A safer, fairer information society

Thoughts in response to Francis Irving’s post, Making our information society safe and fair, to which I added the following comment:

I don’t disagree with these, Francis, but would maybe (because I have increasingly tended to come at the problem from the campaigning end of things?) take a tougher – or at least different – line on some of them.

I’m glad your #1 was access to (use of?) culture, and your #2 literacy. Both essential. No point arguing chicken and egg, but I fear you have to be more radical yet if you’re relying on the public libraries to ‘save us’.

What I – and others, but possibly most articulately @billt – think we need is a genuine ‘Digital *Public* Space’. This is difficult to unpack, but (for me) lies somewhere around the notions of public parks, public libraries, public service broadcasting and pop-up art spaces. What most people think of as ‘public’ these days is nothing of the sort; this is becoming as true off-line as on.

Key to truly public is truly anonymous.

So, while I agree with #5, I believe ‘fair and equal’ requires the ability to join the network anonymously – though, of course, to be able to provide trustworthy bona fides when/if justifiably  challenged. This requires a radical rethink of the network, which is why redecentralisation caught my attention when I first saw you mention it.

I’m pretty hard core on ‘literacy’. I was training as a teacher as the current National Curriculum was being issued, and had a go at what briefly became known as the BBC’s ‘Digital Curriculum’ in the late 90s/early 2000s – but what we have in schools and more generally these days is woefully inadequate.

Media Studies used to be a ‘joke’ subject; these days, I’m half convinced a radically-improved version of it should be a core subject or key component of every subject.

I now know several people from their 20s to mid-30s who were failed utterly by school, who are functionally illiterate when it comes to the written word, but who over the last 5-7 years have educated themselves on YouTube (or equivalent, but mainly YouTube). For free. They are interested/engaged, interesting to talk to and coherent – but it cost them a LOT of effort. What they lack is a map.

Maps are hard.

Search is easy. Search makes you think you know stuff you actually don’t – because if you can’t even identify the context you borrowed for the information, you don’t know what you ‘know’, and what you don’t.

Maps distil a bunch of stuff that helps people find their way around; to get a sense of what they know, and what they don’t. It’s entirely possible – if costly – to make (good) maps but we should do MUCH more of that, and publish them for free.

A person with a map can make all sorts of choices they otherwise wouldn’t know were there. People with maps tend to be freer / more autonomous than those without them…

(N.B. Better maps may also help other initiatives, such as ‘open’ – which is flailing around a lot at present, trying to find how it relates to principles and disciplines it barely appreciates and a landscape it hasn’t even really begun to explore.)

A lot of the (digital) learning and ‘literacy’ I see is misdirected at activities that aren’t fit for purpose; teaching people to drive software – rather than to build it themselves, or to be able to fix it, or at the very least to be able to appreciate the good, bad, ugly and dangerous parts.

#3 shows you appreciate that coders will always be an elite, so you clearly appreciate that teaching everyone to code isn’t the answer. I think the (mass) answer will ultimately be somewhere on the ‘aesthetic’ rather than the technical end of things – ‘play’ vs ‘study’; educating people to at a minimum be able identify code/data products and services that safely meet their needs and desires.

Professionalising programming is, I fear, a more-than-generational problem.

I know folks at BCS and others are trying to think about this. I’ve spoken to several members of the Worshipful Company of Information Technologists(!) over the years – at least one a University Vice-Chancellor – and no-one who takes this seriously doubts that this is huge.

Take psychology as an analogy; a practice most people would recognise as some sort of scientific discipline. As a professional practitioner, you can be a Chartered Psychologist or member of one of the established Psychological or broader Scientific Institutions or (Royal) Colleges. You can study a bunch of internationally-recognised courses in established Universities to get a bunch of letters after your name.

This has been true across the world for quite a while and while it doesn’t stop, e.g. Scientology or NLP ‘life coaches’ continuing to abuse psychological techniques for money, or didn’t stop Nazis doing appalling experiments in WWII, it does tend to mean that people who do such things are sanctioned to the extent that a professional community can do so, i.e. various forms of marginalisation / exclusion or removal of official approval.

