highly fragmented circuits of communication that ­infrequently overlap. Of course, the spontaneous and egalitarian nature of unlimited communication can have subversive effects under authoritarian regimes. But the web itself does not produce any public spheres. Its structure is not suited to focusing the attention of a dispersed public of citizens who form opinions simultaneously on the same topics and contributions which have been scrutinised and filtered by experts.”

Seyla Benhabib also sees profound changes in the democratic models induced by new forms of media:

 “The emergence of new media technologies, and new centres of information is leading to everyone doing their “own thing,” so to speak. It’s as if people are going around with bubble wrap around their brains. And inside the bubble wrap is the informational world that they themselves have generated. When we first articulated this model about the interaction of the strong and weak public spheres in the late 1980s and 1990s, many of us were thinking of transformations in Eastern Europe, the emergence of civil society movements, strong women’s movements, ecology and youth movements in the West, and so the model was one of a decentred, weak public sphere of anonymous conversations and networks that would then have some impact on the decisional public sphere. Now, we need to reconsider this model in the light of the complete proliferation of the electronic media and public spheres – the rise of FaceBook; YouTube; community and citizen journalism, etc…”

Thus in an abundance of information and communication options, people are for the first time able to choose for themselves also which spheres to belong to and which to form. Communication no longer knows state and community boundaries, people are no longer bound by their associations in a spatial ways. Also, the former borders of specific ingroups and outgroups are becoming fuzzy and individual identities are becoming blurred as well, which adds to the pressure of relational rather than individual selves, because the latter are not so easy to define any more.

One could imagine a not so distant future in which Facebook and/or its descendants have become even more persuasive than today. Already today, Facebook has shown that it is willing to ethically questionable and possibly illegal social experiments that change the mood of its users. It also already manipulates voting patterns by pushing people to vote by creating peer pressure to go to polls. Thus it is not difficult to imagine that at some point in the not so distant future Facebook could manipulate and nudge users to vote for a particular candidate or political party. For example, it could manipulate its feed algorithms to show more news stories that could make people vote progressive or conservative. As the algorithms are secret, it is not possible to know whether this is already not done.

Currently Facebook already allows paid political advertising. In Estonia, where outdoor political advertising has been banned to improve the quality of democratic debate, an extremely poor decision upheld by an even worse judgment by the Estonian Supreme Court, it is allowed to have banner ads that direct you to the e-voting site where you can vote for your candidate. As social media advertising techniques surely improve, it will be easier than ever to nudge you to vote in the “right” direction, by analysing the commercially available data. You can then be targeted with tailored messages.

The autonomous individual is not only in danger during elections, but social media has also helped to create the conditions to impact the state in other ways.

As social media offers technological tools for bringing together large groups, potentially the whole population, there has been renewed interest towards direct democracy and deliberative democracy. Direct democracy was considered to be despotism by Kant and there is no reason to believe that widespread use of direct democracy would not result in worsening of the status and conditions of minorities. Even when Facebook itself has tried to emply direct democracy methods, it has had to face failure.

Mediacratisation has also been heightened by social media, in which it is much easier to induce moral panics that can be used to force changes in policies or even impact legislative processes. In November 2014, Estonian Minister of Finance resigned due to a arguably Russophobic comment he made on Facebook when commenting there. Even if one agrees that such comment was unacceptable (and I personally do), it shows that politicians are facing new pressures from social media sources, which can organise quickly for or against a specific cause. This could lead to a world of emotional voting which was depicted in the sci-fi TV series “Black Mirror” episode “The Waldo Moment”.

Possibilities for “Facebook Kantianism”

For a Kantian autonomous individual to survive there are several ways to preserve it and keep Facebook too. This requires to regulate Facebook on a global scale, which is difficult, but nevertheless achievable.

If one considers Kantianism as the perseverance of the autonomous individual in a social media setting, then interesting possibilities arise. It partly depends on whether one considers Facebook as a neutral and mechanical platform that simply replicates online the processes that happen offline. However, it seems that Facebook goes far beyond that. The algorithms that define what gets shown to whom are programmed by human beings and even if they try to stay neutral, it is rather impossible to do.

