The calls were quite creative: according to the BBC,

An automated 30 second voice message from Mr Clegg was played out during the early evening calls, with recipients tapping numbers on their handsets to respond to questions about education, health, tax, crime, environmental and economic policies.

Hardly the most profound of feedback, so it’s no wonder that the Lib Dems defended them as ‘market research’. However, the Information Commissioner’s Office (ICO) determined that the calls were in fact direct marketing (i.e. promoting the party). An interesting tangent is that one of the complaints to the ICO came from the Scottish National Party (SNP) who had in the past been told to stop placing automated calls by the ICO - they didn’t even have the pretend market research element, they just had the dulcet tones of Sean Connery. Quite a surreal thing to hear down the phone, I’d imagine, although not living in Scotland it would be even more eerie to hear an SNP pitch in this far-flung corner of England! Anyway, I digress. Let’s go back to the Lib Dems (who actually complained about the SNP’s Connery calls. Bit silly really).

You can read the ICO’s enforcement notice here (PDF). The contravention at issue is the breach of the European Union’s Privacy & Electronic Communications Directive (2002/58), as transposed into British law through the X regulations. Under the directive, it’s not legal to send “recorded matter for direct marketing purposes by means of an automated calling system” without the prior consent of the recipient (i.e. the poor random chap or chapette sitting at home not caring about the Lib Dems).

I do wonder about the interpretation though. However you may feel about telephone-spam, there’s a need to think seriously about the impact of such a decision on political expression. There isn’t any definition of ‘direct marketing’ in the Regulations or in the original Directive, but when adopting the regulations, it was fixed that definitions would be as in the Data Protection Acts, and from there, we get the concept that direct marketing is “any advertising or marketing material” directed to an individual. The ICO believes this includes political communications; the EU’s Article 29 Working Party finds the same (report here, see p 7), through a slightly indirect route. But in a situation where there is some genuine doubt on whether the purpose of the call was to promote or to do research, we are perhaps quite some distance from the typical direct marketing advertisement. You can perhaps see it as a spectrum with commercial advertisements as the most extreme form, then political advertisements, then genuine political research, with this particular call being somewhere between the political ad and the political research.

Indeed, under the self-regulatory system in force in Britain (the ASA being of course subject to judicial review despite its best efforts), political advertising (including direct marketing) is treated very differently to ‘normal’ advertising (including direct marketing). The Advertising Standards Authority (ASA)’s code provides that

Any advertisement or direct marketing communication, whenever published or distributed, whose principal function is to influence voters in local, regional, national or international elections or referendums is exempt from the Code.

Therefore there are fewer restrictions on political advertising or direct marketing under British regulation than on non-political advertising. Though this is for non-broadcast media, of course. In the case of broadcast media, political advertising (with a broad definition that encompasses party politics and general politically motivated advertising) isn’t permitted, despite a number of attempts to challenge this under human rights law. With this in mind, it’s still worth noting that law on broadcast advertising still distinguishes between political and ‘normal’ advertising, as the ASA does.

So is there a case for a political exemption to the electronic direct marketing rules? Or should the lead of the broadcast law be followed and unsolicited political electronic direct marketing ruled out entirely? I would suggest two initial responses: a) given the clear mess at a ECHR level and the odd finding of the House of Lords in the Animal Defenders case, I’m not sure how much scope there is to challenge the current position, and b) it may depend, as I’ve suggested below, on how far the enforcer goes in restricting political activities - where the broad interpretation of marketing includes both content as well as style, a freedom of expression-based challenge may be a more plausible option.

When it comes to Irish law, things are a bit of a mess (how often have I said that when it comes to communications legislation?). Just as in the UK, the regulations transposing the 2002 directive provide that undefinded phrases are to be defined by reference to the Data Protection Act - but the Irish Data Protection Act says:

“direct marketing” includes direct mailing other than direct mailing carried out in the course of political activities by a political party or its members, or a body established by or under statute or a candidate for election to, or a holder of, elective political office

To be honest, I’ve no idea what a court would do with that definition, particularly the reference to mailing, but it does seem to suggest a possible and significant difference from the UK position.