And this has taken about 100 years.

Ethics in psychology ‘borrow from’ general research and medical ethics; programming has no such ‘base’ to work from, but – as we’ve seen with care.data and NHS handling of medical information more generally – research and even medical ethics can be applied, when what you’re doing affects people (which, by definition, personal data does).

Of course, while people like @RossJAnderson build conversations between the psychologists and security engineers, Number 10 reads an interview with Malcolm Gladwell and builds itself a ‘nudge unit’ which a couple of years later privatises itself…

So I agree with #3, but would (pragmatically) prefer to encourage a feeling of ‘chivalry’ amongst the taught and self-taught for now – rather than put too much effort into creating yet another ‘priesthood’.

I do think you’re right about standards and ethics and professionalism. I just don’t think things will settle enough for several decades or more for anything other than a handful of highly dedicated people to keep steering things as best they can from the handful of international and international bodies that haven’t been corrupted or co-opted.

Revolutions aren’t the times to build institutions; they’re the times we discover (and defend) what our REAL values are – or what we want them to be.

The only one I instinctively disagree with is #4. Do we want to trigger another ‘Elf and Safety culture? Bad enough that Data Protection in the UK and elsewhere seems to have gone that way (it’s always a stupid idea to separate legal compliance from fundamental human rights).

Let’s leave laws for discernable crimes and transgressions, and be much clearer about (and stick to!) the underlying principles. Giving people handbooks makes them stupid – cf. the standards-compliant British e-passport, the chip with which ‘we’ were able to do pretty much everything the Home Office said we couldn’t. Because (a) we actually read the standards, and (b) we understood them.

I care a lot about #crypto and #control, but I confess I rely on trusted others’ deeper knowledge to guide me. I’ll really miss @CasparBowden for that, and e.g. recently @richietynan‘s take on the destruction of the Guardian laptops gave me even more serious pause for thought.

As I said above, I think (initial) anonymity is key. But what does this even mean if at a hardware/firmware level you can’t even guarantee your keypad and its invisible 2Mbit of storage isn’t a keylogger for the Chinese Central Communist Party?

Thanks for provoking what I hope wasn’t too verbose a response. I’ll cross-post to my blog, just in case this doesn’t upload.


Posted in uncategorized | Leave a comment

Three words

Three words in one telling phrase in a statement by Home Office security minister John Hayes yesterday, speaking on BBC Radio 4’s The World at One in response to the High Court ruling that data retention and surveillance powers in DRIPA are “inconsistent with European Union law”:

paranoid liberal bourgeoisie

Setting aside the casual discriminatory undertone of the first word – the snide characterisation of legitimate, principled, rational objection as something akin to a serious mental health condition; an attempt to paint serious people (David Davis, Tom Watson and many, many others) as somehow ‘hysterical’ or ‘mad’ – what struck me first about Mr Hayes statement is what it reveals of his thinking. My friend Ian drew my attention to the quote, and my initial response was this:

Though my friend Guy had already cut straight to the point:

I was busy so – besides noting that “liberal bourgeoisie” is how the Communist Party of China sometimes refers to the Western Democracies and making a terrible pun that, probably deservedly, left me with an image of my friend Simon that will scar me for years (thanks, Ian) – I went back to work.

But those three words stayed with me.

Later that evening I tried inverting them, to see if I could better understand them. My ‘mental unpacking’ went something like this:

paranoid = “hyper-concerned” > complacent = “utterly unconcerned”; clinical ‘pronoia’ irrelevant and I don’t like misusing medical terminology in any case. It’s offensive.

liberal > illiberal; ‘authoritarian’ probably equally appropriate, but equally a label. A literal inversion suffices.

bourgeoisie (French origin; typically Marxist in usage?) > elite vs, say, the (metropolitan) “chattering classes” – which was to whom former Home Secretary David Blunkett said he was referring in similar circumstances, as Simon had already pointed out.