It could be that the solution is the regulation of Facebook according to an understanding of hybrid self (Ess 2015), which means that Kantian autonomy is consciously and deliberately preserved for those purposes which require moral judgment and which have wider political consequences, whereas in other relationships a more relational side prevails. There needs to be some way of delineating these aspects and also regulation that prevents any infringements of the independent side. This means certainly more regulation of Facebook and the likes and an enforceable ban on those activities that intrude on autonomy. Regulation of Facebook is, however, somewhat difficult as it already wields enormous political influence.

Another option would be a move towards cosmopolitan federalism, which would expand the Kantian concept of autonomy beyond the borders of the state. This is supported by the fact that democracy is undergoing a transformation also due to the decoupling of state and citizenship. Nation state is losing its monopoly to trans- and supranational, but also local levels of governance, leading to a growing ideas of globalised governance.

This does not necessarily mean the end of a nation state. Benhabib writes:

“This sketchy vision of cosmopolitan federalism is not based upon a hostility toward the nation-state; quite to the contrary. Only within a framework of sub- and transnational modes of cooperation, representation, and collaboration is it possible to protect the fundamental values of liberal and republican liberty, that is of private and public autonomy.”  (Benhabib 2005).

The fate of the autonomous individual is uncertain. However, if enlightenment values such as human rights, equality and democracy, upon which Western societies have so far prospered and which have managed to maintain a relative level of peace and non-violence in the world, were to be upheld more attention should be diverted towards the impact of social media on the concept. It might be necessary to create global regulation that would ensure that technology does not end up controlling human beings, but human beings continue to have autonomy in the dynamically changing world. There are no reasons why the principles of the Enlightenment could not be equally applied social networking sites. If done properly, this could bring about unprecedented levels of growth, peace and stability, because it is an opportunity to apply those principles not within Rawlsian self-contained nation states, but globally, to all those that are connected.

Tallinn, 6 January 2015

 

References

Bakardjieva, M. 2009. Subactivism: Lifeworld and politics in the age of the internet. The Information Society 25:91–104.

Benhabib, S. 2005. Borders, Boundaries, and Citizenship. PS: Political Science and Politics 38.4: 673-677.

Berlin, I. 1971. The Assault on the French Enlightenment. Kant and Individual Autonomy. John Danz Lectures, University of Washington, 22, 24 and 25 February 1971. Unpublished, available at: http://berlin.wolf.ox.ac.uk/lists/nachlass/assault2.pdf

Christman, J. 2014. Autonomy in Moral and Political Philosophy. The Stanford Encyclopedia of Philosophy (Winter 2014 Edition), Edward N. Zalta (ed.)

Cormode, G., & Krishnamurthy, B. 2008. Key differences between Web 1.0 and Web 2.0. First Monday, 13(6).

Ess, C. 2015. The Onlife Manifesto: Philosophical Backgrounds, Media Usages, and the Futures of Democracy and Equality. in: The Onlife Manifesto Being Human in a Hyperconnected Era (ed. L. Floridi). Springer

Feinberg, Joel. 1982. Autonomy, Sovereignty, and Privacy: Moral Ideals in the Constitution. Notre Dame L. Rev. 58: 445.

Loader, B., A. Vromen and M. A. Xenos. 2014. The networked young citizen: social media, political participation and civic engagement. Information, Communication & Society, 17:2, 143-150.

Kant, I. 1795. Perpetual Peace: A Philosophical Sketch

Kostakis, V. and W. Drechsler. 2013. “Commons-based peer production and artistic expression: Two cases from Greece. New Media & Society

Mill, J. S. 1859. On Individuality, as one of the elements of well-being. On Liberty.

Perez, C. 2009. Technological revolutions and techno-economic paradigms. Working Papers in Technology Governance and Economic Dynamics no. 20

Pew Research Center. 2014. The Future of Privacy. Available at http://www.pewinternet.org/2014/12/18/future-of-privacy/

Warren, S. D. and L. D. Brandeis. 1890. The Right to Privacy. Harvard Law Review, Vol. 4, No. 5 (Dec. 15, 1890), pp. 193-220


The end of collective technophilia?

Posted: May 18th, 2014 | Author: | Filed under: Estonia, european union, human rights, politics, privacy, technology, thoughts | 1 Comment »

2014 could be the year that a serious shift happened in our attitudes towards technology.  A more critical, perhaps mature attitude seems to be developing, initiated by the Black Swan event created by Snowden revelations, the so-called Snowden effect. Our societies will be better because of it, especially in terms of protection of human rights and democracy.

