Re-establishing boundaries

“A democratic state perishes if the rule of law is undermined by wealthy and unscrupulous men, and that the citizens acquire power and authority in all state affairs due ‘to the strength of the laws’.”
Demosthenes

Back in the 1700s, corporations expanded into the space created by similar extensions of national sovereignty. Companies such as the East India Company, acting under license from the Queen of the United Kingdom, essentially consisted of tradespeople identifying, and exploiting the areas of massive potential difference created by Western expansionism. In the Great British case the founders, including one Samuel Pepys, became very rich indeed — he was worth £6600 in 1660, roughly1 £450,000 in today’s money. Known as ‘mercantilism’, the model2 was based the principle of accumulating as much gold and silver — hard currency — as possible, by a nation exporting more goods than it imported. England saw its colonies as a great market for finished goods, while it permitted colonists to export only raw materials. As a result, there was always a shortage of money in the colonies.” This age of naive exploitation, aptly termed the enlightenment, also saw the origins of global finance, The first banks came about in response, to support the explosion of international trade, the monies created by which catalysed both the American, and the industrial revolutions. In the former case, tea and slavery pushed the country over the edge.

Is the situation all that different today? Tech corporations thrive by exploiting potential differences, blithely ignorant of structures that have come before. What was once prohibitively expensive can become, quite literally, as cheap as chips — in six, twelve, eighteen months’ time a whole number of goods, services and consequences will become predictably possible and affordable. There’s no grand plan here — more that in the brainstorm we call the technological revolution, the one out of a hundred startups that succeeds will have found a highly exploitable source of such, potential which waits like flood waters. It doesn’t take much for the riverbanks to break and when they do, they are nigh impossible to replace. New corporations have emerged very quickly by exploiting relatively simple, yet profoundly lucrative changes in potential difference. Essentially they have short circuited the past, drawing energy across their own circuitry. Mark Zuckerberg happened to be in the right place at the right time. He created a short circuit between two established circuits, and diverted the energy into his own circuitry. It’s a basic rule of entrepreneurship - find the gap and exploit it.

Of course, new companies today are so much cooler than back in the age of enlightenment. They have pizza and beer in the fridge, ping pong tables, brightly coloured bean bags, free lunches and staffers generally looking thrilled to be there. But such organisations have their dark sides — back then the dark side was slavery and drugs; today, the dark side is exploitation of the populace and unthinking abuse of privacy. Media organisations are also exploiting the differences in potential, this time of knowledge. They know that there is money to be made and power to be won by controlling the channels of communication, as they look to do — from ClearChannel to Rupert Murdoch’s Fox corporation.

Both ages share a blithe naivete: whatever the ‘do no evil’ mantras preached as corporations start their journeys towards corporate glory, an essential amorality pervades throughout business. Many upstarts have decided the best approach is not to care about potential ramifications, to cross that bridge when you get to it. Organisations are playing with the rules, in order to grow their respective businesses: petition sites are no different in this respect to the reputed bad guys such as Facebook or Google.

This is not necessarily wrong — to try otherwise would create a set of barriers which no tech-based company could overcome. But left unchecked, corporations will gain too much power. Keep in mind that ultimately, corporations are little more than collectives of people, acting as tribes. Many have said so - it’s why the idea number of people working in an organisation is 20. Does this change when virtual worlds come in? Not really. The number is still 20, according to London Business School experts. What about public organisations? Still the body corporate. Technology is creating a global ecosystem of interlinked, technology-enabled villages, with the resulting impact on national boundaries (some relatively recent3). So, what governance needs to be in place? Perhaps we can get our first lesson from history.

What a world it was before. Incredible it may seem but it’s only a matter of a few hundred years since roads were made safe. Even as Britannia was looking to rule the waves, it was still dangerous to go from one town to another. Trade routes were regularly patrolled, but this left numerous gaps for bandits and thieves to exploit, in Britain, across Europe and indeed, the USA where few wagon trains would consider travelling without outriders. In continental Europe it was Napoleon, despite (or perhaps because) of his despotism, who replaced the inconsistent militias with a network of organised armies and policing services, a model which was replicated elsewhere. By making it safe to travel from Genoa to Vienna, from Oslo to Dublin, not only could trade flourish but also the arts, as musicians and other performers could reach beyond their traditional stamping grounds, yielding the wide variety of services and intermediaries — booking agents, touring performances and even mail order — that we know today.

