tumblrbot is creepy

I'll be honest: when I first enrolled in this course, I expected to hear a lot more about Snowden, the NSA and government surveillance – and at first I was disappointed. To be fair, we did discuss government surveillance: Zimerman, for example, talks about the impact that the Patriot Act had on libraries. I think that Snowden's disclosures are incredibly important, that the actions taken by the complicit US government agencies are alarming, and that these actions deserve to be the subject of public scrutiny, debate and criticism. Again, honesty - fear of government surveillance doesn't carry any kind of weird nostalgia for me: I am worried about it, right now, and I think that it the impacts on personal privacy could have serious consequences for everything from civic engagement to fair process.

BUT. I'm not at all unhappy that we didn't talk about it in specifics all that much. The coverage of the NSA wiretapping scandal is everywhere. Like, here’s some, and here and here and here and some over here and also here and here’s one about Edward Snowden. What’s being done, what’s not, who’s winning what prizes for the coverage, what do we know about Edward Snowden. I don’t mean to trivialize the effort and the courage that it must have taken to cover this story. As I said, I think it’s important. But at the same time, this is a story that is constantly in the press, and not always in a way that it is informative, or takes a broad view of the issue of privacy in networks or privacy online. Some of it is well written and thoughtful, and a fair amount of it isn’t.

I’m glad instead that we got a chance to focus on surveillance in ways I had never thought of surveillance. Coming from an economics background, I’d never heard of Jeremy Bentham’s Panopticon – only that he was a fan of usury. Likewise, I’d never thought of really thought about the work that databases do as constitutive: they don’t just store cryptic little bits of information, but that they actually create us as they store disparate pieces of information about our personhood (Poster). Likewise, I’d never really thought about how technology and biology can fuse to both feed those panoptic databases and (RFIDs, Taylorism/efficiency).

As we worked through these issues and others, and I continued to read through media articles related to privacy, I began to feel more and more that coverage was slanted in just one direction. Like there was a flood of articles about the NSA and government surveillance, and much, much less about privacy as it exists for people interacting with and through private sector entities. Sure, there’s been a lot of interesting stuff about Google, such as Vaidhyanathan’s book and a number fun and clever things like this meme and this movie. But I feel that a critical look at what the industry is doing generally, and accurate and thoughtful reporting on some of this stuff is lacking. After this course, I have to ask myself why, given the mountain of personal information that allow these entities to collect.

There’s one more reading I’d suggest, if anyone has the time or willpower to read anything else over the break, it’s Helen Nissenbaum’s “Privacy as Contextual Integrity”. If anyone’s been asking themselves “but what is this privacy thing anyway?”, fear not! Helen Nissenbaum has an answer for you. Plus, I think it’s well written and a pretty quick read.

In “Surveillance in the Digital Enclosure”, Mark Andrejevic explores the implications of mass participation in interactive spaces and ubiquitous computing for surveillance. Andrejevic questions the popular perception that people are free in the way and type of information they submit, and the intersection of control/ownership and privacy/surveillance. This is the backdrop for a disagreement with those who say that the technological developments and the move to user generated content has been inherently empowering and beneficial to the individual user. Sarah Roberts, in a blog post summarizing this article, points out that Andrejevic’s rejection of the use of the term “cloud” in favour of “digital enclosure” directly counters the utopian view of a boundless, unlimited landscape of opportunity.

Andrejevic begins his essay by pointing out that the cloud remains a fuzzy and sometimes contradictory concept. Devices will shrink while information expands and moves through the physical world; he quotes an MIT project that suggested in 2004 (and still suggests) that “computation...will be freely available everywhere, like batteries and power sockets, or oxygen in the air we breathe”. Certainly, calling batteries free is a pretty fair stretch, and it seems fair that computing power won’t be free in the future, either.

This reminded me of a point that was brought up in class: that cloud computing applications can be both massively decentralized, as is the case with applications such as Bitcoin or torrents, or massively centralizing, as in personal computing storage applications like DropBox or other programs that “call home”, such as the new editions of Word and Photoshop. The first type focusses on user anonymity, whereas the second focusses on user services. In Andrejevic's article, he often talks about devices nested throughout our lives that speak to one another and to a centralized database. These devices pick up small, discrete pieces of information, such as geographic location, or spending, or temperature that can be gathered, linked, organized, labelled, tested, compared and summarized to make economic decisions.

