Eva Pascoe tracks the impact of state and private surveillance on how we use the Internet, e-business and get data for smart cities.
(This is a draft, comments welcomed!)
“I know it when I see it” was the comment of a Supreme Court judge in a case involving pornography. However, can we say the same about online privacy?
The thick walls of the Houses of Parliament in London provide a good shelter on a hot summer day. I am not a frequent visitor to the seat of UK law-making, but on that day, back in early June, it was the best place to be and the Cybersalon crew was looking forward to participating in the works of the House. Cybersalon.org is a Digital Futures Think-tank and one our research interests was to cover a recent collapse in online privacy and data protection in UK. We had received the invite to the hearing in House of Commons courtesy of the Open Right Group in order to join the examination of a significant privacy and data protection compromise by IPSOS-Mori and EE – the mobile phone telecommunication provider.
EE, short for Everything Everywhere is a much derided child of Orange and Deutsche Telecom, born in much pain in 2010 out of the reluctance of both sides and their exhausted shareholders, to invest individually into 4G infrastructure. IPSOS-Mori is one of the most aggressive UK market research outfits. Both agencies were accused of selling customer mobile phone data to the Metropolitan police, and it appeared to be an on-going deal involving rather large amounts of very detailed personal data of the mobile phone subscribers of EE.
We sat at the back of the Parliamentary Committee room and listened to a very opaque explanation to what had actually happened. The proceedings started with a flustered and somewhat out-of-his-depth Information Office Commissioner summarising that apparently the sales people from IPSOS/Mori happened to send a slide or two with some generous data selling proposals to the Metropolitan Police. This was personal data of the users, the elements that EE had carefully fished out tapping EE mobile phone customers. The data was of a very wide sort, from gender, age, post code, websites visited (!), the time of day of the visits, the time of day of sending SMS, location of the customer when the call was made and so on.
Both EE and IPSOS/Mori had a well-rehearsed answer to any questions asked – it was apparently simply “meta-data”, which means no individual names are included. According to the current interpretation of the law by Mssrs EE and IPSOS-Mori, it was apparently perfectly fine and dandy. Considering it was Houses of Parliament, and the Information Commissioner looked that they lost him from the word ‘gender’, neither IPSOS-Mori nor EE expected any difficulties in their cunning plan of bamboozling the inmates with a bit of a tech Big Data-speak.
They nearly got away with it, but just when it appeared that all was lost, and personal data stealing lunacy will prevail, a representative from the Oxford Internet Institute, Dr Joss Wright happened to be awake and responded to the tales from EE. He offered a very short comment. He explained that considering the breadth and depth of the data, it would be a very quick job to re-identify the individual person with their full name from this type of metadata, particularly as IPSOS-Mori has at their disposal more sources of data that can be used to supplement the already rich stream from EE’s smartphone customers. Dr Joss Wright explained slowly and patiently, repeating himself just to make sure the Information Commissioner was following: he explained that using multiple sources increases the probability of re-identification very significantly and any talk of the ‘meta-data’ being really ‘meta’ at this level of rich data sources (i.e. all your web actions, locations, time etc) are just not accurate. Joss commented that it takes only about 4 geo-location points of yours and my daily route to re-identify you from metadata, as most of us are really predicatable bores and have only 2 or 3 typical daily routes. 80% of people can be re-identified easily from the geo-location points. It is certainly true for me, for most parts of the week, except on Friday evening when it is anybody’s guess where I end up. Mostly I am a very easily re-identifiable person, and so are probably many of you.
The explanation from EE and IPOS-Mori were not satisfactory, but both admitted that offering the data to the police was a mistake. This was described in the Parliamentary Committee room as a ‘misunderstanding’.
Trust and Loyalty Cards
They probably will not do that again, but the issue was that these large companies, with very significant, and so far trusted brands, should be defending that trust. The duty of a marketing director of any brand is to be the ‘brand guardian’ and to make sure that any data obtained from their brand via smartphone operators is protected. The data should only be visible to the service provider unless the user has specifically opted-in and allowed 3rd party to have a full access to the personal data. That is how the process worked for over 20 years since the introduction of store cards in retail, which has been a story of trust and providing value through discounts to customers who kindly entrusted their data to the store card manager. This trust-value equation appears to be under severe threat now and we should stop to examine the key culprits and the risks if the concept of brand trust is disrupted.
