As those who know her may have noticed, Matron has been severely overworked and underplayed for the last six months. So much so, that she was beginning to wonder herself what on Earth would have to happen to make her blog again. Having blissfully ignored all manner of exciting and infuriating developments ranging from Hacking enquiries to calls for the re-introduction of capital punishment (it turns out that all that needs to said about these, can be said on Twitter - although that may, in the end, apply to everything, really), the rioting on UK streets proves to be the straw the breaks the camel's writer's block or some such thing.
Because a lot has been written on this by all and sundry already (most interestingly Michael White in the Guardian on the blame games that have now commenced, David Allen Green in his New Statesman blog on the need to keep the riots in proportion and the entertaining comments of bloggers everywhere on Boris Johnson's - of all people - suggestion that the riots are to blame on an excessive sense of entitlement) Matron will try (most likely unsuccessfully) to keep it to a brief soul searching operation. Two thoughts strike her in the midst of all this.
First, the description of the tactics employed by rioters in their endeavours to redistribute private property and the tactics of the police used to prevent such redistribution puts her in mind of the "mice and elephants" analogy Swine made when he described the changes the internet underwent over the last 15 years. Swine said that in the olden days, the internet, and access to it, was controlled by a few big players which were easy to regulate and could act as gatekeepers. They were, to all intends and purposes, elephants, slow moving and relying on their size. However, in the current era of social media and user generated content, internet users and the platforms that allow them to interact with each other, are like mice. The can pop up and under at a moment's notice, react quickly to events and dissipate when they are threatened.
To matron, this model seems to apply both to the way rioters used social media to organise themselves these past few days and to the actual way in which they operated on the streets. Reports from Manchester describe the way in which groups of young people (Matron really, really loathes the word "youths") played a game of cat and mouse with the police in that they broke the window of one particular shop, scarpered when the police arrived on that site, then created a distraction at another location and quietly returned to the site of the original offence to clear out the shop while the police were patrolling the second site. They may be disaffected, but they ain't stupid.
Which brings us to the question of what can be done in these cases and whether anything can be done, really. At which point Matron is getting very impatient with all the politicians' posturing about criminality v protest, strong enforcement and/or the moral vacuum that prevails in this country. Because, all discussions of morality aside, what these event show most clearly is that no state other than a completely authoritarian or totalitarian one, can control all parts of its population against its wishes for long. We can put 16,000 elephants on the streets of London for a time but this will become unsustainable eventually at which point cries for more efficient - and by their nature more oppressive - measures will be aired (and yes, Matron knows, those calls are being made already, but she chooses to ignore things like this YouGov poll - particularly the bit about using live ammunition - for the time being, for her own sanity).
All of which means that those of us who do not want to live in a police state where security forces are given ever increasing powers that they will then have the right - lets not forget that for a moment - to use on the rest of us, really have no alternative to at least trying to understand the underlying reasons for why this situation could get out of hand so badly so quickly. If we do not want to counter force with sheer force (like deploying the army in domestic conflict, which for someone like Matron who comes from a country where there is still a constitutional ban on that type of thing - for good historical reasons) or submit to a level of surveillance - online and offline - never before encountered in a free society, what else can we do?
The second thought that occurred to Matron as she was sitting on a train from all-quiet-now London to just-about-to-kick-off Manchester last night, was that, like it or not, it really does make a difference if it happens close to you or to your own. Like in 1999, when the activities of nail bomber David Copeland really only hit home when he targeted the Admiral Duncan pub in gay Soho. Like in July 2005 when the much publicised photo of a destroyed number 26 London bus was the most disturbing of all images because this was the line that Matron had taken to get home for more than four years.
So when watching the reports on the London riots on TV on Monday night or listening to the updates fellow-travellers got from friends and family in Manchester on the train last night, it was the events in Mare Street in Hackney, which is close to were she had lived way back when, and the news of the destruction of the Manchester shops she frequents now, that touched her most.
So, eat your liberal heart out, she is as shocked as the next person about what happened. Which is why - like many another bleeding-heart Guardian reader - she currently starts her sentences with the prefix "this is not an excuse, but may explain things". Because in all honesty, there can be no excuse for the gangs of rampaging bullies she and Mrs Matron passed on their way home last night. And bullies they are, no matter how you look at it.
But - as has been explained to Matron patiently on many occasions by said Missus (who holds a PGCE no less and is experienced in all matters pedagogical) - most bullies have been bullied themselves. And therein, as they say, lies the rub.
When the UK map of child poverty was posted a while back, Matron found to her entertainment (but not surprise) that three of the four places of residence she ever held in the UK (Toxteth in Liverpool, Hackney in London and Cheetham Hill in Manchester) were in areas where more than 50% of children come from low income families. In fact the figures were closer to 75% in all cases, but ">50%" was the worst category they used. This brought with it the joys and pleasures of living in a multicultural society, but it also brought with it certain facts of live one either got used to or - if one had the choice, and many don't - which meant one moved elsewhere.
In Liverpool in the 1990s it was car crime: Matron's car was broken into four times and stolen twice and the trip to the local police station for the crime reference number became a part of normal life. As did the knowledge that the police would not have the man power or the inclination to actually search for and prosecute the perpetrators. During her stint in the capital in the early naughties she mourned the theft of four bikes in as many years. Police advised her to go to a market near Brick Lane on a Sunday morning to see if she could buy it back. In Manchester, about six years ago, she witnessed the stabbing of a man outside her front door. It was followed up but never came to court because invisible forces persuaded the suspect to return to whatever country he had come from. Realities like these happen all over the country every day. Millions of people live with them even though they don't see them portrayed on the 10 o'clock news.
None of these experiences were pleasant, but none of them particularly came as a shock and none of them made Matron call for stricter sentencing and the deployment of military force either. And most importantly, none of them made her leave those respective communities (in fact it was unsustainable house prices that forced her to move to the quiet little village where she lives now, so blame the real criminals, the bankers and speculators, for that). Because, for all their faults, they were communities and bad things that happened in them were things committed by people who where the exceptions and not the rule. That is why for every hooded bully helping him or herself to a free pair of trainers last night, there were three people cleaning up the mess they made this morning. Lets not forget that.
But what of the hooded bullies? Well, why not look at it like this? Yes, the events of the last few days were terrible. They raise a lot of questions about the society we live in and the values we pass from one generation to another. We have to discuss these questions openly and we have to address the underlying issues, like excessive consumerism and greed, and maybe even a prevailing sense of entitlement, at ALL levels of society. But they also show us that if you create a level of social inequality similar to that in certain third world countries, you are likely to get a level of social unrest that mirrors that in those countries. We all live in the society we deserve and pay for. And lets be honest, all of us - including those of us who, like Matron, belong to the category of the "not-really-rich-but-don't-have-to-worry-much-either-despite-the-cuts": we have been shopping in the bargain basement of that particular store for a long time now. Like with the organic produce that many of us are still happy to fork out for, it might be a good idea to start paying a little more for a better product.