For a long time, there has been a concern that human rights do not get enough emphasis in our constant drive for better and more efficient living through constant improvement of technology. This has meant that technology has become and end and not means to achieve something.

In Estonia, this is even more prevalent, because the national narrative and international image of the country has been built to depend on technology. The success of e-stonia is seen as source of national pride and international scholars are also usually not focused on such a small country, which prevents any critical analysis of the situation and opens Estonia up to huge vulnerabilities. This perverse view of technology is seen particularly strongly now, when e-voting is touted by the ruling political elite (while one major party is totally against it). This view can be seen for example in the statement by President Ilves: “Minule on e-hääle andmine mitte ainult mugav, aga eelkõige usaldusavaldus maailma ühele paremale IT-süsteemile, usaldusavaldus Eesti riigile.” (“For me, e-voting is not only convenient, but foremost a statement of trust towards one of the world’s best IT-systems, a statement of trust towards the Estonian state”).

Worldwide, the shift to a more reasonable, less hype-filled approach is evidenced by various courts trying to better balance freedom of information and speech with privacy rights and other rights. Freedom of information and speech has seen an unparalleled Golden Age with the Internet, however, previously there was not much discussion related to the fact that human rights are interdependent and indivisible. Thus, a much greater emphasis on freedom of information also means that some other rights are going to be less protected.

In some remarkable recent court decisions courts have finally begun to critically evaluate the impact of technology to the society and, specifically, human rights. They have attempted (arguably not most successfully), to rebalance freedom of information with other rights. This has been mostly happening in Europe, since the EU has the strongest data protection laws in the world.

  • In the Delfi vs Estonia ECtHR case the ECtHR placed the responsibility for libelous anonymous comments on the online news portal that published them, rather than the author of the comment. The case has been referred to the Grand Chamber so there still might be a change, but the initial chamber decision stated pretty clearly: “The ease of disclosure of information on the Internet and the substantial amount of information there means that it is a difficult task to detect defamatory statements and remove them.”
  • The CJEU invalidated the Data Retention Directive in its landmark judgment in which it declared mass surveillance illegal. The CJEU went further than anyone expected when it said: “As for the question of whether the interference caused by Directive 2006/24 is limited to what is strictly necessary, it should be observed that /…/ the directive requires the retention of all traffic data concerning fixed telephony, mobile telephony, Internet access, Internet e-mail and Internet telephony. It therefore applies to all means of electronic communication, the use of which is very widespread and of growing importance in people’s everyday lives. Furthermore, in accordance with Article 3 of Directive 2006/24, the directive covers all subscribers and registered users. It therefore entails an interference with the fundamental rights of practically the entire European population.”
  • The CJEU also ruled in its very recent Google Spain decision that there is a strong “right to be forgotten” and the search engine must remove links to information that a person does not want to be linked to. The CJEU said: “As the data subject may, in the light of his fundamental rights under Articles 7 and 8 of the Charter, request that the information in question no longer be made available to the general public by its inclusion in such a list of results, it should be held, /…/ that those rights override, as a rule, not only the economic interest of the operator of the search engine but also the interest of the general public in finding that information upon a search relating to the data subject’s name.”

There are also some other interesting developments:

  • In popular culture, tech culture has increasingly become subject of criticism. See the series Silicon Valley and, most poignantly, a recent episode of HBO’s Veep.
  • Recently it was reported that German economy minister Sigmar Gabriel suggested that it might be necessary to break up Google, while current President of the European Parliament and one of the top candidates for the next president of the European Commission Martin Schulz stated on Google: “Whoever knows everything about citizens, firms and politicians achieves a level of power which doesn’t belong in a pluralistic democracy.”
  • There are also growing grassroots citizen movements that target the tech giants such as Europe v Facebook.
  • MOOC courses are increasingly seen as mostly hype and not the transformation that it was claimed to be.
  • The Estonian Supreme Court also decided in a less reported case last December that charging less for online court proceedings than traditional ones is unconstitutional, because of the importance of fundamental rights at stake (access to justice). The Court among other things heavily criticised the concept of efficiency behind the introduction of the e-justice system and accused the government that it is trying to shift the burden of entering and submitting complicated legal documents from the courts to the general public who might not be best prepared for it.
  • The Estonian online election system has been called highly vulnerable and recommended to be abondoned by leading scholars in the area.

