Debating Europe has been putting the issue of digital piracy under the magnifying glass recently (see here, here and here, for example) and all sorts of related issues have come up from that discussion. Specifically, the issue of privacy and personal data was raised by a number of commenters and interviewees; when we interviewed Swedish Pirate Party MEP Christian Engström, for example, he argued that privacy and piracy are really two sides of the same coin:
The internet allows people to connect to each other – and there are a million ways you can do it. If you shut down file-sharing websites, then people can start sending music as email attachments to each other. If you want to monitor that, you will have to monitor people’s email. That would be an absolute infringement of people’s right to privacy.
Other people we interviewed, including representatives of artists and publishers, have argued that digital piracy is destroying people’s livelihoods and that the right to privacy has to be balanced against the right to earn a living. Alison, one of our commenters, made the point that:
The fears expressed are about people’s online privacy being lost. But by removing the stigma attached to stealing an artist’s work online, you are forcing artists to find other ways to make an income other than just producing good art.
But what does privacy look like in a world where information can be harvested, copied to millions of people and transmitted from one side of the planet to the other in the click of a button? How safe is your personal data in Europe (or anywhere)? We have some interesting interviews lined up with politicians and experts on the theme of data privacy, so we thought this might be a good topic of debate. What do YOU think about privacy in the internet age?
With high-profile databases being hacked (including, recently, Sony’s Playstation Network and Valve’s Steam service), and with so much sensitive information being put online every day, are we being too trusting with our information online? Or should we accept that loss of privacy is just one of the risks of living in a wired world? Let us know your thoughts in the form below, and we’ll take your comments to policy-makers and data privacy experts for their reactions.
The views expressed are my own and not those of the Electronic Privacy Information Center.
Privacy is a human right in Europe and a consumer right in the United States. The value of privacy is not just about secrecy, but it is the ability of an individual to control who, when, why, and how another may collect, retain or use personally identifiable information. The core principles that support this definition of privacy are called fair information practices. The keys to enforcement of privacy rights are transparency, accountability and oversight–which is often lacking in anti-piracy measures.
Anonymous communications are an important privacy value, but the ability to be anonymous does not create a direct connection with illegal or suspicious behavior. When a user wants to engage in a transaction of value the content creator can decide with the user what terms will govern the process. It is important to understand that not all transactions require the disclosure of personally identifiable information. The transaction process must be transparent and simple for the user to understand.
In the United States an another problem for content users and creators is the use of shrink-wrap licensing agreements that remove accountability on the part of creator for damage its product may cause a user’s device. This is a poor business practice that supports poor application development and no real incentive to get products right before moving to the marketplace. My question under this business model, is would a worm or virus program using the same approach be considered lawful under a typical shrink-wrap agreement conditions.
Creation of content intended for distribution or sale to others should come with consequences. A consumer’s downloading or purchase of an item should be with the permission of the content creator/owner. There should be an assessment of scope and sources of copyright infringement activities. There should also be a study of the privacy infringing conduct of content producers or copyright owners. Users and content owners must work together to develop the rules for transactions in a digital environment with policy makers acting to protect against abuse or misuse of privacy and property rights on an equal basis.
The culture and norms regarding copyrighted material is an interesting one for Internet transactions. The Internet is border-less and the content holder may not be the content owner. Further, cultural norms about what is property may vary widely among Internet users with some cultures not viewing intellectual property as property, while at the same time have strong laws and beliefs regarding physical property. There may be cultures that hold no strong beliefs about physical property, which create hurdles to establishing practices that acknowledge the rights intellectual property creators or owners. What is more interesting is a question on whether there can be a universal agreement on intellectual property in the digital information age when users as individuals create much of the content that is found in the social networking space, but are not well organized to protect their intellectual property interests.
Not all content creators may want something of physical value for the investment of time and effort to create content, while others especially well developed business models will have expectations of exercising their right to receive monetary value for their property to generate or sustain a real world enterprises. This is a legitimate and necessary expectation for stable economic growth and to sustain physical world institutions that ultimately support financial systems.
The view of all users as potential piracy threats is wrong–it promotes an anti-privacy approach that justifies computer trespass on user devices, and the creation of surveillance technology around the deployment of copyrighted content. In the same light popularizing the taking of intellectual property is also wrong because it fuels the anti-piracy measures that threaten privacy and consumer rights.
There may be some very good returns in investing in cultural education and cooperation among nations that cultivates respect for privacy and property rights. This approach also empowers content creators to be more proactive when engaging consumers and engage in less risky behavior like some of the DRM approaches of the past. The cost of content that is acquired from the true owner may be lower and thus more affordable and less costly (e.g. damage due to viruses, worms or malware) to more users as piracy becomes less acceptable.