Wednesday, 10 August 2011
Wednesday, 8 December 2010
Some random thoughts on Wikileaks and Assange
Christmas is coming ever closer and with it the overload of work that Santa seems to have in his bag these days, Matron's brain is fried from trying to get to grips with teaching, government consultations, job interviews and an excess of travel. As a result she has - to the best of her abilities - tried to inure herself from the wall-to-wall coverage of WikiLeaks, the US Embassy cables and the allegations against Julian Assange if only to allow her to get on with some stuff.
But it is getting harder to escape all that coverage and woman is a processing, pattern-making animal, so random, if often rather conflicting, thoughts on this have arisen and are taking up valuable brain space. Each of them longer than 140 characters but not really enough for a coherent blog post, they still want to be released. To make it more interesting, Matron has given them "Yes Minister" titles. Feel free to ignore; normal service will be resumed in the new year.
But it is getting harder to escape all that coverage and woman is a processing, pattern-making animal, so random, if often rather conflicting, thoughts on this have arisen and are taking up valuable brain space. Each of them longer than 140 characters but not really enough for a coherent blog post, they still want to be released. To make it more interesting, Matron has given them "Yes Minister" titles. Feel free to ignore; normal service will be resumed in the new year.
- The Right to Know: While the disclosure of the documents on Iraq took the public interest hurdle with some ease, Matron can't help feeling that a lot of what came out of the Embassy cables is just a smidgen, if at all, above the tabloid newsworthiness threshold. Most of it seems to concern statements made by the No-surprise-there-department (sub-section Duh!) that inhabits a basement in the Ministry of the Bleeding Obvious. Yes, it is lovely to have your prejudices about Prince Andrew, the Rich and Powerful and those stupid, arrogant Americans confirmed, but beyond that Matron would pay good money for someone that pre-selects from those cables the things that will really make a difference to our perception of the way things are done and our willingness to do something about them. They are probably there, buried within a mountain of information, but it is terribly difficult to find them in all that gratuitous gossip. So, here's an idea for the movement: rather than going for the shock and awe effect (you've done that now and the whole world bought the bloody t-shirt), maybe next time it would be more useful to concentrate on selectively disclosing the things that really matter.
- Power to the People: Having said all that, Matron completely agrees with many of the punters that by far the more interesting aspect of this whole affair is not what WikiLeaks has done, or even what the people whose behaviour has been exposed have done, but how the US and other countries reacted to it. Even discounting the hysterical reactions of US senators (which are unlikely to be taken seriously by many on this side of the Atlantic), the steps taken against WikiLeaks say more about the state we're in than a million indiscrete cables. It is quite clear that those whose actions have been disclosed by WikiLeaks are far more upset about the fact of disclosure than the content that has been made public. It's the paradigm change in relation to the way in which information is, can be or should be controlled that is the real issue here. As one very sensible blogger put it, being told by our masters that we can't handle the truth just doesn't wash any longer.
- A Conflict of Interest: But at the same time, with great power comes great responsibility and Matron can't help feeling that WikiLeaks and those who support it currently get carried away just an itsibitsi tiny bit on a wave of their own omnipotency. As a privacy advocate, Matron has always fought the corner of those who argue that while transparency and freedom of speech are among the most important rights in a democratic society, they are not the only rights. They have to be balanced against other rights, freedoms and interests and figuring out how that balance should be achieved is a difficult and time-consuming process that we may just be by-bassing when pressing a button to disclose another 250,000 documents whose full contents we will not have been in a position to fully know or appreciate. Taking just the privacy argument as one example, there may be stuff in those cables that relates to private matters that the public really has no right, nor a need, to know.
- The Smoke Screen: With the combined coverage of the WikiLeaks and Assange affairs seeimingly taking up every available inch of colunm space at the moment, is Matron the only one thinking that this would be a great time for governments the world over to bury bad news? In fact, here's a conspiracy scenario to think about while we're at it: imagine someone in the US government thinking, "Wouldn't it be great if we fed an organisation like WikiLeaks a lot of mindless chitchat that won't disclose a lot about us that people aren't already thinking anyway but that will keep the hacks and the geeks and pretty much anyone with a halfway functioning brain gainfully employed for weeks on end? Just imagine what we could get away with while they are all busy loooking the other way." In the area of IT and Cyberlaw alone, we currently have a plethora of really rather alarming proposals on the table that may change the way in which we can live, work and play, in which we can interact with each other and our governments, the extent to which those governments can exercise control over us and our actions and the extent to which we can resist that control. Yet, pretty much ALL the good brains Matron knows in this area are currently using most of their processing power on exchanging URLs for WikiLeaks mirror sites. I'm not saying that you're not doing an important job, boys and girls. But you know what? Job share! We need some of you for other stuff!
- A Question of Loyalty: Matron admits it: when the sexual assault allegations against Assange first made the press, her immediate gut reaction was to think, "Now that suits the powers that be a little bit too much to be mere coincidence". We leftie liberals are hard-wired for conspiracy theories; the more outlandish the better. There is something about us that loves the feeling, as Technollama put it on Twitter recently, that we live in a Stieg Larsson novel. And maybe we do. But in the same way that we should try very hard not to suspect conspiracy when incompetence will do, we should not loose sight of the fact that good people sometimes do bad things. And that, consequently, we should not automatically assume that someone like Assange couldn't possibly be involved in something like a sexual offence, or that the laws of a country that allege such a thing must by defintion by wrong and illiberal and that the US must obviously have exerted great pressure on that country to bring down the full force of the law on one it now clearly views at its enemy no.1. That may all be the case, but it is no more likely than the alternative, because, at this stage, we don't know. If this had not been the founder of WikiLeaks, those allegations may still have been made and the appropriate judicial procedure might still have been employed and the people making the allegations would have been given the opportunity to prove them without being vilified as instruments of state oppression and the accused in this case would have been given the right to defend himself without his private conduct being closely linked to his professional role. While we do not know an awful lot about the charges that have been brought and the evidence available to prosecutors at this point, we should not fall into the trap of canonizing an individual in ALL areas of his life because we feel that he has acted like a saint in ONE of them. And we should not make feminist leftie liberal women feel like traitors to the cause if they cannot subsume their instinctive feeling that allegations of sexual misconduct need to be taken seriously whoever the alleged perpetrator. Julian Assange is innocent until proven guilty, but the two Swedish women and the Swedish prosecutors have every right to try to prove his guilt.
- The Bishop's Gambit: Finally, to all those people who cannot distinguish between the charges against Assange and the charges against WikiLeaks: be concerned, be very concerned about the dangers of personificating a movenment. As many others more familiar with the ins and outs of how WikiLeaks functions have already pointed out, WikiLeaks is more than Assange and will and should continue regardless of what happens to him. Those who tie his lot together with that of the movement he helped found play into the hands of those who try to argue that the discreditation of the man will automatically discredit the movement. If he is found guilty, and at this stage this is as likely as the possibility that he will be acquitted, because WE JUST DON'T KNOW, then there will be no shortage of people saying that WikiLeaks is irrevocably tainted by his actions and that his failures in one area of his life must mean that there is no moral justification for the work he has done in others. Don't do their work for them! Make sure you separate the man from the mission.
And so on to all the other things on Matron's to-do list that are not WikiLeaks. Which, sadly, is still most of them. In the meantime, have a merry festive season!
Monday, 15 November 2010
Research is vital!