Having worked in the data industry for many years I am not easily shocked, but the behaviour and arrogance of EE and IPSOS-Mori in assuming that they have the God given right to use my Web and SMS data willy-nilly has been something of a revelation. I have spend many years building up the first fashion e-commerce for Topshop, Topman and many to others, back in the mid-90s, and one thing that I learned the hard way, was that as a trusted brand, you looked after customer data better than you looked after your own cat. If not, you were going to be out of the job faster than you could say “EU direct marketing data protection and privacy directive”. I learned that trust was earned over many years of trading as a brand, but lost in one swift swoop if a Topshop customer found out that we sold their data to, a hair brand for instance, without the customer explicitly opting-in for third party data sharing.
Data in Exchange For Value
We absolutely lived or died by having access to Store Card loyalty card data in the early days of online trading, and we knew that Mrs Smith and her teenage daughter trusted us with their data precisely because they knew it was protected and never ever to be sold to a third party unless on opt-in from Mrs Smith was obtained. It was a very special, respectful relationship based on a simple exchange, i.e. Topshop obtains the personal data but we offer back value, through discounts, vouchers, Store Card holders special evenings, previews of the new collections and many other little treats like on-off birthday treat for our special day. People have a pretty good feel for what they data is worth and for store cards, their data is worth around 10% of the discount. Many a club card was build on that premise and the relationship worked as it was transparent, symmetrical and re-visited on regular basis, with the customer able to change his view at any point of time.
So IPSOS-Mori and EE behaved like true data marketing debutantes (which perhaps EE is but IPOS-Mori certainly isn’t) and showed a serious lack of judgement, lack of brand sensitivity. They assumed that their customers were perfectly at ease with a third party seeing not just their gender and age, but every single website they had ever visited and the time of that visit. This is breaking about every retail taboo going and I hope they will re-think their attitude and adjust their terms and conditions accordingly.
Edward Snowden Changed It All
All that was on Wednesday 5th June. The EE drama in the Houses of Parliament were about to look like simply a prelude to a much bigger concerto of data protection eruptions. If I expected to have an easy rest of the week after the EE hearing, I couldn’t be more wrong. On the 7th of June hell broke loose over the Guardian’s revelations of UK gathering secret intelligence via GCHQ through the US-run Prism program. I will never forget the face of my Polish friend Tad, who came to UK to escape the Communist Orwellian state in 1981. Tad had, like many of us, this optimistic notion that UK was a law abiding government that observed the rules of spying better than our old Communist masters. The 7th June was not a good day for us. It appeared that notion was ‘fanciful’ to quote William Hague, the foreign secretary, who used that word in a very off-the-cuff response to questions as to why the UK government is spying on its own citizens.
The 9th June: Life is stranger than fiction and a couple of day later we were all scheduled to go to Open Rights Conference on the Strand in London, with Key Note speeches by John Perry Barlow, Tim Wu and Casper Bowden. We were interested in ORG on the grounds of data protection and privacy in the context of commercial abuse, by EE, Google, Facebook and numerous others new e-commerce start-ups, who had no understanding of the trust in commercial relationships in the shopping universe.
However, this was not how this conference was going to play out two days after Snowden’s explosive communications. I’m sure when the conference was initially organised, neither John Perry Barlow or Tim Wu had any inkling how crucial it was that they were both in London in that week. But in London they were and we were able to discuss aspects of the Electronic Frontier Foundation’s work on surveillance and data privacy field that were clearly going to be very useful on the home ground in UK.
John Perry Barlow was clearly shaken at the size of the NSA transgression, its depth and sheer lunacy of what we have learned about the day before about the global size of the US surveillance systems. Many a time during the conference I saw John Perry Barlow sitting in the corner, with his face buried deep in his hands. John and the Electronic Frontier Foundation were not as surprised as the rest of us at the facts (having fought legal battles since 2005 against many government interventions) but the scale of the actions of NSA made him realise that this one was different. We knew that nothing ever was going to be the same in the world of the online communications. All I could think about was Stasi Germany and the ‘files’ the Polish KGB kept.
The pre-prepared agenda of the ORG conference mostly went out of the window, with the majority of sessions, particularly by Caspar Bowden and Eric King (Privacy International) focused on understanding the legal aspects of US, UK and European data protection laws, which agency was breaking which law in which way and what can we do about it. However you looked at it though, it appeared clear that UK was complicit in the surveillance process, and we were going to spend many long months if not years unpicking the errors in the country’s legal system that has allowed Prism, Tempora and other, yet to emerge programs, to happen with full blessing of GCHQ.
