IDP2009: Political Participation

(This was a live report. It’s late, so I’ve tidied it a bit more than for other posts, but the same cautionary notes apply, please and thank you).

This session was very interesting, but unfortunately will be discussed in a fairly general way here: the last session suffers from my multitasking, preparing the slides for the end-of-day report in a race against time that I am bound to lose. However, there was excellent coverage by others, including a rapid series of Twitter updates (including from the panelists) – perhaps prompted by the status of some of them as prolific and informative users of the same services and other platforms. Again, idp2009 is the tag.

The theme, then, was political participation and social networking, and all three presenters expressed some optimism regarding the link between the two. Leading things off, Maarta Cantijoch of the Autonomous University of Barcelona referred to the distinction between the channels in which individuals choose to make their voices heard. One way of drawing that the established academic discussion of conventional (formal – voting in elections, activist in political party, active i.e. campaigning) and non-conventional participation (protest, boycott, etc). The latter is more recently referred to as extra-representative although that term provokes some controversy, and there are important questions about how much of it is in parallel to established citizens. There are three broad categories of citizens: disaffected, critical, institutionalised: illustrated in a useful diagram, but in short, the disaffected are dissatisfied and little involved, the critical are involved but dissatisfied (the key for unconventional participation!) and the institutionalised are both satisfied and involved. Web 2.0 can mean new exchanges, new exposure to information, more interactivity, more young people – this talk was particularly helpful in that it drew upon Spanish research into political activity, which shows that certain uses of the Internet can promote participation in non-conventional ways, meaning the distance between the individual and the institutional sphere is somewhat different.

Jose Antonio Donaire is a politician in the Catalan parliament, but has a particular interest in new forms of politics. He is intrigued by how it is becoming possible to hold different opinions on different subjects rather than the more simplified ideological line of a group that has characterised the status quo. However, there is more to it than that, with a series of options including the more limited politics 2.0 where you see encouraging developments such as transparency and interaction, but also possibly limited to established politicians using new tools with existing political language. Through intermediate stages like media politics 2.0 (including such projects as the use of wikis for drafting) and politicised media, the clearest paradigm shift would be political spaces 2.0, with shifting concepts of the party and with the construction of a radically decentralised political space in and around platforms such as social networks.

Ricard Espelt discussed what he suggested some saw as a ‘Very Peculiar Project’, that of the use of technology in the town of Copons – Copons 2.0. Through communication, discussion and interaction, specific local problems are solved (including very ‘small’ ones), where problems are built on in to possible solutions. It’s in parallel to traditional administration but causes us to think about the purpose of politics. His visually arresting presentation can be reconstructed here . The purpose is to use social networking sites (generally open, inexpensive tools and ‘free’ (in both senses) where possible) – an the successes have been quite remarkable, especially from the point of view of ensuring accountability on the part of political representatives.

IDP2009: A Safe Internet

Liveblog! You know the drill by now. Take my summaries with a pinch of salt, and don’t attribute the summary here to the original speakers as direct quotes, por favor.

Moderator Agustí Cerrillo, director of Law & Political Sciences at UOC, introduces this session on policies for a safe Internet. We have seen, across this conference, that some of the risks associated with social networking cannot be tackled by the law alone – other mechanisms must be resorted to. Co-operation between companies is an increasingly important factor, especially when there is tacit recognition of such by international authorities. Self-regulation of social network safety is the issue that we hope to be informed about over the course of this session, with speakers considering the various policies from the vantage point of their current positions.

Oscar Martinez – Information Society Services, Ministry of Industry, Spain – is new to his current position, but has a lot of experience in these policy areas. There is a division within his department between legal and policy development. The work in both areas is very influenced by developments within the European Union, but also the recommendations of relevant international organisations such as the OECD. In policy terms, there have been two ‘Avanza‘ plans adopted (executive summary in English), dealing with issues like online education, e-health (interoperability being a particular issue) – this builds trust in the network as important public services are rendered through Internet. DNA, electronic billing and more represent emerging challenges. The 2007 law on citizen access to services on the web is important – but there is no ‘punishment’ for a failure to provide services online. However, online services facilitate a ‘critical mass’. There is also an developing need to addressing the needs of SMEs. The next Spanish presidency of the EU will take forward: safety on the network, e-commerce, copyright protection as priorities. As Spain moves from plan 1 to plan 2, the development of the ICT industries is very important.

