Drilling for Data

The Monthly (Australia) - - CONTENTS - Com­ment by Scott Lud­lam

That bun­dle of pri­vacy pol­icy up­dates that sud­denly clagged up your in­box a few weeks back? The pop-ups that need your con­sent be­fore you can visit some web­site or other? These are the flot­sam bob­bing around in the shock­waves from what just hap­pened in the Euro­pean Union. A six-year cam­paign to make the in­ter­net a safer and less preda­tory place closed out on May 25, and the con­se­quences are now start­ing to sink in. It is a rare and im­por­tant piece of good news. In the five years since Ed­ward Snow­den first be­came a house­hold name, there has been pre­cious lit­tle of that. In Aus­tralia, we got manda­tory data re­ten­tion laws, re­lent­less ex­pan­sions of sur­veil­lance state ca­pa­bil­i­ties, and an ag­glom­er­a­tion of un­ac­count­able power in the hands of a home af­fairs min­is­ter whom most peo­ple wouldn’t trust to mind their dog. Even now, the gov­ern­ment is flirt­ing with a bill to un­der­mine the en­cryp­tion stan­dards that un­der­pin most pri­vate com­mu­ni­ca­tions and all fi­nan­cial trans­ac­tions. As the prime min­is­ter would have it, “The laws of math­e­mat­ics are very com­mend­able, but the only law that ap­plies in Aus­tralia is the law of Aus­tralia.” So when ac­tivists and leg­is­la­tors pull off an al­most con­ti­nent-wide push­back against full-blown global sur­veil­lance cap­i­tal­ism, it’s worth tak­ing no­tice. Some­times, we can win. It is now fairly com­mon­place to see the phrase “data is the new oil” splat­tered on Pow­erPoint slides and news head­lines, as though that’s a good thing. The phrase is more apt than its pro­po­nents might like to ac­knowl­edge. It im­plies ex­trac­tion and ex­ploita­tion (true), con­cen­trated ben­e­fit and widely distributed harm (true), and huge public risks that be­come ap­par­ent only after the in­dus­try has amassed enor­mous po­lit­i­cal and eco­nomic power (also true). So, for the mo­ment, let’s go with it. Fine-grained de­tails of our re­la­tion­ships, pur­chas­ing habits, phys­i­cal lo­ca­tions and med­i­cal his­to­ries – some of the most in­ti­mate mo­ments of our lives – are seen by these in­dus­tries as a kind of ex­tractible com­mod­ity to be drilled, re­fined and sold. If that doesn’t creep you out just a lit­tle, it gets worse, be­cause the fur­ther as­sump­tion is that you don’t own this in­for­ma­tion, the drilling com­pa­nies do. And every time we click our as­sent to one of those in­com­pre­hen­si­ble 500-page “user agree­ments”, we ce­ment that as­sump­tion. States ob­vi­ously find these huge pools of data ir­re­sistible. One of the early strik­ing rev­e­la­tions of the Snow­den dis­clo­sures was that in ad­di­tion to tap­ping the in­ter­net’s phys­i­cal hard­ware – the routers, satel­lites and un­der­sea ca­bles – Western sig­nals in­tel­li­gence agen­cies had in­stalled PRISM “back­doors” in the ar­chives of the tech com­pa­nies re­spon­si­ble for much of the pri­mary data drilling. There are equally dis­qui­et­ing ex­am­ples of var­i­ous ac­tors sys­tem­at­i­cally poi­son­ing these in­for­ma­tion wells, for the pur­poses of in­flu­enc­ing public de­bates or tilt­ing elec­tions.

In Shen­zhen, the fa­cial recog­ni­tion network can now recog­nise jay­walk­ers, and beam them and their names onto gi­ant screens in real time.