The Effect of the Revelations
My take on the day was dismay and recognition, that my deep unease about the abuse of data protection and privacy by online giants, was right as it was symptomatic of a wider abuse of individual privacy, this time by the government. Following Cybersalon’s decision to fully focus on this issue, a few weeks later, when ORG was organising a Prism hearing at Houses of Parliament, Cybersalon representation went along again, hoping for some reintroduction of ethics and common sense to emerge from the proceedings. If only.
We were encouraged to see Caspar Bowden on the speakers’ list, as he is one of the key people who together with Bill Thompson, Wendy Grossman, Danny O’Brian and a few others kept an eye on the data privacy abuse developments for the last twenty years and documented the absurdities of changes in law that have landed us in today’s desperate situation. We were much less delighted to see only two MPs, Tom Watson and David Davies attending the session. It is very hard to imagine what else, on a near-holiday lazy summer afternoon in the House of Parliament could have been more important and more impactful on UK politics than the Prism and Tempora debate in Room 433, and what has kept all MPs away. The mind boggles, probably a debate on buy-to-let as our current crop of MPs seems to be deeply preoccupied with building their property empires. We will never know, but the bottom line was that the lack of interest from MPs communicated wide and clear that the GCHQ mission creep and overactive surveillance is not seen as an issue.
In fact, the MPs who were attending, were in a ‘fact-finding’ mode and could not offer much encouragement to anyone in the room in terms of political will to stop Prism anytime soon. In fact, it was pretty obvious that the concept of ‘metadata’ yet again was not clearly understood by the MPs and the oversight of the Prism process (if any) was done by people who could not comprehend the technical aspects of blanket surveillance and who were as much in the dark as we were in terms of on whose desk the buck would stop on that one. To a question from the audience regarding who had authorised the Prism budget, or what was signed off as a global surveillance system, the most likely answer was that the system was procured as a replacement for Hong Kong spy information system when the time came to roll back UK’s Asian operation. Perhaps that what happens when the empire shrinks, and brings home remains of the old cannons from the remote fields of the Raj. Perhaps Prism was one of those cannons…We are still awaiting exact information on how that procurement took place.
However, those are details, the big picture being how do we move forward on Prism. A few days later, I was listening to a report from a big meeting that Obama held (9.8.13) with the representatives of US Internet commercial giants. Dean Garfield, president and CEO of the Information Technology Industry Council (representing Apple, Google, Microsoft, Facebook and many more) was at pains to emphasize that the issues of data collection by the private sector and the issues of data collection for “government purposes” (sic) need to be kept separate. Following that, Trey Hodgkins, vice president of TechAmerica said that ‘there are two conversations here, the White House’s look at surveillance need not overlap with Internet companies’ data collection”. Clearly the tech industry would like to avoid those two themes coming back together too closely.
However, there are two issues here. The irony of the situation is not lost on the tech giants. If it was not for their insistence on breeching the taboos of data protection straight off the blocks in 1995, and assuming that opt-in is not in their vocabulary , we would not be having the blanket surveillance issue today. If it was not for the Internet commercial giants and deep belief that customers’ behaviour data belongs to the retailers or platform provider (Google, Facebook, Amazon), if it was not for their ‘data-holic’ (Morozov) behaviour since 1994, if it was not for their hysterical escalation of data-gathering arms race and VCs pouring millions into Hadoop, Claudera and Google’s natural language processing engine, Autonomy and others, developed for reading our emails, today we would not be in the PRISM/TEMPORA/RAGTIME-P/HeavenOnlyKnowsWhatOtherPrograms situation.
We would simply not have the tech to do any of that mass surveillance tools for storage and processing simply did not exist back in the early 90s. So sorry Google, Facebook, Apple and co, you are the reason why we are having the discussion in the House of Commons on the blanket surveillance. There is no separation of the issues of commercial and state driven personal data privacy abuse.
The US government, all by itself, even with all the NSA geeks paid double in pizzas and beer, would not be able to bring such incredible fast technological change to make any of this global spying for free (or nearly free) to fruition. DARPA managed to piece together TCP/IP, but since then it was all commercial companies pushing on with the new Big Data tech.
If you look at how cheap it is to gather-and-hold all the world’s phone conversations and turn them into fancy infographics (basically this is what all those spy systems do with some fancy frills around them for more detailed queries). This has to do with the fact that Google, Facebook, e-Bay, Amazon, Groupon and a few others pushed the boundaries of technology in their insatiable appetite for more and more data, sometimes with a reason (Amazon scaling up real-time Web page publishing) sometimes with no reason, just as a fishing expedition (Facebook’s EdgeRank) in case something turns out to be handy.