In the US, it was found in the 1990s that a prohibition on automatic telephone direct marketing that applied to political campaigning was constitutional: the case is Van Bergen v Minnesota 59 F.3d 1541 (8th Circuit CA). On the other hand, the recent finding in Virginia (in its Supreme Court, second time around) that the state’s anti-spam law was unconstitutional (in the case of exceptionally commercial spammer Jeremy Jaynes) and the broader debate on spam and the First Amendment is of some comparative interest and does indicate that the matter, at least as far as US law is concerned, is not settled. Indeed, in the federal CAN-SPAM Act, there’s a very broad exemption for religious or political messages, inserted for First Amendment reasons.

I was due to give a presentation on the sharing of domestic internet connections, but unfortunately won’t be able to make it. I look forward to seeing the slides and hearing the stories. If you’re going, will you blog it for me?

Coverage of GikII 2007 and GikII 2006.

Unless otherwise indicated, what follows is a non-verbatim approximation of what was said. Please correct any errors if you spoke and spot them. Things in [square brackets] are entirely my own views or additions and weren’t said at the symposium. Prior posts on privacy on this blog are here.

Daniel Solove’s presentation

Solove gave a quick overview of the context of Internet privacy, and discussed a number of specific cases that illustrated the changing nature of privacy:

• Dog Poop Girl - a cellphone picture of a dog doing what dogs do on train, published, the owner identified (as being irresponsible for not cleaning up), personal info published; it ended up on BoingBoing, media, posters and much more. “The Internet allows a cyber-posse to amass from around the world in an instant”.
  
• Personal blogging is in a way like diaries, containing intimate details of your personal life - but also the lives of others! But it’s very pervasive…will parents say to their child: “Well yes we could read your blog .. or you could just tell us about your school day“? (Solove displayed this cartoon or a version of it)
  
• 40% of blogs are written by under 19s…this is ‘Generation Google’, entire lives chronicled online [lots of things in common with Digital Natives here]
  
• Star Wars Kid - put up on site by friends and in just a few weeks, millions of views, went viral, embellished by others, mashups (loads of ‘em). Now he’s extremely well-known. Is this a good thing?
  
• Washingtonienne (Jessica Cutler) - anonymous blog which was personal, including lots of stuff about sexual partners - highlighted by Wonkette, followed by significant magazine coverage, a book deal, etc. One partner sued her for invasion of privacy … though she has now declared bankruptcy.

But maybe this sort of scrutiny of reputation is a good thing? Yes, but information out of context leads to hasty judgements that don’t really capture the truth of a character. And the libertarian norms which are generally good can actually lead to the opposite, people can be “shackled to their past”.

What can the law do? A little bit, but not a lot. A solution must deal with education, social attitudes, etc. So he analyses three “paths” - libertarian (hands off - things will get worse if you bring the law in; problem is that the norms may not develop the way we want to), authoritarian (censor and restrict - increasing willingness to do this in the US, too reactive, chills speech), middle ground (threat of lawsuit forces responsibility and accountability -recommended approach, but doesn’t want too many cases as it’s expensive) [again, this is a trend in the current phase of cyberlaw, so Solove is in very good company]

He then discussed the ‘Warren and Brandeis‘ privacy tort in the US, where you can sue for spreading private information not of legitimate concern. In the UK, it’s the modified breach of confidence tort, expanded post-HRA to be similar to US. [In Ireland, we have neither as such (breach of confidence exists but not as it now does in the UK), although we do have a small number of cases where a suit for breach of the constitutional right of privacy has been successful, a proposed tort in the stalled Privacy Bill, and a presumptive requirement under international law (ECHR) and domestic remedy (ECHR Act) to deal with the Von Hannover approach to Article 8 of the Convention on privacy]

Often, we have a binary understanding of privacy - places are private (home) vs public (the county fair). But we do have expectations of privacy in public place, and it’s so easy to capture (cellphone, CCTV, etc). The breach of confidence remedy in the UK is extensive and includes information between friends.

It’s also about control. Dr Laura Schlessinger, a conservative commentator, was not impressed when nude photos of her (taken in her wild past) were circulated. [I'm passing on looking them up] She sued the website to get the photos taken down, but lost due to free speech concerns. Then the ‘voyeur’ website that published them won cases against other sites for stealing their pictures! This shows that the idea that there’s nothing that the law can do to restrict information is false - in this case, there was copyright protection. “If you have a choice between copyright and privacy, choose copyright”, as the protections are more powerful.