We don’t have to look to science fic­tion to con­tem­plate what hap­pens when these tools are turned, with­out res­traint, against or­di­nary peo­ple. Right now, one fifth of the world’s pop­u­la­tion is locked be­hind the great fire­wall of China, sub­jected to sat­u­ra­tion cen­sor­ship and opin­ion mon­i­tor­ing. With­out ques­tion this re­quires the abo­li­tion of any quaint no­tions of pri­vacy. Late one night in Bei­jing, I joined the queue out­side a se­cu­rity post to be al­lowed into the fore­court of the For­bid­den City, over the road from the haunted ex­panse of Tianan­men Square. Not be­ing in pos­ses­sion of an ID card, I was pulled aside after go­ing through the scan­ner for a pass­port check, and, while wait­ing, I got a user’s-eye view of the sys­tem I’d just passed through. Ghostly squares set­tled across the faces of those shuf­fling through the metal de­tec­tor, and one by one they were as­signed an iden­tity, names and num­bers scrolling past on an ad­ja­cent mon­i­tor. In the south­ern in­dus­trial cap­i­tal of Shen­zhen, the fa­cial recog­ni­tion network can now recog­nise jay­walk­ers, and beam them and their names onto gi­ant screens in real time. Even­tu­ally, the same sys­tem will be able to send you an ag­gres­sive mes­sage via your so­cial me­dia apps and is­sue an on-the-spot fine. In the restive au­ton­o­mous re­gion of Xin­jiang, we can see the full mea­sure of why Snow­den re­ferred to sur­veil­lance tech­nolo­gies as weapons. In a place where peo­ple are rated as “safe”, “av­er­age” or “un­safe” de­pend­ing on their re­li­gion, eth­nic­ity or “so­cial sta­bil­ity sit­u­a­tion”, of­fi­cials are col­lect­ing a wealth of bio­met­ric data, in­clud­ing

“Sur­veil­lance is not about know­ing your se­crets, but about man­ag­ing pop­u­la­tions, man­ag­ing peo­ple.”