There is a common theme that it is important to reassure users regarding security and safety. “Confidence, security and accessibility” with a budget of €11m is one of the five core goals, intending to generate greater confidence in ICTs through public policy. This includes services and technologies to foster trust as well as guidance, education and the protection of children. However, it is important to situate this work in the context of recommendations of the Council of Europe, the OECD, the ITU and others, who have published guidelines on different aspects of safety – in terms of national security and critical infrastructure as well as data protection, spam, malware and so on.

Nacho Alamillo (INTECO page) is currently a lawyer with ‘ASTREA: La Infopista Jurídica’ and has involvements as an expert and/or consultation in Catalan, Spanish and European projects and working groups on security issues, particularly electronic signatures. The topic of his talk is the information security planning of Catalonia, but extracting some points of general interest from a close consideration of such.

SMEs not aware of the dangers unless actually attacked – and they can be turned into the instrument for other attacks without their knowledge. INTECO research shows 18% have written documentation on security – we can see that the security risk is real. Anti-virus software is poorly updated and has a limited role. The European legislative instruments have attempted to foster a culture of safety, in three strands: privacy, security, electronic administration. Given that Catalonia is deploying electronic government services, there is a need to ensure protection of various sorts – for the system as well as for the data. Private sector plays a role, there is alignment with various levels of government, and regions need to collaborate.

There is quite some focus right now on the protection of critical infrastructure. Electronic administration is itself a critical infrastructure – and that means that protecting it should and will not be entirely in the hands of industry. The Catalan administration, like others, will bring together experts in policing issues and fight all forms of cyber crime; also an ‘electronic evidence laboratory’ in the Catalan cases. Safety has multiple target audiences and the plan must recognise this.

There was a brief Q&A session at the end of this session, for which I point you to Ismael’s summary.

IDP2009: Access to Public Information

You are still warned: this is a liveblog, my impressions, not direct quotes, and presentations with excellent slides like these can be difficult to capture in full. Also using simultaneous translation for all speakers this time. Other summaries are collected at the idp2009 tag.

The first panel of the day is on the topic of ‘access to public information and social networking sites’, moderated by one of the chief organisers of the conference (and energetic liveblogger) Ismael Peña-López. In his opening remarks, he uses the very recent example of the Guardian’s project on MP expenses, with many users contributing to a valuable resource by viewing PDFs and highlighting important document, reproducing significant elements in plain text, etc. This is an illustration of how the important function of monitoring the democratic process is facilitated by low cost and high technology: the Internet allows us to acquire, transfer, discuss and use information. The link with social networking is to think about how we can use our new tools as part of the building of a better democratic culture.

The first speaker is José Manuel Alonso of both the CTIC Foundation and the WWW Consortium (W3C). You can read Alonso’s slides here (English), and I recommend that you do – they are full of useful links and references. In his introductory remarks, he refers to the ‘Government data and the invisible hand’ report, which suggests that Government ‘portals’ should disappear (being replaced by various forms of open data) – but Alonso doesn’t think this is going to happen immediately. He reviewed the experience with one-stop-shop portals to date, arguing that few use it with many other being a part the ‘Wikipedia effect’, especially in the US, of searching and going for a highly-placed link. The shift that is needed is from data ownership to data stewardship. On the common objection that this undermines financial models, there are examples of new approaches – the Austrian Mapping Agency made a dramatic reduction in its prices (97% reduction), meaning an increase of 7000% in downloads (Ordinance Survey please take note!). If you want to share/reuse data, you must (after Jeni Tennison) identify it, present it in a way that can be used, and then expose it to the world.

Some excellent examples are presented, including the way in which data is made available in a ‘data catalog‘(ue) by the city government in Washington DC, which is then reused (e.g. mapping at crimeindc.org and an iPhone safety application!) (the excerpts and screenshots are all in the slides, linked above). The same developers have worked on the new data.gov service of the US federal government, which is one of the ‘jewel in the crown’ thus far, though with some limitations. We also get a sneak preview of Mapumental (see this blog post for more), which uses public data to set out public transport time and average house prices – this is rather exciting. Ultimately we should hope to reach a ‘linked data cloud’, which there are good examples of so far, where you link data sets to other data sets.