We can apply much the same principles to the information superhighways, as liable to being assaulted as were our treasure chests of old. The villages of the virtual world are massively dispersed in physical terms, making them utterly reliant on conduits, cables and other communications paraphernalia. While this needs to be protected, in the same way as roads and tracks, such channels also need to be kept as open as possible — any limitations (such as unfair costs or prioritisation mechanisms) are going to restrict data movement and, therefore, progress. This net neutrality4 principle has thus far been maintained across the Internet, despite the efforts of some tom make it otherwise. And it needs to remain so.

Another lesson we can learn from history is the necessity to build in personal rights. Our worst abuses of power, left unchecked to horrific consequences, led to the creation of the international convention on human rights — a very simply phrased, succinct document which set out what was unacceptable in how we act to one another. Interestingly, even as corporations are looking to do what they can while the jury is out, they nonetheless recognise that any abuse of fundamental rights would be bad for business. Post-Snowden and as with the past, trading companies are investing in their own futures by wanting to put the customer first. It’s not hard to be cynical about the move by eight companies — Microsoft, Facebook, Google, Yahoo, Twitter and so on — to seek better regulation from the US government regarding whether the latter can access personal data, but the logic is clear: these guys are in the information game, where the user is the product and real customers pay for access to eye balls. It doesn’t help that governments themselves are abusers. The authorities have shown5 themselves to be playing the same game, as examples such as the rushed-through DRIPA in the UK show. So the day that Mark Zuckerberg became a privacy advocate is not also the one which the lion lay down with the lamb, but rather he, and all such firms are worried about losing their user base.

Despite such good intentions, we also need to recognise that the playing field is global. Just as in the empire-building past, geographic boundaries are not a priority for companies looking to trade internationally, or indeed governments looking to achieve their own goals. The Stuxnet attack wasn’t illegal — international law doesn’t currently have a line about it, as attempts by the US government to sue China, have shown. And it carries on - consider Narilam⁠, which was designed to damage databases in Iran. Or Duqu⁠6.The EU case against the US did result in a conviction, but no particular consequences have emerged. National borders are of no consequence to data: consider, for example, how the IP address of ‘UK-based’ online campaign site Avaaz.org terminates at a New York data centre facility. As is 38signals.co.uk using another US-based hosting company (this makes more sense when the search also turns up the company is using the same agency as Barack Obama’s campaign). If the tools we use for exercising our democratic rights are outside our own jurisdictions, is that a good or a bad thing? Who can say?

And as for sharing economy businesses such as AirBnB or Uber, the traditional concept of the national jurisdiction goes away. Even as individual nations seek to legislate, they are playing a gloriously convoluted game of splat the rat with startups of every shape and size.

Not that attempts haven’t been made to legislate. Sweden is reputed to be the first country to advocate freedom of information, for example, through its passing of laws7 on Freedom of the Press in 1766 which advocated8 access to government documents. The Universal Declaration on Human Rights, adopted in 1948, incorporated the right “to seek, receive and impart information and ideas through any media and regardless of frontiers” — though it didn’t place any requirement on governments to reveal it. This would wait until 1966, when the US Freedom of Information Act was ratified. Thirty years later, amendments were added to incorporate Electronic data. Today, some hundred9 countries have freedom of information enshrined in law.

The UK Data Protection Act (DPA) was introduced, appropriately enough, in 1984 (George Orwell would be proud), a year after a similar law in Germany. No significant event led to the creation of these laws, other than a sudden realisation (in Germany’s case, following a computer-based census) just how vulnerable the data, and hence citizens would be if no legislation was in place. Similar laws were rolled out across Europe, and indeed globally10, in the 80’s and 90’s. New legislation is coming on in certain jurisdictions, such as the “Genetic discrimination act” in the US. And in parallel with draft bills being prepared in a number of its member countries, the international Organisation for Economic Cooperation and Development (OECD) formulated its data protection guidelines11 in 1980 — the “OEDC Guidelines on the Protection of Privacy and Transborder Flows of Personal Data.”

But the legislation is all a bit rubbish. Consider, for example, the UK introduction of the pan-European cookie directive in 2014, devised with the intent to protect the privacy of Internet users (aka: just about everybody). Just before it came into force however, the Information Commissioner's Office (ICO) made a small, yet profound tweak - to move from the requirement for explicit, to implied consent for cookies on websites. 