Thus the shift consists of better rebalancing freedom of speech and information with other human rights in the online context and a more cautious and realistic view towards the danger that the likes of Google and Facebook are posing to the lives of all individuals, our human rights and democracy due to their omnipresence in the Internet. In terms of Carlota Perez’s Techno-Economic Paradigm Shift theory, this could be signal that the world has moved on the a more stable and peaceful deployment period of the currently dominant ICT paradigm from the turbulent installation period.


The invalid Data Retention Directive and Estonia

Posted: May 10th, 2014 | Author: | Filed under: Estonia, european union, human rights, law, privacy, thoughts | No Comments »

One of the most important decisions about protection of human rights in Europe (and perhaps the world) in recent times, was the 8 April 2014 decision of the European Court of Justice in Joined Cases C-293/12 and C-594/12 Digital Rights Ireland and Seitlinger and Others. The case concerned the contentious Data Retention Directive, which required all Member States to keep so-called metadata about mobile and fixed phone and internet connections. The Court found that the directive interfered disproportionately the right to private life of all European residents and declared the so-called Data Retention Directive invalid in its entirety and from the time it came into force. There case came about because of Digital Rights Ireland and more than 12 000 private individuals in Austria had contested the validity of the data retention requirement (as it amounts to mass surveillance). There had already been constitutional challenges to the laws adopted based on the directive in many member states (Germany, Romania) and several refused to transpose the directive (Sweden), so it is clear that the directive was controversial. After all, it had been adopted in a three-month expedited proceeding after the London and Madrid terrorist attacks.

In Estonia the data retention requirements have so far not raised in formal legal constitutional issues. Looking through the procedure of adoption of the law, it seems that privacy rights argumentation was never really raised and there was almost no opposition to this (what many call totalitarian) law. The law was passed after six month legislative procedure with 82 members of parliament out of 101 voting in favour (with no votes against or abstaining). The explanatory note of the draft law states that the proposal was put together by two public officials (one from the Communications Board and another from the Ministry of Economy and Communications), with participation of “surveillance and security authorities” and the Estonian Information and Telecommunications Union. The only contentious issue that was raised seemed to be that the telecoms were not happy with having to pay for the data retention themselves (they still do).

The Estonian provision seems to be much wider than the directive, for example allowing the retained data to be used not only for serious crimes, but has been expanded to include also misdemeanours (even by the tax authorities!). This in itself seems excessive and disproportionate even if the directive was still valid. There are a number of other issues, but the most fundamental one is that according to European Court of Justice, mass surveillance is not allowed by law. It is disproportionate (even to fight terrorism) to preemptively gather, retain and process data about every single person.

So why did our constitutional system of protection of basic human rights (and the right to privacy) fail so spectacularly in this issue? In my opinion the reasons were the following:

  • Not enough detailed human rights scrutiny of laws made due to harmonisation of laws based on EU directives. The Estonian authorities seemed to assume that since this was based on an EU directive, there was no inherent risk to human rights protection. The human rights architecture in Europe assumes that there is scrutiny in terms of human rights BOTH in EU level and in national level, but this time there seemed to be neither worked. President Ilves failed in his duties as he can refuse to sign the laws he believes are unconstitutional and instead proclaimed it without problems.
  • The lack of independent NGOs dealing critically with human rights (and specifically with data protection). There was simply not enough specific expertise in Estonia to challenge the draft at any stage of the process.
  • Lack of discourse critical of technological development, also unfounded trust in technology. Since the belief in the positive impact of technology is so engrained, any opposition to using mass data collection could be seen as standing against the ‘normal’ technological development of the society. The so-called tech and data protection experts are rather evangelists who stand to personally benefit from lack of critical discourse.
  • Overall weak position and awareness of human rights. In many ways human rights are seen as declaratory, self-evident principles that have little impact in the daily lives of Estonian people, especially in specific matters.
  • Hightened sense of vulnerability brought about by fear of terrorism. I think that in Estonia this is not so relevant, since the number one fear is still Russia and there has been no terrorist attacks on Estonian soil. However, decision makers might be influenced by this.

So what now? At the moment the law in Estonia is in place and the massive breach of privacy rights is allowed to continue. There has been almost no public debate and the governmental authorities seem to be waiting for the reaction of someone else (in Finland, the review of retention laws was announced a couple of days after the judgement).