He invites conference participants to send comments to the W3C’s Access to Government interest group, with further information available here. In that vein, he also draws our attention to the drafting of a declaration on Public Services 2.0, with information available here. These are both interesting projects, particularly in the light of a useful comment made by Alonso in his closing remarks about the need to collaborate and share across national borders as well as technological ones.

Alberto Ortiz (described by the moderator as the author of the best blog in Spain on e-government) also holds a non-partisan political appointment in relation to public data and citizen engagement in the Basque region, giving him a useful perspective on the challenges ahead. His cheeky subtitle on his opening slide is ‘yes, we want’. The challenge, if we look at 2033 (chosen for the resonance with Mariono José de Larra’s 1833 satirical article ‘Vuelva usted mañana’), is to end the ‘come back tomorrow’ phenomenon of public services. So what is the model that we are following to try and get there? The first four phases were information, one-way interaction, two-way interaction, transactions – the fifth is or will be personalisation. He presents some data on the availability of eGovernment services across Europe, ranging (on one analysis) from 100% to less than 20% availability, which does not match advances in technology or government more generally (the limitation is that most research is on availability rather than use or value). We have a show of hands on online tax returns, which shows again that the audience is a little ahead of the curve. Yet of course, no political party can win an election on a promise to digitise the administration.

There are three pillars of open government: citizen-centred services, designed with transparency and accountability, and the fostering of innovation. He discusses the differences between mere eGovernment and open government – what a difference an O makes! Open data government, then, is a specific part of OG: it’s a prerequisite of it and a basic building block for empowering citizens. He refers back to the DC and US federal examples discussed by Alonso. Another case is how the ministry for industry in Spain enables the use of information on the cost of fuel; a user thought the interface was very clunky (despite the good data) and designed a better one (here. I also liked the discussion of the peer to patent community patent review project.

Finally, Jordi Graells, who is the deputy director of content and innovation in the Catalan Citizen Service Office (and blogger), considers how the reuse of public information can change the workings of the administration. The hope is to change how we ‘add value’ – but organisations need to change, as is argued by Gary Hamel. Decisions are better if they do not depend on one person, and collective intelligence supports complex needs. There are, however, both stimuli and barriers to innovation. I was also glad to hear Graells’ discussion of Creative Commons licensing in this context (see also the recent UK decision on the licensing of public sector information). In Catalonia, it was mentioned at an early stage in official documents that CC licenses would be used: the first was a publication on the system of jails in June 2007! There remains a fight between creativity and bureaucracy in some contexts … and in many contexts, legislation prevents information being made available in an open fashion. Databases are an interesting case, because of sui generis database rights, although CC 3.0 waives that right. The current state of CC in Catalonia encompasses a wide range of documents as well as audiovisual materials. There is an ongoing need, though, to have people within administrations using a spirit of openness and cooperation with citizens and of course with each other.

In the question and answer session, we heard (from the floor and the panel):
- some scepticism about official government blogging and how ‘real’ it would be
- the ‘genetic’ desire for control, especially in public administrations, and how to challenge it
- Downing Street’s integration of various social media systems – why not elsewhere?
- the importance of small, targeted interventions that show how a new system works and makes others jealous!
- the appointment of Tim Berners-Lee to work on these issues in the UK
- possible objections from citizens on the grounds that the job of administration is to administer, and that money is wasted on access to data or ‘convenient’ services that few want
- will we have another divide between those online with and online without expertise, to replace the digital divide problem?
- can politicians ever give up their own power?

IDP2009: Data Protection

Warning: liveblog, my impressions, not direct quotes, long post. Also using simultaneous translation for some speakers. This post may contain data protection law. You have been warned.

The third session of Day One addressed the question of data protection and social networking, and brought together an interesting range of speakers, who had all encountered the law and policy of data protection in different ways.

The provocative introduction is given by Monica Vilasau of UOC, highlighting various examples of non-compliance by social networking sites, but also alluding to Grimmelmann’s point of the morning about the threats to data protection rights by fellow users alongside familiar threats associated with public authorities and private enterprises. She also drew our attention to the high levels of SNS use in Spain, and how the existing privacy controls are often ignored by users (i.e. defaults followed).