Those of Matron's readers who are citizens of academia and/or members of the Twitterati will undoubtedly be aware of the hashtag #scienceisvital and the related campaign -fought by, among others, former LibDem MP Dr. Evan Harris - that was aimed at convincing the government to "lay out a supportive strategy for UK science and engineering" by "maintaining a level of investment at least in line with economic growth ".
The petition was signed by 36290 people - among them the names of many of the most eminent figures currently working in UK Higher Education - and ultimately led to science funding being treated rather more benevolently in the context of the recent comprehensive spending review (CSR) than many other areas.
A successful strategy, therefore, from which we could all learn? Certainly! And yet, despite the fact that Matron has followed the campaign with interest while it was in its most active phase, she could not bring her self to add her name to the pledge. Why is that?
The reason is that the petition, commendable as it was in its attempt to defend the science budget, focused merely on the funding for "science" in its most narrow definition, namely "the intellectual and practical activity encompassing the systematic study of the structure and behaviour of the physical and natural world through observation and experiment". Natural sciences, in other words, or "science and technology" in more modern parlance.
Indeed, the petition itself mentions as the particular areas for which funding must be preserved "energy, medicine, infrastructure and computing". Although, many of the signatories came from the social sciences, arts and humanities communities, no mention was made of those disciplines in the petition and - as has become clear - they did not benefit in any way from the government's rethink in the CSR.
In Matron's opinion, the petition and the related campaign can therefore also be seen as an example for another development that was easily predictable and widely expected when news of severe cuts to the HE budget first came out: that rather than coming together and ganging up on a reluctant government in an attempt to convince it of the shortsightedness of its plans, the sector would engage in a divisive struggle in which each party would attempt to secure the biggest piece of an ever smaller cake. In this context we have seen old universities work against new universities, higher education versus further education and one discipline against the other. The only winner in this game has been the coalition government which has found it all to easy to get savage cuts to the arts and social sciences budgets through with minimum fuss while at the same time being able to point towards the science budget it (largely) maintained.
Make no mistake, science IS vital! Without it, we will not be able to overcome the challenges arising from threats like climate change and overpopulation. It's funding should be preserved and, if possible, increased.
But when asked by scientists to support the petition, Matron felt a little like she felt when, back in the early 90s, she moved to the UK from Germany as a (then more than now) politically active lesbian. Whereas in Germany, this group was politically more aligned with the feminist movement, in the UK, lesbians were part of the gay rights or queer movement. In practical terms this meant that, at the time, the political goals lesbians fought for and were expected to support included not only the fight against AIDS but also gay marriage. This was in open disregard of the fact that lesbians, with their "moving-in-on-the-second-date" kind of relationships were in the group least likely to be infected with the HIV virus and that feminism had worked on a critique of the institution of marriage for at least the last century.
In the end, Matron became an active volunteer for an HIV/AIDS charity - not because she was directly affected but because it was the right thing to do at the time with thousands of people dying alone and without the necessary support. But she always refused to go to any length to support the call for gay marriage. In the words of the inimitable Alison Bechdel, comic artist extraordinaire and observant chronicler of lesbian live throughout the 80s, 90s and noughties, there was no way she was going to be complicit in the enshrinement of coupledom as a privileged civil status given that there were, in her view at least, better ways to achieve equal treatment for everyone (for example, by abandoning, and not re-introducing, dear Mr Cameron, all solely marriage-related state benefits).
Matron's most interesting experience during that time was a conference ca. 1994 when she was on a panel with a high profile (female) member of gay rights group Stonewall. When asked about her views on why the lesbian movement in Germany preferred to align itself with feminist heterosexual women rather than gay men, Ms. Stonewall's responded that maybe the lesbian movement in Germany wasn't as far advanced yet as it was in the UK and the US. It was the simple arrogance of that statement which completly dismissed a political strategy on the basis of "backwardness" and which negated the many rational reasons its proponents may have had for choosing it, that took Matron's breath away then and that still appalls her now.
Because asking someone else to support your cause because it is the right thing to do, is one thing. Asking them to support it despite the fact that doing so may actively harm their own interests or political goals - and be that only because those interests or goals will be forgotten about or set aside while time and engery is spent on fighting for yours - is quite another.
So, coming back to the point Matron was trying to make:
Science is an important area of research that deserves our support and government funding. At the same time, as every HE researcher knows only too well, science has had a better deal in public funding compared to any other area of research for these past 10 years at least because science gets good PR and politicians up and down the country seem to feel that they can support spending money on the development of a new widget much more easily than, say, the teaching of drama, philosophy or sociology. How is any of the latter to compete with research to find a cure for cancer or Alzheimer's?
But demanding that the science budget should be maintained will almost inevitably mean that the budget of other research areas will suffer. Areas that are equally vital, like:
This is a game of divide and conquer and by singling out one area, venue or means of research over another we are playing directly into the government's hands.
So, dear scientists, Matron would love to support your petition, because she thinks it is the right thing to do. But if you ever re-open it for new signatories, would you mind changing its title?
From "Science is vital" to "Research is vital"?
The petition was signed by 36290 people - among them the names of many of the most eminent figures currently working in UK Higher Education - and ultimately led to science funding being treated rather more benevolently in the context of the recent comprehensive spending review (CSR) than many other areas.
A successful strategy, therefore, from which we could all learn? Certainly! And yet, despite the fact that Matron has followed the campaign with interest while it was in its most active phase, she could not bring her self to add her name to the pledge. Why is that?
The reason is that the petition, commendable as it was in its attempt to defend the science budget, focused merely on the funding for "science" in its most narrow definition, namely "the intellectual and practical activity encompassing the systematic study of the structure and behaviour of the physical and natural world through observation and experiment". Natural sciences, in other words, or "science and technology" in more modern parlance.
Indeed, the petition itself mentions as the particular areas for which funding must be preserved "energy, medicine, infrastructure and computing". Although, many of the signatories came from the social sciences, arts and humanities communities, no mention was made of those disciplines in the petition and - as has become clear - they did not benefit in any way from the government's rethink in the CSR.
In Matron's opinion, the petition and the related campaign can therefore also be seen as an example for another development that was easily predictable and widely expected when news of severe cuts to the HE budget first came out: that rather than coming together and ganging up on a reluctant government in an attempt to convince it of the shortsightedness of its plans, the sector would engage in a divisive struggle in which each party would attempt to secure the biggest piece of an ever smaller cake. In this context we have seen old universities work against new universities, higher education versus further education and one discipline against the other. The only winner in this game has been the coalition government which has found it all to easy to get savage cuts to the arts and social sciences budgets through with minimum fuss while at the same time being able to point towards the science budget it (largely) maintained.
Make no mistake, science IS vital! Without it, we will not be able to overcome the challenges arising from threats like climate change and overpopulation. It's funding should be preserved and, if possible, increased.
But when asked by scientists to support the petition, Matron felt a little like she felt when, back in the early 90s, she moved to the UK from Germany as a (then more than now) politically active lesbian. Whereas in Germany, this group was politically more aligned with the feminist movement, in the UK, lesbians were part of the gay rights or queer movement. In practical terms this meant that, at the time, the political goals lesbians fought for and were expected to support included not only the fight against AIDS but also gay marriage. This was in open disregard of the fact that lesbians, with their "moving-in-on-the-second-date" kind of relationships were in the group least likely to be infected with the HIV virus and that feminism had worked on a critique of the institution of marriage for at least the last century.
