Schaar is both prophetic and mainstream
Schaar is both prophetic and mainstream
by Richard Hill, Author, former ICT manager
Peter Schaar’s excellent and well-thought-out paper is at once prophetic and mainstream. It is mainstream because it reminds us of fundamental values that were clearly enunciated during the Age of Enlightenment, and it is prophetic because those very same values have recently been reaffirmed by political leaders in United Nations Resolutions and in a judgment of the European Court of Justice.
Schaar reminds us why so much data is being collected and analysed for private purposes: “… mass data is seen as an asset, the ‘new oil’ of the information society.” Indeed, consumers obtain “free services” if they agree to allow the service provider to use their data. The data are used to target advertising. But the revenue derived from the advertising is far greater than the cost of providing the “free” service, so in fact users are paying for the service (albeit not with money) and are receiving in return far less than the value of the information they provide. To some extent, this situation is a consequence of the funding model for Internet traffic flows, where the receiver pays, and there are no pervasive “pay-per-use” mechanisms. So providers of services other than access have developed advertising as their main revenue stream.
As Schaar correctly notes, network effects and economies of scale lead to concentration, so there is often a dominant provider of a particular service (e.g. a social network) and users have no choice but to accept the terms and conditions of that dominant provider. I join Schaar in calling for such service providers to be brought under effective competition control, for example, by enforcing a “right to portability” and by envisaging measures to avoid the abusive use of data collected by the smartphone software known as apps.
As Schaar correctly points out, mandatory minimum privacy standards are, in this context, analogous to mandatory safety standards that we take for granted.
Schaar reminds us that informed consent is a condition for the processing of data. The service providers referred to above do obtain the consent of their users, but this is done by a contract of adhesion whose terms and conditions are often very long and are often not read in detail by users. It seems legitimate to wonder whether there really has been informed consent for the use of the consumer’s data.
Schaar reminds us that data can be used in unexpected ways, and I would add that no database is entirely immune from theft: an insider can copy a large amount of data and sell it, thus violating the terms and conditions under which the user provided the data.
Schaar rightly notes that “it is unacceptable that governments and intelligence agencies are abusing the increasing international data transfer for bulk access to the transmitted data”. He calls for greater use of encryption, but unfortunately certain types of strong encryption are restricted by laws or regulations. I would thus call for the elimination of restrictions on encryption.
Indeed, the very design of the Internet was based on the assumption that there would be end-to-end security, so its pervasive implementation would seem to be a necessity.
As Schaar notes, “there is a need to establish binding international data protection standards guaranteeing the protection of private life, as laid out in Art. 12 of the United Nations Charter of Human Rights”. I agree with Schaar that a binding instrument is needed; that is, a treaty. Of course, a treaty can only be agreed by member states, and those who favor discussing Internet-related issues in the less formal and more open process usually referred to as the “multi-stakeholder” model should accept that those discussions can precede, but cannot replace, formal intergovernmental processes. For example, an attempt was made recently, at the April 2014 NETmundial meeting, to tackle the issue of mass surveillance, but all that was agreed was to restate text that had been previously agreed at the United Nations. This meeting had been convened largely to discuss the matter of mass surveillance, so its failure to propose steps to curtail mass surveillance was considered disappointing. However, that is not entirely a fair assessment; while the UN Resolution was agreed only by states, the NETmundial text was agreed by a broad coalition of governments, civil society, private sector, academia, and technical experts. So it has broad support and should influence more formal discussions.
Following up on NETmundial, I would propose that the matter be taken up in the ITU, whose Constitution has always had a provision on secrecy of telecommunications (Article 37). That provision is too weak, but it can be strengthened as follows:
1. Member States agree to take all possible measures, compatible with the system of telecommunication used, with a view to ensuring the secrecy of international correspondence.
2. Nevertheless, they reserve the right to communicate such correspondence to the competent authorities in order to ensure the application of their national laws or the execution of international conventions to which they are parties. However, any such communication shall take place only if it is held to be necessary and proportionate by an independent and impartial judge.
3. Member states shall respect the secrecy of telecommunications in accordance with both their own laws and the laws of the state of the originator of such correspondence.
As Schaar so rightly says, “the pursuits of liberty and prosperity, free discussion and inclusion, closely linked to the information society, are at stake. There is a need for a broad coalition to defend these values.”
Indeed, I find it surprising that we seem to have forgotten fundamental principles that were formalized more than 200 years ago and repeatedly reaffirmed since then. The Fourth Amendment of the US Constitution, drafted in 1789 and approved in 1791, states:
The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.
Article 12 of the Universal Declaration of Human Rights (UDHR) and Article 17 of the International Covenant on Civil and Political Rights state (in pertinent part):
No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence; …
In accordance with Article 29 UDHR:
In the exercise of his rights and freedoms, everyone shall be subject only to such limitations as are determined by law solely for the purpose of securing due recognition and respect for the rights and freedoms of others and of meeting the just requirements of morality, public order and the general welfare in a democratic society.
Dilma Rousseff, President of Brazil, in her 24 September 2013 speech at the United Nations, stated:
In the absence of the right to privacy, there can be no true freedom of expression and opinion, and therefore no effective democracy.
United Nations General Assembly Resolution A/RES/68/167 of 18 December 2013 on the right to privacy in the digital age reaffirms the right to privacy; emphasizes that unlawful or arbitrary surveillance violates that right; expresses concern about mass surveillance; and calls on states to respect privacy and to review procedures, practices and legislations, including with respect to mass surveillance.
On 8 April 2014, the European Court of Justice struck down the European Data Retention Directive on the grounds that the data retention was not limited to what is strictly necessary and that it exceeded the limits imposed by compliance with the principle of proportionality.
On 10 April 2014, the European Union Article 29 Working Party adopted Opinion 04/2014 on surveillance of electronic communications for intelligence and national security purposes. That Opinion states:
From its analysis, the Working Party concludes that secret, massive and indiscriminate surveillance programs are incompatible with our fundamental laws and cannot be justified by the fight against terrorism or other important threats to national security. Restrictions to the fundamental rights of all citizens could only be accepted if the measure is strictly necessary and proportionate in a democratic society.
So Schaar’s call for action is not isolated. As citizens, we must insist that our parliaments take action, both to stop mass surveillance by governments and to curtail the power of dominant service providers to obtain data from customers and use it as they see fit to generate large profits. And we must insist that the Necessary and Proportionate principles supported by a large number of organizations and scholars be implemented, despite the resistance shown at NETmundial by the US and its allies such as Sweden to calls for the implementation of those principles.
Paraphrasing what was said by former Spanish judge Baltasar Garzón in a speech in Geneva recently, it is time to stop debating the legality of what is manifestly illegal.
|
MIND-Multistakeholder Internet Dialog |