Can You Rebuild Trust?
What all those young start-up pizza-fed kids missed out so badly, as well as people around them who should know better like Sheryl Sandberg, is that as far as the brand perception is concerned, there are no channel-specific separate relationships for the trust in the brand. If I run Topshop on-line, and I leak Topshop customer data to an unauthorised third party (let’s say a cosmetic brand that would like to target Topshop buyers), the customer will feel their trust with Topshop main brand has been broken, as customers, in their heads, do not separate their trust in the online shop (that leaked their data), versus trust in the offline shop, versus the third party. The customer will blame the brand, in this case Topshop, and may never go to their shops again. So the risk is extremely high for the brand to try risky stuff around their data protection process. Trust takes a long time to build, but it is lost in a single misbehaviour, often never to come back again (remember the overnight demise of Ratner’s jewellery brand when the owner publicly admitted his product was ‘crap’).
Back to School
Many a time I have been hauled over the hot coals by Philip Green (the owner of Topshop) for some early ‘issues’ on privacy and general integrity of the Topshop online data protection. As he knew, and we eventually learned the hard way, for the customers the brand is seen holistically, as one, with just difference facia for different channels. You can ask Burberry, Topshop or Zara how their customers view online and off line and they all will tell you the same thing. We early e-commerce pioneers had to read Rempel (1985) on trust in relationships between humans to understand the cyberspace trust and shopping universe. We all had to read Muir (1989) on trust between humans and machines in the context of the computers systems. We all knew Zuboff (1988) and her work on computer-mediated trust by heart. I still could recite her ‘in the age of smart machine’ paragraphs on the importance of trust in human-computer interaction and how people build and lose trust in the system that hides behind a computer screen. The opaque nature of computers increases sensitivity to trust, so the customers are even more prone to react adversely when something is wrong than in non-computer-mediated shopping.
We read it all as we needed to understand what was going on in the customers’ heads, and what room for error we had, considering the early e-commerce systems were wobbly, the logistics very unreliable and data protection weak (the EU fixed this soon afterwards). It appears that those titles and references have been removed from the Amazon, Google, Facebook and Twitter employees’ reading list. A back to school program is badly needed for all of them, with an ethics course on top (Stanford University is the biggest culprit of them all on that one, considering they are nearly the sole producer of key engineering talent in the Valley).
This bring us to the second problem with Dean Garfield from Obama’s meeting and his absurd insistence that somehow there are two types of privacy. One in relation to commercial companies abusing users’ privacy, like Facebook, and the other in relation to the government, the State’s blanket surveillance by the NSA and GCHQ.
The Internet is accessed via machines. It may be a smartphone, it may be a PC, it may be a tablet. The nature of trust, as Rempel and later Muir describe it, it assumes that the service provider has good faith, that he means well and has the well-being of the customer or user in their heart. Without that assumption there cannot be trust and there cannot be forgiveness if something goes wrong. As with Topshop online and off line, the customer assumes that the brand has good faith, and therefore was able to ‘forgive me’ through our early online data privacy hiccups as they were not ‘chronic’ but clearly accidental. A mishap and a leak might have occurred, but it was quickly fixed and the reliability of customers’ data protection would come back to form a basis of a solid trust relationship.
In addition, the brand as a whole was seen as having good faith and having the well-being of the customer’s data as a priority. If a ‘chronic’ fault occurred and a breach of relationship happened, the stability and predictability of the brand/system would be compromised and customers would be lost pronto. The users don’t like complexity, and they don’t process complex close relationships well. They are super sensitive to breach of confidence and do not forgive and forget.So it strengthens the brand if each of the channels are predictable, stable and dependable over time as trust is a dynamic concept (and can be analysed well using time series analysis to predict trust ratings over time in response to issues like data privacy abuse).
I Lose Trust in the Internet As a Whole
This needs to be understood in the context of Royal Mail. We know that letters are on the whole safe, and if one or two occasionally get lost we know it is a one-off and we can forgive, move on and send another letter. We trust the system of Royal Mail, we have relationship with the brand, not each particular postman. Same with the Internet, where the trust relationship of the individual in his online actions, has developed with the medium. For better or for worse, the separate pure play products like Google Search, social networks like Snap, or Facebook, the auction platforms like e-Bay, the shops like Amazon, are just facets of that relationship. They are experienced via a system, a network, with a brand called The Internet. If one of the shops or social networks does badly and abuses privacy consistently, all the others look bad as they are perceived as part of the same system (morally as well as technically). If the government loses their moral compass and abuses the privacy of people online but blanket surveillance, all the other products falling under this brand look bad as they are perceived as part of the same system, same ‘brand’.