In the end, Matron became an active volunteer for an HIV/AIDS charity - not because she was directly affected but because it was the right thing to do at the time with thousands of people dying alone and without the necessary support. But she always refused to go to any length to support the call for gay marriage. In the words of the inimitable Alison Bechdel, comic artist extraordinaire and observant chronicler of lesbian live throughout the 80s, 90s and noughties, there was no way she was going to be complicit in the enshrinement of coupledom as a privileged civil status given that there were, in her view at least, better ways to achieve equal treatment for everyone (for example, by abandoning, and not re-introducing, dear Mr Cameron, all solely marriage-related state benefits).
Matron's most interesting experience during that time was a conference ca. 1994 when she was on a panel with a high profile (female) member of gay rights group Stonewall. When asked about her views on why the lesbian movement in Germany preferred to align itself with feminist heterosexual women rather than gay men, Ms. Stonewall's responded that maybe the lesbian movement in Germany wasn't as far advanced yet as it was in the UK and the US. It was the simple arrogance of that statement which completly dismissed a political strategy on the basis of "backwardness" and which negated the many rational reasons its proponents may have had for choosing it, that took Matron's breath away then and that still appalls her now.
Because asking someone else to support your cause because it is the right thing to do, is one thing. Asking them to support it despite the fact that doing so may actively harm their own interests or political goals - and be that only because those interests or goals will be forgotten about or set aside while time and engery is spent on fighting for yours - is quite another.
So, coming back to the point Matron was trying to make:
Science is an important area of research that deserves our support and government funding. At the same time, as every HE researcher knows only too well, science has had a better deal in public funding compared to any other area of research for these past 10 years at least because science gets good PR and politicians up and down the country seem to feel that they can support spending money on the development of a new widget much more easily than, say, the teaching of drama, philosophy or sociology. How is any of the latter to compete with research to find a cure for cancer or Alzheimer's?
But demanding that the science budget should be maintained will almost inevitably mean that the budget of other research areas will suffer. Areas that are equally vital, like:
- The social sciences that will ultimately have to figure out how and to what extent society will be able to absorb, integrate and adapt to the new technologies that the scientist will come up with with.
- Economics that will enable us to "follow the money" and to figure out who benefits from new research and developments and how that benefit can be distributed in a more equitable and socially beneficial fashion.
- The arts because - as Winston Churchill is alleged to have said when asked to cut arts funding in favour of the war effort - if not for the arts, then what are we fighting for?
This is a game of divide and conquer and by singling out one area, venue or means of research over another we are playing directly into the government's hands.
So, dear scientists, Matron would love to support your petition, because she thinks it is the right thing to do. But if you ever re-open it for new signatories, would you mind changing its title?
From "Science is vital" to "Research is vital"?
Thursday, 11 November 2010
A rather phormulaic proposal
Following yesterday's mini-rant on the failure to publicise this and the rather short consultation period, Matron has now had the opportunity for a more intimate heart-to-heart with the ever-so-under-the-radar Home Office proposals on changes to RIPA. The verdict: while there doesn't seem to be anything particularly offensive in there, she can't help feeling that we are once more bearing witness to the UK government trying very hard to comply with the nagging of those pesky Europeans while, really, not changing things all that much in practice.
By way of background, the changes to RIPA became necessary because the European Commission - following, among other things, a letter writing campaign by that excellent Open Rights Group - referred the UK to the European Court of Justice because it felt that it had not fully implemented rules on the confidentiality of electronic communications contained in the E-Privacy Directive (2002/58/EC). That Directive provides that member states must adopt provisions which prohibit the unlawful interception and surveillance of electronic communications unless the users concerned have given their consent. According to the Data Protection Directive, that consent must be "freely given, specific and informed". Member states must also establish appropriate sanctions where these prohibitions are infringed and independent authorities must be charged with supervising this are to prevent any unlawful interception.
As per usual, the UK has watered down these draconian requirements a little to make life easier for the folks in the interception trade. Section 1(1) RIPA only prohibits intentional interceptions - accidents do happen, don't they?; section 3(1) RIPA lets offenders off the hook if they had "reasonable grounds for believing that consent has been given" and as for establishing a proper supervising authority, well, there was that minor issue of a gap between the supervisory powers of the Information Commissioner (who doesn't do interceptions) and the Interception of Communications Commissioner - or IoCC - (who doesn't concern himself with the conduct of private entities).
All this left said private entities in the fairly comfortable and almost entirely unregulated sphere in which companies like Phorm and their ISP partners then thought that it might be a good idea secretly to analyse people's web surfing habits the better to determine their interests so that targeted advertising can be delivered to their screens. Let's face it, folks, cheap broadband doesn't pay for itself.
When the Phorm, sorry storm, broke loose, however, many of those people figured they'd rather not have every single one of their online moves recorded - albeit, according to Phrom's PR, in the most privacy-friendly way possible - and many of the CSPs had to beat a hasty retreat. Phorm itself has, for them time being, left the building, although it is still flogging its technology in other countries.
But back to the European Commission, the ECJ and the UK's urgent need to do something to avoid further costly proceedings. The consultation paper proposes, in essence, three things:
By way of background, the changes to RIPA became necessary because the European Commission - following, among other things, a letter writing campaign by that excellent Open Rights Group - referred the UK to the European Court of Justice because it felt that it had not fully implemented rules on the confidentiality of electronic communications contained in the E-Privacy Directive (2002/58/EC). That Directive provides that member states must adopt provisions which prohibit the unlawful interception and surveillance of electronic communications unless the users concerned have given their consent. According to the Data Protection Directive, that consent must be "freely given, specific and informed". Member states must also establish appropriate sanctions where these prohibitions are infringed and independent authorities must be charged with supervising this are to prevent any unlawful interception.
As per usual, the UK has watered down these draconian requirements a little to make life easier for the folks in the interception trade. Section 1(1) RIPA only prohibits intentional interceptions - accidents do happen, don't they?; section 3(1) RIPA lets offenders off the hook if they had "reasonable grounds for believing that consent has been given" and as for establishing a proper supervising authority, well, there was that minor issue of a gap between the supervisory powers of the Information Commissioner (who doesn't do interceptions) and the Interception of Communications Commissioner - or IoCC - (who doesn't concern himself with the conduct of private entities).
All this left said private entities in the fairly comfortable and almost entirely unregulated sphere in which companies like Phorm and their ISP partners then thought that it might be a good idea secretly to analyse people's web surfing habits the better to determine their interests so that targeted advertising can be delivered to their screens. Let's face it, folks, cheap broadband doesn't pay for itself.
When the Phorm, sorry storm, broke loose, however, many of those people figured they'd rather not have every single one of their online moves recorded - albeit, according to Phrom's PR, in the most privacy-friendly way possible - and many of the CSPs had to beat a hasty retreat. Phorm itself has, for them time being, left the building, although it is still flogging its technology in other countries.