To the extent that I have any, my Marx is rusty, so I checked a few references, e.g. bits of Trotsky (interestingly, in the Third International on the Chinese Revolution) and some New Cambridge Modern History on the early C20th, noting “The Liberals were supported by the working-class parties (Labour and Socialist), which were as yet of insufficient size to do more than assist in the struggle” – but, basically, I wasn’t too far off the mark.

Use of the word “bourgeousie”, whether intentionally or not, seems to engage a Marxist and/or revolutionary frame of reference: the division between ‘bourgeoisie’ and ‘proletariat’; those who own the means of production (“upper class”/capitalists), and those who don’t (“working class”/workers). Of course, society – and division – has moved on, but I was reassured that I probably wasn’t any more part of the bourgeousie (in that sense) than I thought I was.

Of course, I am ‘middle class’ – though my “political, economic and social opinions” are most definitely not “determined mainly by concern for property values and conventional respectability”, so I guess I dodge that definition too.

Though no longer ‘metropolitan’, I do spend quite a bit of time in London – and some might say I could “chatter” for England. (Though  personally, I like to think my verbiage is something more than just chatter.) Fascinating that Mr Hayes, who I assume is a staunch Conservative, should think to draw on such reference points.

Or maybe he wasn’t thinking? Maybe it was just a bit of typical, lazy “let’s use a big word that makes me sound impressive” political rhetoric? Hard to tell.

So anyway, what I ended up with was “complacent illiberal elite“, to which Roger Lancefield would add “deceitful”:

complacent (deceitful) illiberal elite

Just a few thoughts on these four words:

complacency – this is not the simple form of personal complacency, which one would hope might be a signal to constituents that a person was not fit to represent them. Something along the lines of, “I don’t give a shit, so why should you?” – this is more a deliberate attempt to project a lack of concern onto others, from a position of purported authority: “Nothing to see here…” or, more usually in this context, “If you’ve got nothing to hide, you’ve got nothing to fear.”

This projected complacency suggests there’s something they’d rather you didn’t know about; a form of distraction and deceit which, in the powerful, is generally an indication that there is actually something to be concerned about.

These days, being Big Brother is far too ‘in your face’; proponents adopt a form of overweening, Nannying paternalism that is either wilfully ignorant – unfortunately, not a disqualification for elected office – or outright deceitful given the increasing numbers of people been have been harmed, even died, due official, lawful abuse and misuse of personal data and metadata by governments, companies (including charities) and institutions.

[N.B The spectre of “the hacker”, so often deployed by the tech-illiterate media and politicians, may indeed be real – but pales in comparison to the effects of legislatively-sanctioned and authorised user / insider abuse.]

One of the most concerning aspects of Mr Hayes original statement is the use of the word “liberal” as a pejorative: when did freedom and tolerance become a bad thing, values not to aspire to? When did that particularly insidious, ignorant, illiberal tendency of the American hard Right become acceptable in British politics? People, especially powerful people, who denigrate the very words that signify freedom bear close watching.

I realise the word “elite” is pretty loaded these days, but it’s also pretty easy to understand in context. I would note only that if the word triggers associations with 12-foot lizard people for you, we’re probably not talking about the same thing.

Posted in communications data, database state, privacy, Twitter | Leave a comment

Some memories of Caspar

“Bullshit!” came the shout behind me.

Caspar wasn’t about to let the former Home Secretary who had reintroduced ID cards to the UK for the first time since WWII get away with claiming a ‘Damascene conversion’ on personal privacy, even at a birthday party amongst friends (PI’s 20th). David Blunkett may indeed have had a rough ride from very public exposure of aspects of his private life in the previous few years, and may well have modified his thinking somewhat – but not fundamentally. And for Caspar, it was the fundamentals that mattered.

Very few people I know can combine a rigorous grasp of first principles and unswerving moral sense with the ruthless attention to detail and relentless practicality required to do something about them all. Caspar could. And did.