And then there’s speech. Solove thinks that US law overprotects speech and underprotects privacy. Section 230 of the CDA immunises websites, ISPs etc for content supplied by others…and it’s complete immunity, which goes way too far. Juicycampus.com is an example. This illustrates how the law is “getting the balance wrong, encouraging irresponsibility rather than responsibility”. Small legal changes would nudge norms in the right direction.

Panel Discussion

Caroline (CarC) and Daniel (DS) were joined by Damien Mulley (DM), Jim Carroll (JC), Cormac Callinan (CorC) and Niall Larkin (NL). I didn’t get every point, I’m afraid, but I’ve tried to capture as much as I could (in almost all cases, summary rather than verbatim). ?? means a question or point from the floor.

We started with a general question to the panel on social networking and privacy. NL: People are sharing, learning to express themselves, “growing up online”. If it goes on the Internet, it stays on the Internet. DM: everything you do on Facebook is logged, i.e profile visits. They got in trouble last year, because even when you closed an account, info was still stored. Profile built up to sell on to advertisers, understanding behaviour. And they will hand to law enforcement without subpoenas. (full-time members of staff just doing this). There’s also profiling by companies etc, though people don’t really know this is happening. JC: it’s already happening with loyalty cards, though it’s now easier again for the marketers. It comes down to how much you care about it. DS: ubiquity of information collection. Mentions cloud computing - they have all your documents. Popular for marketers and for governments. Analysis tools are getting more sophisticated too. Terrorist profiling too (it works for Amazon, will it work for government?)

DM asks the audience - do you care that your data is being stored and used? [I think about half put their hands up]

??: a debt collector friend has been told to use Bebo in their work. This is a sign of how much awareness there is of the potential of such sites for data collection.

??: what about problems of international law, when content is hosted in a different country? Corc: it’s very difficult, there’s lots of international cooperation, there’s most in child protection, but data protection as an example of where it doesn’t work, there’s virtually no protection in US, despite safe harbour (between EU and US) which controls only certain aspects and is very limited.

??: is there ‘decentralised responsibility’, i.e. the user has agreed to terms and conditions when they signed up? DS: how many people read the privacy policies? They can change them unilaterally at any time. And for Facebook, there’s a policy, there’s privacy settings, and a 6000-word TOS. “No-one reads these things”.

??: Creative Commons has simplified IP contracting, could you do this for privacy? DS: sceptical, you use so many sites in a day and it’s very difficult to keep up with. A FTC commissioner he met confessed to not reading Facebook’s privacy policy. CarC: lawyers work very hard to make things “simple” but they are often hiding stuff! NL: as danah boyd says, as a citizen of the Internet you should have some basic rights.

??: There’s a naivety that people think social networking sites are there for their benefit, but they are ultimately commercial enterprises. DS: people are fine with it until something bad happens. They can want certain uses of data but not others….how do you know in advance? JC: when it’s taken out of context, there is trouble: i.e. publication of Bebo photographs in a newspaper. CorC: yes, but there’s also a lot of misunderstanding, i.e. ‘if you turn off your phone you can’t be tracked’ (not true - it’s effectively personal GPS), even possible to have remote activation of microphone. If someone had said 10 years ago that you’d carry a GPS tracker you’d say they were insane but now you pay €35 a month for the pleasure! DS: there was a backlash against bank accounts in the US in the early days of banking - but people chose to give up some privacy in return for value. But when does data mining turn into surveillance?

??: What can we get our government to do to protect against privacy infringement? And teenagers liked the idea of the mobile phone tracking - is this another generation gap? CorC: mentioned “phonewalking” services (bringing the tracked phone to where you ’should’ be - big business of the future! Copyright law is very effective because of lobbying power; businesses of course are there to make money, you should always assume this, and also - distinguish between privacy and data protection. Asking Bebo and Facebook to protect you is not feasible, it’s not their job to do it as they can always see and know everything, and their motive is profit. DM - I want to be told when people access my information, i.e. what the companies or their allies do, and including government information too (e.g. social welfare).