Andrejevic is basing his argument around the type of cloud computing in which our “networked, interactive environments” (297) are mined for information by private entities for economic gain. Andrejevic suggests that the developments in private surveillance directly contradict the promise of a “digital sublime” (297) promised by technology popularizers and futurists. The information gathered about us by a dozen sources (or even just one) and relayed back to a central database can potentially prevent us from playing a DVD in a different geographic zone, entering a building, or accessing a bank loan. It can also build a filter bubble enclosure: GPS data can determine what ads we see and what results appear in our searches. And data sets can overlap. When individuals in one data set can be mapped to individuals in another, the enclosure capability of each can overlap.

In class, we’ve talked at length about the different ways that private entities are scooping up information, and the ways in which it affects users: filter bubbles, control, the loss of privacy. Cloud computing seems like a way to turbocharge data collection, and the rhetoric a way to normalize it and perhaps also to hide it: Jeremy Bentham knows that people’s behaviour changes when they know they’re being watched. Andrejevic puts this space of collection in a box and slaps on a big red warning sign on the side.

At the OLA conference, I stopped by the booth staffed by the Office of the Privacy Commissioner of Ontario. (While doing entirely unrelated work on another project, I also found out that our current Ontario Privacy Commissioner is Raffi’s sister. Yeah, that Raffi. How cool is that?)  I mentioned that I was taking this course to the staff at the booth. They were pretty thrilled that user privacy was important enough to LIS students that we’d devote ourselves to an entire course on the subject. They sent me away with a few different pamphlets, which…I only just remembered to read yesterday.

I rediscovered something in one of the pamphlets that I think was discussed briefly in LIS 9005, and which Amy touched on in her presentation. Public libraries in Ontario have not only moral and professional obligations to protect the information generated by user access to library resources, but legal obligations too. The Municipal Freedom of Information and Protection of Privacy Act (MFIPPA) sets the standards for the collection, use, retention, disclosure and disposal of personal information collected by municipal government institutions, including public library boards. The Public Libraries Act provides specific operating rules for libraries in their day-to-day activities.

Reading through the material I was given, I thought it might be interesting to contrast the Canadian and American perspectives on the government’s role protecting or subverting the rights to privacy of their citizens. Whereas Zimerman presents a sort of jeremiad about the legacy of the Patriot Act and government interference, we have an arms length government office whose sole purpose is to protect citizens from unreasonable public and private surveillance. The previous Privacy Commissioner of Canada made international headlines several times by calling out both government bodies and international corporations for failing to adequately protect the privacy of citizens, most notably Facebook several times since 2008. Then again, we also have CSEC. And for myself, while I think that while advocacy work done by the OIPCC is a step in the right direction, I wonder what lasting effect, if any, these interventions have. If there’s anything I’ve learned so far in this course, it’s that there are no happy endings in privacy today. If life was like Game of Thrones, privacy would be every single likeable character. (Yes, it’s a terrible simile.)

According to the office of the Information and Privacy Commissioner of Ontario, this includes information related to “one’s computer use, including sign-up sheets and information on any Internet use”. I can think of some fairly basic measures libraries should take to ensure user privacy. For example, users could be required to signal to the system the beginning and end of a session, allowing the computer to wipe telltale traces left by internet browsing by clearing the browser’s history, deleting cookies, dumping the cache, etc.

I personally feel I know next to nothing about online security. I feel like I hear something different on security every other day – it’s safe, it’s not, don’t do your banking there, you’re not safe from targeted attacks but who’s going to do that anyway… I know that by virtue of the way TCP/IP works, that my computer constantly broadcasts trace information about itself, but I really don’t understand what is contained in that information or how this information can trace back to me. It’s my understanding that Tor helps to counteract this by encrypting IP addresses, but without understanding the problem I feel I can’t really understand the solution – which makes me deeply uncomfortable.  