I met Caspar, like many people did, as I started to campaign in ‘his’ territory. He was by no means the only person who helped school, support and tool me up to fight the ID scheme and a whole series of other pernicious database state assaults on privacy, civil liberties and human rights – but he was one of them, and he was always there when I needed him.

Making introductions, feeding me (sometimes literally – we both enjoyed a good steak!) with academic papers, articles and legal insights I needed to better understand the nature of the battles we were fighting. Bouncing around ideas, playful with technology and always willing to talk through tactics and, as I expanded my frame of reference, strategies; we were both angry at injustice, and we both understood we were fighting a war against almost overwhelming odds.

He couldn’t resist complimenting me one time when I thought I’d screwed up by losing my rag and tearing a strip off some hapless, poorly-briefed MP on the radio – but looking back I realise he wasn’t just being kind, or funny. Caspar knew how to channel his righteous anger for effect and was encouraging me in his own inimitable way to learn how to better channel mine.

Caspar left Microsoft the year I stepped down from NO2ID. He came to Bonfire with me that November, and we talked extensively about “what next?”. We were both minded to try to bring on / train up more campaigners, but I guess neither of us were temperamentally suited to doing that as a full-time occupation. If it happened – and with Caspar it happened a lot – the ‘training’ was by osmosis, by generous sustained interest and encouragement, and by example.

Of course, the front line beckoned.

Caspar forged ahead on PRISM/Tempora, FISA and nailing ‘cloudveillance’ and I (along with Terri, Sam and others) got stuck into medical confidentiality and consent. We crossed paths at ORGcon North in 2013, both presenting our latest findings and predictions. Both, unfortunately, turning out to be right.

Our mutual friend William Heath told me a few weeks ago that Caspar was sick, shortly after I had (only half) jokingly ‘nominated’ him for the post of UK Interception Commissioner on Twitter. It’s a running gag amongst some of the UK privacy advocates to send in CVs for positions like that, when they come up. But of all of us, Caspar, who spent nearly 10 years inside Microsoft, had the tools – if not the temperament – to do a proper job.

I’m really going to miss him. As I’m sure are many, many others – my Twitterstream today is testament to the worldwide networks of privacy and other human rights activitists, technologists, journalists, campaigners and legal folk to whom Caspar meant a great deal.

My thoughts – which quite clearly at this late hour are unravelling – are with his family and loved ones.

I’ll sign off with a small sample of links to what others have said today.

Goodbye, Caspar.

Thoughts and memories, in no particular order, from: Malavika Jayaram, Alexander Hanff, Ben Goldacre, Robin Wilton, Simon Davies, Glyn Moody, Ray Corrigan, Natasha Lomas, Chris Soghoian, John Leonard, Danny O’Brien, Cory Doctorow, Wendy Grossman, Martin Hoskins, Helen Wilkinson, Sarah Clarke, Jim Killock, Bella Sankey, Laura Kalbag, Joanna Rutkowska, Ania Nussbaum.

And not from a named person, but heart-warming nonetheless, Tweets from  The Tor Project, Privacy International and UK Information Commissioner’s Office.

In the hospital Caspar Bowden asked that we work to ensure equal protection regardless of nationality. Privacy is a universal human right.
– Jacob Appelbaum (@ioerror)

If you care about privacy – your own or others’ – please donate to the Caspar Bowden Legacy Fund for privacy advocacy and technology.

Posted in communications data, database state, ID cards, identity, medical confidentiality, medical records, Microsoft, NO2ID, privacy | Leave a comment

The Four Horsemen of our rights Apocalypse

Sam and I have been having a conversation, and this article (posted originally on disruptiveproactivity.com) was one of the results:

The worst excesses of care.data’s mandate to collect and exploit your medical records are coming back, and the scheme’s descendants are planning to expand into new areas of your life.

Says David Cameron: “For too long, we have been a passively tolerant society, saying to our citizens: as long as you obey the law, we will leave you alone. This government will conclusively turn the page on this failed approach.”

The three main protections in the health arena are medical ethics, Data Protection, and the Human Rights Act. The first two may have slowed care.data down last time, but the committee responsible for ethics got abolished while everyone was distracted by the election. And now your rights are under greater threat.