DS - there is an “optimism bias”. And it’s hard to visualise all the people reading your blog as compared to that of an true audience. In one study, 70% of people agreed that a privacy policy means no 3rd party sharing (this is not). NL: visualisation is concealed in some (social networks encourage to share with ‘friends’) but not others like YouTube (’broadcast yourself’ makes it very clear)

?? - Big Brother is important but we are also contributing to this - “we are BB”. Balance between rights and responsibilities - i.e. as a blogger, what am I putting out there?

?? - what about Gmail turning information over to Government without telling you. The government that would legislate to protect us has a particular role too as being a threat to privacy. DS: yes, an see in particular the discussion of FISA in the US.

?? is there a catch 22, you need unique ID of some sort in order to make Internet services and presence work. I like my anonymity, which is compromised. And these issues are nothing compared to Yahoo turning over information to China. CorC - you don’t really have anonymity, Irish ISPs share your information across the world. And you leave a significant footprint. [Cormac was very honest and direct in these contributions, which is appreciated].

??: there are two separate privacy debates happening, one about the protection of public figures against ‘media intrusion’ that is happening in the political and legal arena and a separate one that we are hearing here about privacy policies, commercial exploitation, Government surveillance that is not being legislated for. [That was me]

?? can there be a realistic remedy, very hard to deal with violations as not everyone can go to the High Court.

CorC - remember in Europe we don’t have immunisation of ISPs and hosts as with the CDA in the US (it’s about knowledge). DS: that’s interesting, when I say that in the US I’m told that it would lead to the total shutdown of the Internet and no free speech.

Summary

Three quick observations. If you were there, please add your own, including issues that you might not have had time to raise in the Q&A.

A very interesting symposium, with a particular need to note the strength of contributions from the floor. Although I wondered (like Justin) about how it related to the festival as a whole, I think the fact that the vast majority of those present were ‘active’ in various types of media, digital culture, etc meant that there was a lot that did not need to be reiterated (I’ve given talks about Facebook where the basic concept has to be explained, which while important, leads to a different type of question), and also a very informed line of questioning to what was an extremely heavy-hitting panel, with some of the best-known local bloggers and journalists, a leading international privacy scholar, and two important practitioner perspectives from Callinan and Campbell).

I hadn’t heard Daniel Solove speak before, though I’ve read his books and cited his blog posts in papers. He explained the issues very clearly to what was clearly not a legal audience, but managed to do so without leaving out crucial details like US-Europe differences in the relevant areas of law. And he talked about Warren and Brandeis at 10am in a basement full of film producers, and everyone followed what he was on about.

An audience member did raise the issue of gender balance, although in defence of the organisers, both Rachel O’Connell (Bebo) and Karlin Lillington (Irish Times) were invited but unable to attend.

I’m looking forward to this seminar on privacy and publicity taking place as part of the Darklight festival this Friday. Daniel Solove (GWU Law School) is the keynote speaker; for an idea of what’s he’s done in the past, take a look at the freely-available PDF of his recent book, The Future of Reputation. Karlin Lillington of the Irish Times is chairing it (edit: chair to be confirmed), and there will be responses from a diverse panel: Damien Mulley (blogger, consultant and fan of fluff and chicken feet; coming despite the spam), smart techlaw solicitor Caroline Campbell, music journo (and blogger too) Jim Carroll, Cormac Callinan (formerly of ISPAI and first director of hotline.ie and Niall Larkin from Relevant Media and more.

Friday 27th June, Filmbase (Curved St, in Temple Bar), at 10am. All the info is at the Darklight website.

Lewis Hyde’s thoughtful essay on network neutrality and the trials of 18th-century preachers-without-pulpits is a timely reminder that the issue of net neutrality is not one that should be the sole business of a small group of Internet activists and lobbyists. It’s about time to acknowledge that, while increasingly vehement disagreements between economists on how to stimulate the development of broadband in the US are undoubtedly fun to watch, a broader conversation on the cultural and political impact of new technologies is slowly emerging from the confusion that is net neutrality.

…continued at publius.cc…

The idea that violation of the terms of use of a website is in itself a crime raises all sorts of possibilities that are almost too far-reaching to speculate about without seeming a little unhinged! It’s similar to, yet even more threatening than, the development of knee-jerk “criminal trespass” laws that blur the line between conduct in public places and private places and have been used against peaceful protesters with abandon. I find some tragic humour in the fact that private censorship by hosts, no matter how irrational, is seemingly beyond the scope of the courts (being a private matter supposedly for contract alone) yet when you ‘break’ that ‘contract’, it’s such an offence against the public that the criminal law should be involved. (Never mind the fact that a lot of those now criminal-law-carrying terms are beyond boilerplate!)