Overall the goal of reducing tensions around privacy and piracy will continue to consume consumer and privacy rights advocates. The emerging new intellectual property economy should move away from the position that all potential customers are pirates and raise the bar on protecting user privacy. Protecting consumer privacy is a value added in an environment where consumers are treated like product.
Finally, researchers are the source of better security for computing systems, as well as digital content in motion or at rest between networks. It is very important to both privacy and content owners to support the development of better computing security. Too often the sole mission of protection digital content owner rights can hinder development of better methods for securing systems and data. An example of this in the United States is the Digital Millennium Copyright Act (DMCA) law, which stunted encryption research for well over a decade. This law included a clause that allowed content owner to pursue civil action against anyone including a noted academic computing security researcher who attempted to circumvent encryption. What policy makers did not understand was that fundamental to creating better methods for securing computing systems and data is figuring out where others make mistakes–to do that requires that they attempt to break existing encryption applications. So anyone from a legitimate researcher to a illegitimate actor would be in violation of this law. A civil action began against (Ed Felten) a well known computing security researcher had a negative impact on a significant portion of computing security research in the United States (corporate or government funded were probably the only exceptions).
It is worth exploring how much better computer and digital content security might have been if the civil litigation clause had been excluded from the DMCA or that law had included a requirement that a State Attorneys General or the US Attorney General approve a civil action.
* Create a full set of fair information practices to protect the privacy rights of digital content users
* Stop policy-making that is directed at technologies or applications that have multiple uses (technology is not good or bad, but it can be used in good or bad ways)
* The Internet is not static–avoid attempts to make it stay in a steady state because it hurts innovation.
* Understand cultures and the issue property rights and adapt education and international norms that reflect common themes as a means of reducing piracy of intellectual property
* Remember that innovation does not only come from large businesses, but far too often it also comes from excellent basic research and very small start-ups
* End the use of shrink-wrap licensing agreements (US practice)
Before the Internet, it was not so difficult to protect privacy, compensate authors, and promote the public domain. In the world of broadcast television and radio, the newspaper, and the movie, there was a flourishing industry for ideas and information, little collection of personal data, and great opportunity for writers and creators. Now the picture is less clear. The value of creativity (and the personal data) are flowing from the individual to large Internet firms that argue forcefully they should not be regulated. Many people accept their views. I don’t understand why.
Funny that in an era that everybody wants to go on a reality TV and take part, they do care what is on the internet about them. If you have something to hide, do not post in on the internet. No not blog, not not express your opinion do not expose yourself. I am here with my real name expressing my opinions. If i had a problem with that i would not take part in this forum. We are supposed to have freedom of speech and democracy in Europe. Unless i am mistaken and misled. So I have to accept the consequences.. Oh well…
In his contribution to this debate, published 22 November, Marc Rotenberg holds that:
“Before the Internet, it was not so difficult to protect privacy, compensate authors, and promote the public domain. In the world of broadcast television and radio, the newspaper, and the movie, there was a flourishing industry for ideas and information, little collection of personal data, and great opportunity for writers and creators. Now the picture is less clear.”
The first assumption here appears to be that the internet has crushed creativity and ideas or somehow damaged the public sphere. Unquestionably there have been certain casualties in this respect. However, there is also another side to the debate. Firstly, while the internet has certainly affected other broadcast and information dissemination media, it must be recalled that it has not replaced them and indeed in many situations has offered the chance for an expansion of derivations of these industries (internet radio for example). Equally, whilst it may be true that there was a thriving ideas market of ideas before the internet, it is equally true that the dissemination of ideas into the public domain often followed a distinctly one to many model, leaving the decisions as to what should be in the public sphere to a minority of people and effectively shutting off the opportunity for content creation and dissemination from the great majority.
It is thus equally possible to argue that the internet has broadened access to dissemination, and in the networked structure it follows has opened up the opportunity for significantly more involvement, and a significantly broader range of views to be represented, in the public sphere. Would this debate, for example, have been possible under traditional broadcasting settings?
Whilst it may be true that traditional means of monetising creativity, and even the traditional definitions as to what creativity is, have been somewhat undermined, this is a very different proposition to the suggestion that creativity has been diminished. The value of creativity and information has not necessarily been negated or even decreased, it is just the models through which this is achieved that are in the process of adapting.
Equally interesting is Rotenberg’s general approach to the issue of the safety of personal data in Europe. This approach begins with a false conflagration of the ideas and role of privacy and personal data with those of issues of creativity in fluid data environments.