The way people deal with trust in any multi-faceted, multi-channel, multi-product brand requires a single entity that manages all the channels, and is the partner on the other end of the screen. If Facebook abuses my trust by using more and more of my data without asking me for permission, I lose trust in it. The latest instalment was implementing facial recognition across the site without asking users and using the name of your friends to unwittingly endorsing random brand on your Timeline. This affects and undermines the trust in any other product that I use over the same medium, The Internet. Whatever I see on the screen, I judge the same way. It is all coming via the network called The Internet, thanks to the State and commercial tech giants’ lack of understanding that they are using the same medium, and trading on the same trust currency.
If governments abuse my trust as they use my online data without my permission and without a warrant, this is the same conversation about me and The Internet, the same privacy issue as with Facebook. I have only one privacy, only one set of surfing data that I generate, only one identity to protect and only one set of behaviours for them all to gather, process, analyse and spit out as a shopping page or a spy infographics. I don’t live two lives on line, one for the government to feed Prism with, and one for Facebook to log into their EdgeRank algorithm. Therefore my computer-mediated trust is with the one body only, with the system that makes The Internet. If it does not protect me, I will go dark.
Dean Garfield and Trey Hodgkins have some catching up to do in their understanding of trust and behaviour patterns in computer-mediated systems, as well as customers’ brand trust in multi-channel brand interactions.
What If I Go Dark?
Taking the above into consideration, how do we progress the situation? Does it matter if I go ‘dark’? Does it matter if I withdraw my data from the pool or create ‘avatars’ and assume so many ‘buying’ and surfing personas that the agents lose the track of me? The answer unfortunately is that yes, it does. Unfortunately I have to disagree with excellent essay by Morozov who suggested that we should break-up out Information Consumerism and move to use encryption.
What is being lost in the middle of the ongoing issue with surveillance, is the fact that encryption will narrow down our groups of contacts due to sheer logistics of encryption implementation will also lose people as every day more and more people who can’t or won’t encrypt lose trust in The Internet and start looking at withdrawing their data from the system. That would be fine, if we did not need the data for anything apart from shopping.
However, we are on the verge of getting our hands on pretty useful systems that can help us to deal with global warming (by managing transport in cities better), that can help to optimise the use of water in dry periods, that can help to steer cyclists safely through the risky journeys in a busy or help you to earn rewards for using biking or walking where possible. See our report on the Future High St.
We could direct you to free parking spots, we could help you minimise your cruising around the town in circles, emitting unnecessary toxic fumes. Remember more accidents happen while trying to find out a free car park space than in the evening at the pub closing time. But we will not be able to do any of it if people stop trusting The Internet and take their data into the ‘dark net’. Trust is cheaper than distrust, personal data is a necessary component of ‘Smart Cities’ if we want to progress and keep getting benefits from what was build thus far. It is not very clever now to let it slip just because NSA and Google suffer from spy mission creep and their insatiable hunger for more and more data is upsetting people daily. Their intellectual and ethical limitations, their ‘dataholics’ addictions, their childish short-termism, their lack of basic on-line community manners (netiquette, remember that?) should not stop us from using The Internet for the right stuff. David Lyon, one of the most respected intellectual contributors to surveillance debate noted the potential to flourishing of humanity on social media, the potential for ‘social grooming’ (Zeynep Tufekci) and other wonderful upsides of this amazing network born out of the guts of the US army. We should remember that and seek solutions and seek them fast.
There have been a lot of calls for people to wake up from their Information Consumerism stupor and just stop using ‘free’ (but paid by your personal behaviour data) online products like Facebook, Twitter or Google email (Morozov). This is a possible scenario, but it will take a long time and a lot of education on how to function without free online products and with encryption.
Others commented that end-to-end encryption is simply technically and logistically impossible and therefore we need to focus on the political process instead (Wessel van Rensburg). Again this is possible, but considering total acceptance by the average American that spying on foreigners is perfectly fine (Pew Research), and total lack of any personal data protection in the commercial land in US, I don’t expect to see much change in US legislation that may help us in Europe.
Bearing in mind that American data protection has always been practically non-existent (see differences between EU opt-in for direct marketing and American do- what-you-like as catalogue companies always had a free run in US). We have different base lines for the privacy protection conversation.