Esther Mitjans of the Catalan Data Protection Agency reviewed her experiences dealing with new web services and was quite frank about the limitations of existing legislation but also the persistent need for scrutiny of private enterprises involved in the processing of data. She acknowledged the pressure for clear rules to become established (in whatever fashion is appropriate) but that this should not ignore the abiding importance of parental control and scrutiny, where there is a significant degree of responsibility that cannot be replaced by a data protection agency. She also posed some thoughtful questions about the possible ‘new vulnerabilities’ associated with social networking, the meaning of ‘informed consent’ in the current era, and suggested that although there may be lacunae in the law, it does contribute to user ‘confidence’ despite this. Mitjans also discussed the Article 29 Working Party report on online social networking in some detail, explaining its principles clearly and cogently. On a number of occasions, she did argue that it was necessary to prosecute those who act illegally (whether they are involved in managing sites or gathering data published on them) as part of a broader philosophy of risk management.

Pablo Perez of the INTECO observatory reported on his research into social networking sites published as a recent report, including some in-depth work with under-14 users who are (as you may expect) frequent and fluent users of such websites. He identifies three points at which crucial decisions are made and potential risks are present: the creation of the profile, the use of the service, and the deletion of an account. His range of recommendations included some suggestions towards age identification/verification, which of course has been the subject of discussion in the US for some time now. He also considered the need for better coordinated or harmonised international law on these topics.

A philosophical perspective was provided by Franck Dumortier, who focused on the ‘de-contextualization’ of identity and information through the use and reuse of such in different contexts. He traced the roots of privacy, including possible tensions between the right to be left alone and the right to contextual integrity. Illustrating a key point with a wry discussion of how information on one’s sexual life is most appropriate in certain contexts and wholly inappropriate in others, Dumortier took a sceptical approach to some of the claims of social networking sites, arguing that identity itself was being challenged by the way in which information is stored and shared. He also made a useful argument regarding the distinctions between ‘privacy’ and ‘data protection’, with some criticisms being expressed of the language and framing of the latter (the data subject etc).

Barbara Navarro, of various hats but particularly the person responsible for institutional relations in Google’s outpost in Spain and Portugal, had the difficult task of following the earlier papers with a defence of Google’s activities and practices. And defend it she did, setting out to demolish myths and misunderstandings of Google’s behaviour. She noted that Google is seen by many as a ‘symbol’ of the Internet, and therefore is frequently in the public eye, but suggested that the perception among some of the amount of information held and used by Google is inaccurate. She relied upon the pronouncements by certain EU authorities that IP addresses are not personal data and explained how Google’s activities in the area of data retention have particular technical and quality control purposes, but also discussed the role of contextual advertising and its importance to the Internet industries (and, crossing both points, set out to reassure Gmail users that Google neither has the time nor the will to ‘read your email’!). On these points, as indeed with other points, Navarro was an advocate for both self-regulation and for protection of privacy based on education and the ability of users to choose.

This was, as you can see, a wide-ranging discussion, drawing upon reports from the research coalface, a defence of the role of public authorities as guarantors of the public interest, the view from a large commercial player, and a long-term view looking at the implications of data exchange for concepts of privacy. There was some discussion of broader ‘safety’ issues, which will be discussed in a further panel on day 2. Another report is provided by Ismael.

IDP2009: Rights

Warning: liveblog, my impressions, not direct quotes, and it’s a free-flowing roundtable. Also using simultaneous translation in parts which will have an impact, particularly on phrases and quotes. Don’t shoot the messenger(s)!

Back after coffee for a roundtable discussion on legal issues of all sorts. In the chair is Raquel Xalabarder, who makes the perceptive remark that we still struggle with definitions of the platforms that we are talking about. Platforms, though, clearly create rights and obligations – for the users and for the owners.

Profs. Jane Ginsburg from Columbia Law School and Alain Strowel of Saint-Louis in Brussels but also a lawyer with Covington & Burling collaborate on their presentation, weaving back and forth regarding copyright issues. Strowel opens with a reference to the recent FT article on Facebook, highlighting the desire for openness, sharing and co-operation. This is ‘free’ but there is an invisible or dark side, which is the economics. IP fits into this category. As services develop, they become more IP-conscious – look for example at Twitter’s assertion of trademark. We should distinguish between content originated by the users and content that is ‘made by others’.