Whilst the two have overlaps, the core and consequences of a discussion of the internet as a danger to the private sphere goes to the heart of the future of the democratic project in a networked society. Social relationships and models are built on the nature and quantity of data flows between parties, alterations of which have consequences for the shape and nature of that which sits at the absolute base of the European democratic project, namely the shape of the citizen’s private sphere and the power of the state (and other actors) in relation to this. Privacy is a fundamental human right which is protected at the highest level of law.
The discussed concept of the danger in a lack of protection for artists and writers work on the other hand is a question of presumption, design and goal. Previous protection structures were built around assumptions as to the nature of data and information production, transfer and worth at the time and in pursuit of a certain set of social, economic and legal goals based on a valuation of the nature and purpose of creativity. As a consequence of changes in the environment in which it had validity and changes as to what constitutes art etc., the concepts may need to be reconsidered for their ability to achieve the ends for which they were created as well as, in consideration of the potential benefits brought by alterations in this environment, what they may be holding back. In essence they are questions of different levels and significance.
In the current climate of change, what remains is a series of actors making claims to justification based on the nature of their perception of how the data environment should be mapped onto already existing structures, the key alterations it brings about, its reference and relevance to more fundamental social, legal or economic models and that actor’s current goals. Accordingly, viewpoints diverge drastically and depending on the standpoint taken, differing viewpoints regard each other as incomprehensible or morally corrupt. In a data environment in which the terms and values are uncertain and being created as we type, and the consequences of action are uncertain and may be formative for the years to come, the litmus test for legitimacy must be the alignment of a viewpoint with fundamental social values, not the dogmatic presentation of one possible future based around specific assumptions and not the unique meanings and value allocations stemming for one unique context.
Having said this, Rotenberg’s comment strikes a nerve. Whilst communication structures might be creating novel environments about which the boundaries of value discourse are still being shaped, these are somewhat only top layer considerations. The internet remains an essentially private system, and behind it sit those who make the rules and derive the benefit.
The difficulty in ascribing solid points of reference within this system provides firstly, an invisibility to the operation and significance of these entities’ roles and secondly, a smoke screen of uncertainty through which they can present themselves in any light they wish. With the increasing importance of the internet and its colonisation of increasing spheres of individual and social life, the importance of the ‘who and why’ of control becomes a significant issue.
Accordingly, when Rotenberg states that “The value of creativity (and the personal data) are flowing from the individual to large Internet firms that argue forcefully they should not be regulated.” He raises a point whose significance goes cannot be understated.
I appreciate the recent post of Paul De Hert and Dara Hallinan. To be clear, it was not my intent to suggest that the Internet has “crushed creativity.” Quite the opposite, I share the enthusiasm of many that the Internet has launched a new era of creativity. My specific concern in this post, which I raised first in testimony before the US Congress on the Digital Millennium Copyright Act in 1998, was that personal privacy should not be sacrificed to enable this new era of creativity. My point was that the public domain, reward for authors, and the protection have privacy had previously co-existed and they should continue to co-exist. In the context of the DMCA, I also raised the specific concern, which would be made again and again in the years that followed (e.g. “SOPA”), that techniques to enforce copyright protection would violate fundamental privacy rights. In this regard, it is important to note the 2008 Pro Musica decision of the European Court of Justice. In that case, the ECJ established limits on copyright enforcement to protect fundamental rights of privacy. That is very much in line with the view that I expressed during the early debate on copyright protection.
In consideration of Rotenberg’s clarificatory statement, it is clear that certain meanings we attributed to his earlier post were based on misinterpretations of what he was trying to say. In this respect we absolutely agree with Rotenberg and do not seek to challenge his statement that “personal privacy should not be sacrificed to enable this new era of creativity”.
The question however is; how can this be achieved? In this respect a number of significant issues arise, two of which spring forth particularly.
1. Despite consideration of EU Member States’ codification of privacy as a Human Right and Privacy and Data Protection as Fundamental Rights, the significant definition of each aspect of these principles occurs only against solidification and comprehension of a specific environment. As we stated in the previous post, comprehension and perception of the digital environment and therefore the allocation of values and application of the law in a dynamic data environment, is in a state of flux. Economic goals, on the other hand, follow a far more quantifiable logic and therefore find easier application in new environments. Given that economic goals appear in a trade-off (or at least ‘reconciliation’) model with privacy goals, the difficulty in perceiving the significance and role of privacy in data environment creates an imbalance against the more ‘solid’ economic logic.
2. In the EU, mechanisms for the protection of privacy and data protection still function on a geographically limited scale. Whilst this will, as it must, change, the nature of data as disrespectful to such abstract identities as borders, means that it is not always the decision of the people of Europe or their leaders which is the deciding factor in balance definition on EU territory. In this sense, finding a balance between privacy and piracy, as an example of a much wider debate, is not solely in our hands.
NOT SAFE ENOUGH. Not for the ordinary citizen.