We’ve talked about the weasel words (or misuse of words!) of authorised computer access on these pages before - in the context of wifi sharing. I have a bad feeling about all of this.

More from Eric Goldman, Susan Crawford, Wired and Peter Black.

We’re talking about the Department of Communciations, Energy & Natural Resources (DCENR; formerly also Marine hence the still-in-use Web address of DCMNR) in Ireland.

1. The Department posts the outcomes of and releases documents pertaining to Freedom of Information (FOI) requests. There’s even one from me in there, if you search hard enough. Anyway, they published a bundle of documents released in response to Damien Mulley’s request, which are quite interesting. Damien has posted some of the most interesting bits, and the Irish Times ran a story too.

One interesting paragraph - interesting for how it illustrates the difficulties that the Department has had with its broadband programme, though also interesting to see a document that was probably never intended to see public light - is this one. It’s taken from an email between two senior civil servants in the Department, speaking about a person who has been employed as an stagiare (intern) about to complete her term of work; one of them wants to hire as a consultant to continue work on the National Broadband Scheme and writes to the other:

“I would like to find some way of retaining her and may have to break procurement rules in order to do so. Given the dire situation, I feel I have no other option. I’m not inclined to seek permission from HR for this proposal and I’m unlikely to get it. I’d rather face the consequences after the NBS is up and running” (source: page 30 of this PDF)

It’s easy, indeed to respect the determination of the author to ‘get things done’ and cut through what is presumably nasty paperwork, though of course the trade union in the Department rightly raised legitimate concerns about the process, which are all described here, and the paperwork is there for a reason. I don’t think this is a legality/illegality issue but it’s certainly an awkward one for all concerned.

Just as a sidenote to all this, yet again we see our ‘Freedom’ of ‘Information’ system in action - the big black marker was in full action, and Damien was charged over €100 for this (the fee varies based on the cost of digging out the information). A friend of mine made a request to a third level institution some years ago and was quoted over €1000 for the information (he withdrew the request rather than pay it). Alongside this, there is a fee to make a request and a fee to make an appeal - and, perversely, if you win your appeal, you don’t get your money back - it is not a refundable deposit but a penalty charge that the wronged party must pay for the incorrect decision of the decision-maker at first instance. The Information Commissioner, Emily O’Reilly, criticises the fee-related aspects of FOI in this great speech from earlier this year here. A Private Members’s Bill (PMB) from Joan Burton (Labour) (here) to reverse the legislation that introduced these punitive charges will come before the Oireachtas shortly. In the meantime, Damien deserves our thanks not just for his spending on a charge that shouldn’t exist, but his persistence and his well-constructed requests.

2. Not needing FOI for this one (yet): Michele Neylon, who is involved in the ISP Association of Ireland (ISPAI) publishes the correspondence between the ISPAI and the Department regarding the proposed law on data retention, which Digital Rights Ireland and others are doing their best to oppose. The Minister replied by saying that as a different Minister (Justice) has responsibility for incorporating the relevant bit of European law into Irish law (transposition of the directive by way of SI, for those who care about such thing), he “has no function in this matter”. All the PDFs are on Michele’s post.

Note that the ISPAI didn’t ask if the Minister had a “function” in the matter - they asked to meet him to discuss how the legislation would have an impact on the Internet industry in Ireland. As the Minister responsible for communications, one would expect that he might be in the slightest bit interested. An Opposition TD (member of parliament) has no “function” in all sorts of things, but that doesn’t stop them hearing from concerned individuals, groups, businesses, trade unions and lobbyists. Furthermore, as we saw during discussions on defamation and privacy legislation, it’s not just the responsible Minister (again Justice) that has an interest in the Dept. of Justice’s legislative programme in or outside Cabinet - surely the Minister for Communications should at least be aware of the concerns of the communications industry, so that he or his staff can raise those issues in appropriate fora? And let’s not begin to talk about the nonsense that our politicians do, like cutting ribbons on off-licences and turning up at everything from a christening to a funeral if it’s in their constituency.