But back to the European Commission, the ECJ and the UK's urgent need to do something to avoid further costly proceedings. The consultation paper proposes, in essence, three things:
- The government, acknowledging that section 3(1) of RIPA does not provide the required clarity the CSPs need to determine whether or not their customers have consented to their weird schemes, wants to "remove the ambiguity" and thereby "ensure that the provision is consistent with the definition of consent" contained in the Data Protection Directive. It doesn't say, exactly how it wants to do this. Whether it will simply remove the offending "reasonable grounds" passage or whether it will come up with something more roundabout is one of the things we will have to look out for when the draft legislation is published. But for the time being this does not sound to bad. However, there is a problem with the use of consent in this context and this is one of the points that Matron wants to look at in a little more detail later.
- The government also wants to expand the functions of the IoCC so that, in the future, he can - following a complaint by a user - investigate CSPs in cases of unlawful, unintentional interceptions. Again, this seems to address the European Commission's concerns to a certain extent, but even the work of the IoCC in his natural habitat of supervising the interception activities of public bodies is not without question, and the same issues do arise here. Of that, too, more below.
- Finally, the governments wants to introduce a new civil monetary penalty of up to £10,000 that the IoCC can impose on anyone violating the prohibition on unintentional interceptions. He may also be given the power to issue a notice requiring the unintentional unlawful interception to cease. Any penalty or enforcement notice may be appealed to the First-tier Tribunal and the proposal includes comprehensive provisions governing such an appeals process.
So far, so business-as-usual. The procedures proposed here came pretty much straight out of the regulatory textbook and bear many a resemblance to the procedures that apply in the context of complaints to the Information Commissioner about data protection breaches. There is no reason why it shouldn't work in this context. Except...
Consent
As in all cases where consent is used in a relationship between businesses and individuals, there is actually a pretty big questionmark both over the "informed" and over the "freely given" part. Informed consent should mean, as the very minimum, that she who consents to something, should be aware of what she is consenting to. As we all know, in an online context this is little more than a legal fiction because UK law allows providers to hide consent provisions deep in the recesses of their privacy policies or terms of use which no one in their right mind ever reads unless they are mentally disturbed or a privacy lawyer or both.
This means that on the basis of these new rules, there is nothing stopping CSPs to include relevant implied consent provisions in their business terms, from which point forward they will no longer have to worry about their customers' consent at least, if they want to carry out interceptions for the purpose of behavioural advertising.
As many people wiser and more knowledgeable in this area than Matron have pointed out, this may still not actually allow them to intercept those communications because the consent of both participants to the communication is needed under RIPA. But if that communication concerns, for example, a user visiting a website for some online shopping, that website - as the other participant - could possibly be persuaded by the CSP to agree to the monitoring of that traffic in return for a small cut of the advertising revenue thus created. Stranger things have happened at sea and there are probably no limits to the length to which most online businesses would go when developing new monetisation strategies.
But coming back to the user who is, normally, the CSP's customer. Will this user have the right not to consent to the interception of her communications by her CSP without loosing the ability to use the CSPs service? Online business terms are usually take-it-or-leave-it, my-way-or-the-highway kinda terms. CSPs may well be of the opinion that targeted advertising, which is after all used to co-finance cheap broadband access, is a necessary revenue stream in a competitive environment and that any user who doesn't play ball is free to find another provider. The problem is that, if all CSPs think that way, there will be no other provider to go to. And what then?
For this sort of thing we have two analogies in the law which we may want to draw upon. The first is the way in which the law deals with cookies. Now as we all know, there is some change coming in this area, but the one thing that remains unchanged is the fact that website operators that wish to use cookies can prevent users who refuse them from accessing certain parts of their website. CSPs could therefore argue that it should be the same in the case of targeted advertising and the related interceptions of users' communications. Is that justifiable, though?
The other analogy is employment law, where the use of consent is very limited becauses it is widely accept that in an employer-employee relationship it will rarely be freely given.
If, therefore, as a stubborn user who does not want to have her communications intercepted, Matron would, in practice, no longer longer be able to find an ISP that will have her, she would possibly no longer be able to access the internet. However, as Matron and many others of her persuasion have long argued, by now the internet is such an important part of everyone's life - it facilitates not only economic and social activities but also education and political participation - that to be without internet access is tantamount to the violation of a human right.
Now, some readers might think that this is a bit of an exaggeration, and maybe it is, but if "choice", that famous holy grail of the free marketeers, comes down to a choice between one ISP who will intercept your communications and another who will do the same, is that not a clear case of market failure? And shouldn't the government anticipate this situation and do something about it, now that it has the chance?
Sanctions
The government did apparently consider introducing criminal sanction rather than a civil penalty, but it decided against it in the end because it feared that the enforcement of such sanctions would be impractical and impose undue strain on the UK's police forces.
As a card carrying, bleeding-heart liberal, Matron is no great friend of potentially increasing the country's prison population for non-violent offences (although, as a practicing lawyer, it has been her experience that the threat of criminal sanctions tends to focus the CEO's mind) and for that reason she will not criticise the government from shying away from this step.
However, realistically, the penalty of "up to £10,000" is unlikely to be a major deterrent for CSPs as this is the sort of amount that many companies view as beer money. Unfortunately, one of the viable alternatives - giving the user whose communications have been intercepted a right to claim damages - already doesn't work in the area of data protection because in the absence of punitive damages it is actually terribly difficult to prove financial loss in these circumstances.
Which makes Matron think that maybe something along the lines of the recently introduced data security breach notification system should be put in place instead. That system, for those who do not know, requires providers of electronic communications services to notify any breach of data security to the Information Commissioner and, if the Commissioner thinks that this is appropriate, to the affected data subjects.
As we are largely talking about unintentional interceptions when we are talking about sanctions, should we suggest a similar procedure here? Where the CSPs, if they find out that they accidentally intercepted someone's communications, would be required to send an "oops" notice to the IoCC who, if the breach was grave enough, might also force them to send a similar notice to their customers? As we know, bad publicity is a much stronger incentive not to do wrong than a monetary slap on the wrist. It may just work.
Complaints
However, even this last proposal overlooks the main issue with this new procedure, namely that, as a rule, the IoCC will act in response to a complaint by a user who suspects that her communications have been intercepted. We already have this right in relation to interceptions by public authorities and it has gotten us exactly nowhere. That is largely because most of us will never realise or suspect that our communications have been intercepted. It doesn't show up on our screens and, by and large, we will never find out about it unless the interceptor is very open or very stupid.
This is borne out by the figures in relation to state interceptions:
- In 2008, the Information Tribunal received 176 complaints about suspected interception. In 2009 it was a mere 156. Now bearing in mind that this was round about the time that the Phorm story broke in the press, which may or may not have increased sensibility, it makes sense to look at the earlier figures and, lo and behold, in 2007, it was only 66, 86 in 2006, and 80 in 2005.
- Since RIPA came into force, the Information Tribunal has upheld exactly four, yes FOUR, of these complaints. Hardly a result that has the national security services quaking in their boots.