The situation is remarkably problematic not only because of the continuing disproportionate infringement of privacy rights, but the credibility problem this poses for Estonia’s image as a technologically advanced country both internally and externally. Are Estonian people going to continue to trust in e-services when it is clear that the human rights safeguards are not working? Is the international community ready to admit that Estonia is not such a great example of tech-friendly society after all if it also means lack of regard to basic human rights?

 

Annex: The provision in question is as follows (English translation is only available for the future version, but there seems to be no change in terms of this provision):

§ 1111. Obligation to preserve data
(1) A communications undertaking is required to preserve the data that are necessary for the performance of the following acts:
1) tracing and identification of the source of communication;
2) identification of the destination of communication;
3) identification of the date, time and duration of communication;
4) identification of the type of communications service;
5) identification of the terminal equipment or presumable terminal equipment of a user of communications services;
6) determining of the location of the terminal equipment.
(2) The providers of telephone or mobile telephone services and telephone network and mobile telephone network services are required to preserve the following data:
1) the number of the caller and the subscriber’s name and address;
2) the number of the recipient and the subscriber’s name and address;
3) in the cases involving supplementary services, including call forwarding or call transfer, the number dialled and the subscriber’s name and address;
4) the date and time of the beginning and end of the call;
5) the telephone or mobile telephone service used;
6) the international mobile subscriber identity (IMSI) of the caller and the recipient;
7) the international mobile equipment identity (IMEI) of the caller and the recipient;
8) the cell ID at the time of setting up the call;
9) the data identifying the geographic location of the cell by reference to its cell ID during the period for which data are preserved;
10) in the case of anonymous pre-paid mobile telephone services, the date and time of initial activation of the service and the cell ID from which the service was activated.
(3) The providers of Internet access, electronic mail and Internet telephony services are required to preserve the following data:
1) the user IDs allocated by the communications undertaking;
2) the user ID and telephone number of any incoming communication in the telephone or mobile telephone network;
3) the name and address of the subscriber to whom an Internet Protocol (IP) address, user ID or telephone number was allocated at the time of the communication;
4) the user ID or telephone number of the intended recipient of an Internet telephony call;
5) the name, address and user ID of the subscriber who is the intended recipient in the case of electronic mail and Internet telephony services;
6) the date and time of beginning and end of the Internet session, based on a given time zone, together with the IP address allocated to the user by the Internet service provider and the user ID;
7) the date and time of the log-in and log-off of the electronic mail service or Internet telephony service, based on a given time zone;
8) the Internet service used in the case of electronic mail and Internet telephony services;
9) the number of the caller in the case of dial-up Internet access;
10) the digital subscriber line (DSL) or other end point of the originator of the communication.
(4) The data specified in subsections (2) and (3) of this section shall be preserved for one year from the date of the communication if such data are generated or processed in the process of provision of communications services. Requests submitted and information given pursuant to § 112 of this Act shall be preserved for two years. The obligation to preserve the information provided pursuant to § 112 rests with the person submitting the request.
(5) The data specified in subsections (2) and (3) of this section shall be preserved in the territory of a Member State of the European Union. The following shall be preserved in the territory of Estonia:
1) the requests and information provided for in § 112 of this Act;
2) the log files specified in subsection 113 (5) and the applications provided for in subsection 113 (6) of this Act;
3) the single requests provided for in § 1141 of this Act.
(6) In the interest of public order and national security the Government of the Republic may extend, for a limited period, the term specified in subsection (4) of this section.
(7) In the case specified in subsection (6) of this section the Minister of Economic Affairs and Communications shall immediately notify the European Commission and the Member States of the European Union thereof. In the absence of an opinion of the European Commission within a period of six months the term specified in subsection (4) shall be deemed to have been extended.
(8) The obligation to preserve the data provided for in subsections (2) and (3) of this section also applies to unsuccessful calls if those data are generated or processed upon providing telephone or mobile telephone services or telephone network or mobile telephone network services. The specified obligation to preserve data does not apply to call attempts.
(9) Upon preserving the data specified in subsections (2) and (3) of this section, a communications undertaking must ensure that:
1) the same quality, security and data protection requirements are met as those applicable to analogous data on the electronic communications network;
2) the data are protected against accidental or unlawful destruction, loss or alteration, unauthorised or unlawful storage, processing, access or disclosure;
3) necessary technical and organisational measures are in place to restrict access to the data;
4) no data revealing the content of the communication are preserved.
(10) The expenses related to the preserving or processing of the data specified in subsections (2) and (3) of this section shall not be compensated to communications undertakings.
(11) The data specified in subsections (2) and (3) of this section are forwarded to:
1) an investigative body, a surveillance agency, the Prosecutor’s Office or a court pursuant to the Code of Criminal Procedure;
2) a security authority;
3) the Data Protection Inspectorate, the Financial Supervision Authority, the Environmental Inspectorate, the Police and Border Guard Board, the Security Police Board and the Tax and Customs Board pursuant to the Code of Misdemeanour Procedure;
4) the Financial Supervision Authority pursuant to the Securities Market Act;
5) a court pursuant to the Code of Civil Procedure;
6) a surveillance agency in the cases provided for in the Organisation of the Defence Forces Act, the Taxation Act, the Police and Border Guard Act, the Weapons Act, the Strategic Goods Act, the Customs Act, the Witness Protection Act, the Security Act, the Imprisonment Act and the Aliens Act.