pic­tures, finger­prints, blood type, iris scans and DNA. The re­gion is now a lab­o­ra­tory for sat­u­ra­tion sur­veil­lance, oper­at­ing as a high-tech­nol­ogy front-end to much older forms of co­er­cion and state vi­o­lence. Rus­sia, that other hu­man rights strong­hold, has in­stalled a fa­cial recog­ni­tion sys­tem to weld most of Moscow’s 170,000 cam­eras into a sin­gle, un­blink­ing digital eye. “We needed an ar­ti­fi­cial in­tel­li­gence to help find what we are look­ing for,” Moscow’s IT depart­men­tal head said re­as­sur­ingly in 2017. Xin­jiang and Moscow are a long way from Can­berra, but ask your­self, and be hon­est, whether you be­lieve that there aren’t peo­ple within Peter Dut­ton’s sprawl­ing home af­fairs de­part­ment who wouldn’t cheer­fully roll out this tech­nol­ogy across the whole Aus­tralian pop­u­la­tion. With strin­gent Aussie checks and bal­ances, nat­u­rally. There’s no need to guess, be­cause we al­ready have a pretty good idea. The core of the Aus­tralian sys­tem is re­ferred to as the “Na­tional Fa­cial Bio­met­ric Match­ing Ca­pa­bil­ity”, or just “The Ca­pa­bil­ity” if you pre­fer to keep your dystopian de­scrip­tors con­cise. At present, it is de­signed to pro­vide seam­less cross-match­ing be­tween ex­ist­ing state, ter­ri­tory and fed­eral hold­ings of bio­met­ric data con­tained in driver’s li­cences and pass­ports. At present, we are asked to be­lieve, by peo­ple who may even be­lieve it them­selves, that this sys­tem will never be patched into the mesh of CCTV cam­eras pro­lif­er­at­ing across the coun­try, and never be pe­rused by AI in real time to bring sus­pected wrong­do­ers to the car­ing at­ten­tion of Bor­der Force, or the tax of­fice, or Cen­tre­link. Or, pre­sum­ably, to the at­ten­tion of mil­i­tary in­tel­li­gence agen­cies. Months of quiet be­hind-the-scenes prepa­ra­tion were abruptly forced out into the sun­light in March when a memo from Aus­tralian Sig­nals Di­rec­torate head Mike Burgess, seek­ing to “bet­ter sup­port a range of Home Af­fairs pri­or­i­ties”, was leaked. The ASD, as the Aus­tralian “Eye” of the Five Eyes sur­veil­lance network, is pro­hib­ited, on pa­per at least, from spy­ing on Aus­tralians. The leaked let­ter, since re­pu­di­ated by ev­ery­one ex­cept Peter Dut­ton, pro­posed abol­ish­ing that thresh­old and for­mal­is­ing the abil­ity of the ASD to en­gage in war­rant­less sur­veil­lance on the Aus­tralian pop­u­la­tion. As a gen­eral rule, these “in­no­va­tions” are rolled out step­wise, rather than all at once, prefer­ably in the wake of some ap­palling at­tack or se­cu­rity near-miss in or­der to spook a suf­fi­cient par­lia­men­tary ma­jor­ity into grant­ing them pas­sage. That’s the Aus­tralian tem­plate, any­way: ob­jec­tively un­true as­sur­ances that Aus­tralia’s spy agen­cies op­er­ate un­der “a regime of strict par­lia­men­tary over­sight” com­bined with a one-way leg­isla­tive ratchet grant­ing them ever-more in­tru­sive pow­ers. There are other tem­plates, how­ever, and our Euro­pean col­leagues just wrote a brand new one. “The GDPR strength­ens ex­ist­ing rights, pro­vides for new rights and gives cit­i­zens more con­trol over their per­sonal data,” the bills page on the EU web­site dryly notes. GDPR: that’s the Gen­eral Data Pro­tec­tion Reg­u­la­tion to you and me, and it’s the rea­son we’re be­ing sent all those emails. It goes some dis­tance to­wards giv­ing own­er­ship and con­trol of your per­sonal data back to you. It is the brain­child of pri­vacy cam­paigner Ralf Ben­drath; for­mer Euro­pean Com­mis­sioner for Jus­tice, Fun­da­men­tal Rights and Cit­i­zen­ship Vi­viane Red­ing; and Ger­man Greens MEP Jan Philipp Albrecht. The story of their half-decade cam­paign to get the new law over the line is the sub­ject of a re­cent doc­u­men­tary whose ti­tle trans­lates as “In­side the Noise of Data”. “Sur­veil­lance is not about know­ing your se­crets, but about man­ag­ing pop­u­la­tions, man­ag­ing peo­ple,” ar­gues the Panop­tykon Foun­da­tion’s Katarzyna Szymielewicz in the film. For Albrecht, fight­ing up­stream in early 2013 amid a swamp of in­dus­try lob­by­ists push­ing for 4000 hos­tile amend­ments, the Snow­den rev­e­la­tions landed like a bomb­shell. Just as Snow­den had hoped, trans­parency changed the game. “Peo­ple say noth­ing has changed: that there is still mass sur­veil­lance. That is not how you mea­sure change. Look back be­fore 2013 and look at what has hap­pened since. Ev­ery­thing changed,” Snow­den told The Guardian on the fifth an­niver­sary of his ex­tra­or­di­nary dis­clo­sures. As of May 25, 2018, if you col­lect in­for­ma­tion on cit­i­zens of the Euro­pean Union, you’re obliged to tell peo­ple what you’re go­ing to do with it. You’re obliged to only col­lect the min­i­mum that you re­quire in or­der to do what­ever it is you’re do­ing. You’re obliged to no­tify peo­ple if your web­site is loaded up with com­mer­cial spy­ware. And so it goes. In one highly in­struc­tive ex­am­ple, USA To­day de­cided that it would be eas­ier to de­sign a spe­cial Europe-only ver­sion of its web­site rather than bring its main site into com­pli­ance with the GDPR. Aus­trian de­vel­oper Mar­cel Frein­bich­ler help­fully com­pared the size of the reg­u­lar page for a US au­di­ence and the GDPR-com­pli­ant page. The lat­ter is de­signed to “not col­lect per­son­ally iden­ti­fi­able in­for­ma­tion or per­sis­tent iden­ti­fiers from, de­liver a per­son­al­ized ex­pe­ri­ence to, or oth­er­wise track or mon­i­tor per­sons rea­son­ably iden­ti­fied as vis­it­ing our Site from the Euro­pean Union”. You get the pic­ture. As it turned out, the com­pli­ant page re­quired less than 10 per cent of the band­width of the one bloated with unasked-for track­ing de­vices. The GDPR is a long way from per­fect, as even its ar­chi­tects ac­knowl­edge. De­spite the huge fines that can ac­crue for com­pa­nies in breach, it will only be as good as those tasked with en­forc­ing it. There is also a very de­lib­er­ate carve-out for polic­ing and na­tional se­cu­rity agen­cies, which will be gov­erned by a rather more am­bigu­ous stan­dard.