So if the IoCC's duty to act is merely based on him receiving a complaint, then I think we can all rest assured that CSPs will not have an awful lot to fear when it comes to their murky online dealings. Commissionary legal protection in this area is not effective, it never has been. In relation to state interceptions this has nonetheless been accepted because of the need to keep interception activities of the security services secret. Whether one agrees with that approach or not, this is certainly not an argument that can or should be applied to interceptions by private entities. Individuals whose communications have - even unintentionally - been intercepted, should be made aware of this and should be given appropriate judicial relief. The IoCC, if it is him who is charged with oversight over this area, should be given full auditing powers - including dawn raid powers, if necessary - to ensure that private interceptions are detected and the legal sanctions enforced.
The confidentiality of our communications is not only an individual right, it is a public good that gives people the confidence to act freely and without fear in the online environment. We endanger it at our peril.
Wednesday, 10 November 2010
Seek and ye shall find!
Despite the fact that at the time of writing (10 November, PM)
- it is not actually displayed on the Home Office's list of consultations;
- or its webpage on RIPA; and that
- Matron has been unable to find an official press release or news item referring to the event
it seems that the government has published a consultation document on changes to RIPA which became necessary after the European Commission referred the UK to the ECJ over the Phorm case.
While Matron has not yet had time to look at the document in detail, she can't help noticing that the consultation period (responses must be in by 7 December) is extremely short by anyone's standards.
Those who feel that they have something to say on the laws governing the interception of electronic communications therefore better get their skates on. Just saying...
Tuesday, 9 November 2010
Tunnel! Light! Action?
Is there any connection between the EU's Common Agricultural Policy (CAP) and data retention? You wouldn't have thought so, would you? And yet there might be.
After spending the day reading the European Court of Justice's decision in the case of Volker und Markus Schecke GbR v Land Hesse, Cases C-92/09 and C-93/09, Matron is intrigued by the pin-sized point of light that this judgement may shine on the question of how that court might deal with the question of whether the blanket retention of traffic data complies with the provisions of the European Convention on Human Rights (ECHR) and the EU's Charter of Fundamental Rights. If it ever gets to decide on that question, that is. But that is another matter entirely and for the moment lets not go there.
The ECJ decision in question relates to a reference to the ECJ from a German court, in which it was asked to consider whether EU legislation which requires the disclosure and publication on a publicly available and searchable website of the amounts awarded to farmers from CAP funds, together with their names, municipality of residence and postcode, was invalid. The applicants in the main proceedings clearly thought that it was because it enabled third parties to deduce the applicants' income of which 30-70% came from CAP funds.
The court - sort of - came down on the side of the applicants when it held that the wide-ranging publication requirement imposed by the relevant EU legislation violated their right to privacy and data protection because it was disproportionate to the EU's stated aim of increasing transparency of the use of funds in the context of the CAP. Whether this will actually help the applicants in practice remains to be seen as the ECJ did not entirely condemn the publication of that data. It merely concluded that it should be published in a more privacy friendly way that draws a distinction based on relevant criteria such as the periods during which recipients received CAP aid, the frequency of such aid or the nature and amount of aid. Which probably means that any halfway competent internet surfer will still be able to find out what amount of CAP aid an individual has received in any given period.
However, the decision is interesting for a number of other reasons:
After spending the day reading the European Court of Justice's decision in the case of Volker und Markus Schecke GbR v Land Hesse, Cases C-92/09 and C-93/09, Matron is intrigued by the pin-sized point of light that this judgement may shine on the question of how that court might deal with the question of whether the blanket retention of traffic data complies with the provisions of the European Convention on Human Rights (ECHR) and the EU's Charter of Fundamental Rights. If it ever gets to decide on that question, that is. But that is another matter entirely and for the moment lets not go there.
The ECJ decision in question relates to a reference to the ECJ from a German court, in which it was asked to consider whether EU legislation which requires the disclosure and publication on a publicly available and searchable website of the amounts awarded to farmers from CAP funds, together with their names, municipality of residence and postcode, was invalid. The applicants in the main proceedings clearly thought that it was because it enabled third parties to deduce the applicants' income of which 30-70% came from CAP funds.
The court - sort of - came down on the side of the applicants when it held that the wide-ranging publication requirement imposed by the relevant EU legislation violated their right to privacy and data protection because it was disproportionate to the EU's stated aim of increasing transparency of the use of funds in the context of the CAP. Whether this will actually help the applicants in practice remains to be seen as the ECJ did not entirely condemn the publication of that data. It merely concluded that it should be published in a more privacy friendly way that draws a distinction based on relevant criteria such as the periods during which recipients received CAP aid, the frequency of such aid or the nature and amount of aid. Which probably means that any halfway competent internet surfer will still be able to find out what amount of CAP aid an individual has received in any given period.
However, the decision is interesting for a number of other reasons:
- For a start, the ECJ made some very encouraging comments on the status of the Charter of Fundamental Rights both within the EU legal framework and within the framework governing the protection of fundamental rights and freedoms. This is one of the first decisions looking at questions of human rights compliance of EU legislation since the Lisbon Treaty - and with it the Charter - came into force, and the ECJ seems to use this decision to set out its stall on how it intends to apply the Charter in its interpretation of EU secondary legislation in the future. To this end, it confirms that the validity of such legislation must now be assessed in the light of the provisions of the Charter.
- The ECJ also confirms the Charter's premise (in Article 52) that insofar as rights guaranteed in the Charter correspond to rights contained in the ECHR, the meaning and scope of those Charter rights as well as any limitations placed on them must be interpreted in line with the corresponding rights in the ECHR. This creates a neat little connection between the Charter and the ECHR which will allow the ECJ to draw heavily upon the entire body of case law created by the European Court of Human Rights in Strasbourg (although, to an extent the ECJ has, of course, frequently referred to that case law already and the really interesting question is what will happen if the two courts disagree. But that question, too, is for another day).
- The ECJ confirms that a provision requiring the "general publication" of personal data on a website prima facie constitutes an interference with the applicants' right to privacy and data protection and that this interference, while "as provided by law" is disproportionate to the aim of increasing transparency that the EU seeks to achieve. The ECJ held that the EU institutions must balance the EU's interests with those of the affected individuals when adopting provisions that interfere with the rights to privacy and data protection. In particular, the decision makes it clear that the EU's objectives do not enjoy an automatic priority over the rights of the individuals and that the mere failure by the EU institutions to consider less intrusive methods of interference will lead to the invalidity of the contested provisions.
So why does this give Matron hope when it comes to data retention? Well, the situation there is actually very similar to the present case. Opponents of data retention have argued for a long time (including during the very brief legislative process that led to the adoption of the Data Retention Directive) that the blanket retention of communications data of the entire population is disproportionate to the aim of improving public and national security on the grounds that, among other things, the less intrusive means of data preservation or data freeze (where providers are required to retain traffic data relating to a specific event for a specific period of time AFTER the event) exist. Many countries are using this form of data preservation quite successfully.
And yet, that method has never been properly considered by the EU institutions as a viable alternative to the current regime, no empirical evidence has ever been collected as to why the blanket retention we now all have to live with is necessary (or even more likely than data preservation) to achieve the stated objective. On the basis of the ECJ's contention that even the mere failure to consider less intrusive means could render a provision invalid, one could clearly argue that the EU institutions' rushed adoption of Data Retention Directive should be examined in this light.