Delfi vs Estonia ECHR judgment

Posted: October 10th, 2013 | Author: | Filed under: human rights, law, privacy, thoughts | 1 Comment »

Today, the European Court of Human Rights issued their long-awaited judgment in the case of Delfi vs Estonia. The case has implication for many human rights issues, including hate speech, anonymous speech, liability of internet portals for comments on their website etc.

As I currently understand the law, the provider is not liable when there is a notice-and-take-down system in place. This means that for example YouTube is not liable for any derogatory or infringing content that is uploaded until it has received a take down notice (which can be submitted by anyone) after which the content is made unavailable. This system is, of course, not perfect, because it allows to block also material that might not be infringing. It also means that the service provider should have the knowledge and expertise to identify content that is infringing from what is not, which poses specific problems. The lack of clarity and inconsistency of the notice-and-take-down system was also pointed out by the intervening third party Helsinki Foundation for Human Rights in Warsaw (which I had the pleasure of visiting and meeting with during the last weekend). See their written comments to the court (PDF).

The Delfi case involved a number of derogatory comments against Mr Leedo, who owns the company that provides ferry services between mainland Estonia and the two larger islands. The comments were extremely offensive (and are reproduced in English in para. 14 of the judgment).

The case will be commented in detail by many people, but here are my preliminary observations:

1. Not all news stories require the same degree of moderation of comments by the publisher. The court held that Delfi should have expected a number of hateful or defamatory comments due to the nature of the article and thus exercise extra caution:

86. /—/ Therefore, the Court considers that the applicant company, by publishing the article in question, could have realised that it might cause negative reactions against the shipping company and its managers and that, considering the general reputation of comments on the Delfi news portal, there was a higher-than-average risk that the negative comments could go beyond the boundaries of acceptable criticism and reach the level of gratuitous insult or hate speech. It also appears that the number of comments posted on the article in question was above average and indicated a great deal of interest in the matter among the readers and those who posted their comments. Thus, the Court concludes that the applicant company was expected to exercise a degree of caution in the circumstances of the present case in order to avoid being held liable for an infringement of other persons’ reputations.

This is an important distinction as the same could be said about articles that deal with other, sensitive topics such as issues related to ethnic minorities, migrants, LGBT rights etc in which areas at the moment there is uncontrolled hate speech. Does this mean that the publisher should put extra resources on moderation of the comments for these topics or should ban commenting altogether?

2. The notice-and-take-down system has to be effective in order to exclude liability of the publisher. Although there was a word-based automatic filtering system as well, the portal relied on a notice-and-take-down system, which allowed users to report comments they thought were offensive or illegal. Delfi had made it very easy to report offensive content with a single click (unlike twitter, which is only now starting to work out a reasonable system to report hate speech). The court thought that the systems were not adequate:

89. The Court notes that in the interested person’s opinion, shared by the domestic courts, the prior automatic filtering and notice-and-take-down system used by the applicant company did not ensure sufficient protection for the rights of third persons. The domestic courts attached importance in this context to the fact that the publication of the news articles and making public the readers’ comments on these articles was part of the applicant company’s professional activity. It was interested in the number of readers as well as comments, on which its advertising revenue depended. The Court considers this argument pertinent in determining the proportionality of the interference with the applicant company’s freedom of expression. It also finds that publishing defamatory comments on a large Internet news portal, as in the present case, implies a wide audience for the comments.