Going far beyond health data, there are discussions within Whitehall and Westminster about ‘data sharing’, with lobbying from those who’d like to exploit the rest of data held by Government. Long-term plans to ‘share’ data for any purposes will almost certainly come back. The last attempt, the Cabinet Office Data Sharing process, ended in a “civil service success” (i.e. failure), as DWP expertly defended its desire to play whatever political games it wanted with its population-scale databases. (Though unsurprisingly, health was seen as too “toxic” to touch.)

You thought ATOS was a problem? With government data sharing, they can do much more. Automatically. Are you entirely sure that nothing in your history might be misconstrued by an underpaid contractor with targets to hit (or through error, or just to boost profits)?

What happens when a future Government tries to “sneak past the most data they can sell without anybody noticing”, as care.data tried? And consider carefully what the next Government could have been, only a month ago…

Broader data sharing could recycle the original vision for ID cards and a “single source of truth” Database, with the canny marketing flourish that this time you’re free to pick your own card design, because Government will match “your” data behind the scenes anyway.

The Home Office ID scheme was an 80s disciplinary design which made usage explicit; a ‘linked identifier’ scheme based on data matching will be disproportionate, wrong and discriminatory. And the risks just increase as new genomics and control technologies are added to the coercion and profit incentives of the last century.

When the Snooper’s Charter comes back with a vengeance, if you think you can rely on all of Government not accessing anything? “I have to say I take a different view”, says Theresa May (q78). Do you want decisions affecting you or your family to be made based on events or thinking from the past?

Will any new proposals re-enact the worst of the old ID scheme, “Clause 152” and care.data: you can use any card you like, but it won’t make a difference, as they’ll ‘share’ until you match?

HRA repeal, care.data, ‘data sharing’ and the Snoopers Charter: the four horsemen of our rights Apocalypse – driven by instincts that are Secretive, Invasive and Nasty.

A canary in the coal mine for the new Government’s intended use of data is likely to be how it resolves the Universal Credit IT debacle. Old way or new way? It’s not just about the headlines, nor a shiny new interface, but where your data will go.

Will they choose to be Secretive, Invasive and Nasty? If they do, how will you know?

Posted in choice and consent, communications data, database state, GDS, ID cards, identity, medical confidentiality, medical records, National Pupil Database, neo-feudalism, NO2ID, privacy, Transparency | Leave a comment


It’s been about a year since my last post here but I have been gainfully occupied, coordinating medConfidential along with Terri Dowty and Sam Smith.

If you want to keep up with the latest, please follow:

@EinsteinsAttic (me) or @medConfidential (the campaign) on Twitter

Or, if you’re into that sort of thing, visit our page on Facebook (ugh!)

If you don’t know what’s going on, or you’ve heard that something might be going to happen to your medical records then I strongly recommend you check out the medConfidential website and – if you have any concerns – opt out yourself and your dependents, i.e. minor children and people for whom you hold lasting power of attorney.

The care.data scheme is currently on hold, and we (medConfidential and others) are working hard to ensure that it is fixed – or if they* won’t fix it properly that it is stopped. Beyond that, we are trying to ensure that every flow of personal data into, within and out of the NHS and the wider care system is consensual, safe and transparent.

N.B. If you opt out now, the information held in your GP medical record will not be extracted in the Autumn. If at that point or any point therafter you believe that the system is safe and that your data won’t go anywhere you don’t want it to, you can always opt back in. Just be aware that once your data has been extracted, it will never be deleted.

Meanwhile, here is a funny video that a nice man called Paul Bernal made:

(Lots of in-jokes, but all you really have to know is that the chap driving care.data is called Tim Kelsey)

*”they” in this instance is the Government, the Department of Health and two arms-length bodies, the NHS Commissioning Board (which styles itself ‘NHS England’) and the Health and Social Care Information Centre (HSCIC).

Posted in choice and consent, database state, medical records, privacy | Leave a comment