So a hundredth of a smidgen of a glimmer of hope here? Time will tell. One institution that should certainly take note is the European Commission which is still dragging its feet on the publication of its report on the current regime. Unless the member states come up with very good statistical proof that data retention actually works, it becaomes more and more difficult to see how a reasonable claim could be made that the provisions of the Directive are human rights complaint.
"Reasonable" being the operative word here, of course.
Thursday, 16 September 2010
How to dunk a cookie
Matron just spent another day reviewing the odious consultation paper on the UK implementation of the Telecoms Package, a task for which she will surely be rewarded with free access to a bunch of delectable virgins in the afterlife. Today it was all about cookies (no, not the chocolate covered ones - she wishes!) and the government’s plans on how to deal with them.
Let us recap, dear reader: a "cookie" is a small text file implanted by a website on the hard disks of visitors to the site (often without their knowledge) which collects information about the visitors, such as their names, addresses, e-mail details, passwords and user preferences. It can be set by the visited website itself or by third parties like online advertising companies. They can be used to track a user’s movement around the web and the information they collect will usually be used to serve targeted behavioural advertising to the user as s/he goes along. Although cookies provide web users with some convenience (pre-completion of online forms, recognition by online retailers), they also enable website operators to build up user-profiles without the knowledge or consent of the individuals concerned. Such profiles are immensely valuable and form part of the personal data currency with which we all pay for our access to “free” online content.
Under the current regime, users only have a right to object to the use of cookies provided they have been provided with information about the fact that they are used in the first place and on how to block/remove them. In the UK, in typical fashion (we call it pragmatism and are very proud of it), we managed to combine this laissez faire approach with our even more laissez faire rule on implied consent, so that, in practice, it works roughly like this:
1. Almost all browsers have default settings which allow cookies to be set unless the user changes those settings. Changing those settings isn't exactly difficult, but it is still a task which is beyond most people over the age of 45. Plus those who would be capable of doing this, often can't be arsed. Plus, changing the setting usually means that the user will not be able to access some web pages that require a cookie to load (this state of affairs is perfectly lawful, even the revised E-Privacy Directive permits this to happen).
2. The website owner complies with the Directive (and the national laws implementing it) by including an inocuous little provision in its privacy policy that explains what a cookie is and how it can be blocked. The policy will also usually warn the user that blocking cookies might result in a "loss of their user experience". Apart from us hardcore privacy lawyers no one actually reads privacy policies, so the normal internet user will never see this information. Which is all in a good day’s work for those who set cookies, because if we knew about this, we might actually try to change the settings. And if we all suddenly decided to block cookies, the web would come to a veritable standstill.
This point was forcefully made by Struan Robertson on Out-Law in May 2009, when he publicly requested the EU powers that be to “kill this cookie monster”. Because the European Parliament, you see, had insisted, as part of the Telecoms Package, on changing the requirement from the oh-so-convenient opt-out mechanism to an opt-in approach. And that is what came to pass – albeit with a twist, but more of that later.
Article 5(3) of the revised E-Privacy Directive now requires member states to ensure that cookies may only be set “on condition that the subscriber or user concerned has given his or her consent, having been provided with clear and comprehensive information … about the purposes of the processing”. “But this will mean annoying pop-up windows galore and the end of online civilisation as we know it!” shouted the website owners. "Oh, cue the violins!", replied the European Parliament. The measure was passed, the European Parliament was happy, web users’ privacy will be properly protected and web services will go bust in their thousands.
But wait a minute! This can’t be, can it? Surely they wouldn’t allow this to happen? Of course, they wouldn’t! Because the cavalry, in the form of Recital 66 of the Citizen’s Rights Directive, is already on its way. It provides that the user's will to accept cookies "may be expressed by way of using the appropriate settings of a browser or other application". Aaah, Matron nodded sagely at the time, this is what’s going to happen: all UK website owners will re-phrase their privacy policies, stating that by NOT changing the default setting in their browser from "accept" to "reject" users will be deemed to have given their informed and voluntary consent to the setting of cookies. Implied consent rules mean that those policies will be binding on the users, who will continue to live in blissful ignorance of their existence and no one needs to be any the wiser about the use of those pesky cookies. So, when Struan and others started jumping up and down about how terrible this new law was, Matron was just a little bewildered.
However, turns out she wasn’t the only one who had an idea of how the UK government was likely to deal with this minor inconvenience. It seems a copy of the “UK Minister’s Handbook on how to handle undesirable EU laws” (Section 1: “transposition” means “copy the text of the Directive into a statutory instrument and then interpret it to within an inch of its life through codes of practice and regulatory guidance documents”) has made it all the way to Brussels. How else could one explain the pre-emptive strike that was the Article 29 Working Party’s opinion on online behavioural advertising in which it demanded strict opt-in requirements for cookies? If you want to use browser settings to get your opt-in, so the Working Party, the browser default setting must be “block all cookies”. Only then would users wanting to accept cookies be able to signal their affirmative consent. "Go away, browser owners!", it said. "Change your default settings! We’ll speak again when you’ve done that."
One would think that those were pretty clear words, but it seems they were not heard on this side of the Channel. The BIS consultation paper (and more importantly, the impact assessment) unsurprisingly does not agree with the Working Party’s position. Instead the UK government fears that any form of opt-in procedure would lead to a permanent disruption of services and to online providers potentially suffering substantial losses, both in relation to the costs they would incur in programming pop-up windows or changing browser settings, and in directly lost revenue from users choosing not to allow cookies (how dare they?). Reassuringly for website owners and online advertisers, the government quite openly admits that, in its opinion, the balance of interest between user privacy and the need to secure providers' revenue streams is quite heavily weighed in favour of the latter. As it points out, “online behavioural or interest based advertising made up roughly 50% of display advertising revenue in 2009, which was equivalent to £350 million”. Matron does not dispute that to take that sort of money out of the web may indeed cause some serious disruption and that we might have to start thinking about other ways of financing all that "free" online content.
But there is a, admittedly semi-heretic, question to be asked here: does it have to be like that? Isn’t it just a bit of a self-fulfilling prophecy to treat as widely accepted gospel the claim that “the internet as we know it today would be impossible without the use of these cookies” (BIS consultation paper, page 57)? We have witnessed unbelievable technological achievements in the last three decades. Does the industry really expect us to believe that if it were no longer allowed to use cookies, developers would not come up with a different (and hopefully more privacy-enhancing) way of generating revenue out of advertising? Of course, as long as it can get away with using cookies, business will have no incentive to finance research into an alternative. Maybe Matron is just stubborn, but sometimes this whole “privacy-is too-expensive” argument really p…es her off.
More interestingly, though, at this point, is this: how does the UK government expect to get away with this? As Matron explained above, under normal circumstances she would have expected nothing less. But surely, the fact that the Working Party has laid down the law as it sees it even before the Directive's implementation deadline runs out must change things? Even if the WP’s opinions are not binding, they are read, and largely adhered to, by national data protection authorities and the European Commission. Practicing lawyers take them into account when drafting documents and policies and, in most cases, businesses would know that they act in contravention of them at their peril.
So what is happening here? Does the government just play the long game, given that the Commission already thinks the UK in breach of several provisions of the Data Protection Directive and nothing bad has happened yet? Does it intend to buy UK businesses some time by adopting laws in full knowledge of the fact that that infraction proceedings might be issued against it (because those proceedings will take years to come to fruition)? Does it intend to sit this one out until the wind has changed?