3. Liability of the publisher is related to the fact that submitters of comments were unable to modify or delete comments later. This means, according to the court, that Delfi had a substantial degree of control over the comments:

/…/ The Court further notes that the applicant company – and not a person whose reputation could be at stake – was in a position to know about an article to be published, to predict the nature of the possible comments prompted by it and, above all, to take technical or manual measures to prevent defamatory statements from being made public. Indeed, the actual writers of comments could not modify or delete their comments once posted on the Delfi news portal – only the applicant company had the technical means to do this. Thus, the Court considers that the applicant company exercised a substantial degree of control over the comments published on its portal even if it did not make as much use as it could have done of the full extent of the control at its disposal.

4. It is up to the publisher to decide which means to use in order to stop hate speech and defamatory comments. The court considered it to be an important factor that the domestic courts did not prescribe a specific remedy (i.e. moderation before publishing, etc). This means that it is up to the publisher to ensure that the exisiting protection system is adequate and effective.

5. The court does not ban anonymous expression or find that it is the cause of hate speech or defamation. The only thing the court said was that since users were not registered, it would have been more difficult to sue them directly. Since it allows comments for users that are not registered, it has a ‘certain responsibility’ for those comments. It goes on to state:

92. The Court is mindful, in this context, of the importance of the wishes of Internet users not to disclose their identity in exercising their freedom of expression. At the same time, the spread of the Internet and the possibility – or for some purposes the danger – that information once made public will remain public and circulate forever, calls for caution. The ease of disclosure of information on the Internet and the substantial amount of information there means that it is a difficult task to detect defamatory statements and remove them. This is so for an Internet news portal operator, as in the present case, but this is an even more onerous task for a potentially injured person, who would be less likely to possess resources for continual monitoring of the Internet. The Court considers the latter element an important factor in balancing the rights and interests at stake.

This approach by the court is problematic, because it might lead to anonymous commenting option to be removed in fear of liability. One wonders if similar comments made on a website which does not have a media company behind them would also result in a similar conclusion. Given the worrying trends of possibly illegal surveillance of internet activities, data-mining and the like, does it not make sense for people not to identify themselves and try to increase anonymity?

Finally, the court considered that the fine of 320 euros was not in any way disproportionate given the fact that Delfi was one of the largest Internet portals in Estonia. It seems that the court could have accepted a much higher financial penalty.

My advice to the news portals would be:

  1. Make notice-and-take-down system more effective by training the moderators and informing the users better;
  2. For stories for which hateful and defamatory comments are expected (high-risk stories), utilise a quick pre-moderation system or proactively and constantly screen comments for hate speech or defamation;
  3. Clarify the policies and increase transparency of the notice-and-take-down system;
  4. Allow users to modify or delete their own comments while remaining anonymous.

I have previously written that anonymous comments are not evil in themselves and removing the possibility is too severe infringement of freedom of expression that would not also have the intended effect. I am not happy that the court did not use this case to explore in more detail the issues related to anonymous expression online. I am a bit disappointed by the case made by Delfi, which they could have argued in a more powerful way, but the government’s lawyers should be commended for their thorough work.

The case does show very well the complexity of the issue and the difficulty in balancing different rights in the context of the Internet. Better and more clear rules on this are a necessity.


The impact of technology on the right to privacy

Posted: July 3rd, 2013 | Author: | Filed under: european union, human rights, law, privacy | No Comments »

In 1890 Louis Brandeis and Samuel Warren published in the Harvard Law Review an article called “The Right to Privacy”. They wrote:

“Instantaneous photographs and newspaper enterprise have invaded the sacred precincts of private and domestic life ; and numerous mechanical devices threaten to make good the prediction that “what is whispered in the closet shall be proclaimed from the house-tops.””

It was the dawn of the age of the mass circulation gossip newspapers, aided by the improvements of the printing press and the invention of photography. This technological change prompted Brandeis and Warren to write their article and to call for legal protection of the right to privacy, which had already been enacted in France in 1868 (“11. Toute publication dans un écrit périodique relative à un fait de la vie privée constitue une contravention punie d’un amende de cinq cent francs.” Rivière, Codes Français et Lois Usuelles. App. Code Pen., p. 20.). In the article, Brandeis and Warren set out many of the principles that we follow to this day. Also, they called for both tort action with substantial compensation, injunctions as well as possible criminal sanctions for the violation of this right. Thus the right to privacy was born as a reaction to specific technological changes.