Libraries usually try to surpass the basic legal standards in order to uphold professional and moral standards such as those enshrined in statements such as the IFLA Statement on Libraries and Intellectual Freedom. I think that LIS professionals generally make the connection between privacy and intellectual freedom, and take seriously the challenges of putting it into practice. Given that that’s the case, libraries should also try to surpass basic legal standards when it comes to online privacy. This starts with the library’s own policies, and extends to providing education to users on why online privacy and security is important and resisting agreements with third parties that permit the collection of user data.  

  Office of the Information and Privacy Commissioner/Ontario. “What are the privacy responsibilities of public libraries?” (2002)

“My stage name is less about withholding parts of myself or maintaining privacy than it is a symbol of the idea that I am more than just my job or any other isolated slice of my identity.” - Stoya

EDIT: The crappy theme I just switched to fails to highlight the fact that the title is, in fact, a link to the NYT article. So there you are. Students of privacy, eat your...you get the idea.

“Privacy is the capacity to negotiate social relationships by controlling access to personal information.” – Philip E. Agre and Marc Rotenberg http://polaris.gseis.ucla.edu/pagre/landscape.html

“The right to be let alone” – Warren and Brandeis (1890, 193)

Over the weekend, an American porn star, Stoya, published an op-ed in the New York Times. I found it to be an interesting read, and particularly relevant to the question Amy asked at the start of her presentation yesterday: what is privacy? It’s a difficult question.

Zimerman (2009, 7-8), writing from the American perspective, points out that the United States Constitution protects the privacy implicitly by protecting certain practices (private communication) and places (the home) from intrusion by the government. According to the Fourth Amendment, the individual, their property and effects are protected against unreasonable search and seizure, except by the . The fact that the protection afforded by the Constitution is implicit is interesting to me. My understanding of U.S. history is fairly basic, supplemented by a quick and dirty brush up on the history of the Fourth Amendment on Wikipedia. As I understand it, harsh repression enacted by the British governorate through general warrants and ‘writs of assistance’ contributed to the dissentious political climate prior to the American Revolution and were referenced fairly frequently in the consultations that led to the drafting of the Constitution and the Fourth Amendment. Privacy, however, is never actually mentioned by name – the laws refer to a set of processes, and controls on processes, that within the existing technosociopolitical (is that a real word?) context would yield something that would be called privacy.

In this historical sense, privacy plays an instrumental role in the security of the person and the right to dissent against tyranny, both of which are seen as fundamental to the democratic process. In his article, Zimerman carries on this tradition – making multiple references to privacy as a support of individual intellectual liberty and the dangers posed by invasive legislation and government policies. He also mentions the difficulties inherent to defining privacy in passing, without really engaging the problem (Zimerman 2009, 9).

Updates to privacy legislation, in Canada at least, seem to occur at times when technological innovation has changed the landscape in terms of the control that private citizens have over personally identifiable information. So is privacy a concept continuously in flux, informed by current social structures, technological developments, cultural norms, etc.?

 While I think that there are some statements that will ring fully or partially true for years to come, I think it’s also important to examine privacy at the subjective level – how privacy is experienced, or not, and how that creates meaning at the personal level. I also think it’s important to look at privacy in context. And this is why I think that last week’s op-ed in the New York Times is so important. It’s an explanation of the personal meaning derived from privacy – or the meaning created in its absence.

Stoya. “Can We Learn About Privacy From Porn Stars?”, The NewYork Times, (9 March 2014), retrieved from <http://www.nytimes.com/2014/03/09/opinion/sunday/can-we-learn-about-privacy-from-porn-stars.html?_r=0>

Warren, Samuel, and Louis Brandeis. "The right to privacy." Harvard Law Review (1890): 193-220.

A privacy (and surveillance since they're inseparable, Gary T Marx holla) playlist for all your 9134 Tumblring needs, brought to you by the G of C. The comments section has some solid suggestions too.

Ray Kurzweil popularised the 'singularity' concept, when artificial intelligence overtakes human thinking. Now he is trying to make it a reality for Google. Carole Cadwalladr meets him