This brings us over to Ginsburg, who will look at user-created content; typically this content is automatically endowed with protection (subject to the usual fixation and originality requirements), reminding us that literary merit is not a requirement of copyright law. She reads extracts from the Facebook and MySpace standard terms and translates them into their real meaning – to me, this is the gift that never stops giving, and the audience responds accordingly. The Creative Commons icons are a useful way of adopting user-friendly and meaningful terms … but they are certainly not ‘self-enforcing’ and actual enforcement is extremely difficult (not to mention certain registration requirements under US law).

Strowel picks up the question of non-UGC (i.e. potentially infringing content published on these platforms) and the various degrees of liability, considering the possible infringements (distribution? reproduction? derivative work?) as well as limitations to the law (the unclear status of ‘making available’ as applied to mere placement on the Internet in the US). It is refreshing to go into this in detail – often we take for granted some of the more complicated ‘old’ aspects of copyright law (or what Strowel calls the mechanics of copyright) when considering it in the digital context.

Selected other comments (from both contributors – put together they engaged in a good discussion/rotation):

- there is an issue in comparing something like YouTube (where the infringing content on which secondary liability is alleged is ‘high value’) with other sites where this is not the issue.
- even under EU law there are different interpretations from state to state of implied licences as applied to copyright.
- Art 5 EUCD (limitations) is quite different to (the flexible but unpredictable) ‘fair use’ doctrine in the US – the various cases on thumbnails are discussed as an example of this.
- there are more intermediaries on the Internet than was expected – and they can be in different categories when it comes to liability; hosting providers (inc. social networking sites) are different to traditional web-hosts too (multiple third parties, many more pages than a normal website, intermediary both technical and advertising-based) – art 14 EUCD has a too-brief definition of hosting provider in any event (does it cover Facebook? Strowel argues it is not certain)
- brief discussion of the French cases: MySpace, DailyMotion, Google Video have all been the subject of legal proceedings with some inconsistent results and some elaboration on the concept of notice; all of this is in the context of the (unresolved) Viacom case in the US, which may well be superceded by industry principles.
- YouTube’s business model is affected by the steps required to keep the safe harbour: they cannot tailor their advertising in the way that they might like to, as doing so would affect their categorisation
- can a HADOPI-like solution deal with repeat infringers outside of the ISP context?

Speaking separately, Antoni Roig, a professor of constitutional law at the home-town Universitat Autònoma de Barcelona, brings the questions back into the realm of public law, but also wondering what the differences are between ‘IT law’ and ‘IT for lawyers’, and how jurists and engineers approach privacy in different ways. (Interestingly, he says that the Spanish data protection regulations date from 1978, along with the Constitution). Privacy and data protection can have different aspects – they are in many respects separate legal regimes, with the EU having a particular role on data protection and the role of the Article 29 Working Party. The courts have acknowledged a right to data protection but there is also the use of the human dignity clause as a way of ‘updating’ rights. Is the US moving towards an EU-style data protection framework?

Roig summarises the A29 approach as including on principles of
- awareness amongst the users not to give data if necessary (& this affects the providers too; the principles mention this which is a surprisingly radical move towards ethical engineering)
- informing the user e.g. when there has been a breach

He also has some good words for the role of privacy-enhancing technologies (PETs), and how they play a part in a constitutional concept of privacy based not on law alone. Persistent pseudonyms are crucial to success here. (We will be returning to data protection in the afternoon session). By designing for privacy, we can achieve a long-term solution even though there may be short-term difficulties with making it work. Legal scholars have not really legitimised these technologies yet, though there is potential for showing a court that a tool that protects privacy could prevent a violation of fundamental rights. Concluding, he argues that the European approach to RFID, where incorporation of privacy at the design stage is being encouraged, is promising and brings with it some optimism.

Issues covered in the Q&A included the power of terms and conditions, the potential for advertising revenue without violating safe harbour, the difference between the ‘user’ and the ‘provider’ terminology (should bloggers be considered providers for safe harbour purposes?), multiple vs unique pseudonyms (and the relationship with biometrics), the convergence between trademark law and domain name policy (with Facebook URLs being a good example of where there is controversy), the L’Oreal/Ebay litigation at the ECJ and the French courts