In the 1970s and 80s, when mass computing and databases had started to become prevalent, work started on international regulation of the right to privacy in the specific context. This resulted in the 1981 Council of Europe Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data (also known simply as Convention 108). The Convention entered into force in 1985 and has been ratified by 45 European states and Uruguay, including most recently by Russia in May 2013. This forward-looking document is the foundation of European rules on data protection. It sets the main principles related to data processing, including rights of individuals. Thus Europe already had before IT became commonplace a set of rules to adhere to.

In the European Union, data protection has recieved more attention than almost any other fundamental right. It is one of the more strongly protected rights in the EU level, having both its own Article in the founding treaties (since Treaty of Lisbon), strong protection in the Charter of Fundamental Rights of the EU, which became binding in 2009 together with the ToL, and a large body of secondary EU law (mostly directives), already since 1995’s Data Protection Directive. Again, these strong protections have been put to place as a consequence of advances in technology.

The fact that data has been protected in such a high degree in Europe and at the European level, has facilitated cross-border transmission of data, without which there would be a quagmire of different rules to follow. The EU data protection rules are currently being updated to react to the spreading of business models which involve trading with personal data (by mostly American companies such as Facebook, Google, Apple, Yahoo and Microsoft). These include the much debated right to be forgotten and the right of data portability, which means that you could move your data from one social media service provider to another, preventing customer lock-in.

With the NSA snooping scandal, an aspect of privacy has come about that had been forgotten by many. Although the focus has been on the private sector lately, it has become clear that the governments are more than ever capable and interested in finding out what people do and say online. No-one is off-limits, it appears.

In much of the same way as Louis Brandeis and Samuel Warren denounced the activities of gossip rags, it is important that there is a strong reaction in the form of legislation for the kind of invasion of privacy that has happened now. The answer is not to claim that privacy is dead (linked text in Estonian), but the opposite, rules and oversight must be made even stronger as a reaction to technological advances, just as we did when photography was invented. Those rules have to be smart and take into account the changing technological paradigm. Ultimately mankind can be successful if it can make technology work for it, rather than using it as an excuse to decrease human rights standards. We have outlawed reproductive cloning of human beings, eugenic practices and many other things that are technologically possible, but against the values on which our society is based on. So why cannot we keep 100% privacy in the digital age?

Of course the right to privacy as applied to Facebook is somewhat different than as applied to the tabloid newspapers. The underlying philosophical and ethical values are similar, but their application can vary. The individual has become much more empowered to control information about him or her than ever before. And that is a positive thing. Harvard scholars did recently a literature review on the privacy practices of the younger generation, and found surprisingly that privacy is as valuable as ever:

“The prevailing discourse around youth and privacy is built on the assumption that young people don’t care about their privacy because they post so much personal information online. The implication is that posting personal information online puts them at risk from marketers, pedophiles, future employers, and so on. Thus, policy and technical solutions are proposed that presume that young would not put personal information online if they understood the consequences.

However, our review of the literature suggests that young people care deeply about privacy, particularly with regard to parents and teachers viewing personal information. Young people are heavily monitored at home, at school, and in public by a variety of surveillance technologies. Children and teenagers want private spaces for socialization, exploration, and experimentation, away from adult eyes. Posting personal information online is a way for youth to express themselves, connect with peers, increase popularity, and bond with friends and members of peer groups. Subsequently, young people want to be able to restrict information provided online in a nuanced and granular way.”

The above research suggest we should not be worried about privacy becoming unimportant in the future, but rather how to guarantee that we can control the privacy of our online lives. This should include being informed about when and what the government (or other governments) are able to know about us and what are the oversight mechanisms that protect us from it. The national intelligence community should be also interested in this, because otherwise they will be faced with another snowden, another wikileaks every couple of years. If people are in general terms aware of what, why and how is being gathered and have reassurances about sufficient oversight then Edward Snowden’s revelations would not have had much news value. If, however, it will be business as usual, more revelations are bound to take place.

P.S. In a way governments, especially the US, have fallen victims of the technological change even more than any individual. Wikileaks and Snowden revelations have been deeply embarrassing and probably hugely damaging. So the governments too must decide whether aiming for more secrecy is viable or should openness and transparency be better in the long run.