As Matron said: remarkable chutzpah! Or maybe it's just that no one at the BIS actually read the WP opinion. After all, they have been busy lately…
Let us recap, dear reader: a "cookie" is a small text file implanted by a website on the hard disks of visitors to the site (often without their knowledge) which collects information about the visitors, such as their names, addresses, e-mail details, passwords and user preferences. It can be set by the visited website itself or by third parties like online advertising companies. They can be used to track a user’s movement around the web and the information they collect will usually be used to serve targeted behavioural advertising to the user as s/he goes along. Although cookies provide web users with some convenience (pre-completion of online forms, recognition by online retailers), they also enable website operators to build up user-profiles without the knowledge or consent of the individuals concerned. Such profiles are immensely valuable and form part of the personal data currency with which we all pay for our access to “free” online content.
Under the current regime, users only have a right to object to the use of cookies provided they have been provided with information about the fact that they are used in the first place and on how to block/remove them. In the UK, in typical fashion (we call it pragmatism and are very proud of it), we managed to combine this laissez faire approach with our even more laissez faire rule on implied consent, so that, in practice, it works roughly like this:
1. Almost all browsers have default settings which allow cookies to be set unless the user changes those settings. Changing those settings isn't exactly difficult, but it is still a task which is beyond most people over the age of 45. Plus those who would be capable of doing this, often can't be arsed. Plus, changing the setting usually means that the user will not be able to access some web pages that require a cookie to load (this state of affairs is perfectly lawful, even the revised E-Privacy Directive permits this to happen).
2. The website owner complies with the Directive (and the national laws implementing it) by including an inocuous little provision in its privacy policy that explains what a cookie is and how it can be blocked. The policy will also usually warn the user that blocking cookies might result in a "loss of their user experience". Apart from us hardcore privacy lawyers no one actually reads privacy policies, so the normal internet user will never see this information. Which is all in a good day’s work for those who set cookies, because if we knew about this, we might actually try to change the settings. And if we all suddenly decided to block cookies, the web would come to a veritable standstill.
This point was forcefully made by Struan Robertson on Out-Law in May 2009, when he publicly requested the EU powers that be to “kill this cookie monster”. Because the European Parliament, you see, had insisted, as part of the Telecoms Package, on changing the requirement from the oh-so-convenient opt-out mechanism to an opt-in approach. And that is what came to pass – albeit with a twist, but more of that later.
Article 5(3) of the revised E-Privacy Directive now requires member states to ensure that cookies may only be set “on condition that the subscriber or user concerned has given his or her consent, having been provided with clear and comprehensive information … about the purposes of the processing”. “But this will mean annoying pop-up windows galore and the end of online civilisation as we know it!” shouted the website owners. "Oh, cue the violins!", replied the European Parliament. The measure was passed, the European Parliament was happy, web users’ privacy will be properly protected and web services will go bust in their thousands.
But wait a minute! This can’t be, can it? Surely they wouldn’t allow this to happen? Of course, they wouldn’t! Because the cavalry, in the form of Recital 66 of the Citizen’s Rights Directive, is already on its way. It provides that the user's will to accept cookies "may be expressed by way of using the appropriate settings of a browser or other application". Aaah, Matron nodded sagely at the time, this is what’s going to happen: all UK website owners will re-phrase their privacy policies, stating that by NOT changing the default setting in their browser from "accept" to "reject" users will be deemed to have given their informed and voluntary consent to the setting of cookies. Implied consent rules mean that those policies will be binding on the users, who will continue to live in blissful ignorance of their existence and no one needs to be any the wiser about the use of those pesky cookies. So, when Struan and others started jumping up and down about how terrible this new law was, Matron was just a little bewildered.
However, turns out she wasn’t the only one who had an idea of how the UK government was likely to deal with this minor inconvenience. It seems a copy of the “UK Minister’s Handbook on how to handle undesirable EU laws” (Section 1: “transposition” means “copy the text of the Directive into a statutory instrument and then interpret it to within an inch of its life through codes of practice and regulatory guidance documents”) has made it all the way to Brussels. How else could one explain the pre-emptive strike that was the Article 29 Working Party’s opinion on online behavioural advertising in which it demanded strict opt-in requirements for cookies? If you want to use browser settings to get your opt-in, so the Working Party, the browser default setting must be “block all cookies”. Only then would users wanting to accept cookies be able to signal their affirmative consent. "Go away, browser owners!", it said. "Change your default settings! We’ll speak again when you’ve done that."
One would think that those were pretty clear words, but it seems they were not heard on this side of the Channel. The BIS consultation paper (and more importantly, the impact assessment) unsurprisingly does not agree with the Working Party’s position. Instead the UK government fears that any form of opt-in procedure would lead to a permanent disruption of services and to online providers potentially suffering substantial losses, both in relation to the costs they would incur in programming pop-up windows or changing browser settings, and in directly lost revenue from users choosing not to allow cookies (how dare they?). Reassuringly for website owners and online advertisers, the government quite openly admits that, in its opinion, the balance of interest between user privacy and the need to secure providers' revenue streams is quite heavily weighed in favour of the latter. As it points out, “online behavioural or interest based advertising made up roughly 50% of display advertising revenue in 2009, which was equivalent to £350 million”. Matron does not dispute that to take that sort of money out of the web may indeed cause some serious disruption and that we might have to start thinking about other ways of financing all that "free" online content.
But there is a, admittedly semi-heretic, question to be asked here: does it have to be like that? Isn’t it just a bit of a self-fulfilling prophecy to treat as widely accepted gospel the claim that “the internet as we know it today would be impossible without the use of these cookies” (BIS consultation paper, page 57)? We have witnessed unbelievable technological achievements in the last three decades. Does the industry really expect us to believe that if it were no longer allowed to use cookies, developers would not come up with a different (and hopefully more privacy-enhancing) way of generating revenue out of advertising? Of course, as long as it can get away with using cookies, business will have no incentive to finance research into an alternative. Maybe Matron is just stubborn, but sometimes this whole “privacy-is too-expensive” argument really p…es her off.
More interestingly, though, at this point, is this: how does the UK government expect to get away with this? As Matron explained above, under normal circumstances she would have expected nothing less. But surely, the fact that the Working Party has laid down the law as it sees it even before the Directive's implementation deadline runs out must change things? Even if the WP’s opinions are not binding, they are read, and largely adhered to, by national data protection authorities and the European Commission. Practicing lawyers take them into account when drafting documents and policies and, in most cases, businesses would know that they act in contravention of them at their peril.
So what is happening here? Does the government just play the long game, given that the Commission already thinks the UK in breach of several provisions of the Data Protection Directive and nothing bad has happened yet? Does it intend to buy UK businesses some time by adopting laws in full knowledge of the fact that that infraction proceedings might be issued against it (because those proceedings will take years to come to fruition)? Does it intend to sit this one out until the wind has changed?
As Matron said: remarkable chutzpah! Or maybe it's just that no one at the BIS actually read the WP opinion. After all, they have been busy lately…
Subscribe to:
Posts (Atom)