More from the New York Times’ “Bits” blog here (in general) and here (on Californian privacy law), and various angry responses summarised by Cnet here.

All the info is here. Not sure if I’ll be there this year, though I’ve been to the first two (here’s the 2007 report) and very much recommend that you go.

Our esteemed organisers say:

GikIII, a two day workshop on the intersections between law, technology and popular culture, will be held on September 24-25, 2008 in Oxford, England. GikII is so cutting edge that it is the nano-blade of workshops, so expect all sorts of challenging papers, tenuous legal connections, l33t powerpoint and keynote skillz, uber-geekery, and a healthy dose of lolcatz. Previous GikIIs explored Facebook privacy settings before privacy had become fashionable again, and looked at the pressing legal issues in subjects as varied as Harry Potter, killer robots, anime, fandom, virtual property and tattoos. All papers exploring the interaction between “geek” subjects and the law are welcome, but emphasis on popular culture is always favoured. This year’s workshop will also have a special session which explores the topics of complexity, networks and regulation.

Send your abstract of no more than 500 words to ian.brown@oii.ox.ac.uk, l.edwards@soton.ac.uk or a.guadamuz@ed.ac.uk by July 15th.

The Internet’s design relies on few mechanisms of central control. This allows new services to be introduced, and new destinations to come online, without any vetting or blocking by either private incumbents or public authorities. However, because we cannot easily measure the network and the character of the activity on it, we cannot easily assess and deal with threats from bad code without laborious cooperation among a limited group of security software vendors. Experiments need measurement, and the future of the generative Net may depend on a wider circle of users able to grasp the basics of what is going on within their machines and between their machines and the network. There is a need for new technologies and social structures that allow users to work creatively and collaboratively to understand what’s happening on their network — how it is impacting them, and how they are impacting it. This session introduces a cluster of technologies that seek to leverage the presence of millions of distributed PCs around the world to diagnose and improve PC health and network connectivity and empower users to understand and affect the future of the Internet.

Zittrain is the facilitator. We’re going to talk about projects. Yes, down-to-earth real stuff. He mentions the OnStar discussion from his book (chapter 5), which he said was particularly challenging to write because of the fears that emerge from the ‘perfect enforcement’ issues.

First mention of Psiphon, woohoo! (Note from Daithí - If you are in a position to contribute to this project, please do). And there are various similar projects. We can class them as part of a ‘netizenship’ agenda, and there is plenty of potential to build on this. Zittrain admits that the name Herdict is the worst name ever and appeals for help with this. A group of Berkman fellows, interns and friends are introduced.

They are trying to hold off the moment where the system is gamed/falsified/blocked. But this itself will be a mark of success, recognition that you’re worth going after.

Zittrain is showing a mockup of what the website (blank for now), will look like. There’s a colour-coded map of the world showing what blocking is taking place at that moment. Users can press a browser button when they are blocked and that sends an anonymous message saying what was blocked and (roughly) where. Builds on the idea of amIblockedornot idea. Interesting idea - to avoid the site being a repository for pornography etc, they will run the results (of blocked sites) through Google SafeSearch too.

Brilliant idea - how about using these ideas to get a comparative idea of “how good my network connection is” - this can relate to consumer rights issues and even network neutrality.

What if the site itself gets blocked?

We had a discussion (spurred by a post from me about different types of censorship) over how to deal with the problem that the site would be a list of porn sites (as mentioned above). Zittrain’s view is that this is an imperfect solution and that the goal is to make information available as much as possible. Rob Faris points out that the work on SafeSearch itself was done by Zittrain himself, but quite some years ago.

This version is about *web* blocking and not more general Internet issues, such as Skype. Swapping now to talk about PC health - this is something that installs and runs in system tray, looks for certain ’signs’ (although exactly what has yet to be defined). Some very interesting stats will emerge, particular when crossreferenced with basic user data (experience, type of machine, etc). Again, this sounds extremely interesting and with all sorts of applications beyond the straightforward functions. Some further discussion on this too, and a late diversion into opening the concept of netizenship beyond these applications…

And that’s the last of the live blogging from the Berkman @ 10 Conference, The Future of the Internet. This evening the inaugural Berkman Award is being made, although I’ll be booing watching the Red Sox at Fenway Park instead. I hope that you enjoyed the updates, and thanks for the comments!