This essentially rendered the action completely useless. The 'implied consent' statement gives web site owners carte blanche to adopt an "our club, our rules" attitude. "Your use of the site is seen as acceptance of our policy" or "We use cookies. If you're OK with this, click here to hide this message" are not actually choices, merely devices that require acceptance. As things stand, most implementations consider no distinction between cookies help users navigate a site, and those used for marketing. In many cases the only option is on/off, which is a bit tragic given that, indeed, some cookies are essential for site use. The ultimate irony is that a user's cookie privacy preferences have to be stored somewhere. Where? A cookie, of course, without which the punter is forced to answer the same question every time they return to the site. Ultimately, the focus on the cookie is, essentially, shooting the messenger, regardless of what the message contains. (Capabilities such as "Do Not Track" offer a much better starting point for a response as they enable consumers to deal with the question directly. But that isn’t important right now.)

Even most recent efforts to legislate fall short. June 2015 saw the approval of the draft EC Data Protection law. With luck it may be ratified by the end of this year, to much applause from the ramparts of Brussels and relief from the general populace. Its associated handbook is well thought through and considered, based on real world cases, tested in court, which go to the nub of issues such as balancing protection with personal privacy. Such as the suicide attempt thwarted through the use of CCTV (a good thing), but then the footage being released to the media (a bad thing). Indeed, the law is pretty comprehensive, with a fair amount of recourse should things go wrong - the right to be forgotten, for example, i.e. for data to be removed from particular databases.

The right to be forgotten is also an impossible sham, largely because it singles out one right above all others. And data doesn’t care. While you might be able to ask for your own data to be removed from a data set, you couldn’t ask the same about data relating to the soil in the field next to your garden. This is the real danger caused by aggregation - that it is possible to operate entirely in the shadows cast by the context of human behaviour, without treading on the toes of anyone’s ‘personal’ information. Equally, the draft law is structured on the basis of an exclusionary, “if in doubt, take it out” model — this doesn’t resolve the potential for prejudice caused by the absence of a necessary piece of data, or even an entire data set. We may need a “right to be remembered” in some cases, with an inclusive response to an inaccurate ‘insight’.

These are, clearly, early days. Governance needs legislation, which is currently a bit of a mess. Lawmaking has not caught up with progress. Legislators continue to be taxed by the duality of challenges between making both government data transparent, and keeping personal data private.

Governance essentially needs to deliver on two counts: first, to not abuse the relationship with, and between the world’s citizens; and second, to pay its taxes. It is currently failing on both. If I was a conspiracy theorist I would say political turmoil is playing into the hands of the corporations. Just as back in the 1700s, the dithering and collusion by our governments is enabling the few to get richer, even as the many wait for someone to work out what to do.

It is the notion of accountability that remains lacking from our technology-powered lifestyles, positive as they are in so many other ways. In the cyber-world, it would appear, authorities are acting without the blessing of their citizens, and undermining the technological innovations created within their borders. It is a very strange state of affairs indeed, one which would be unlikely to be tolerated in the physical world (in which building searches still need a warrant, for example).

So, let’s sort it out. We all need to be smarter. We need legislation for a world in which nothing can be hidden, or unsaid. We need a new contract between the people and the powerful, which works not on the basis of what happened in the past, but how things will inevitably look in the near future.

We need a bill of rights for the virtual world.

  1. http://www.maybole.org/history/archives/valueofthepound.htm 

  2. http://www.learnnc.org/lp/editions/nchist-colonial/1646 

  3. http://www.financialgazette.co.zw/national-boundaries-fast-disappearing/ 

  4. http://timesofindia.indiatimes.com/tech/tech-news/Over-50000-recommend-full-net-neutrality-on-government-portal/articleshow/48508645.cms 

  5. http://www.bit-tech.net/news/bits/2015/07/17/dripa-illegal/1 

  6. http://www.forbes.com/sites/kenrapoza/2011/10/21/duqu-virus-likely-handiwork-of-sophisticated-government-kasperky-lab-says/ 

  7. https://sweden.se/society/openness-shapes-swedish-society/ 

  8. http://www.chydenius.net/pdf/worlds_first_foia.pdf 

  9. http://www.shehri.org/foi/legislation.html 

  10. http://www.dataprotection.eu/pmwiki/pmwiki.php?n=Main.Globalization 

  11. http://www.oecd.org/sti/ieconomy/oecdguidelinesontheprotectionofprivacyandtransborderflowsofpersonaldata.htm