There is nothing like a cross-cultural difference that is a conversation stopper when it comes to unifying law (take the abhorrence of the death penalty in modern Germany, as compared to Texas). Americans also have a shockingly short memory of recent events in their history like McCarthyism (which led to the questioning of 10-year old Shirley Temple as well as other harmless Hollywood personas) or persecution of Martin Luther King and his campaigners. All these were related to personal data protection and the government’s abuse of it, but that is theirs to debate internally and perhaps they will one day.
Therefore the closest to near-term solutions appear to be encryption models, but not resting at the user end but at the browser. It is the recent idea of Internet Engineering Task Force (www.ieft.org), to introduce encryption into the heart of the web. Mark Nottingham, who chairs the working group on HTTP, a data access protocol underpinning the web commented that a cypher-shield protecting communication between websites and browsers should be developed including an encryption layer. It is based on secure communications that retail like Amazon and the banks use to protect customers across the web. Early days, but those are some areas to explore, as would be customer-friendly but discouraging surveillance.
IETF is an usually quiet, geeky bunch, dealing mainly with the low-profile but vital issues of optimising routers and improving technical platform standards. However, after their recent meet-up in Berlin, they commented that the outrage at Prism/Tempora and Snowden’s revelation have completely changed perspectives on what technology we need the ensure that The Internet as a brand can recover the trust of its users. They want to see how they can bring ‘netiquette’ back using technology of encryption. We need a solution to show that the faults and privacy breaks were not ‘chronic’ but ‘transient’, by some rogue elements of the US and UK governments, like teenage social network’s bosses, like data-holic large new online retail companies overstepped their mark, but that they can all be brought back to heel.
It would be delightful if the EU managed to get the new, tougher data protection law through the European Parliament in October 2013, and if Neelie Kroes manage to get some political enforcement of privacy protection going in Europe. But after looking at the insidious power of the American lobby in Brussels and their astroturfing, I somehow would not see political process as a short-term solution. No doubt Neelie and the Germans (and their call for telecoms to be regulated in EU, preferably by the German center) are looking at the correct solutions, for consumer opt-in, for the right to delete. With the recent American ‘verbal’ only agreement that they will not spy on the Germans, and the revelations that Chancellor Merkel was under NSA surveillance for over 10 years I think it is only realistic to acknowledge that we are in it for a long haul and have to get UK out of this mess ourselves.
As we stand, it appears that the best way to move forward with personal data protection is to solve it technically first, while pushing for the political process at the same time. Till the day when blanket surveillance will be pushed back, we should support the development of a cypher-shield by the crypto-geeks from IEEE and get it done fast, pilot and improve. We need to consider as soon as practical bringing hosting from the US cloud (i.e. US-based servers), to EU cloud (EU based servers, probably in Germany as highest awareness of the surveillance issues). It will be in everybody’s interest to get over that sorry episode and treat is as a transient fault.
We took The Internet out of Universities only in 1994, not even 20 years has passed yet since I co-founded the world’s first Internet Café Cyberia. Therefore the Net is still a toddler and we all need to keep learning how to look after it and sustain trust in the system for the long term interests of all of us, as digital citizens, as digital consumers. The US Army might have paid for the original concept, the evidence is clear for all to see, we acknowledge that. But it was paid by taxpayers’ funds, as many other inventions US Army came out with, that then made their way to the mainstream without any strings attached (nobody will ask you for your personal data just to use the night vision glasses, another well known US Army invention). Taxpayers paid for it so NSA needs to let go, The Internet does not owe anything to DARPA , as the American people paid for it from their taxes many decades ago. No doubt they will take a view on continuing their payment for NSA salaries for the blanket surveillance work carried out today.
Time for the NSA to let go as we all can see the value of civilian Internet for a better future. The UK has shifted the government narrative on the blanket surveillance in pubs: “The public deserves to have a pint in peace in a community pub without being snooped on” said Brandon Lewis, Communities Minister overruling a previous requirement for pubs to have CCTV in order to get a licence (15th June 2013). We want to see the government in UK expanding that understanding to The Internet . We need to re-build the trust that we can send an email in peace as a basic tenet of the global community starting from a local, known and knowable data holding partner who accepts the same set of values on privacy as the consumers. There is only one personal privacy, there only one Internet and there is only one chance to get it right for the benefit of us all.
To help to get the privacy back, join the Cybersalon mailing list for the campaign for Bring Net-Trust Back and support the debate by coming to our Surveillance and Privacy on 29th October. We can’t promise you quick fix but we can provide a great pizza, which is, after all is what the Internet is made of.