But credit firmly where it’s due. The GDPR is a tes­ta­ment to the de­gree by which strong civil so­ci­ety ad­vo­cacy within an ex­ist­ing le­gal rights frame­work can em­power com­mit­ted leg­is­la­tors to change the law, and thus the world. If they can do it in Europe, is there any rea­son why we can’t do it in Aus­tralia? At first glance, it doesn’t seem promis­ing. After all, our cur­rent base­line is the Of­fice of the Aus­tralian In­for­ma­tion Com­mis­sioner’s grotesque rul­ing that for­mer hu­man ser­vices min­is­ter Alan Tudge was jus­ti­fied in leak­ing the pri­vate de­tails of writer Andie Fox to a jour­nal­ist, in or­der to pro­cure a hos­tile story about some­one who had dared to raise a public cri­tique of the gov­ern­ment’s “ro­bodebt” dis­as­ter.

If they can do it in Europe, is there any rea­son why we can’t do it in Aus­tralia?

In fact, there’s no rea­son why we can’t turn the tide here too. We don’t have a sweep­ing manda­tory in­ter­net fil­ter in Aus­tralia, be­cause of suc­cess­ful po­lit­i­cal op­po­si­tion. Nor do we have mass pros­e­cu­tions for mi­nor copy­right vi­o­la­tions, and, for the time be­ing, even the La­bor Party has baulked at the prospect of giv­ing mil­i­tary in­tel­li­gence agen­cies war­rant­less sur­veil­lance pow­ers over Aus­tralians. “The in­ter­net may seem like the last fron­tier of a hu­man rights bat­tle that is in­creas­ingly hard to win,” says Tim Sin­gle­ton Nor­ton, chair of the Aus­tralian ad­vo­cacy network Digital Rights Watch, “but it is also where you will wit­ness the most cre­ative, the most en­gaged, and the most ded­i­cated de­fend­ers prac­tise their art.” His op­ti­mism comes in the wake of the or­gan­i­sa­tion’s State of Digital Rights re­port, which sets out a uni­fy­ing set of rec­om­men­da­tions and di­rec­tions for Aus­tralian cam­paign­ers in the wake of the GDPR. The in­ter­net, it is worth re­mem­ber­ing, is not some fric­tion­less post-ma­te­rial medium un­moored from the rest of the world. Nor are our pri­vate lives just some com­mod­ity to be sucked out of the ground and sold to ad­ver­tis­ers. The in­ter­net is en­tirely a crea­ture of en­gi­neer­ing, power and cap­i­tal, and there is no rea­son why we can’t win fights for jus­tice and democrati­sa­tion on­line, just as we do ev­ery­where else. The fights won’t be easy, as those who spent years ad­vanc­ing the GDPR dis­cov­ered. We’ll know we’re on the right track when we get a batch of cheer­ful spam from Aus­tralian ser­vice providers, an­nounc­ing our next wins. M

Newspapers in English

Newspapers from Australia

© PressReader. All rights reserved.